@geekmidas/cli 1.4.0 → 1.5.1

package/src/deploy/dokploy-api.ts

@@ -154,6 +154,13 @@ export class DokployApi {
 		});
 	}
 
+	/**
+	 * Delete a project and all its resources
+	 */
+	async deleteProject(projectId: string): Promise<void> {
+		await this.post('project.remove', { projectId });
+	}
+
 	// ============================================
 	// Environment endpoints
 	// ============================================
@@ -315,6 +322,13 @@ export class DokployApi {
 		await this.post('application.deploy', { applicationId });
 	}
 
+	/**
+	 * Delete an application
+	 */
+	async deleteApplication(applicationId: string): Promise<void> {
+		await this.post('application.remove', { applicationId });
+	}
+
 	// ============================================
 	// Registry endpoints
 	// ============================================
@@ -505,6 +519,13 @@ export class DokployApi {
 		await this.post('postgres.update', { postgresId, ...updates });
 	}
 
+	/**
+	 * Delete a Postgres database
+	 */
+	async deletePostgres(postgresId: string): Promise<void> {
+		await this.post('postgres.remove', { postgresId });
+	}
+
 	// ============================================
 	// Redis endpoints
 	// ============================================
@@ -626,6 +647,13 @@ export class DokployApi {
 		await this.post('redis.update', { redisId, ...updates });
 	}
 
+	/**
+	 * Delete a Redis instance
+	 */
+	async deleteRedis(redisId: string): Promise<void> {
+		await this.post('redis.remove', { redisId });
+	}
+
 	// ============================================
 	// Domain endpoints
 	// ============================================
@@ -704,6 +732,144 @@ export class DokployApi {
 			serverId,
 		});
 	}
+
+	// ============================================
+	// Destination endpoints (backup storage)
+	// ============================================
+
+	/**
+	 * List all backup destinations
+	 */
+	async listDestinations(): Promise<DokployDestination[]> {
+		return this.get<DokployDestination[]>('destination.all');
+	}
+
+	/**
+	 * Get a destination by ID
+	 */
+	async getDestination(destinationId: string): Promise<DokployDestination> {
+		return this.get<DokployDestination>(
+			`destination.one?destinationId=${destinationId}`,
+		);
+	}
+
+	/**
+	 * Create a new S3 backup destination
+	 */
+	async createDestination(
+		options: DokployDestinationCreate,
+	): Promise<DokployDestination> {
+		return this.post<DokployDestination>('destination.create', { ...options });
+	}
+
+	/**
+	 * Find a destination by name
+	 */
+	async findDestinationByName(
+		name: string,
+	): Promise<DokployDestination | undefined> {
+		const destinations = await this.listDestinations();
+		return destinations.find((d) => d.name === name);
+	}
+
+	/**
+	 * Find or create a destination by name
+	 */
+	async findOrCreateDestination(
+		name: string,
+		options: Omit<DokployDestinationCreate, 'name'>,
+	): Promise<{ destination: DokployDestination; created: boolean }> {
+		const existing = await this.findDestinationByName(name);
+		if (existing) {
+			return { destination: existing, created: false };
+		}
+		const destination = await this.createDestination({ name, ...options });
+		return { destination, created: true };
+	}
+
+	/**
+	 * Update a destination
+	 */
+	async updateDestination(
+		destinationId: string,
+		updates: Partial<DokployDestinationCreate>,
+	): Promise<void> {
+		await this.post('destination.update', { destinationId, ...updates });
+	}
+
+	/**
+	 * Delete a destination
+	 */
+	async deleteDestination(destinationId: string): Promise<void> {
+		await this.post('destination.remove', { destinationId });
+	}
+
+	/**
+	 * Test connection to a destination
+	 */
+	async testDestinationConnection(
+		destinationId: string,
+	): Promise<{ success: boolean }> {
+		return this.post<{ success: boolean }>('destination.testConnection', {
+			destinationId,
+		});
+	}
+
+	// ============================================
+	// Backup endpoints (scheduled backups)
+	// ============================================
+
+	/**
+	 * Create a backup schedule for postgres
+	 */
+	async createPostgresBackup(
+		options: DokployBackupCreate,
+	): Promise<DokployBackup> {
+		return this.post<DokployBackup>('backup.create', {
+			...options,
+			databaseType: 'postgres',
+		});
+	}
+
+	/**
+	 * List backups for a postgres database
+	 */
+	async listPostgresBackups(postgresId: string): Promise<DokployBackup[]> {
+		return this.get<DokployBackup[]>(
+			`backup.all?postgresId=${postgresId}&databaseType=postgres`,
+		);
+	}
+
+	/**
+	 * Get a backup by ID
+	 */
+	async getBackup(backupId: string): Promise<DokployBackup> {
+		return this.get<DokployBackup>(`backup.one?backupId=${backupId}`);
+	}
+
+	/**
+	 * Update a backup schedule
+	 */
+	async updateBackup(
+		backupId: string,
+		updates: Partial<DokployBackupUpdate>,
+	): Promise<void> {
+		await this.post('backup.update', { backupId, ...updates });
+	}
+
+	/**
+	 * Delete a backup schedule
+	 */
+	async deleteBackup(backupId: string): Promise<void> {
+		await this.post('backup.remove', { backupId });
+	}
+
+	/**
+	 * Trigger a manual backup run
+	 */
+	async runBackupManually(backupId: string): Promise<void> {
+		await this.post('backup.manualBackup', { backupId });
+	}
 }
 
 // ============================================
@@ -835,6 +1001,77 @@ export interface DokployDomain extends DokployDomainCreate {
 	createdAt?: string;
 }
 
+// ============================================
+// Destination types (backup storage)
+// ============================================
+
+export interface DokployDestination {
+	destinationId: string;
+	name: string;
+	accessKey: string;
+	bucket: string;
+	region: string;
+	endpoint: string | null;
+	createdAt?: string;
+}
+
+export interface DokployDestinationCreate {
+	/** User-friendly name for the destination */
+	name: string;
+	/** S3 access key ID */
+	accessKey: string;
+	/** S3 secret access key */
+	secretAccessKey: string;
+	/** S3 bucket name */
+	bucket: string;
+	/** AWS region (e.g., 'us-east-1') */
+	region: string;
+	/** Optional endpoint for S3-compatible services */
+	endpoint?: string;
+}
+
+// ============================================
+// Backup types (scheduled backups)
+// ============================================
+
+export type DokployDatabaseType = 'postgres' | 'mysql' | 'mariadb' | 'mongo';
+
+export interface DokployBackup {
+	backupId: string;
+	schedule: string;
+	prefix: string;
+	enabled: boolean;
+	destinationId: string;
+	postgresId?: string;
+	databaseType: DokployDatabaseType;
+	keepLatestCount: number | null;
+	createdAt?: string;
+}
+
+export interface DokployBackupCreate {
+	/** Cron schedule (e.g., '0 2 * * *' for 2 AM daily) */
+	schedule: string;
+	/** Backup file prefix (e.g., 'production/postgres') */
+	prefix: string;
+	/** Destination ID for backup storage */
+	destinationId: string;
+	/** Database name to backup */
+	database: string;
+	/** Postgres instance ID */
+	postgresId: string;
+	/** Enable/disable backup (default: true) */
+	enabled?: boolean;
+	/** Number of backups to keep (default: keep all) */
+	keepLatestCount?: number;
+}
+
+export interface DokployBackupUpdate {
+	schedule?: string;
+	prefix?: string;
+	enabled?: boolean;
+	keepLatestCount?: number;
+}
+
 /**
  * Create a Dokploy API client from stored credentials or environment
  */

package/src/deploy/env-resolver.ts

@@ -208,8 +208,18 @@ export function resolveEnvVar(
 	}
 
 	// Check dependency URLs (e.g., AUTH_URL -> dependencyUrls.auth)
+	// Also supports NEXT_PUBLIC_ prefix for frontend apps (NEXT_PUBLIC_AUTH_URL -> dependencyUrls.auth)
 	if (context.dependencyUrls && varName.endsWith('_URL')) {
-		const depName = varName.slice(0, -4).toLowerCase(); // AUTH_URL -> auth
+		let depName: string;
+
+		if (varName.startsWith('NEXT_PUBLIC_')) {
+			// NEXT_PUBLIC_AUTH_URL -> auth
+			depName = varName.slice(12, -4).toLowerCase();
+		} else {
+			// AUTH_URL -> auth
+			depName = varName.slice(0, -4).toLowerCase();
+		}
+
 		if (context.dependencyUrls[depName]) {
 			return context.dependencyUrls[depName];
 		}

package/src/deploy/index.ts

@@ -73,12 +73,7 @@ import {
 	type DokployPostgres,
 	type DokployRedis,
 } from './dokploy-api';
-import {
-	generatePublicUrlBuildArgs,
-	getPublicUrlArgNames,
-	isMainFrontendApp,
-	resolveHost,
-} from './domain.js';
+import { isMainFrontendApp, resolveHost } from './domain.js';
 import {
 	type EnvResolverContext,
 	formatMissingVarsError,
@@ -93,10 +88,13 @@ import {
 	createEmptyState,
 	getAllAppCredentials,
 	getApplicationId,
+	getBackupState,
 	getPostgresId,
 	getRedisId,
 	setAppCredentials,
 	setApplicationId,
+	setBackupState,
+	setPostgresBackupId,
 	setPostgresId,
 	setRedisId,
 } from './state.js';
@@ -330,29 +328,39 @@ async function initializePostgresUsers(
 				`   Creating user "${user.name}" with schema "${schemaName}"...`,
 			);
 
-			// Create or update user (handles existing users)
-			await client.query(`
-				DO $$ BEGIN
-					IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${user.name}') THEN
-						CREATE USER "${user.name}" WITH PASSWORD '${user.password}';
-					ELSE
-						ALTER USER "${user.name}" WITH PASSWORD '${user.password}';
-					END IF;
-				END $$;
-			`);
-
+			// Create or update user with all settings in one DO block
+			// This avoids "tuple already updated by self" errors from multiple ALTER USER calls
 			if (user.usePublicSchema) {
 				// API uses public schema
+				await client.query(`
+					DO $$ BEGIN
+						IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${user.name}') THEN
+							CREATE USER "${user.name}" WITH PASSWORD '${user.password}';
+						ELSE
+							ALTER USER "${user.name}" WITH PASSWORD '${user.password}';
+						END IF;
+					END $$;
+				`);
 				await client.query(`
 					GRANT ALL ON SCHEMA public TO "${user.name}";
 					ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO "${user.name}";
 					ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO "${user.name}";
 				`);
 			} else {
-				// Other apps get their own schema
+				// Other apps get their own schema - combine user creation and search_path in one block
+				await client.query(`
+					DO $$ BEGIN
+						IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${user.name}') THEN
+							CREATE USER "${user.name}" WITH PASSWORD '${user.password}';
+						ELSE
+							ALTER USER "${user.name}" WITH PASSWORD '${user.password}';
+						END IF;
+						-- Set search_path in same transaction to avoid tuple conflict
+						ALTER USER "${user.name}" SET search_path TO "${schemaName}";
+					END $$;
+				`);
 				await client.query(`
 					CREATE SCHEMA IF NOT EXISTS "${schemaName}" AUTHORIZATION "${user.name}";
-					ALTER USER "${user.name}" SET search_path TO "${schemaName}";
 					GRANT USAGE ON SCHEMA "${schemaName}" TO "${user.name}";
 					GRANT ALL ON ALL TABLES IN SCHEMA "${schemaName}" TO "${user.name}";
 					ALTER DEFAULT PRIVILEGES IN SCHEMA "${schemaName}" GRANT ALL ON TABLES TO "${user.name}";
@@ -1254,6 +1262,51 @@ export async function workspaceDeployCommand(
 		}
 	}
 
+	// ==================================================================
+	// Provision backup destination if configured
+	// ==================================================================
+	if (workspace.deploy?.backups && provisionedPostgres) {
+		logger.log('\n💾 Provisioning backup destination...');
+
+		const { provisionBackupDestination } = await import(
+			'./backup-provisioner.js'
+		);
+
+		const backupState = await provisionBackupDestination({
+			api,
+			projectId: project.projectId,
+			projectName: workspace.name,
+			stage,
+			config: workspace.deploy.backups,
+			existingState: getBackupState(state),
+			logger,
+		});
+
+		// Save backup state
+		setBackupState(state, backupState);
+
+		// Create backup schedule for postgres if not already configured
+		if (!backupState.postgresBackupId) {
+			const backupSchedule = workspace.deploy.backups.schedule ?? '0 2 * * *';
+			const backupRetention = workspace.deploy.backups.retention ?? 30;
+
+			logger.log('   Creating postgres backup schedule...');
+			const backup = await api.createPostgresBackup({
+				schedule: backupSchedule,
+				prefix: `${stage}/postgres`,
+				destinationId: backupState.destinationId,
+				database: provisionedPostgres.databaseName,
+				postgresId: provisionedPostgres.postgresId,
+				enabled: true,
+				keepLatestCount: backupRetention,
+			});
+			setPostgresBackupId(state, backup.backupId);
+			logger.log(`   ✓ Postgres backup schedule created (${backupSchedule})`);
+		} else {
+			logger.log('   ✓ Using existing postgres backup schedule');
+		}
+	}
+
 	// Track deployed app public URLs for frontend builds
 	const publicUrls: Record<string, string> = {};
 	const results: AppDeployResult[] = [];
@@ -1576,13 +1629,71 @@ export async function workspaceDeployCommand(
 				// Store application ID in state
 				setApplicationId(state, appName, application.applicationId);
 
-				// Generate public URL build args from dependencies
-				const buildArgs = generatePublicUrlBuildArgs(app, publicUrls);
+				// Build dependency URLs for frontend (same pattern as backend)
+				const dependencyUrls: Record<string, string> = {};
+				if (app.dependencies) {
+					for (const dep of app.dependencies) {
+						if (publicUrls[dep]) {
+							dependencyUrls[dep] = publicUrls[dep];
+						}
+					}
+				}
+
+				// Compute hostname for this frontend app
+				const isMainFrontend = isMainFrontendApp(appName, app, workspace.apps);
+				const frontendHost = resolveHost(
+					appName,
+					app,
+					stage,
+					dokployConfig,
+					isMainFrontend,
+				);
+
+				// Build env context for frontend
+				const envContext: EnvResolverContext = {
+					app,
+					appName,
+					stage,
+					state,
+					appHostname: frontendHost,
+					frontendUrls: [],
+					userSecrets: stageSecrets ?? undefined,
+					dependencyUrls,
+				};
+
+				// Resolve all env vars BEFORE Docker build (NEXT_PUBLIC_* must be present at build time)
+				const sniffedVars = sniffedApps.get(appName)?.requiredEnvVars ?? [];
+				const { valid, missing, resolved } = validateEnvVars(
+					sniffedVars,
+					envContext,
+				);
+
+				if (!valid) {
+					throw new Error(formatMissingVarsError(appName, missing, stage));
+				}
+
+				if (Object.keys(resolved).length > 0) {
+					logger.log(
+						`      Resolved ${Object.keys(resolved).length} env vars: ${Object.keys(resolved).join(', ')}`,
+					);
+				}
+
+				// Build args: all NEXT_PUBLIC_* vars must be present at Next.js build time
+				const buildArgs: string[] = [];
+				const publicUrlArgNames: string[] = [];
+
+				for (const [key, value] of Object.entries(resolved)) {
+					if (key.startsWith('NEXT_PUBLIC_')) {
+						buildArgs.push(`${key}=${value}`);
+						publicUrlArgNames.push(key);
+					}
+				}
+
 				if (buildArgs.length > 0) {
-					logger.log(`      Public URLs: ${buildArgs.join(', ')}`);
+					logger.log(`      Build args: ${publicUrlArgNames.join(', ')}`);
 				}
 
-				// Build Docker image with public URLs
+				// Build Docker image with NEXT_PUBLIC_* vars as build args
 				const imageName = `${workspace.name}-${appName}`;
 				const imageRef = registry
 					? `${registry}/${imageName}:${imageTag}`
@@ -1600,17 +1711,22 @@ export async function workspaceDeployCommand(
 						appName,
 					},
 					buildArgs,
-					// Pass public URL arg names for Dockerfile generation
-					publicUrlArgs: getPublicUrlArgNames(app),
+					// Pass arg names for Dockerfile ARG generation
+					publicUrlArgs: publicUrlArgNames,
 				});
 
-				// Prepare environment variables - no secrets needed
+				// Prepare runtime environment variables
 				const envVars: string[] = [
 					`NODE_ENV=production`,
 					`PORT=${app.port}`,
 					`STAGE=${stage}`,
 				];
 
+				// Add all resolved vars as runtime env (for SSR and server components)
+				for (const [key, value] of Object.entries(resolved)) {
+					envVars.push(`${key}=${value}`);
+				}
+
 				// Configure and deploy application in Dokploy
 				await api.saveDockerProvider(application.applicationId, imageRef, {
 					registryId,
@@ -1624,17 +1740,7 @@ export async function workspaceDeployCommand(
 				logger.log(`      Deploying to Dokploy...`);
 				await api.deployApplication(application.applicationId);
 
-				// Create or find domain for this app
-				const isMainFrontend = isMainFrontendApp(appName, app, workspace.apps);
-				const frontendHost = resolveHost(
-					appName,
-					app,
-					stage,
-					dokployConfig,
-					isMainFrontend,
-				);
-
-				// Check if domain already exists
+				// Check if domain already exists (frontendHost computed earlier for env context)
 				const existingFrontendDomains = await api.getDomainsByApplicationId(
 					application.applicationId,
 				);

package/src/deploy/sniffer.ts

@@ -98,17 +98,49 @@ export async function sniffAppEnvironment(
 ): Promise<SniffedEnvironment> {
 	const { logWarnings = true } = options;
 
-	// 1. Frontend apps don't have server-side secrets
+	// 1. Frontend apps - handle dependencies and config sniffing
 	if (app.type === 'frontend') {
-		return { appName, requiredEnvVars: [] };
-	}
+		// Auto-generate NEXT_PUBLIC_{DEP}_URL from dependencies
+		const depVars = (app.dependencies ?? []).map(
+			(dep) => `NEXT_PUBLIC_${dep.toUpperCase()}_URL`,
+		);
+
+		// If config specified, sniff by importing the file(s)
+		// The file calls .parse() at module load, which triggers sniffer to capture vars
+		if (app.config) {
+			const sniffedVars: string[] = [];
+
+			// Collect config paths to sniff
+			const configPaths: string[] = [];
+			if (app.config.client) configPaths.push(app.config.client);
+			if (app.config.server) configPaths.push(app.config.server);
+
+			// Sniff each config file
+			for (const configPath of configPaths) {
+				const result = await sniffEntryFile(
+					configPath,
+					app.path,
+					workspacePath,
+				);
+
+				if (logWarnings && result.error) {
+					console.warn(
+						`[sniffer] ${appName}: Config file "${configPath}" threw error during sniffing (env vars still captured): ${result.error.message}`,
+					);
+				}
+
+				sniffedVars.push(...result.envVars);
+			}
+
+			// Combine: dependency vars + sniffed vars (deduplicated)
+			const allVars = [...new Set([...depVars, ...sniffedVars])];
+			return { appName, requiredEnvVars: allVars };
+		}
 
-	// 2. Entry-based apps with explicit env list
-	if (app.requiredEnv && app.requiredEnv.length > 0) {
-		return { appName, requiredEnvVars: [...app.requiredEnv] };
+		return { appName, requiredEnvVars: depVars };
 	}
 
-	// 3. Entry apps - import entry file in subprocess to trigger config.parse()
+	// 2. Entry apps - import entry file in subprocess to trigger config.parse()
 	if (app.entry) {
 		const result = await sniffEntryFile(app.entry, app.path, workspacePath);