npm - @geekmidas/cli - Versions diffs - 1.4.0 → 1.5.1 - Mend

@geekmidas/cli 1.4.0 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

package/CHANGELOG.md +12 -0
package/dist/{HostingerProvider-B9N-TKbp.mjs → HostingerProvider-402UdK89.mjs} +34 -1
package/dist/HostingerProvider-402UdK89.mjs.map +1 -0
package/dist/{HostingerProvider-DUV9-Tzg.cjs → HostingerProvider-BiXdHjiq.cjs} +34 -1
package/dist/HostingerProvider-BiXdHjiq.cjs.map +1 -0
package/dist/{Route53Provider-DOWmFnwN.mjs → Route53Provider-DbBo7Uz5.mjs} +55 -2
package/dist/Route53Provider-DbBo7Uz5.mjs.map +1 -0
package/dist/{Route53Provider-xrWuBXih.cjs → Route53Provider-kfJ77LmL.cjs} +55 -2
package/dist/Route53Provider-kfJ77LmL.cjs.map +1 -0
package/dist/backup-provisioner-B5e-F6zX.cjs +164 -0
package/dist/backup-provisioner-B5e-F6zX.cjs.map +1 -0
package/dist/backup-provisioner-BIArpmTr.mjs +163 -0
package/dist/backup-provisioner-BIArpmTr.mjs.map +1 -0
package/dist/{config-C1dM7aZb.cjs → config-BYn5yUt5.cjs} +2 -2
package/dist/{config-C1dM7aZb.cjs.map → config-BYn5yUt5.cjs.map} +1 -1
package/dist/{config-C1bidhvG.mjs → config-dLNQIvDR.mjs} +2 -2
package/dist/{config-C1bidhvG.mjs.map → config-dLNQIvDR.mjs.map} +1 -1
package/dist/config.cjs +2 -2
package/dist/config.d.cts +1 -1
package/dist/config.d.mts +2 -2
package/dist/config.mjs +2 -2
package/dist/{dokploy-api-z0833e7r.mjs → dokploy-api-2ldYoN3i.mjs} +131 -1
package/dist/dokploy-api-2ldYoN3i.mjs.map +1 -0
package/dist/dokploy-api-C93pveuy.mjs +3 -0
package/dist/dokploy-api-CbDh4o93.cjs +3 -0
package/dist/{dokploy-api-CQvhV6Hd.cjs → dokploy-api-DLgvEQlr.cjs} +131 -1
package/dist/dokploy-api-DLgvEQlr.cjs.map +1 -0
package/dist/{index-DzmZ6SUW.d.cts → index-Ba21_lNt.d.cts} +157 -29
package/dist/index-Ba21_lNt.d.cts.map +1 -0
package/dist/{index-DvpWzLD7.d.mts → index-Bj5VNxEL.d.mts} +158 -30
package/dist/index-Bj5VNxEL.d.mts.map +1 -0
package/dist/index.cjs +219 -68
package/dist/index.cjs.map +1 -1
package/dist/index.mjs +219 -68
package/dist/index.mjs.map +1 -1
package/dist/{openapi-9k6a6VA4.mjs → openapi-CMTyaIJJ.mjs} +2 -2
package/dist/{openapi-9k6a6VA4.mjs.map → openapi-CMTyaIJJ.mjs.map} +1 -1
package/dist/{openapi-Dcja4e1C.cjs → openapi-CqblwJZ4.cjs} +2 -2
package/dist/{openapi-Dcja4e1C.cjs.map → openapi-CqblwJZ4.cjs.map} +1 -1
package/dist/openapi.cjs +3 -3
package/dist/openapi.d.mts +1 -1
package/dist/openapi.mjs +3 -3
package/dist/{types-B9UZ7fOG.d.mts → types-CZg5iUgD.d.mts} +1 -1
package/dist/{types-B9UZ7fOG.d.mts.map → types-CZg5iUgD.d.mts.map} +1 -1
package/dist/workspace/index.cjs +1 -1
package/dist/workspace/index.d.cts +1 -1
package/dist/workspace/index.d.mts +2 -2
package/dist/workspace/index.mjs +1 -1
package/dist/{workspace-CeFgIDC-.cjs → workspace-DIMnYaYt.cjs} +20 -2
package/dist/{workspace-CeFgIDC-.cjs.map → workspace-DIMnYaYt.cjs.map} +1 -1
package/dist/{workspace-Cb_I7oCJ.mjs → workspace-Dy8k7Wru.mjs} +20 -2
package/dist/{workspace-Cb_I7oCJ.mjs.map → workspace-Dy8k7Wru.mjs.map} +1 -1
package/examples/cron-example.ts +6 -6
package/examples/function-example.ts +1 -1
package/package.json +7 -5
package/src/deploy/__tests__/Route53Provider.spec.ts +23 -0
package/src/deploy/__tests__/backup-provisioner.spec.ts +428 -0
package/src/deploy/__tests__/createDnsProvider.spec.ts +23 -0
package/src/deploy/__tests__/env-resolver.spec.ts +239 -0
package/src/deploy/__tests__/sniffer.spec.ts +104 -93
package/src/deploy/__tests__/undeploy.spec.ts +758 -0
package/src/deploy/backup-provisioner.ts +316 -0
package/src/deploy/dns/DnsProvider.ts +39 -1
package/src/deploy/dns/HostingerProvider.ts +74 -0
package/src/deploy/dns/Route53Provider.ts +85 -1
package/src/deploy/dns/index.ts +25 -0
package/src/deploy/dokploy-api.ts +237 -0
package/src/deploy/env-resolver.ts +11 -1
package/src/deploy/index.ts +143 -37
package/src/deploy/sniffer.ts +39 -7
package/src/deploy/state.ts +171 -0
package/src/deploy/undeploy.ts +407 -0
package/src/generators/FunctionGenerator.ts +1 -1
package/src/init/generators/monorepo.ts +4 -0
package/src/init/generators/web.ts +45 -2
package/src/init/versions.ts +2 -2
package/src/workspace/schema.ts +34 -0
package/src/workspace/types.ts +37 -37
package/dist/HostingerProvider-B9N-TKbp.mjs.map +0 -1
package/dist/HostingerProvider-DUV9-Tzg.cjs.map +0 -1
package/dist/Route53Provider-DOWmFnwN.mjs.map +0 -1
package/dist/Route53Provider-xrWuBXih.cjs.map +0 -1
package/dist/dokploy-api-CQvhV6Hd.cjs.map +0 -1
package/dist/dokploy-api-CWc02yyg.cjs +0 -3
package/dist/dokploy-api-DSJYNx88.mjs +0 -3
package/dist/dokploy-api-z0833e7r.mjs.map +0 -1
package/dist/index-DvpWzLD7.d.mts.map +0 -1
package/dist/index-DzmZ6SUW.d.cts.map +0 -1

package/src/deploy/state.ts CHANGED Viewed

@@ -24,6 +24,48 @@ export interface DnsVerificationRecord {
 	verifiedAt: string;
 }
+/**
+ * A DNS record that was created during deploy
+ */
+export interface CreatedDnsRecord {
+	/** The domain this record belongs to (e.g., 'example.com') */
+	domain: string;
+	/** Record name/subdomain (e.g., 'api' or '@' for root) */
+	name: string;
+	/** Record type (A, CNAME, etc.) */
+	type: string;
+	/** Record value (IP address, hostname, etc.) */
+	value: string;
+	/** TTL in seconds */
+	ttl: number;
+	/** When this record was created */
+	createdAt: string;
+}
+/**
+ * Backup destination state
+ */
+export interface BackupState {
+	/** S3 bucket name for backups */
+	bucketName: string;
+	/** S3 bucket ARN */
+	bucketArn: string;
+	/** IAM user name created for backup access */
+	iamUserName: string;
+	/** IAM access key ID */
+	iamAccessKeyId: string;
+	/** IAM secret access key */
+	iamSecretAccessKey: string;
+	/** Dokploy destination ID */
+	destinationId: string;
+	/** Dokploy backup schedule ID for postgres (if configured) */
+	postgresBackupId?: string;
+	/** AWS region where bucket was created */
+	region: string;
+	/** Timestamp when backup was configured */
+	createdAt: string;
+}
 /**
  * State for a single stage deployment
  */
@@ -44,6 +86,10 @@ export interface DokployStageState {
 	generatedSecrets?: Record<string, Record<string, string>>;
 	/** DNS verification state per hostname */
 	dnsVerified?: Record<string, DnsVerificationRecord>;
+	/** DNS records created during deploy (keyed by "name:type", e.g., "api:A") */
+	dnsRecords?: Record<string, CreatedDnsRecord>;
+	/** Backup destination state */
+	backups?: BackupState;
 	lastDeployedAt: string;
 }
@@ -309,3 +355,128 @@ export function getAllDnsVerifications(
 ): Record<string, DnsVerificationRecord> {
 	return state?.dnsVerified ?? {};
 }
+// ============================================================================
+// DNS Records
+// ============================================================================
+/**
+ * Get the key for a DNS record in state
+ */
+function getDnsRecordKey(name: string, type: string): string {
+	return `${name}:${type}`;
+}
+/**
+ * Get a created DNS record from state
+ */
+export function getDnsRecord(
+	state: DokployStageState | null,
+	name: string,
+	type: string,
+): CreatedDnsRecord | undefined {
+	return state?.dnsRecords?.[getDnsRecordKey(name, type)];
+}
+/**
+ * Set a created DNS record in state (mutates state)
+ */
+export function setDnsRecord(
+	state: DokployStageState,
+	record: Omit<CreatedDnsRecord, 'createdAt'>,
+): void {
+	if (!state.dnsRecords) {
+		state.dnsRecords = {};
+	}
+	const key = getDnsRecordKey(record.name, record.type);
+	state.dnsRecords[key] = {
+		...record,
+		createdAt: new Date().toISOString(),
+	};
+}
+/**
+ * Remove a DNS record from state (mutates state)
+ */
+export function removeDnsRecord(
+	state: DokployStageState,
+	name: string,
+	type: string,
+): void {
+	if (state.dnsRecords) {
+		delete state.dnsRecords[getDnsRecordKey(name, type)];
+	}
+}
+/**
+ * Get all created DNS records from state
+ */
+export function getAllDnsRecords(
+	state: DokployStageState | null,
+): CreatedDnsRecord[] {
+	if (!state?.dnsRecords) {
+		return [];
+	}
+	return Object.values(state.dnsRecords);
+}
+/**
+ * Clear all DNS records from state (mutates state)
+ */
+export function clearDnsRecords(state: DokployStageState): void {
+	state.dnsRecords = {};
+	state.dnsVerified = {};
+}
+// ============================================================================
+// Backup State
+// ============================================================================
+/**
+ * Get backup state from state
+ */
+export function getBackupState(
+	state: DokployStageState | null,
+): BackupState | undefined {
+	return state?.backups;
+}
+/**
+ * Set backup state (mutates state)
+ */
+export function setBackupState(
+	state: DokployStageState,
+	backupState: BackupState,
+): void {
+	state.backups = backupState;
+}
+/**
+ * Get backup destination ID from state
+ */
+export function getBackupDestinationId(
+	state: DokployStageState | null,
+): string | undefined {
+	return state?.backups?.destinationId;
+}
+/**
+ * Get postgres backup ID from state
+ */
+export function getPostgresBackupId(
+	state: DokployStageState | null,
+): string | undefined {
+	return state?.backups?.postgresBackupId;
+}
+/**
+ * Set postgres backup ID in state (mutates state)
+ */
+export function setPostgresBackupId(
+	state: DokployStageState,
+	backupId: string,
+): void {
+	if (state.backups) {
+		state.backups.postgresBackupId = backupId;
+	}
+}

package/src/deploy/undeploy.ts ADDED Viewed

@@ -0,0 +1,407 @@
+/**
+ * Undeploy - Remove deployed resources from Dokploy
+ *
+ * Deletes applications, services (postgres, redis), DNS records, and optionally the project.
+ * Also handles cleanup of backup resources if configured.
+ */
+import type { DnsProvider } from './dns/DnsProvider.js';
+import type { DokployApi } from './dokploy-api.js';
+import type { BackupState, DokployStageState } from './state.js';
+import { getAllDnsRecords } from './state.js';
+export interface UndeployOptions {
+	/** Dokploy API client */
+	api: DokployApi;
+	/** Deploy state for the stage */
+	state: DokployStageState;
+	/** DNS provider for deleting DNS records (optional) */
+	dnsProvider?: DnsProvider;
+	/** Whether to delete the Dokploy project (default: false) */
+	deleteProject?: boolean;
+	/** Whether to delete backup resources (S3 bucket, IAM user) - default: false */
+	deleteBackups?: boolean;
+	/** AWS endpoint override (for testing with LocalStack) */
+	awsEndpoint?: string;
+	/** Logger for progress output */
+	logger: { log: (msg: string) => void };
+}
+export interface UndeployResult {
+	/** Applications that were deleted */
+	deletedApplications: string[];
+	/** Whether postgres was deleted */
+	deletedPostgres: boolean;
+	/** Whether redis was deleted */
+	deletedRedis: boolean;
+	/** Whether the project was deleted */
+	deletedProject: boolean;
+	/** Whether backup destination was deleted */
+	deletedBackupDestination: boolean;
+	/** Whether AWS backup resources were deleted */
+	deletedAwsBackupResources: boolean;
+	/** DNS records that were deleted (name:type format) */
+	deletedDnsRecords: string[];
+	/** Updated state after undeploy (with deleted resources removed) */
+	updatedState: DokployStageState;
+	/** Errors encountered during undeploy (non-fatal) */
+	errors: string[];
+}
+/**
+ * Undeploy resources from Dokploy
+ *
+ * Executes in order:
+ * 1. Run final backup (if backup is configured)
+ * 2. Delete DNS records (if DNS provider is available)
+ * 3. Delete backup schedules
+ * 4. Delete applications
+ * 5. Delete postgres database
+ * 6. Delete redis instance
+ * 7. Delete backup destination
+ * 8. Delete AWS backup resources (if deleteBackups is true)
+ * 9. Delete project (if deleteProject is true)
+ *
+ * Returns the updated state with deleted resources removed.
+ */
+export async function undeploy(
+	options: UndeployOptions,
+): Promise<UndeployResult> {
+	const {
+		api,
+		state,
+		dnsProvider,
+		deleteProject = false,
+		deleteBackups = false,
+		awsEndpoint,
+		logger,
+	} = options;
+	// Create a mutable copy of the state to track deletions
+	const updatedState: DokployStageState = JSON.parse(JSON.stringify(state));
+	const result: UndeployResult = {
+		deletedApplications: [],
+		deletedPostgres: false,
+		deletedRedis: false,
+		deletedProject: false,
+		deletedBackupDestination: false,
+		deletedAwsBackupResources: false,
+		deletedDnsRecords: [],
+		updatedState,
+		errors: [],
+	};
+	// 1. Run a final backup before undeploying (if backup is configured)
+	if (state.backups?.postgresBackupId) {
+		try {
+			logger.log('   Running final postgres backup before undeploy...');
+			await api.runBackupManually(state.backups.postgresBackupId);
+			logger.log('   ✓ Final backup triggered');
+		} catch (error) {
+			const msg = `Failed to run final backup: ${error}`;
+			logger.log(`   ⚠ ${msg}`);
+			result.errors.push(msg);
+		}
+	}
+	// 2. Delete DNS records (if DNS provider is available)
+	if (dnsProvider) {
+		const dnsRecords = getAllDnsRecords(state);
+		if (dnsRecords.length > 0) {
+			// Group records by domain
+			const recordsByDomain = new Map<
+				string,
+				Array<{ name: string; type: string }>
+			>();
+			for (const record of dnsRecords) {
+				const existing = recordsByDomain.get(record.domain) ?? [];
+				existing.push({ name: record.name, type: record.type });
+				recordsByDomain.set(record.domain, existing);
+			}
+			for (const [domain, records] of recordsByDomain) {
+				try {
+					logger.log(
+						`   Deleting ${records.length} DNS record(s) for ${domain}...`,
+					);
+					const deleteResults = await dnsProvider.deleteRecords(
+						domain,
+						records.map((r) => ({
+							name: r.name,
+							type: r.type as
+								| 'A'
+								| 'AAAA'
+								| 'CNAME'
+								| 'MX'
+								| 'TXT'
+								| 'SRV'
+								| 'CAA',
+						})),
+					);
+					for (const deleteResult of deleteResults) {
+						const key = `${deleteResult.record.name}:${deleteResult.record.type}`;
+						if (deleteResult.deleted || deleteResult.notFound) {
+							result.deletedDnsRecords.push(key);
+							// Remove from state
+							if (updatedState.dnsRecords) {
+								delete updatedState.dnsRecords[key];
+							}
+							if (updatedState.dnsVerified) {
+								// Find and remove hostname from dnsVerified
+								const hostname =
+									deleteResult.record.name === '@'
+										? domain
+										: `${deleteResult.record.name}.${domain}`;
+								delete updatedState.dnsVerified[hostname];
+							}
+							logger.log(`   ✓ DNS record ${key} deleted`);
+						} else if (deleteResult.error) {
+							const msg = `Failed to delete DNS record ${key}: ${deleteResult.error}`;
+							logger.log(`   ⚠ ${msg}`);
+							result.errors.push(msg);
+						}
+					}
+				} catch (error) {
+					const msg = `Failed to delete DNS records for ${domain}: ${error}`;
+					logger.log(`   ⚠ ${msg}`);
+					result.errors.push(msg);
+				}
+			}
+		}
+	}
+	// 3. Delete backup schedules (before deleting postgres)
+	if (state.backups?.postgresBackupId) {
+		try {
+			logger.log('   Deleting postgres backup schedule...');
+			await api.deleteBackup(state.backups.postgresBackupId);
+			if (updatedState.backups) {
+				delete updatedState.backups.postgresBackupId;
+			}
+			logger.log('   ✓ Backup schedule deleted');
+		} catch (error) {
+			const msg = `Failed to delete backup schedule: ${error}`;
+			logger.log(`   ⚠ ${msg}`);
+			result.errors.push(msg);
+		}
+	}
+	// 4. Delete all applications
+	for (const [appName, applicationId] of Object.entries(state.applications)) {
+		try {
+			logger.log(`   Deleting application: ${appName}...`);
+			await api.deleteApplication(applicationId);
+			result.deletedApplications.push(appName);
+			delete updatedState.applications[appName];
+			// Also remove app credentials and generated secrets
+			if (updatedState.appCredentials) {
+				delete updatedState.appCredentials[appName];
+			}
+			if (updatedState.generatedSecrets) {
+				delete updatedState.generatedSecrets[appName];
+			}
+			logger.log(`   ✓ Application ${appName} deleted`);
+		} catch (error) {
+			const msg = `Failed to delete application ${appName}: ${error}`;
+			logger.log(`   ⚠ ${msg}`);
+			result.errors.push(msg);
+		}
+	}
+	// 5. Delete postgres if exists
+	if (state.services.postgresId) {
+		try {
+			logger.log('   Deleting postgres database...');
+			await api.deletePostgres(state.services.postgresId);
+			result.deletedPostgres = true;
+			delete updatedState.services.postgresId;
+			logger.log('   ✓ Postgres deleted');
+		} catch (error) {
+			const msg = `Failed to delete postgres: ${error}`;
+			logger.log(`   ⚠ ${msg}`);
+			result.errors.push(msg);
+		}
+	}
+	// 6. Delete redis if exists
+	if (state.services.redisId) {
+		try {
+			logger.log('   Deleting redis instance...');
+			await api.deleteRedis(state.services.redisId);
+			result.deletedRedis = true;
+			delete updatedState.services.redisId;
+			logger.log('   ✓ Redis deleted');
+		} catch (error) {
+			const msg = `Failed to delete redis: ${error}`;
+			logger.log(`   ⚠ ${msg}`);
+			result.errors.push(msg);
+		}
+	}
+	// 7. Delete backup destination from Dokploy
+	if (state.backups?.destinationId) {
+		try {
+			logger.log('   Deleting backup destination...');
+			await api.deleteDestination(state.backups.destinationId);
+			result.deletedBackupDestination = true;
+			logger.log('   ✓ Backup destination deleted');
+		} catch (error) {
+			const msg = `Failed to delete backup destination: ${error}`;
+			logger.log(`   ⚠ ${msg}`);
+			result.errors.push(msg);
+		}
+	}
+	// 8. Delete AWS backup resources if requested
+	if (deleteBackups && state.backups) {
+		try {
+			logger.log('   Deleting AWS backup resources...');
+			await deleteAwsBackupResources(state.backups, awsEndpoint, logger);
+			result.deletedAwsBackupResources = true;
+			// Clear backup state entirely
+			delete updatedState.backups;
+			logger.log('   ✓ AWS backup resources deleted');
+		} catch (error) {
+			const msg = `Failed to delete AWS backup resources: ${error}`;
+			logger.log(`   ⚠ ${msg}`);
+			result.errors.push(msg);
+		}
+	}
+	// 9. Delete project if requested
+	if (deleteProject) {
+		try {
+			logger.log('   Deleting Dokploy project...');
+			await api.deleteProject(state.projectId);
+			result.deletedProject = true;
+			logger.log('   ✓ Project deleted');
+		} catch (error) {
+			const msg = `Failed to delete project: ${error}`;
+			logger.log(`   ⚠ ${msg}`);
+			result.errors.push(msg);
+		}
+	}
+	return result;
+}
+/**
+ * Delete AWS backup resources (S3 bucket, IAM user)
+ */
+async function deleteAwsBackupResources(
+	backupState: BackupState,
+	awsEndpoint?: string,
+	logger?: { log: (msg: string) => void },
+): Promise<void> {
+	const {
+		S3Client,
+		DeleteBucketCommand,
+		DeleteObjectsCommand,
+		ListObjectsV2Command,
+	} = await import('@aws-sdk/client-s3');
+	const {
+		IAMClient,
+		DeleteAccessKeyCommand,
+		DeleteUserCommand,
+		DeleteUserPolicyCommand,
+		ListAccessKeysCommand,
+	} = await import('@aws-sdk/client-iam');
+	const clientConfig: {
+		region: string;
+		endpoint?: string;
+		forcePathStyle?: boolean;
+		credentials?: { accessKeyId: string; secretAccessKey: string };
+	} = {
+		region: backupState.region,
+	};
+	if (awsEndpoint) {
+		clientConfig.endpoint = awsEndpoint;
+		clientConfig.forcePathStyle = true;
+		clientConfig.credentials = {
+			accessKeyId: 'test',
+			secretAccessKey: 'test',
+		};
+	}
+	const s3 = new S3Client(clientConfig);
+	const iam = new IAMClient(clientConfig);
+	try {
+		// Delete all objects in the bucket first
+		logger?.log(`      Emptying bucket: ${backupState.bucketName}`);
+		let continuationToken: string | undefined;
+		do {
+			const listResult = await s3.send(
+				new ListObjectsV2Command({
+					Bucket: backupState.bucketName,
+					ContinuationToken: continuationToken,
+				}),
+			);
+			if (listResult.Contents?.length) {
+				await s3.send(
+					new DeleteObjectsCommand({
+						Bucket: backupState.bucketName,
+						Delete: {
+							Objects: listResult.Contents.map((o) => ({ Key: o.Key })),
+						},
+					}),
+				);
+			}
+			continuationToken = listResult.NextContinuationToken;
+		} while (continuationToken);
+		// Delete the bucket
+		logger?.log(`      Deleting bucket: ${backupState.bucketName}`);
+		await s3.send(new DeleteBucketCommand({ Bucket: backupState.bucketName }));
+	} catch (error) {
+		// Bucket might not exist, continue with IAM cleanup
+		logger?.log(`      Warning: Could not delete bucket: ${error}`);
+	}
+	try {
+		// Delete all access keys for the IAM user
+		logger?.log(
+			`      Deleting IAM access keys for: ${backupState.iamUserName}`,
+		);
+		const keysResult = await iam.send(
+			new ListAccessKeysCommand({ UserName: backupState.iamUserName }),
+		);
+		for (const key of keysResult.AccessKeyMetadata ?? []) {
+			await iam.send(
+				new DeleteAccessKeyCommand({
+					UserName: backupState.iamUserName,
+					AccessKeyId: key.AccessKeyId,
+				}),
+			);
+		}
+		// Delete the user policy
+		logger?.log(`      Deleting IAM policy for: ${backupState.iamUserName}`);
+		await iam.send(
+			new DeleteUserPolicyCommand({
+				UserName: backupState.iamUserName,
+				PolicyName: 'DokployBackupAccess',
+			}),
+		);
+		// Delete the IAM user
+		logger?.log(`      Deleting IAM user: ${backupState.iamUserName}`);
+		await iam.send(
+			new DeleteUserCommand({ UserName: backupState.iamUserName }),
+		);
+	} catch (error) {
+		// IAM user might not exist
+		logger?.log(`      Warning: Could not delete IAM user: ${error}`);
+	}
+	s3.destroy();
+	iam.destroy();
+}

package/src/generators/FunctionGenerator.ts CHANGED Viewed

@@ -99,7 +99,7 @@ export class FunctionGenerator extends ConstructGenerator<
 			context.loggerPath,
 		);
-		const content = `import { AWSLambdaFunction } from '@geekmidas/constructs/functions';
+		const content = `import { AWSLambdaFunction } from '@geekmidas/constructs/aws';
 import { ${exportName} } from '${importPath}';
 import ${context.envParserImportPattern} from '${relativeEnvParserPath}';
 import ${context.loggerImportPattern} from '${relativeLoggerPath}';

package/src/init/generators/monorepo.ts CHANGED Viewed

@@ -373,6 +373,10 @@ export default defineWorkspace({
       path: 'apps/web',
       port: 3001,
       dependencies: ['api', 'auth'],
+      config: {
+        client: './src/config/client.ts',
+        server: './src/config/server.ts',
+      },
       client: {
         output: './src/api',
       },

package/src/init/generators/web.ts CHANGED Viewed

@@ -133,12 +133,46 @@ export function getQueryClient() {
 }
 `;
+	// Client config - NEXT_PUBLIC_* vars (available in browser)
+	const clientConfigTs = `import { EnvironmentParser } from '@geekmidas/envkit';
+// Client config - only NEXT_PUBLIC_* vars (available in browser)
+// These values are inlined at build time by Next.js
+const envParser = new EnvironmentParser({
+  NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL,
+  NEXT_PUBLIC_AUTH_URL: process.env.NEXT_PUBLIC_AUTH_URL,
+});
+export const clientConfig = envParser
+  .create((get) => ({
+    apiUrl: get('NEXT_PUBLIC_API_URL').string(),
+    authUrl: get('NEXT_PUBLIC_AUTH_URL').string(),
+  }))
+  .parse();
+`;
+	// Server config - server-only vars (not available in browser)
+	const serverConfigTs = `import { EnvironmentParser } from '@geekmidas/envkit';
+// Server config - all env vars (server-side only, not exposed to browser)
+// Access these only in Server Components, Route Handlers, or Server Actions
+const envParser = new EnvironmentParser({ ...process.env });
+export const serverConfig = envParser
+  .create((get) => ({
+    // Add server-only secrets here
+    // Example: stripeSecretKey: get('STRIPE_SECRET_KEY').string(),
+  }))
+  .parse();
+`;
 	// Auth client for better-auth
 	const authClientTs = `import { createAuthClient } from 'better-auth/react';
 import { magicLinkClient } from 'better-auth/client/plugins';
+import { clientConfig } from '~/config/client';
 export const authClient = createAuthClient({
-  baseURL: process.env.NEXT_PUBLIC_AUTH_URL || 'http://localhost:3002',
+  baseURL: clientConfig.authUrl,
   plugins: [magicLinkClient()],
 });
@@ -163,9 +197,10 @@ export function Providers({ children }: { children: React.ReactNode }) {
 	// API client setup - uses createApi with shared QueryClient
 	const apiIndexTs = `import { createApi } from './openapi';
 import { getQueryClient } from '~/lib/query-client';
+import { clientConfig } from '~/config/client';
 export const api = createApi({
-  baseURL: process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3000',
+  baseURL: clientConfig.apiUrl,
   queryClient: getQueryClient(),
 });
 `;
@@ -295,6 +330,14 @@ node_modules/
 			path: 'apps/web/src/app/page.tsx',
 			content: pageTsx,
 		},
+		{
+			path: 'apps/web/src/config/client.ts',
+			content: clientConfigTs,
+		},
+		{
+			path: 'apps/web/src/config/server.ts',
+			content: serverConfigTs,
+		},
 		{
 			path: 'apps/web/src/lib/query-client.ts',
 			content: queryClientTs,

package/src/init/versions.ts CHANGED Viewed

@@ -32,10 +32,10 @@ export const GEEKMIDAS_VERSIONS = {
 	'@geekmidas/cache': '~1.0.0',
 	'@geekmidas/client': '~1.0.0',
 	'@geekmidas/cloud': '~1.0.0',
-	'@geekmidas/constructs': '~1.0.0',
+	'@geekmidas/constructs': '~1.0.4',
 	'@geekmidas/db': '~1.0.0',
 	'@geekmidas/emailkit': '~1.0.0',
-	'@geekmidas/envkit': '~1.0.0',
+	'@geekmidas/envkit': '~1.0.1',
 	'@geekmidas/errors': '~1.0.0',
 	'@geekmidas/events': '~1.0.0',
 	'@geekmidas/logger': '~1.0.0',