@geekmidas/cli 1.4.0 → 1.5.1

package/dist/index.cjs

@@ -1,11 +1,11 @@
 #!/usr/bin/env -S npx tsx
 const require_chunk = require('./chunk-CUT6urMc.cjs');
-const require_workspace = require('./workspace-CeFgIDC-.cjs');
-const require_config = require('./config-C1dM7aZb.cjs');
+const require_workspace = require('./workspace-DIMnYaYt.cjs');
+const require_config = require('./config-BYn5yUt5.cjs');
 const require_credentials = require('./credentials-C8DWtnMY.cjs');
-const require_openapi = require('./openapi-Dcja4e1C.cjs');
+const require_openapi = require('./openapi-CqblwJZ4.cjs');
 const require_storage = require('./storage-CoCNe0Pt.cjs');
-const require_dokploy_api = require('./dokploy-api-CQvhV6Hd.cjs');
+const require_dokploy_api = require('./dokploy-api-DLgvEQlr.cjs');
 const require_encryption = require('./encryption-BE0UOb8j.cjs');
 const require_CachedStateProvider = require('./CachedStateProvider-D73dCqfH.cjs');
 const require_openapi_react_query = require('./openapi-react-query-BeXvk-wa.cjs');
@@ -32,7 +32,7 @@ const prompts = require_chunk.__toESM(require("prompts"));
 
 //#region package.json
 var name = "@geekmidas/cli";
-var version = "1.3.0";
+var version = "1.5.0";
 var description = "CLI tools for building Lambda handlers, server applications, and generating OpenAPI specs";
 var private$1 = false;
 var type = "module";
@@ -78,7 +78,9 @@ var repository = {
 };
 var dependencies = {
 	"@apidevtools/swagger-parser": "^10.1.0",
+	"@aws-sdk/client-iam": "~3.971.0",
 	"@aws-sdk/client-route-53": "~3.971.0",
+	"@aws-sdk/client-s3": "~3.971.0",
 	"@aws-sdk/client-ssm": "~3.971.0",
 	"@aws-sdk/credential-providers": "~3.971.0",
 	"@geekmidas/constructs": "workspace:~",
@@ -132,7 +134,7 @@ const logger$11 = console;
 * Validate Dokploy token by making a test API call
 */
 async function validateDokployToken(endpoint, token) {
-	const { DokployApi: DokployApi$1 } = await Promise.resolve().then(() => require("./dokploy-api-CWc02yyg.cjs"));
+	const { DokployApi: DokployApi$1 } = await Promise.resolve().then(() => require("./dokploy-api-CbDh4o93.cjs"));
 	const api = new DokployApi$1({
 		baseUrl: endpoint,
 		token
@@ -417,7 +419,7 @@ var FunctionGenerator = class extends require_openapi.ConstructGenerator {
 		const importPath = relativePath.replace(/\.ts$/, ".js");
 		const relativeEnvParserPath = (0, node_path.relative)((0, node_path.dirname)(handlerPath), context.envParserPath);
 		const relativeLoggerPath = (0, node_path.relative)((0, node_path.dirname)(handlerPath), context.loggerPath);
-		const content = `import { AWSLambdaFunction } from '@geekmidas/constructs/functions';
+		const content = `import { AWSLambdaFunction } from '@geekmidas/constructs/aws';
 import { ${exportName} } from '${importPath}';
 import ${context.envParserImportPattern} from '${relativeEnvParserPath}';
 import ${context.loggerImportPattern} from '${relativeLoggerPath}';
@@ -2176,6 +2178,41 @@ function isDnsVerified(state, hostname, serverIp) {
 	const record = state?.dnsVerified?.[hostname];
 	return record?.serverIp === serverIp;
 }
+/**
+* Get the key for a DNS record in state
+*/
+function getDnsRecordKey(name$1, type$1) {
+	return `${name$1}:${type$1}`;
+}
+/**
+* Set a created DNS record in state (mutates state)
+*/
+function setDnsRecord(state, record) {
+	if (!state.dnsRecords) state.dnsRecords = {};
+	const key = getDnsRecordKey(record.name, record.type);
+	state.dnsRecords[key] = {
+		...record,
+		createdAt: (/* @__PURE__ */ new Date()).toISOString()
+	};
+}
+/**
+* Get backup state from state
+*/
+function getBackupState(state) {
+	return state?.backups;
+}
+/**
+* Set backup state (mutates state)
+*/
+function setBackupState(state, backupState) {
+	state.backups = backupState;
+}
+/**
+* Set postgres backup ID in state (mutates state)
+*/
+function setPostgresBackupId(state, backupId) {
+	if (state.backups) state.backups.postgresBackupId = backupId;
+}
 
 //#endregion
 //#region src/deploy/dns/DnsProvider.ts
@@ -2183,7 +2220,7 @@ function isDnsVerified(state, hostname, serverIp) {
 * Check if value is a DnsProvider implementation.
 */
 function isDnsProvider(value) {
-	return typeof value === "object" && value !== null && typeof value.name === "string" && typeof value.getRecords === "function" && typeof value.upsertRecords === "function";
+	return typeof value === "object" && value !== null && typeof value.name === "string" && typeof value.getRecords === "function" && typeof value.upsertRecords === "function" && typeof value.deleteRecords === "function";
 }
 /**
 * Create a DNS provider based on configuration.
@@ -2199,11 +2236,11 @@ async function createDnsProvider(options) {
 	if (isDnsProvider(config.provider)) return config.provider;
 	const provider = config.provider;
 	if (provider === "hostinger") {
-		const { HostingerProvider } = await Promise.resolve().then(() => require("./HostingerProvider-DUV9-Tzg.cjs"));
+		const { HostingerProvider } = await Promise.resolve().then(() => require("./HostingerProvider-BiXdHjiq.cjs"));
 		return new HostingerProvider();
 	}
 	if (provider === "route53") {
-		const { Route53Provider } = await Promise.resolve().then(() => require("./Route53Provider-xrWuBXih.cjs"));
+		const { Route53Provider } = await Promise.resolve().then(() => require("./Route53Provider-kfJ77LmL.cjs"));
 		const route53Config = config;
 		return new Route53Provider({
 			region: route53Config.region,
@@ -2414,8 +2451,13 @@ async function createDnsRecordsForDomain(records, rootDomain, providerConfig) {
 * Supports both legacy single-domain format and new multi-domain format:
 * - Legacy: { provider: 'hostinger', domain: 'example.com' }
 * - Multi:  { 'example.com': { provider: 'hostinger' }, 'example.dev': { provider: 'route53' } }
+*
+* @param appHostnames - Map of app names to hostnames
+* @param dnsConfig - DNS configuration (legacy or multi-domain)
+* @param dokployEndpoint - Dokploy server endpoint to resolve IP from
+* @param state - Optional state to save created records for later deletion
 */
-async function orchestrateDns(appHostnames, dnsConfig, dokployEndpoint) {
+async function orchestrateDns(appHostnames, dnsConfig, dokployEndpoint, state) {
 	if (!dnsConfig) return null;
 	const normalizedConfig = normalizeDnsConfig(dnsConfig);
 	logger$6.log("\n🌐 Setting up DNS records...");
@@ -2461,6 +2503,15 @@ async function orchestrateDns(appHostnames, dnsConfig, dokployEndpoint) {
 			logger$6.log(`   ⚠ ${failed} record(s) failed for ${rootDomain}`);
 			hasFailures = true;
 		}
+		if (state) {
+			for (const record of domainRecords) if (record.created || record.existed) setDnsRecord(state, {
+				domain: rootDomain,
+				name: record.subdomain,
+				type: record.type,
+				value: record.value,
+				ttl: "ttl" in providerConfig && providerConfig.ttl ? providerConfig.ttl : 300
+			});
+		}
 		printDnsRecordsTable(domainRecords, rootDomain);
 		if (providerConfig.provider === "manual" || failed > 0) printDnsRecordsSimple(domainRecords.filter((r) => !r.created && !r.existed), rootDomain);
 	}
@@ -4137,33 +4188,6 @@ function isMainFrontendApp(appName, app, allApps) {
 	for (const [name$1, a] of Object.entries(allApps)) if (a.type === "frontend") return name$1 === appName;
 	return false;
 }
-/**
-* Generate public URL build args for a frontend app based on its dependencies.
-*
-* @param app - The frontend app configuration
-* @param deployedUrls - Map of app name to deployed public URL
-* @returns Array of build args like 'NEXT_PUBLIC_API_URL=https://api.example.com'
-*/
-function generatePublicUrlBuildArgs(app, deployedUrls) {
-	const buildArgs = [];
-	for (const dep of app.dependencies) {
-		const publicUrl = deployedUrls[dep];
-		if (publicUrl) {
-			const envVarName = `NEXT_PUBLIC_${dep.toUpperCase()}_URL`;
-			buildArgs.push(`${envVarName}=${publicUrl}`);
-		}
-	}
-	return buildArgs;
-}
-/**
-* Get public URL arg names from app dependencies.
-*
-* @param app - The frontend app configuration
-* @returns Array of arg names like 'NEXT_PUBLIC_API_URL'
-*/
-function getPublicUrlArgNames(app) {
-	return app.dependencies.map((dep) => `NEXT_PUBLIC_${dep.toUpperCase()}_URL`);
-}
 
 //#endregion
 //#region src/deploy/env-resolver.ts
@@ -4225,7 +4249,9 @@ function resolveEnvVar(varName, context) {
 			break;
 	}
 	if (context.dependencyUrls && varName.endsWith("_URL")) {
-		const depName = varName.slice(0, -4).toLowerCase();
+		let depName;
+		if (varName.startsWith("NEXT_PUBLIC_")) depName = varName.slice(12, -4).toLowerCase();
+		else depName = varName.slice(0, -4).toLowerCase();
 		if (context.dependencyUrls[depName]) return context.dependencyUrls[depName];
 	}
 	if (context.userSecrets) {
@@ -4637,14 +4663,29 @@ function resolveSnifferFile(baseName) {
 */
 async function sniffAppEnvironment(app, appName, workspacePath, options = {}) {
 	const { logWarnings = true } = options;
-	if (app.type === "frontend") return {
-		appName,
-		requiredEnvVars: []
-	};
-	if (app.requiredEnv && app.requiredEnv.length > 0) return {
-		appName,
-		requiredEnvVars: [...app.requiredEnv]
-	};
+	if (app.type === "frontend") {
+		const depVars = (app.dependencies ?? []).map((dep) => `NEXT_PUBLIC_${dep.toUpperCase()}_URL`);
+		if (app.config) {
+			const sniffedVars = [];
+			const configPaths = [];
+			if (app.config.client) configPaths.push(app.config.client);
+			if (app.config.server) configPaths.push(app.config.server);
+			for (const configPath of configPaths) {
+				const result = await sniffEntryFile(configPath, app.path, workspacePath);
+				if (logWarnings && result.error) console.warn(`[sniffer] ${appName}: Config file "${configPath}" threw error during sniffing (env vars still captured): ${result.error.message}`);
+				sniffedVars.push(...result.envVars);
+			}
+			const allVars = [...new Set([...depVars, ...sniffedVars])];
+			return {
+				appName,
+				requiredEnvVars: allVars
+			};
+		}
+		return {
+			appName,
+			requiredEnvVars: depVars
+		};
+	}
 	if (app.entry) {
 		const result = await sniffEntryFile(app.entry, app.path, workspacePath);
 		if (logWarnings && result.error) console.warn(`[sniffer] ${appName}: Entry file threw error during sniffing (env vars still captured): ${result.error.message}`);
@@ -5018,27 +5059,40 @@ async function initializePostgresUsers(api, postgres, serverHostname, users) {
 		for (const user of users) {
 			const schemaName = user.usePublicSchema ? "public" : user.name;
 			logger$1.log(`   Creating user "${user.name}" with schema "${schemaName}"...`);
-			await client.query(`
-				DO $$ BEGIN
-					IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${user.name}') THEN
-						CREATE USER "${user.name}" WITH PASSWORD '${user.password}';
-					ELSE
-						ALTER USER "${user.name}" WITH PASSWORD '${user.password}';
-					END IF;
-				END $$;
-			`);
-			if (user.usePublicSchema) await client.query(`
+			if (user.usePublicSchema) {
+				await client.query(`
+					DO $$ BEGIN
+						IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${user.name}') THEN
+							CREATE USER "${user.name}" WITH PASSWORD '${user.password}';
+						ELSE
+							ALTER USER "${user.name}" WITH PASSWORD '${user.password}';
+						END IF;
+					END $$;
+				`);
+				await client.query(`
 					GRANT ALL ON SCHEMA public TO "${user.name}";
 					ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO "${user.name}";
 					ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO "${user.name}";
 				`);
-			else await client.query(`
+			} else {
+				await client.query(`
+					DO $$ BEGIN
+						IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${user.name}') THEN
+							CREATE USER "${user.name}" WITH PASSWORD '${user.password}';
+						ELSE
+							ALTER USER "${user.name}" WITH PASSWORD '${user.password}';
+						END IF;
+						-- Set search_path in same transaction to avoid tuple conflict
+						ALTER USER "${user.name}" SET search_path TO "${schemaName}";
+					END $$;
+				`);
+				await client.query(`
 					CREATE SCHEMA IF NOT EXISTS "${schemaName}" AUTHORIZATION "${user.name}";
-					ALTER USER "${user.name}" SET search_path TO "${schemaName}";
 					GRANT USAGE ON SCHEMA "${schemaName}" TO "${user.name}";
 					GRANT ALL ON ALL TABLES IN SCHEMA "${schemaName}" TO "${user.name}";
 					ALTER DEFAULT PRIVILEGES IN SCHEMA "${schemaName}" GRANT ALL ON TABLES TO "${user.name}";
 				`);
+			}
 			logger$1.log(`   ✓ User "${user.name}" configured`);
 		}
 	} finally {
@@ -5544,6 +5598,36 @@ async function workspaceDeployCommand(workspace, options) {
 			await initializePostgresUsers(api, provisionedPostgres, serverHostname, usersToCreate);
 		}
 	}
+	if (workspace.deploy?.backups && provisionedPostgres) {
+		logger$1.log("\n💾 Provisioning backup destination...");
+		const { provisionBackupDestination } = await Promise.resolve().then(() => require("./backup-provisioner-B5e-F6zX.cjs"));
+		const backupState = await provisionBackupDestination({
+			api,
+			projectId: project.projectId,
+			projectName: workspace.name,
+			stage,
+			config: workspace.deploy.backups,
+			existingState: getBackupState(state),
+			logger: logger$1
+		});
+		setBackupState(state, backupState);
+		if (!backupState.postgresBackupId) {
+			const backupSchedule = workspace.deploy.backups.schedule ?? "0 2 * * *";
+			const backupRetention = workspace.deploy.backups.retention ?? 30;
+			logger$1.log("   Creating postgres backup schedule...");
+			const backup = await api.createPostgresBackup({
+				schedule: backupSchedule,
+				prefix: `${stage}/postgres`,
+				destinationId: backupState.destinationId,
+				database: provisionedPostgres.databaseName,
+				postgresId: provisionedPostgres.postgresId,
+				enabled: true,
+				keepLatestCount: backupRetention
+			});
+			setPostgresBackupId(state, backup.backupId);
+			logger$1.log(`   ✓ Postgres backup schedule created (${backupSchedule})`);
+		} else logger$1.log("   ✓ Using existing postgres backup schedule");
+	}
 	const publicUrls = {};
 	const results = [];
 	const dokployConfig = workspace.deploy.dokploy;
@@ -5710,8 +5794,33 @@ async function workspaceDeployCommand(workspace, options) {
 					else logger$1.log(`      Found existing application: ${application.applicationId}`);
 				}
 				setApplicationId(state, appName, application.applicationId);
-				const buildArgs = generatePublicUrlBuildArgs(app, publicUrls);
-				if (buildArgs.length > 0) logger$1.log(`      Public URLs: ${buildArgs.join(", ")}`);
+				const dependencyUrls = {};
+				if (app.dependencies) {
+					for (const dep of app.dependencies) if (publicUrls[dep]) dependencyUrls[dep] = publicUrls[dep];
+				}
+				const isMainFrontend = isMainFrontendApp(appName, app, workspace.apps);
+				const frontendHost = resolveHost(appName, app, stage, dokployConfig, isMainFrontend);
+				const envContext = {
+					app,
+					appName,
+					stage,
+					state,
+					appHostname: frontendHost,
+					frontendUrls: [],
+					userSecrets: stageSecrets ?? void 0,
+					dependencyUrls
+				};
+				const sniffedVars = sniffedApps.get(appName)?.requiredEnvVars ?? [];
+				const { valid, missing, resolved } = validateEnvVars(sniffedVars, envContext);
+				if (!valid) throw new Error(formatMissingVarsError(appName, missing, stage));
+				if (Object.keys(resolved).length > 0) logger$1.log(`      Resolved ${Object.keys(resolved).length} env vars: ${Object.keys(resolved).join(", ")}`);
+				const buildArgs = [];
+				const publicUrlArgNames = [];
+				for (const [key, value] of Object.entries(resolved)) if (key.startsWith("NEXT_PUBLIC_")) {
+					buildArgs.push(`${key}=${value}`);
+					publicUrlArgNames.push(key);
+				}
+				if (buildArgs.length > 0) logger$1.log(`      Build args: ${publicUrlArgNames.join(", ")}`);
 				const imageName = `${workspace.name}-${appName}`;
 				const imageRef = registry ? `${registry}/${imageName}:${imageTag}` : `${imageName}:${imageTag}`;
 				logger$1.log(`      Building Docker image: ${imageRef}`);
@@ -5725,19 +5834,18 @@ async function workspaceDeployCommand(workspace, options) {
 						appName
 					},
 					buildArgs,
-					publicUrlArgs: getPublicUrlArgNames(app)
+					publicUrlArgs: publicUrlArgNames
 				});
 				const envVars = [
 					`NODE_ENV=production`,
 					`PORT=${app.port}`,
 					`STAGE=${stage}`
 				];
+				for (const [key, value] of Object.entries(resolved)) envVars.push(`${key}=${value}`);
 				await api.saveDockerProvider(application.applicationId, imageRef, { registryId });
 				await api.saveApplicationEnv(application.applicationId, envVars.join("\n"));
 				logger$1.log(`      Deploying to Dokploy...`);
 				await api.deployApplication(application.applicationId);
-				const isMainFrontend = isMainFrontendApp(appName, app, workspace.apps);
-				const frontendHost = resolveHost(appName, app, stage, dokployConfig, isMainFrontend);
 				const existingFrontendDomains = await api.getDomainsByApplicationId(application.applicationId);
 				const existingFrontendDomain = existingFrontendDomains.find((d) => d.host === frontendHost);
 				if (existingFrontendDomain) {
@@ -6261,10 +6369,10 @@ const GEEKMIDAS_VERSIONS = {
 	"@geekmidas/cache": "~1.0.0",
 	"@geekmidas/client": "~1.0.0",
 	"@geekmidas/cloud": "~1.0.0",
-	"@geekmidas/constructs": "~1.0.0",
+	"@geekmidas/constructs": "~1.0.4",
 	"@geekmidas/db": "~1.0.0",
 	"@geekmidas/emailkit": "~1.0.0",
-	"@geekmidas/envkit": "~1.0.0",
+	"@geekmidas/envkit": "~1.0.1",
 	"@geekmidas/errors": "~1.0.0",
 	"@geekmidas/events": "~1.0.0",
 	"@geekmidas/logger": "~1.0.0",
@@ -7365,6 +7473,10 @@ export default defineWorkspace({
       path: 'apps/web',
       port: 3001,
       dependencies: ['api', 'auth'],
+      config: {
+        client: './src/config/client.ts',
+        server: './src/config/server.ts',
+      },
       client: {
         output: './src/api',
       },
@@ -9959,12 +10071,42 @@ export function getQueryClient() {
   if (!browserQueryClient) browserQueryClient = makeQueryClient();
   return browserQueryClient;
 }
+`;
+	const clientConfigTs = `import { EnvironmentParser } from '@geekmidas/envkit';
+
+// Client config - only NEXT_PUBLIC_* vars (available in browser)
+// These values are inlined at build time by Next.js
+const envParser = new EnvironmentParser({
+  NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL,
+  NEXT_PUBLIC_AUTH_URL: process.env.NEXT_PUBLIC_AUTH_URL,
+});
+
+export const clientConfig = envParser
+  .create((get) => ({
+    apiUrl: get('NEXT_PUBLIC_API_URL').string(),
+    authUrl: get('NEXT_PUBLIC_AUTH_URL').string(),
+  }))
+  .parse();
+`;
+	const serverConfigTs = `import { EnvironmentParser } from '@geekmidas/envkit';
+
+// Server config - all env vars (server-side only, not exposed to browser)
+// Access these only in Server Components, Route Handlers, or Server Actions
+const envParser = new EnvironmentParser({ ...process.env });
+
+export const serverConfig = envParser
+  .create((get) => ({
+    // Add server-only secrets here
+    // Example: stripeSecretKey: get('STRIPE_SECRET_KEY').string(),
+  }))
+  .parse();
 `;
 	const authClientTs = `import { createAuthClient } from 'better-auth/react';
 import { magicLinkClient } from 'better-auth/client/plugins';
+import { clientConfig } from '~/config/client';
 
 export const authClient = createAuthClient({
-  baseURL: process.env.NEXT_PUBLIC_AUTH_URL || 'http://localhost:3002',
+  baseURL: clientConfig.authUrl,
   plugins: [magicLinkClient()],
 });
 
@@ -9985,9 +10127,10 @@ export function Providers({ children }: { children: React.ReactNode }) {
 `;
 	const apiIndexTs = `import { createApi } from './openapi';
 import { getQueryClient } from '~/lib/query-client';
+import { clientConfig } from '~/config/client';
 
 export const api = createApi({
-  baseURL: process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3000',
+  baseURL: clientConfig.apiUrl,
   queryClient: getQueryClient(),
 });
 `;
@@ -10108,6 +10251,14 @@ node_modules/
 			path: "apps/web/src/app/page.tsx",
 			content: pageTsx
 		},
+		{
+			path: "apps/web/src/config/client.ts",
+			content: clientConfigTs
+		},
+		{
+			path: "apps/web/src/config/server.ts",
+			content: serverConfigTs
+		},
 		{
 			path: "apps/web/src/lib/query-client.ts",
 			content: queryClientTs