@geekmidas/cli 1.4.0 → 1.5.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekmidas/cli",
-  "version": "1.4.0",
+  "version": "1.5.0",
   "description": "CLI tools for building Lambda handlers, server applications, and generating OpenAPI specs",
   "private": false,
   "type": "module",
@@ -53,11 +53,11 @@
     "pg": "~8.17.1",
     "prompts": "~2.4.2",
     "tsx": "~4.20.3",
-    "@geekmidas/constructs": "~1.0.0",
     "@geekmidas/envkit": "~1.0.0",
     "@geekmidas/errors": "~1.0.0",
-    "@geekmidas/schema": "~1.0.0",
-    "@geekmidas/logger": "~1.0.0"
+    "@geekmidas/constructs": "~1.0.0",
+    "@geekmidas/logger": "~1.0.0",
+    "@geekmidas/schema": "~1.0.0"
   },
   "devDependencies": {
     "@types/lodash.kebabcase": "^4.1.9",

package/src/deploy/__tests__/Route53Provider.spec.ts

@@ -399,4 +399,27 @@ describe('Route53Provider', () => {
 			).rejects.toThrow('No hosted zone found for domain');
 		});
 	});
+
+	describe('default region', () => {
+		it('should use us-east-1 as default region when none specified', () => {
+			// This test verifies the provider can be created without region
+			// and doesn't throw "Region is missing" error
+			const providerWithoutRegion = new Route53Provider({
+				endpoint: LOCALSTACK_ENDPOINT,
+				hostedZoneId: 'test-zone',
+			});
+
+			expect(providerWithoutRegion.name).toBe('route53');
+		});
+
+		it('should use provided region when specified', () => {
+			const providerWithRegion = new Route53Provider({
+				endpoint: LOCALSTACK_ENDPOINT,
+				region: 'eu-west-1',
+				hostedZoneId: 'test-zone',
+			});
+
+			expect(providerWithRegion.name).toBe('route53');
+		});
+	});
 });

package/src/deploy/__tests__/env-resolver.spec.ts

@@ -452,6 +452,71 @@ describe('resolveEnvVar', () => {
 				'https://auth.example.com',
 			);
 		});
+
+		describe('NEXT_PUBLIC_ prefix', () => {
+			it('should resolve NEXT_PUBLIC_API_URL from dependencyUrls.api', () => {
+				const context = createContext({
+					dependencyUrls: { api: 'https://api.example.com' },
+				});
+
+				expect(resolveEnvVar('NEXT_PUBLIC_API_URL', context)).toBe(
+					'https://api.example.com',
+				);
+			});
+
+			it('should resolve NEXT_PUBLIC_AUTH_URL from dependencyUrls.auth', () => {
+				const context = createContext({
+					dependencyUrls: { auth: 'https://auth.example.com' },
+				});
+
+				expect(resolveEnvVar('NEXT_PUBLIC_AUTH_URL', context)).toBe(
+					'https://auth.example.com',
+				);
+			});
+
+			it('should resolve both AUTH_URL and NEXT_PUBLIC_AUTH_URL to same value', () => {
+				const context = createContext({
+					dependencyUrls: { auth: 'https://auth.example.com' },
+				});
+
+				expect(resolveEnvVar('AUTH_URL', context)).toBe(
+					'https://auth.example.com',
+				);
+				expect(resolveEnvVar('NEXT_PUBLIC_AUTH_URL', context)).toBe(
+					'https://auth.example.com',
+				);
+			});
+
+			it('should resolve NEXT_PUBLIC_ prefix for any dependency', () => {
+				const context = createContext({
+					dependencyUrls: {
+						payments: 'https://payments.example.com',
+						notifications: 'https://notifications.example.com',
+					},
+				});
+
+				expect(resolveEnvVar('NEXT_PUBLIC_PAYMENTS_URL', context)).toBe(
+					'https://payments.example.com',
+				);
+				expect(resolveEnvVar('NEXT_PUBLIC_NOTIFICATIONS_URL', context)).toBe(
+					'https://notifications.example.com',
+				);
+			});
+
+			it('should return undefined for missing NEXT_PUBLIC_ dependency URL', () => {
+				const context = createContext({
+					dependencyUrls: { auth: 'https://auth.example.com' },
+				});
+
+				expect(resolveEnvVar('NEXT_PUBLIC_API_URL', context)).toBeUndefined();
+			});
+
+			it('should return undefined when dependencyUrls is not provided', () => {
+				const context = createContext();
+
+				expect(resolveEnvVar('NEXT_PUBLIC_AUTH_URL', context)).toBeUndefined();
+			});
+		});
 	});
 });
 
@@ -634,3 +699,177 @@ describe('validateEnvVars', () => {
 		});
 	});
 });
+
+/**
+ * Tests for Docker build arg extraction logic.
+ * This simulates the behavior in deploy/index.ts where NEXT_PUBLIC_* vars
+ * are extracted from resolved vars for Docker build args.
+ */
+describe('Docker build arg extraction', () => {
+	const createContext = (
+		overrides: Partial<EnvResolverContext> = {},
+	): EnvResolverContext => ({
+		app: {
+			type: 'frontend',
+			path: 'apps/web',
+			port: 3001,
+			dependencies: ['api', 'auth'],
+			resolvedDeployTarget: 'dokploy',
+		},
+		appName: 'web',
+		stage: 'production',
+		state: createEmptyState('production', 'proj_test', 'env-123'),
+		appHostname: 'web.example.com',
+		frontendUrls: [],
+		...overrides,
+	});
+
+	/**
+	 * Simulates the build arg extraction logic from deploy/index.ts
+	 */
+	function extractBuildArgs(resolved: Record<string, string>): {
+		buildArgs: string[];
+		publicUrlArgNames: string[];
+	} {
+		const buildArgs: string[] = [];
+		const publicUrlArgNames: string[] = [];
+
+		for (const [key, value] of Object.entries(resolved)) {
+			if (key.startsWith('NEXT_PUBLIC_')) {
+				buildArgs.push(`${key}=${value}`);
+				publicUrlArgNames.push(key);
+			}
+		}
+
+		return { buildArgs, publicUrlArgNames };
+	}
+
+	it('should extract NEXT_PUBLIC_* vars as build args', () => {
+		const context = createContext({
+			dependencyUrls: {
+				api: 'https://api.example.com',
+				auth: 'https://auth.example.com',
+			},
+		});
+
+		const sniffedVars = [
+			'NEXT_PUBLIC_API_URL',
+			'NEXT_PUBLIC_AUTH_URL',
+			'NEXT_PUBLIC_STRIPE_KEY',
+		];
+
+		const { resolved } = validateEnvVars(sniffedVars, context);
+
+		// Simulate user secrets providing STRIPE_KEY
+		resolved.NEXT_PUBLIC_STRIPE_KEY = 'pk_test_123';
+
+		const { buildArgs, publicUrlArgNames } = extractBuildArgs(resolved);
+
+		expect(publicUrlArgNames).toEqual([
+			'NEXT_PUBLIC_API_URL',
+			'NEXT_PUBLIC_AUTH_URL',
+			'NEXT_PUBLIC_STRIPE_KEY',
+		]);
+		expect(buildArgs).toEqual([
+			'NEXT_PUBLIC_API_URL=https://api.example.com',
+			'NEXT_PUBLIC_AUTH_URL=https://auth.example.com',
+			'NEXT_PUBLIC_STRIPE_KEY=pk_test_123',
+		]);
+	});
+
+	it('should NOT include server-only vars in build args', () => {
+		const context = createContext({
+			dependencyUrls: { api: 'https://api.example.com' },
+			appCredentials: { dbUser: 'web', dbPassword: 'pass' },
+			postgres: { host: 'postgres', port: 5432, database: 'mydb' },
+		});
+
+		const sniffedVars = [
+			'NEXT_PUBLIC_API_URL',
+			'DATABASE_URL',
+			'STRIPE_SECRET_KEY',
+		];
+
+		const { resolved } = validateEnvVars(sniffedVars, context);
+
+		// Add server-only secret
+		resolved.STRIPE_SECRET_KEY = 'sk_test_secret';
+
+		const { buildArgs, publicUrlArgNames } = extractBuildArgs(resolved);
+
+		// Only NEXT_PUBLIC_* should be in build args
+		expect(publicUrlArgNames).toEqual(['NEXT_PUBLIC_API_URL']);
+		expect(buildArgs).toEqual(['NEXT_PUBLIC_API_URL=https://api.example.com']);
+
+		// Server vars should still be in resolved (for runtime)
+		expect(resolved.DATABASE_URL).toBe(
+			'postgresql://web:pass@postgres:5432/mydb',
+		);
+		expect(resolved.STRIPE_SECRET_KEY).toBe('sk_test_secret');
+	});
+
+	it('should handle mixed frontend vars correctly', () => {
+		const context = createContext({
+			dependencyUrls: {
+				api: 'https://api.example.com',
+				auth: 'https://auth.example.com',
+			},
+			userSecrets: {
+				stage: 'production',
+				createdAt: '2024-01-01T00:00:00Z',
+				updatedAt: '2024-01-01T00:00:00Z',
+				custom: {
+					NEXT_PUBLIC_POSTHOG_KEY: 'phc_test123',
+					STRIPE_SECRET_KEY: 'sk_test_secret',
+				},
+				urls: {},
+				services: {},
+			},
+		});
+
+		const sniffedVars = [
+			// From dependencies (auto-generated)
+			'NEXT_PUBLIC_API_URL',
+			'NEXT_PUBLIC_AUTH_URL',
+			// From client config
+			'NEXT_PUBLIC_POSTHOG_KEY',
+			// From server config
+			'STRIPE_SECRET_KEY',
+			'DATABASE_URL',
+		];
+
+		const { resolved, missing } = validateEnvVars(sniffedVars, context);
+
+		// DATABASE_URL is missing (no postgres config)
+		expect(missing).toContain('DATABASE_URL');
+
+		const { buildArgs, publicUrlArgNames } = extractBuildArgs(resolved);
+
+		// Only NEXT_PUBLIC_* should be build args
+		expect(publicUrlArgNames).toHaveLength(3);
+		expect(publicUrlArgNames).toContain('NEXT_PUBLIC_API_URL');
+		expect(publicUrlArgNames).toContain('NEXT_PUBLIC_AUTH_URL');
+		expect(publicUrlArgNames).toContain('NEXT_PUBLIC_POSTHOG_KEY');
+
+		// Server secret should NOT be in build args
+		expect(publicUrlArgNames).not.toContain('STRIPE_SECRET_KEY');
+
+		// But should be in resolved for runtime
+		expect(resolved.STRIPE_SECRET_KEY).toBe('sk_test_secret');
+	});
+
+	it('should return empty build args when no NEXT_PUBLIC_* vars', () => {
+		const context = createContext({
+			appCredentials: { dbUser: 'web', dbPassword: 'pass' },
+			postgres: { host: 'postgres', port: 5432, database: 'mydb' },
+		});
+
+		const sniffedVars = ['DATABASE_URL', 'PORT'];
+
+		const { resolved } = validateEnvVars(sniffedVars, context);
+		const { buildArgs, publicUrlArgNames } = extractBuildArgs(resolved);
+
+		expect(buildArgs).toEqual([]);
+		expect(publicUrlArgNames).toEqual([]);
+	});
+});

package/src/deploy/__tests__/sniffer.spec.ts

@@ -31,8 +31,8 @@ describe('sniffAppEnvironment', () => {
 	});
 
 	describe('frontend apps', () => {
-		it('should return empty env vars for frontend apps', async () => {
-			const app = createApp({ type: 'frontend' });
+		it('should return empty env vars for frontend apps with no dependencies', async () => {
+			const app = createApp({ type: 'frontend', dependencies: [] });
 
 			const result = await sniffAppEnvironment(app, 'web', workspacePath);
 
@@ -40,51 +40,117 @@ describe('sniffAppEnvironment', () => {
 			expect(result.requiredEnvVars).toEqual([]);
 		});
 
-		it('should ignore requiredEnv for frontend apps', async () => {
+		it('should return NEXT_PUBLIC_{DEP}_URL for frontend dependencies', async () => {
 			const app = createApp({
 				type: 'frontend',
-				requiredEnv: ['API_KEY', 'SECRET'], // Should be ignored
+				dependencies: ['api', 'auth'],
 			});
 
 			const result = await sniffAppEnvironment(app, 'web', workspacePath);
 
-			expect(result.requiredEnvVars).toEqual([]);
+			expect(result.appName).toBe('web');
+			expect(result.requiredEnvVars).toContain('NEXT_PUBLIC_API_URL');
+			expect(result.requiredEnvVars).toContain('NEXT_PUBLIC_AUTH_URL');
+			expect(result.requiredEnvVars).toHaveLength(2);
 		});
-	});
 
-	describe('entry-based apps with requiredEnv', () => {
-		it('should return requiredEnv list for entry-based apps', async () => {
+		it('should generate uppercase dep names in NEXT_PUBLIC_{DEP}_URL', async () => {
 			const app = createApp({
-				entry: './src/index.ts',
-				requiredEnv: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+				type: 'frontend',
+				dependencies: ['payments-service', 'notification_api'],
 			});
 
-			const result = await sniffAppEnvironment(app, 'auth', workspacePath);
+			const result = await sniffAppEnvironment(app, 'web', workspacePath);
 
-			expect(result.appName).toBe('auth');
-			expect(result.requiredEnvVars).toEqual([
-				'DATABASE_URL',
-				'BETTER_AUTH_SECRET',
-			]);
+			expect(result.requiredEnvVars).toContain(
+				'NEXT_PUBLIC_PAYMENTS-SERVICE_URL',
+			);
+			expect(result.requiredEnvVars).toContain(
+				'NEXT_PUBLIC_NOTIFICATION_API_URL',
+			);
 		});
 
-		it('should return copy of requiredEnv (not reference)', async () => {
-			const requiredEnv = ['DATABASE_URL'];
-			const app = createApp({ requiredEnv });
-
-			const result = await sniffAppEnvironment(app, 'api', workspacePath);
-
-			// Modify the result and verify original is unchanged
-			result.requiredEnvVars.push('MODIFIED');
-			expect(requiredEnv).toEqual(['DATABASE_URL']);
-		});
+		describe('config sniffing', () => {
+			it('should sniff env vars from config.client path', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: [],
+					config: {
+						client: './simple-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				expect(result.requiredEnvVars).toContain('PORT');
+				expect(result.requiredEnvVars).toContain('DATABASE_URL');
+				expect(result.requiredEnvVars).toContain('REDIS_URL');
+			});
 
-		it('should return empty when requiredEnv is empty array', async () => {
-			const app = createApp({ requiredEnv: [] });
+			it('should sniff env vars from config.server path', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: [],
+					config: {
+						server: './nested-config-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				expect(result.requiredEnvVars).toContain('PORT');
+				expect(result.requiredEnvVars).toContain('HOST');
+				expect(result.requiredEnvVars).toContain('DATABASE_URL');
+			});
 
-			const result = await sniffAppEnvironment(app, 'api', workspacePath);
+			it('should combine vars from both config.client and config.server', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: ['api'],
+					config: {
+						client: './simple-entry.ts',
+						server: './nested-config-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				// Dependency var
+				expect(result.requiredEnvVars).toContain('NEXT_PUBLIC_API_URL');
+				// From simple-entry.ts
+				expect(result.requiredEnvVars).toContain('REDIS_URL');
+				// From nested-config-entry.ts
+				expect(result.requiredEnvVars).toContain('HOST');
+				expect(result.requiredEnvVars).toContain('BETTER_AUTH_SECRET');
+			});
 
-			expect(result.requiredEnvVars).toEqual([]);
+			it('should deduplicate vars from both config files', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: [],
+					config: {
+						client: './simple-entry.ts',
+						server: './nested-config-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				// Both files have PORT and DATABASE_URL, should only appear once
+				const portCount = result.requiredEnvVars.filter(
+					(v) => v === 'PORT',
+				).length;
+				const dbUrlCount = result.requiredEnvVars.filter(
+					(v) => v === 'DATABASE_URL',
+				).length;
+
+				expect(portCount).toBe(1);
+				expect(dbUrlCount).toBe(1);
+			});
 		});
 	});
 
@@ -119,9 +185,9 @@ describe('sniffAppEnvironment', () => {
 	});
 
 	describe('apps without env detection', () => {
-		it('should return empty when no envParser or requiredEnv', async () => {
+		it('should return empty when no envParser, entry, or routes', async () => {
 			const app = createApp({
-				// No envParser or requiredEnv
+				// No envParser, entry, or routes
 			});
 
 			const result = await sniffAppEnvironment(app, 'api', workspacePath);
@@ -142,7 +208,7 @@ describe('sniffAllApps', () => {
 				port: 3000,
 				dependencies: [],
 				resolvedDeployTarget: 'dokploy',
-				requiredEnv: ['DATABASE_URL', 'REDIS_URL'],
+				// No entry, routes, or envParser - will return empty
 			},
 			auth: {
 				type: 'backend',
@@ -150,7 +216,7 @@ describe('sniffAllApps', () => {
 				port: 3002,
 				dependencies: [],
 				resolvedDeployTarget: 'dokploy',
-				requiredEnv: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+				// No entry, routes, or envParser - will return empty
 			},
 			web: {
 				type: 'frontend',
@@ -167,17 +233,17 @@ describe('sniffAllApps', () => {
 
 		expect(results.get('api')).toEqual({
 			appName: 'api',
-			requiredEnvVars: ['DATABASE_URL', 'REDIS_URL'],
+			requiredEnvVars: [],
 		});
 
 		expect(results.get('auth')).toEqual({
 			appName: 'auth',
-			requiredEnvVars: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+			requiredEnvVars: [],
 		});
 
 		expect(results.get('web')).toEqual({
 			appName: 'web',
-			requiredEnvVars: [], // Frontend - no secrets
+			requiredEnvVars: ['NEXT_PUBLIC_API_URL', 'NEXT_PUBLIC_AUTH_URL'],
 		});
 	});
 
@@ -324,7 +390,7 @@ describe('entry app sniffing via subprocess', () => {
 describe('sniffAppEnvironment with entry apps', () => {
 	// Integration tests for sniffAppEnvironment with entry-based apps
 
-	it('should use subprocess sniffing for entry apps without requiredEnv', async () => {
+	it('should use subprocess sniffing for entry apps', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',
 			path: fixturesPath,
@@ -342,25 +408,6 @@ describe('sniffAppEnvironment with entry apps', () => {
 		expect(result.requiredEnvVars).toContain('REDIS_URL');
 	});
 
-	it('should prefer requiredEnv over sniffing for entry apps', async () => {
-		const app: NormalizedAppConfig = {
-			type: 'backend',
-			path: fixturesPath,
-			port: 3000,
-			dependencies: [],
-			resolvedDeployTarget: 'dokploy',
-			entry: './simple-entry.ts',
-			requiredEnv: ['CUSTOM_VAR', 'ANOTHER_VAR'], // Should use this instead of sniffing
-		};
-
-		const result = await sniffAppEnvironment(app, 'api', fixturesPath);
-
-		expect(result.requiredEnvVars).toEqual(['CUSTOM_VAR', 'ANOTHER_VAR']);
-		// Should NOT contain the sniffed vars since requiredEnv takes precedence
-		expect(result.requiredEnvVars).not.toContain('PORT');
-		expect(result.requiredEnvVars).not.toContain('DATABASE_URL');
-	});
-
 	it('should handle entry app that throws and still return captured env vars', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',
@@ -499,24 +546,6 @@ describe('sniffAppEnvironment with envParser apps', () => {
 		expect(result.requiredEnvVars).toContain('DB_POOL_SIZE');
 	});
 
-	it('should prefer requiredEnv over envParser sniffing', async () => {
-		const app: NormalizedAppConfig = {
-			type: 'backend',
-			path: envParserFixturesPath,
-			port: 3000,
-			dependencies: [],
-			resolvedDeployTarget: 'dokploy',
-			envParser: './valid-env-parser.ts#envParser',
-			requiredEnv: ['CUSTOM_VAR'], // Should use this instead
-		};
-
-		const result = await sniffAppEnvironment(app, 'api', envParserFixturesPath);
-
-		expect(result.requiredEnvVars).toEqual(['CUSTOM_VAR']);
-		// Should NOT contain the sniffed vars
-		expect(result.requiredEnvVars).not.toContain('PORT');
-	});
-
 	it('should handle envParser that exports non-function gracefully', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',
@@ -663,24 +692,6 @@ describe('sniffAppEnvironment with route-based apps', () => {
 		expect(result.requiredEnvVars).toContain('AUTH_URL');
 	});
 
-	it('should prefer requiredEnv over route sniffing', async () => {
-		const app: NormalizedAppConfig = {
-			type: 'backend',
-			path: routeAppsFixturesPath,
-			port: 3000,
-			dependencies: [],
-			resolvedDeployTarget: 'dokploy',
-			routes: './endpoints/**/*.ts',
-			requiredEnv: ['CUSTOM_VAR'], // Should use this instead
-		};
-
-		const result = await sniffAppEnvironment(app, 'api', routeAppsFixturesPath);
-
-		expect(result.requiredEnvVars).toEqual(['CUSTOM_VAR']);
-		// Should NOT contain the sniffed vars
-		expect(result.requiredEnvVars).not.toContain('DATABASE_URL');
-	});
-
 	it('should handle route pattern that matches no files', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',

package/src/deploy/dns/Route53Provider.ts

@@ -45,8 +45,11 @@ export class Route53Provider implements DnsProvider {
 	private hostedZoneCache: Map<string, string> = new Map();
 
 	constructor(options: Route53ProviderOptions = {}) {
+		// Route53 is a global service, default to us-east-1 if no region specified
+		const region = options.region ?? process.env.AWS_REGION ?? 'us-east-1';
+
 		this.client = new Route53Client({
-			...(options.region && { region: options.region }),
+			region,
 			...(options.endpoint && { endpoint: options.endpoint }),
 			...(options.profile && {
 				credentials: fromIni({ profile: options.profile }),

package/src/deploy/env-resolver.ts

@@ -208,8 +208,18 @@ export function resolveEnvVar(
 	}
 
 	// Check dependency URLs (e.g., AUTH_URL -> dependencyUrls.auth)
+	// Also supports NEXT_PUBLIC_ prefix for frontend apps (NEXT_PUBLIC_AUTH_URL -> dependencyUrls.auth)
 	if (context.dependencyUrls && varName.endsWith('_URL')) {
-		const depName = varName.slice(0, -4).toLowerCase(); // AUTH_URL -> auth
+		let depName: string;
+
+		if (varName.startsWith('NEXT_PUBLIC_')) {
+			// NEXT_PUBLIC_AUTH_URL -> auth
+			depName = varName.slice(12, -4).toLowerCase();
+		} else {
+			// AUTH_URL -> auth
+			depName = varName.slice(0, -4).toLowerCase();
+		}
+
 		if (context.dependencyUrls[depName]) {
 			return context.dependencyUrls[depName];
 		}