@geekmidas/cli 1.5.1 → 1.7.0

package/src/init/templates/worker.ts

@@ -126,7 +126,7 @@ export type AppEvents =
 				path: 'src/events/publisher.ts',
 				content: `import type { Service, ServiceRegisterOptions } from '@geekmidas/services';
 import { Publisher, type EventPublisher } from '@geekmidas/events';
-import type { AppEvents } from './types.js';
+import type { AppEvents } from './types.ts';
 
 export const eventsPublisherService = {
   serviceName: 'events' as const,
@@ -155,7 +155,7 @@ export const eventsPublisherService = {
 			{
 				path: 'src/subscribers/user-events.ts',
 				content: `import { s } from '@geekmidas/constructs/subscribers';
-import { eventsPublisherService } from '../events/publisher.js';
+import { eventsPublisherService } from '~/events/publisher.ts';
 
 export const userEventsSubscriber = s
   .publisher(eventsPublisherService)

package/src/init/versions.ts

@@ -30,18 +30,18 @@ export const GEEKMIDAS_VERSIONS = {
 	'@geekmidas/audit': '~1.0.0',
 	'@geekmidas/auth': '~1.0.0',
 	'@geekmidas/cache': '~1.0.0',
-	'@geekmidas/client': '~1.0.0',
+	'@geekmidas/client': '~2.0.0',
 	'@geekmidas/cloud': '~1.0.0',
-	'@geekmidas/constructs': '~1.0.4',
+	'@geekmidas/constructs': '~1.1.0',
 	'@geekmidas/db': '~1.0.0',
 	'@geekmidas/emailkit': '~1.0.0',
-	'@geekmidas/envkit': '~1.0.1',
+	'@geekmidas/envkit': '~1.0.3',
 	'@geekmidas/errors': '~1.0.0',
 	'@geekmidas/events': '~1.0.0',
 	'@geekmidas/logger': '~1.0.0',
 	'@geekmidas/rate-limit': '~1.0.0',
 	'@geekmidas/schema': '~1.0.0',
-	'@geekmidas/services': '~1.0.0',
+	'@geekmidas/services': '~1.0.1',
 	'@geekmidas/storage': '~1.0.0',
 	'@geekmidas/studio': '~1.0.0',
 	'@geekmidas/telescope': '~1.0.0',

package/src/openapi.ts

@@ -52,7 +52,7 @@ export function resolveOpenApiConfig(
  */
 export async function generateOpenApi(
 	config: GkmConfig,
-	options: { silent?: boolean } = {},
+	options: { silent?: boolean; bustCache?: boolean } = {},
 ): Promise<{ outputPath: string; endpointCount: number } | null> {
 	const logger = options.silent ? { log: () => {} } : console;
 	const openApiConfig = resolveOpenApiConfig(config);
@@ -62,7 +62,11 @@ export async function generateOpenApi(
 	}
 
 	const endpointGenerator = new EndpointGenerator();
-	const loadedEndpoints = await endpointGenerator.load(config.routes);
+	const loadedEndpoints = await endpointGenerator.load(
+		config.routes,
+		undefined,
+		options.bustCache,
+	);
 
 	if (loadedEndpoints.length === 0) {
 		logger.log('No valid endpoints found for OpenAPI generation');

package/src/test/__tests__/__fixtures__/workspace.ts

@@ -0,0 +1,104 @@
+import { normalizeWorkspace } from '../../../workspace/index';
+
+/**
+ * Simulates the secrets that gkm init generates for a fullstack workspace.
+ * In production these come from the encrypted store via toEmbeddableSecrets.
+ */
+export function createFullstackSecrets(): Record<string, string> {
+	return {
+		NODE_ENV: 'development',
+		PORT: '3000',
+		LOG_LEVEL: 'debug',
+		JWT_SECRET: 'dev-jwt-secret',
+		// Per-app database URLs (fullstack workspace)
+		API_DATABASE_URL: 'postgresql://api:api-pass@localhost:5432/my-saas',
+		AUTH_DATABASE_URL: 'postgresql://auth:auth-pass@localhost:5432/my-saas',
+		API_DB_PASSWORD: 'api-pass',
+		AUTH_DB_PASSWORD: 'auth-pass',
+		// Auth service secrets
+		AUTH_PORT: '3002',
+		AUTH_URL: 'http://localhost:3002',
+		BETTER_AUTH_SECRET: 'better-auth-secret-123',
+		BETTER_AUTH_URL: 'http://localhost:3002',
+		BETTER_AUTH_TRUSTED_ORIGINS: 'http://localhost:3000,http://localhost:3001',
+		// Service credentials
+		POSTGRES_USER: 'api',
+		POSTGRES_PASSWORD: 'api-pass',
+		POSTGRES_DB: 'my-saas',
+		POSTGRES_HOST: 'localhost',
+		POSTGRES_PORT: '5432',
+		REDIS_PASSWORD: 'redis-pass',
+		REDIS_HOST: 'localhost',
+		REDIS_PORT: '6379',
+		// URLs
+		DATABASE_URL: 'postgresql://api:api-pass@localhost:5432/my-saas',
+		REDIS_URL: 'redis://:redis-pass@localhost:6379',
+	};
+}
+
+export function createFullstackWorkspace(): ReturnType<
+	typeof normalizeWorkspace
+> {
+	return normalizeWorkspace(
+		{
+			apps: {
+				api: {
+					type: 'backend',
+					path: 'apps/api',
+					port: 3000,
+					routes: './src/endpoints/**/*.ts',
+					dependencies: [],
+				},
+				auth: {
+					type: 'backend',
+					path: 'apps/auth',
+					port: 3002,
+					entry: './src/index.ts',
+					dependencies: [],
+				},
+				web: {
+					type: 'frontend',
+					path: 'apps/web',
+					port: 3001,
+					framework: 'nextjs',
+					dependencies: ['api', 'auth'],
+				},
+			},
+		},
+		'/project',
+	);
+}
+
+/**
+ * Simulates what loadSecretsForApp does for a specific app:
+ * maps {APP}_DATABASE_URL -> DATABASE_URL.
+ */
+export function mapSecretsForApp(
+	secrets: Record<string, string>,
+	appName: string,
+): Record<string, string> {
+	const prefix = appName.toUpperCase();
+	const mapped = { ...secrets };
+	const appDbUrl = secrets[`${prefix}_DATABASE_URL`];
+	if (appDbUrl) {
+		mapped.DATABASE_URL = appDbUrl;
+	}
+	return mapped;
+}
+
+export const COMPOSE_FULL = `
+services:
+  postgres:
+    image: postgres:17
+    ports:
+      - '\${POSTGRES_HOST_PORT:-5432}:5432'
+  redis:
+    image: redis:7
+    ports:
+      - '\${REDIS_HOST_PORT:-6379}:6379'
+  mailpit:
+    image: axllent/mailpit
+    ports:
+      - '\${MAILPIT_SMTP_PORT:-1025}:1025'
+      - '\${MAILPIT_UI_PORT:-8025}:8025'
+`;

package/src/test/__tests__/api.spec.ts

@@ -0,0 +1,199 @@
+import { mkdirSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import {
+	afterAll,
+	afterEach,
+	beforeAll,
+	beforeEach,
+	describe,
+	expect,
+	it,
+	vi,
+} from 'vitest';
+import {
+	loadPortState,
+	parseComposePortMappings,
+	rewriteUrlsWithPorts,
+	savePortState,
+} from '../../dev/index';
+import { getDependencyEnvVars } from '../../workspace/index';
+import { rewriteDatabaseUrlForTests } from '../index';
+import {
+	COMPOSE_FULL,
+	createFullstackSecrets,
+	createFullstackWorkspace,
+	mapSecretsForApp,
+} from './__fixtures__/workspace';
+
+beforeAll(() => {
+	vi.spyOn(console, 'log').mockImplementation(() => {});
+});
+
+afterAll(() => {
+	vi.restoreAllMocks();
+});
+
+describe('api app context', () => {
+	let testDir: string;
+
+	beforeEach(() => {
+		testDir = join(tmpdir(), `gkm-api-test-${Date.now()}`);
+		mkdirSync(testDir, { recursive: true });
+		writeFileSync(join(testDir, 'docker-compose.yml'), COMPOSE_FULL);
+	});
+
+	afterEach(() => {
+		rmSync(testDir, { recursive: true, force: true });
+	});
+
+	it('should resolve DATABASE_URL from API_DATABASE_URL', () => {
+		const apiSecrets = mapSecretsForApp(createFullstackSecrets(), 'api');
+
+		expect(apiSecrets.DATABASE_URL).toBe(
+			'postgresql://api:api-pass@localhost:5432/my-saas',
+		);
+		expect(apiSecrets.API_DATABASE_URL).toBe(
+			'postgresql://api:api-pass@localhost:5432/my-saas',
+		);
+	});
+
+	it('should rewrite DATABASE_URL and REDIS_URL when ports are remapped', async () => {
+		await savePortState(testDir, {
+			POSTGRES_HOST_PORT: 5433,
+			REDIS_HOST_PORT: 6380,
+		});
+
+		let secrets = mapSecretsForApp(createFullstackSecrets(), 'api');
+
+		const mappings = parseComposePortMappings(
+			join(testDir, 'docker-compose.yml'),
+		);
+		const ports = await loadPortState(testDir);
+		secrets = rewriteUrlsWithPorts(secrets, {
+			dockerEnv: {},
+			ports,
+			mappings,
+		});
+
+		expect(secrets.DATABASE_URL).toBe(
+			'postgresql://api:api-pass@localhost:5433/my-saas',
+		);
+		expect(secrets.API_DATABASE_URL).toBe(
+			'postgresql://api:api-pass@localhost:5433/my-saas',
+		);
+		expect(secrets.REDIS_URL).toBe('redis://:redis-pass@localhost:6380');
+		// AUTH_URL is an app URL, not a docker service
+		expect(secrets.AUTH_URL).toBe('http://localhost:3002');
+	});
+
+	it('should rewrite only postgres when redis port unchanged', async () => {
+		await savePortState(testDir, {
+			POSTGRES_HOST_PORT: 5433,
+			REDIS_HOST_PORT: 6379,
+		});
+
+		let secrets = mapSecretsForApp(createFullstackSecrets(), 'api');
+
+		const mappings = parseComposePortMappings(
+			join(testDir, 'docker-compose.yml'),
+		);
+		const ports = await loadPortState(testDir);
+		secrets = rewriteUrlsWithPorts(secrets, {
+			dockerEnv: {},
+			ports,
+			mappings,
+		});
+
+		expect(secrets.DATABASE_URL).toBe(
+			'postgresql://api:api-pass@localhost:5433/my-saas',
+		);
+		// Redis port unchanged — URL stays the same
+		expect(secrets.REDIS_URL).toBe('redis://:redis-pass@localhost:6379');
+	});
+
+	it('should apply full pipeline for gkm test in api context', async () => {
+		await savePortState(testDir, {
+			POSTGRES_HOST_PORT: 5433,
+			REDIS_HOST_PORT: 6380,
+		});
+
+		let secrets = mapSecretsForApp(createFullstackSecrets(), 'api');
+
+		const mappings = parseComposePortMappings(
+			join(testDir, 'docker-compose.yml'),
+		);
+		const ports = await loadPortState(testDir);
+		secrets = rewriteUrlsWithPorts(secrets, {
+			dockerEnv: {},
+			ports,
+			mappings,
+		});
+		secrets = rewriteDatabaseUrlForTests(secrets);
+
+		// Port rewrite + _test suffix
+		expect(secrets.DATABASE_URL).toBe(
+			'postgresql://api:api-pass@localhost:5433/my-saas_test',
+		);
+		expect(secrets.API_DATABASE_URL).toBe(
+			'postgresql://api:api-pass@localhost:5433/my-saas_test',
+		);
+		// AUTH_DATABASE_URL also gets both rewrites
+		expect(secrets.AUTH_DATABASE_URL).toBe(
+			'postgresql://auth:auth-pass@localhost:5433/my-saas_test',
+		);
+		// Non-database URLs unaffected
+		expect(secrets.REDIS_URL).toBe('redis://:redis-pass@localhost:6380');
+		expect(secrets.AUTH_URL).toBe('http://localhost:3002');
+	});
+
+	it('should use default ports when no port state saved', async () => {
+		let secrets = mapSecretsForApp(createFullstackSecrets(), 'api');
+
+		const mappings = parseComposePortMappings(
+			join(testDir, 'docker-compose.yml'),
+		);
+		const ports = await loadPortState(testDir);
+
+		if (Object.keys(ports).length > 0) {
+			secrets = rewriteUrlsWithPorts(secrets, {
+				dockerEnv: {},
+				ports,
+				mappings,
+			});
+		}
+		secrets = rewriteDatabaseUrlForTests(secrets);
+
+		expect(secrets.DATABASE_URL).toBe(
+			'postgresql://api:api-pass@localhost:5432/my-saas_test',
+		);
+		expect(secrets.REDIS_URL).toBe('redis://:redis-pass@localhost:6379');
+	});
+
+	it('should not inject dependency URLs for api app (no dependencies)', () => {
+		const workspace = createFullstackWorkspace();
+		const depEnv = getDependencyEnvVars(workspace, 'api');
+
+		expect(depEnv).toEqual({});
+	});
+
+	it('should keep BETTER_AUTH vars available for api to call auth service', async () => {
+		await savePortState(testDir, { POSTGRES_HOST_PORT: 5433 });
+
+		let secrets = mapSecretsForApp(createFullstackSecrets(), 'api');
+
+		const mappings = parseComposePortMappings(
+			join(testDir, 'docker-compose.yml'),
+		);
+		const ports = await loadPortState(testDir);
+		secrets = rewriteUrlsWithPorts(secrets, {
+			dockerEnv: {},
+			ports,
+			mappings,
+		});
+
+		// API app may need AUTH_URL to call auth service internally
+		expect(secrets.AUTH_URL).toBe('http://localhost:3002');
+		expect(secrets.BETTER_AUTH_URL).toBe('http://localhost:3002');
+	});
+});

package/src/test/__tests__/auth.spec.ts

@@ -0,0 +1,162 @@
+import { mkdirSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import {
+	afterAll,
+	afterEach,
+	beforeAll,
+	beforeEach,
+	describe,
+	expect,
+	it,
+	vi,
+} from 'vitest';
+import {
+	loadPortState,
+	parseComposePortMappings,
+	rewriteUrlsWithPorts,
+	savePortState,
+} from '../../dev/index';
+import { getDependencyEnvVars } from '../../workspace/index';
+import { rewriteDatabaseUrlForTests } from '../index';
+import {
+	COMPOSE_FULL,
+	createFullstackSecrets,
+	createFullstackWorkspace,
+	mapSecretsForApp,
+} from './__fixtures__/workspace';
+
+beforeAll(() => {
+	vi.spyOn(console, 'log').mockImplementation(() => {});
+});
+
+afterAll(() => {
+	vi.restoreAllMocks();
+});
+
+describe('auth app context', () => {
+	let testDir: string;
+
+	beforeEach(() => {
+		testDir = join(tmpdir(), `gkm-auth-test-${Date.now()}`);
+		mkdirSync(testDir, { recursive: true });
+		writeFileSync(join(testDir, 'docker-compose.yml'), COMPOSE_FULL);
+	});
+
+	afterEach(() => {
+		rmSync(testDir, { recursive: true, force: true });
+	});
+
+	it('should resolve DATABASE_URL from AUTH_DATABASE_URL', () => {
+		const authSecrets = mapSecretsForApp(createFullstackSecrets(), 'auth');
+
+		expect(authSecrets.DATABASE_URL).toBe(
+			'postgresql://auth:auth-pass@localhost:5432/my-saas',
+		);
+		expect(authSecrets.AUTH_DATABASE_URL).toBe(
+			'postgresql://auth:auth-pass@localhost:5432/my-saas',
+		);
+	});
+
+	it('should preserve BETTER_AUTH_* secrets untouched', () => {
+		const authSecrets = mapSecretsForApp(createFullstackSecrets(), 'auth');
+
+		expect(authSecrets.BETTER_AUTH_SECRET).toBe('better-auth-secret-123');
+		expect(authSecrets.BETTER_AUTH_URL).toBe('http://localhost:3002');
+		expect(authSecrets.BETTER_AUTH_TRUSTED_ORIGINS).toBe(
+			'http://localhost:3000,http://localhost:3001',
+		);
+	});
+
+	it('should rewrite auth DATABASE_URL ports when postgres is remapped', async () => {
+		await savePortState(testDir, {
+			POSTGRES_HOST_PORT: 5433,
+			REDIS_HOST_PORT: 6379,
+		});
+
+		let secrets = mapSecretsForApp(createFullstackSecrets(), 'auth');
+
+		const mappings = parseComposePortMappings(
+			join(testDir, 'docker-compose.yml'),
+		);
+		const ports = await loadPortState(testDir);
+		secrets = rewriteUrlsWithPorts(secrets, {
+			dockerEnv: {},
+			ports,
+			mappings,
+		});
+
+		expect(secrets.DATABASE_URL).toBe(
+			'postgresql://auth:auth-pass@localhost:5433/my-saas',
+		);
+		expect(secrets.AUTH_DATABASE_URL).toBe(
+			'postgresql://auth:auth-pass@localhost:5433/my-saas',
+		);
+		// BETTER_AUTH_URL is an app port (3002), not a docker service port
+		expect(secrets.BETTER_AUTH_URL).toBe('http://localhost:3002');
+		expect(secrets.BETTER_AUTH_SECRET).toBe('better-auth-secret-123');
+		expect(secrets.BETTER_AUTH_TRUSTED_ORIGINS).toBe(
+			'http://localhost:3000,http://localhost:3001',
+		);
+	});
+
+	it('should apply _test suffix for gkm test in auth context', async () => {
+		await savePortState(testDir, { POSTGRES_HOST_PORT: 5433 });
+
+		let secrets = mapSecretsForApp(createFullstackSecrets(), 'auth');
+
+		const mappings = parseComposePortMappings(
+			join(testDir, 'docker-compose.yml'),
+		);
+		const ports = await loadPortState(testDir);
+		secrets = rewriteUrlsWithPorts(secrets, {
+			dockerEnv: {},
+			ports,
+			mappings,
+		});
+		secrets = rewriteDatabaseUrlForTests(secrets);
+
+		// Port rewrite + _test suffix
+		expect(secrets.DATABASE_URL).toBe(
+			'postgresql://auth:auth-pass@localhost:5433/my-saas_test',
+		);
+		expect(secrets.AUTH_DATABASE_URL).toBe(
+			'postgresql://auth:auth-pass@localhost:5433/my-saas_test',
+		);
+		// API_DATABASE_URL also gets _test (same container, different user)
+		expect(secrets.API_DATABASE_URL).toBe(
+			'postgresql://api:api-pass@localhost:5433/my-saas_test',
+		);
+	});
+
+	it('should use default ports when no port state saved', async () => {
+		let secrets = mapSecretsForApp(createFullstackSecrets(), 'auth');
+
+		const mappings = parseComposePortMappings(
+			join(testDir, 'docker-compose.yml'),
+		);
+		const ports = await loadPortState(testDir);
+
+		// No saved state — rewriting is a no-op
+		if (Object.keys(ports).length > 0) {
+			secrets = rewriteUrlsWithPorts(secrets, {
+				dockerEnv: {},
+				ports,
+				mappings,
+			});
+		}
+		secrets = rewriteDatabaseUrlForTests(secrets);
+
+		// Default port preserved, only _test suffix added
+		expect(secrets.DATABASE_URL).toBe(
+			'postgresql://auth:auth-pass@localhost:5432/my-saas_test',
+		);
+	});
+
+	it('should not inject dependency URLs for auth app (no dependencies)', () => {
+		const workspace = createFullstackWorkspace();
+		const depEnv = getDependencyEnvVars(workspace, 'auth');
+
+		expect(depEnv).toEqual({});
+	});
+});