npm - @idevconn/create-icore - Versions diffs - 0.5.0 → 0.5.1 - Mend

@idevconn/create-icore 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/dist/index.js CHANGED Viewed

@@ -1,3 +1,8 @@
+// src/lib/options.ts
+function pmRun(pm, script) {
+  return pm === "npm" ? `npm run ${script}` : `${pm} ${script}`;
+}
 // src/lib/scaffold.ts
 import { copyFile, mkdir, readdir, readFile, stat, writeFile, rm } from "fs/promises";
 import { readFileSync } from "fs";
@@ -35,6 +40,10 @@ async function rewriteRootPackageJson(targetDir, opts) {
   pkg["version"] = "0.0.1";
   pkg["private"] = true;
   delete pkg.description;
+  if (opts.transport === "nats") {
+    const deps = pkg["dependencies"] ??= {};
+    deps["nats"] = "^2.29.3";
+  }
   if (opts.packageManager !== "yarn") {
     delete pkg.packageManager;
   }
@@ -91,9 +100,9 @@ async function writeNotesEnv(targetDir, opts) {
 async function writeGatewayEnv(targetDir, opts) {
   const envExample = join(targetDir, "apps/api/.env.example");
   const env = await readFile(envExample, "utf8");
-  let next = env.replace(/^AUTH_TRANSPORT=.*$/m, `AUTH_TRANSPORT=${opts.transport}`).replace(/^UPLOAD_TRANSPORT=.*$/m, `UPLOAD_TRANSPORT=${opts.transport}`);
+  let next = env.replace(/^AUTH_TRANSPORT=.*$/m, `AUTH_TRANSPORT=${opts.transport}`).replace(/^UPLOAD_TRANSPORT=.*$/m, `UPLOAD_TRANSPORT=${opts.transport}`).replace(/^NOTES_TRANSPORT=.*$/m, `NOTES_TRANSPORT=${opts.transport}`).replace(/^PAYMENT_TRANSPORT=.*$/m, `PAYMENT_TRANSPORT=${opts.transport}`);
   if (opts.transport !== "tcp") {
-    next = next.replace(/^# (AUTH_(?:REDIS|NATS)_URL=)/m, "$1").replace(/^# (UPLOAD_(?:REDIS|NATS)_URL=)/m, "$1");
+    next = next.replace(/^# (AUTH_(?:REDIS|NATS)_URL=)/m, "$1").replace(/^# (UPLOAD_(?:REDIS|NATS)_URL=)/m, "$1").replace(/^# (NOTES_(?:REDIS|NATS)_URL=)/m, "$1").replace(/^# (PAYMENT_(?:REDIS|NATS)_URL=)/m, "$1");
   }
   await writeFile(join(targetDir, "apps/api/.env"), next);
 }
@@ -106,6 +115,17 @@ async function writeRootEnv(targetDir, opts) {
   ];
   await writeFile(join(targetDir, ".env"), lines.join("\n"));
 }
+async function stripGatewayTransport(targetDir, prefix) {
+  const gatewayEnv = join(targetDir, "apps/api/.env");
+  try {
+    const env = await readFile(gatewayEnv, "utf8");
+    const next = env.split("\n").filter(
+      (line) => !line.startsWith(`${prefix}_`) && !line.startsWith(`# ${prefix}_`) && !line.includes(`${prefix} MS transport`)
+    ).join("\n");
+    await writeFile(gatewayEnv, next);
+  } catch {
+  }
+}
 async function writeClientEnv(targetDir) {
   const envExample = join(targetDir, "apps/client/.env.example");
   try {
@@ -190,6 +210,7 @@ async function removePaymentStack(targetDir) {
     "@icore/payment-client",
     "@idevconn/payment"
   ]);
+  await stripGatewayTransport(targetDir, "PAYMENT");
 }
 async function removeNotesStack(targetDir) {
   for (const p2 of [
@@ -211,6 +232,7 @@ async function removeNotesStack(targetDir) {
   } catch {
   }
   await stripDeps(join(targetDir, "apps/api/package.json"), ["@icore/notes-client"]);
+  await stripGatewayTransport(targetDir, "NOTES");
   const tsconfigPath = join(targetDir, "tsconfig.base.json");
   try {
     const src = await readFile(tsconfigPath, "utf8");
@@ -267,15 +289,17 @@ async function stripTsconfigPath(targetDir, alias) {
 }
 async function removeUnusedAuthStrategies(targetDir, authProvider) {
   const modulePath = join(targetDir, "apps/microservices/auth/src/app/app.module.ts");
+  const AUTH_BRANCH = /if \(provider === 'supabase'\) return makeSupabaseAuth\(cfg\);\n\s*return makeFirebaseAuth\(cfg\);/m;
   if (authProvider === "supabase") {
     await rm(join(targetDir, "libs/auth-strategies/firebase"), { recursive: true, force: true });
     await stripDeps(join(targetDir, "apps/microservices/auth/package.json"), [
-      "@icore/auth-firebase"
+      "@icore/auth-firebase",
+      "@icore/firebase-admin"
     ]);
     await stripTsconfigPath(targetDir, "@icore/auth-firebase");
     try {
       const src = await readFile(modulePath, "utf8");
-      const next = src.replace(/^import \* as admin from 'firebase-admin';\n/m, "").replace(/^import \{[^}]*FirebaseAuthStrategy[^}]*\} from '@icore\/auth-firebase';\n/m, "").replace(/^function makeFirebaseStrategy\b[\s\S]*?\n^}\n/m, "").replace(/(?<=\n) *case 'firebase':\n *return makeFirebaseStrategy\(cfg\);\n/, "");
+      const next = src.replace(/^import \{[^}]*\} from '@icore\/firebase-admin';\n/m, "").replace(/^import \{[^}]*FirebaseAuthStrategy[^}]*\} from '@icore\/auth-firebase';\n/m, "").replace(/^ {2}firebase: \[[^\]]*\],\n/m, "").replace(/\nfunction makeFirebaseAuth[\s\S]*?\n}\n/m, "").replace(AUTH_BRANCH, "return makeSupabaseAuth(cfg);");
       await writeFile(modulePath, next);
     } catch {
     }
@@ -288,10 +312,7 @@ async function removeUnusedAuthStrategies(targetDir, authProvider) {
     await stripTsconfigPath(targetDir, "@icore/auth-supabase");
     try {
       const src = await readFile(modulePath, "utf8");
-      const next = src.replace(/^import \{ createClient \} from '@supabase\/supabase-js';\n/m, "").replace(/^import \{[^}]*SupabaseAuthStrategy[^}]*\} from '@icore\/auth-supabase';\n/m, "").replace(
-        /\n {10}case 'supabase': \{[\s\S]*?return new SupabaseAuthStrategy\(\{ client \}\);\n {10}\}\n/m,
-        ""
-      );
+      const next = src.replace(/^import \{ createClient \} from '@supabase\/supabase-js';\n/m, "").replace(/^import \{[^}]*SupabaseAuthStrategy[^}]*\} from '@icore\/auth-supabase';\n/m, "").replace(/\nfunction makeSupabaseAuth[\s\S]*?\n}\n/m, "").replace(AUTH_BRANCH, "return makeFirebaseAuth(cfg);");
       await writeFile(modulePath, next);
     } catch {
     }
@@ -303,7 +324,8 @@ async function removeUnusedStorageStrategies(targetDir, uploadProvider) {
   if (uploadProvider !== "firebase") {
     await rm(join(targetDir, "libs/storage-strategies/firebase"), { recursive: true, force: true });
     await stripDeps(join(targetDir, "apps/microservices/upload/package.json"), [
-      "@icore/storage-firebase"
+      "@icore/storage-firebase",
+      "@icore/firebase-admin"
     ]);
     await stripTsconfigPath(targetDir, "@icore/storage-firebase");
   }
@@ -327,26 +349,26 @@ async function removeUnusedStorageStrategies(targetDir, uploadProvider) {
   try {
     let src = await readFile(modulePath, "utf8");
     if (uploadProvider !== "firebase") {
-      src = src.replace(/^import \* as admin from 'firebase-admin';\n/m, "").replace(
+      src = src.replace(/^import \{[^}]*\} from '@icore\/firebase-admin';\n/m, "").replace(
         /^import \{[^}]*FirebaseStorageStrategy[^}]*\} from '@icore\/storage-firebase';\n/m,
         ""
-      ).replace(/^function makeFirebaseStorage\b[\s\S]*?\n^}\n/m, "").replace(/(?<=\n) *case 'firebase':\n *return makeFirebaseStorage\(cfg\);\n/, "");
+      ).replace(/^ {2}firebase: \[[^\]]*\],\n/m, "").replace(/\nfunction makeFirebaseStorage[\s\S]*?\n}\n/m, "");
     }
     if (uploadProvider !== "cloudinary") {
       src = src.replace(/^import \{ v2 as cloudinary \} from 'cloudinary';\n/m, "").replace(
         /^import \{[^}]*CloudinaryStorageStrategy[^}]*\} from '@icore\/storage-cloudinary';\n/m,
         ""
-      ).replace(/^function makeCloudinaryStorage\b[\s\S]*?\n^}\n/m, "").replace(/(?<=\n) *case 'cloudinary':\n *return makeCloudinaryStorage\(cfg\);\n/, "");
+      ).replace(/\nfunction makeCloudinaryStorage[\s\S]*?\n}\n/m, "");
     }
     if (uploadProvider !== "supabase") {
       src = src.replace(/^import \{ createClient \} from '@supabase\/supabase-js';\n/m, "").replace(
         /^import \{[^}]*SupabaseStorageStrategy[^}]*\} from '@icore\/storage-supabase';\n/m,
         ""
-      ).replace(
-        /\n {10}case 'supabase': \{[\s\S]*?bucket: requireEnv\(cfg, 'SUPABASE_STORAGE_BUCKET'\),\n {12}\}\);\n {10}\}\n/m,
-        ""
-      );
+      ).replace(/\nfunction makeSupabaseStorage[\s\S]*?\n}\n/m, "");
     }
+    const STORAGE_BRANCH = /if \(provider === 'supabase'\) return makeSupabaseStorage\(cfg\);\n\s*if \(provider === 'firebase'\) return makeFirebaseStorage\(cfg\);\n\s*return makeCloudinaryStorage\(cfg\);/m;
+    const chosenReturn = `return make${uploadProvider.charAt(0).toUpperCase() + uploadProvider.slice(1)}Storage(cfg);`;
+    src = src.replace(STORAGE_BRANCH, chosenReturn);
     await writeFile(modulePath, src);
   } catch {
   }
@@ -356,14 +378,15 @@ async function removeUnusedDbStrategies(targetDir, dbProvider) {
   if (dbProvider === "supabase") {
     await rm(join(targetDir, "libs/db-strategies/firestore"), { recursive: true, force: true });
     await stripDeps(join(targetDir, "apps/microservices/notes/package.json"), [
-      "@icore/db-firestore"
+      "@icore/db-firestore",
+      "@icore/firebase-admin"
     ]);
     await stripTsconfigPath(targetDir, "@icore/db-firestore");
     try {
       const src = await readFile(modulePath, "utf8");
-      const next = src.replace(/^import \* as admin from 'firebase-admin';\n/m, "").replace(/^import \{[^}]*FirestoreDBStrategy[^}]*\} from '@icore\/db-firestore';\n/m, "").replace(
-        /\n {8}if \(provider === 'firestore'[\s\S]*?return new FirestoreDBStrategy\(\{[\s\S]*?\}\);\n {8}\}\n/m,
-        ""
+      const next = src.replace(/^import \{[^}]*\} from '@icore\/firebase-admin';\n/m, "").replace(/^import \{[^}]*FirestoreDBStrategy[^}]*\} from '@icore\/db-firestore';\n/m, "").replace(/^ {2}firestore: \[[^\]]*\],\n/m, "").replace(/^ {2}firebase: \[[^\]]*\],\n/m, "").replace(/\nfunction makeFirestoreDB[\s\S]*?\n}\n/m, "").replace(
+        /if \(provider === 'supabase'\) return makeSupabaseDB\(cfg\);\n\s*return makeFirestoreDB\(cfg\);/m,
+        "return makeSupabaseDB(cfg);"
       );
       await writeFile(modulePath, next);
     } catch {
@@ -377,15 +400,19 @@ async function removeUnusedDbStrategies(targetDir, dbProvider) {
     await stripTsconfigPath(targetDir, "@icore/db-supabase");
     try {
       const src = await readFile(modulePath, "utf8");
-      const next = src.replace(/^import \{ createClient \} from '@supabase\/supabase-js';\n/m, "").replace(/^import \{[^}]*SupabaseDBStrategy[^}]*\} from '@icore\/db-supabase';\n/m, "").replace(
-        /\n {8}if \(provider === 'supabase'\) \{[\s\S]*?return new SupabaseDBStrategy\(\{ client \}\);\n {8}\}\n/m,
-        ""
+      const next = src.replace(/^import \{ createClient \} from '@supabase\/supabase-js';\n/m, "").replace(/^import \{[^}]*SupabaseDBStrategy[^}]*\} from '@icore\/db-supabase';\n/m, "").replace(/\nfunction makeSupabaseDB[\s\S]*?\n}\n/m, "").replace(
+        /if \(provider === 'supabase'\) return makeSupabaseDB\(cfg\);\n\s*return makeFirestoreDB\(cfg\);/m,
+        "return makeFirestoreDB(cfg);"
       );
       await writeFile(modulePath, next);
     } catch {
     }
   }
 }
+async function removeFirebaseAdminLib(targetDir) {
+  await rm(join(targetDir, "libs/firebase-admin"), { recursive: true, force: true });
+  await stripTsconfigPath(targetDir, "@icore/firebase-admin");
+}
 async function removeUploadStack(targetDir) {
   const paths = [
     "apps/microservices/upload",
@@ -498,17 +525,45 @@ async function scaffold(opts, templatesDir) {
   await removeUnusedAuthStrategies(opts.targetDir, opts.authProvider);
   await removeUnusedStorageStrategies(opts.targetDir, opts.upload);
   await removeUnusedDbStrategies(opts.targetDir, opts.dbProvider);
+  const firebaseUsed = opts.authProvider === "firebase" || opts.dbProvider === "firebase" || opts.upload === "firebase";
+  if (!firebaseUsed) await removeFirebaseAdminLib(opts.targetDir);
   if (opts.packageManager === "yarn") {
     await writeFile(join(opts.targetDir, "yarn.lock"), "");
+  } else {
+    await rm(join(opts.targetDir, ".yarn"), { recursive: true, force: true });
+    await rm(join(opts.targetDir, ".yarnrc.yml"), { force: true });
   }
+  await patchGitignoreForPm(opts.targetDir, opts.packageManager);
   await writeAiFiles(opts.targetDir, opts);
   if (opts.install) runInstall(opts.targetDir, opts.packageManager);
   if (opts.initGit) gitInit(opts.targetDir, opts.projectName);
 }
+async function patchGitignoreForPm(targetDir, pm) {
+  const giPath = join(targetDir, ".gitignore");
+  try {
+    let src = await readFile(giPath, "utf8");
+    src = src.replace(/^# Build artifacts.*\ntools\/create-icore\/templates\/\s*\n/m, "");
+    if (pm !== "yarn") {
+      src = src.replace(/^\.yarn\/\*\s*\n/m, "").replace(/^!\.yarn\/patches\s*\n/m, "").replace(/^!\.yarn\/plugins\s*\n/m, "").replace(/^!\.yarn\/releases\s*\n/m, "").replace(/^!\.yarn\/sdks\s*\n/m, "").replace(/^!\.yarn\/versions\s*\n/m, "").replace(/^\.pnp\.\*\s*\n/m, "");
+    }
+    if (pm === "pnpm") {
+      if (!src.includes(".pnpm-debug.log")) {
+        src += "\n# pnpm\n.pnpm-debug.log*\n";
+      }
+    }
+    if (pm === "npm") {
+      if (!src.includes("npm-debug.log")) {
+        src += "\n# npm\nnpm-debug.log*\n";
+      }
+    }
+    await writeFile(giPath, src);
+  } catch {
+  }
+}
 async function writeAiFiles(targetDir, opts) {
   const pm = opts.packageManager;
   const nx = pm === "npm" ? "npx nx" : `${pm} nx`;
-  const devCmd = `${pm} dev`;
+  const devCmd = pmRun(pm, "dev");
   const activeMSes = ["auth (port 4001)"];
   if (opts.upload !== "none") activeMSes.push(`upload (port 4002)`);
   if (opts.payment !== "none") activeMSes.push(`payment (port 4003)`);
@@ -918,5 +973,6 @@ Re-run with @latest to refresh:
 }
 export {
   collectOptions,
+  pmRun,
   scaffold
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@idevconn/create-icore",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "description": "Bootstrap a new project from the iCore scaffold (Nx + NestJS + React + Vite + shadcn/Tailwind, swappable auth + storage providers).",
   "license": "Apache-2.0",
   "author": "iDEVconn",

package/templates/apps/api/.env.example CHANGED Viewed

@@ -15,5 +15,19 @@ UPLOAD_PORT=4002
 # UPLOAD_REDIS_URL=redis://localhost:6379
 # UPLOAD_NATS_URL=nats://localhost:4222
+# Notes MS transport — must match apps/microservices/notes/.env
+NOTES_TRANSPORT=tcp
+NOTES_HOST=127.0.0.1
+NOTES_PORT=4004
+# NOTES_REDIS_URL=redis://localhost:6379
+# NOTES_NATS_URL=nats://localhost:4222
+# Payment MS transport — must match apps/microservices/payment/.env
+PAYMENT_TRANSPORT=tcp
+PAYMENT_HOST=127.0.0.1
+PAYMENT_PORT=4003
+# PAYMENT_REDIS_URL=redis://localhost:6379
+# PAYMENT_NATS_URL=nats://localhost:4222
 # Per-request multipart file size cap (KB). Default 5120 (5 MB) when unset.
 MAX_FILE_SIZE_KB=5120

package/templates/apps/microservices/auth/package.json CHANGED Viewed

@@ -5,8 +5,8 @@
   "dependencies": {
     "@icore/auth-firebase": "*",
     "@icore/auth-supabase": "*",
+    "@icore/firebase-admin": "*",
     "@icore/shared": "*",
-    "firebase-admin": "^13.0.0",
     "@nestjs/common": "^11.1.24",
     "@nestjs/config": "^4.0.4",
     "@nestjs/core": "^11.1.24",

package/templates/apps/microservices/auth/src/app/app.module.ts CHANGED Viewed

@@ -1,13 +1,12 @@
 import { join } from 'node:path';
-import { Module } from '@nestjs/common';
+import { Module, Logger } from '@nestjs/common';
 import { ConfigModule, ConfigService } from '@nestjs/config';
 import { createClient } from '@supabase/supabase-js';
-import * as admin from 'firebase-admin';
 import { SupabaseAuthStrategy } from '@icore/auth-supabase';
 import { FirebaseAuthStrategy, HttpIdentityToolkitClient } from '@icore/auth-firebase';
+import { getFirebaseAdmin, FIREBASE_ADMIN_REQUIRED_ENV } from '@icore/firebase-admin';
 import { FakeAuthStrategy, missingEnv, formatEnvBanner } from '@icore/shared';
 import type { AuthStrategy } from '@icore/shared';
-import { Logger } from '@nestjs/common';
 import { AuthController } from './auth.controller';
 const ENV_PATH = 'apps/microservices/auth/.env';
@@ -15,33 +14,28 @@ const ENV_PATH = 'apps/microservices/auth/.env';
 // Env vars each provider needs (besides AUTH_PROVIDER itself).
 const REQUIRED_ENV: Record<string, string[]> = {
   supabase: ['SUPABASE_URL', 'SUPABASE_SERVICE_ROLE_KEY'],
-  firebase: [
-    'FB_ADMIN_PROJECT_ID',
-    'FB_ADMIN_CLIENT_EMAIL',
-    'FB_ADMIN_PRIVATE_KEY',
-    'FIREBASE_WEB_API_KEY',
-  ],
+  firebase: [...FIREBASE_ADMIN_REQUIRED_ENV, 'FIREBASE_WEB_API_KEY'],
 };
 function requireEnv(cfg: ConfigService, key: string): string {
   return cfg.getOrThrow<string>(key);
 }
-function makeFirebaseStrategy(cfg: ConfigService): AuthStrategy {
-  const projectId = requireEnv(cfg, 'FB_ADMIN_PROJECT_ID');
-  if (admin.apps.length === 0) {
-    admin.initializeApp({
-      credential: admin.credential.cert({
-        projectId,
-        clientEmail: requireEnv(cfg, 'FB_ADMIN_CLIENT_EMAIL'),
-        privateKey: requireEnv(cfg, 'FB_ADMIN_PRIVATE_KEY').replace(/\\n/g, '\n'),
-      }),
-    });
-  }
+function makeSupabaseAuth(cfg: ConfigService): AuthStrategy {
+  const client = createClient(
+    requireEnv(cfg, 'SUPABASE_URL'),
+    requireEnv(cfg, 'SUPABASE_SERVICE_ROLE_KEY'),
+    { auth: { autoRefreshToken: false, persistSession: false } },
+  );
+  return new SupabaseAuthStrategy({ client });
+}
+function makeFirebaseAuth(cfg: ConfigService): AuthStrategy {
+  const app = getFirebaseAdmin(cfg);
   const identityToolkit = new HttpIdentityToolkitClient(requireEnv(cfg, 'FIREBASE_WEB_API_KEY'));
   return new FirebaseAuthStrategy({
     identityToolkit,
-    adminAuth: admin.auth(),
+    adminAuth: app.auth(),
   });
 }
@@ -83,15 +77,8 @@ function makeFirebaseStrategy(cfg: ConfigService): AuthStrategy {
         if (!keys || missing.length > 0) return fallback();
         try {
-          if (provider === 'supabase') {
-            const client = createClient(
-              requireEnv(cfg, 'SUPABASE_URL'),
-              requireEnv(cfg, 'SUPABASE_SERVICE_ROLE_KEY'),
-              { auth: { autoRefreshToken: false, persistSession: false } },
-            );
-            return new SupabaseAuthStrategy({ client });
-          }
-          return makeFirebaseStrategy(cfg);
+          if (provider === 'supabase') return makeSupabaseAuth(cfg);
+          return makeFirebaseAuth(cfg);
         } catch (err) {
           // Vars present but invalid (e.g. placeholder URL the SDK rejects).
           return fallback(err instanceof Error ? err.message : String(err));

package/templates/apps/microservices/auth/src/main.ts CHANGED Viewed

@@ -1,28 +1,11 @@
 import { Logger } from '@nestjs/common';
 import { NestFactory } from '@nestjs/core';
 import { MicroserviceOptions } from '@nestjs/microservices';
-import { buildTransportMS } from '@icore/shared';
+import { bootstrapMicroservice, buildTransportMS } from '@icore/shared';
 import { AppModule } from './app/app.module';
-async function bootstrap() {
-  const app = await NestFactory.createMicroservice<MicroserviceOptions>(
-    AppModule,
-    buildTransportMS('AUTH'),
-  );
-  await app.listen();
-}
-bootstrap()
-  .then(() => {
-    const logger = new Logger('Auth-Bootstrap');
-    logger.log(
-      `Auth MS Bootstrap completed: transport=${process.env.AUTH_TRANSPORT ?? 'tcp'} host=${process.env.AUTH_HOST ?? '127.0.0.1'} port=${process.env.AUTH_PORT ?? '4001'}`,
-    );
-  })
-  .catch((err) => {
-    new Logger('Auth-Bootstrap').error(
-      'Auth MS bootstrap failed',
-      err instanceof Error ? err.stack : err,
-    );
-    process.exit(1);
-  });
+void bootstrapMicroservice(
+  'AUTH',
+  () => NestFactory.createMicroservice<MicroserviceOptions>(AppModule, buildTransportMS('AUTH')),
+  new Logger('Auth-Bootstrap'),
+);

package/templates/apps/microservices/jobs/src/app/redis-connection.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { Logger } from '@nestjs/common';
+import IORedis from 'ioredis';
+import { formatEnvBanner } from '@icore/shared';
+/**
+ * Creates an IORedis connection that NEVER crashes the process when Redis is
+ * unreachable. Without an 'error' handler, ioredis emits an unhandled 'error'
+ * event → Node exits. Here we log one boxed banner and let ioredis keep
+ * retrying in the background, so the jobs MS stays up and connects once Redis
+ * is available (honours the "never crash on missing infra" rule).
+ */
+export function createJobsRedis(url: string, logger: Logger): IORedis {
+  const connection = new IORedis(url, {
+    maxRetriesPerRequest: null,
+    retryStrategy: (times) => Math.min(times * 200, 5000),
+  });
+  let warned = false;
+  connection.on('error', (err: Error) => {
+    if (warned) return;
+    warned = true;
+    logger.warn(
+      formatEnvBanner({
+        service: 'jobs MS',
+        provider: 'redis',
+        missing: [],
+        envPath: 'apps/microservices/jobs/.env (JOBS_REDIS_URL)',
+        reason: `${err.message} — retrying in the background until Redis is up at ${url}`,
+        headline: `⚠  jobs MS — Redis unreachable (workers idle until it's up)`,
+      }),
+    );
+  });
+  return connection;
+}

package/templates/apps/microservices/jobs/src/app/workers/cleanup.worker.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import { Injectable, Logger, type OnModuleDestroy, type OnModuleInit } from '@ne
 import { ConfigService } from '@nestjs/config';
 import { Worker, type Job } from 'bullmq';
 import IORedis from 'ioredis';
+import { createJobsRedis } from '../redis-connection';
 import type { CleanupJob } from '@icore/shared';
 @Injectable()
@@ -15,7 +16,7 @@ export class CleanupWorker implements OnModuleInit, OnModuleDestroy {
   onModuleInit(): void {
     const url = this.cfg.get<string>('JOBS_REDIS_URL') ?? 'redis://localhost:6379';
     const concurrency = Number(this.cfg.get<string>('JOBS_WORKER_CONCURRENCY') ?? '5');
-    this.connection = new IORedis(url, { maxRetriesPerRequest: null });
+    this.connection = createJobsRedis(url, this.logger);
     this.worker = new Worker<CleanupJob>(
       'cleanup',
       async (job: Job<CleanupJob>) => {

package/templates/apps/microservices/jobs/src/app/workers/email.worker.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import { Injectable, Logger, type OnModuleDestroy, type OnModuleInit } from '@ne
 import { ConfigService } from '@nestjs/config';
 import { Worker, type Job } from 'bullmq';
 import IORedis from 'ioredis';
+import { createJobsRedis } from '../redis-connection';
 import type { EmailJob } from '@icore/shared';
 @Injectable()
@@ -15,7 +16,7 @@ export class EmailWorker implements OnModuleInit, OnModuleDestroy {
   onModuleInit(): void {
     const url = this.cfg.get<string>('JOBS_REDIS_URL') ?? 'redis://localhost:6379';
     const concurrency = Number(this.cfg.get<string>('JOBS_WORKER_CONCURRENCY') ?? '5');
-    this.connection = new IORedis(url, { maxRetriesPerRequest: null });
+    this.connection = createJobsRedis(url, this.logger);
     this.worker = new Worker<EmailJob>(
       'email',
       async (job: Job<EmailJob>) => {

package/templates/apps/microservices/jobs/src/app/workers/image-process.worker.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import { Injectable, Logger, type OnModuleDestroy, type OnModuleInit } from '@ne
 import { ConfigService } from '@nestjs/config';
 import { Worker, type Job } from 'bullmq';
 import IORedis from 'ioredis';
+import { createJobsRedis } from '../redis-connection';
 import type { ImageProcessJob } from '@icore/shared';
 @Injectable()
@@ -15,7 +16,7 @@ export class ImageProcessWorker implements OnModuleInit, OnModuleDestroy {
   onModuleInit(): void {
     const url = this.cfg.get<string>('JOBS_REDIS_URL') ?? 'redis://localhost:6379';
     const concurrency = Number(this.cfg.get<string>('JOBS_WORKER_CONCURRENCY') ?? '5');
-    this.connection = new IORedis(url, { maxRetriesPerRequest: null });
+    this.connection = createJobsRedis(url, this.logger);
     this.worker = new Worker<ImageProcessJob>(
       'image-process',
       async (job: Job<ImageProcessJob>) => {

package/templates/apps/microservices/notes/src/app/app.module.ts CHANGED Viewed

@@ -1,13 +1,12 @@
 import { join } from 'node:path';
-import { Module } from '@nestjs/common';
+import { Module, Logger } from '@nestjs/common';
 import { ConfigModule, ConfigService } from '@nestjs/config';
 import { createClient } from '@supabase/supabase-js';
-import * as admin from 'firebase-admin';
 import { SupabaseDBStrategy } from '@icore/db-supabase';
 import { FirestoreDBStrategy } from '@icore/db-firestore';
+import { getFirebaseAdmin, FIREBASE_ADMIN_REQUIRED_ENV } from '@icore/firebase-admin';
 import { FakeDBStrategy, missingEnv, formatEnvBanner } from '@icore/shared';
 import type { DBStrategy } from '@icore/shared';
-import { Logger } from '@nestjs/common';
 import { NotesController } from './notes.controller';
 const ENV_PATH = 'apps/microservices/notes/.env';
@@ -15,14 +14,30 @@ const ENV_PATH = 'apps/microservices/notes/.env';
 // DB_PROVIDER accepts supabase | firestore | firebase (latter two are Firestore).
 const REQUIRED_ENV: Record<string, string[]> = {
   supabase: ['SUPABASE_URL', 'SUPABASE_SERVICE_ROLE_KEY'],
-  firestore: ['FB_ADMIN_PROJECT_ID', 'FB_ADMIN_CLIENT_EMAIL', 'FB_ADMIN_PRIVATE_KEY'],
-  firebase: ['FB_ADMIN_PROJECT_ID', 'FB_ADMIN_CLIENT_EMAIL', 'FB_ADMIN_PRIVATE_KEY'],
+  firestore: [...FIREBASE_ADMIN_REQUIRED_ENV],
+  firebase: [...FIREBASE_ADMIN_REQUIRED_ENV],
 };
 function requireEnv(cfg: ConfigService, key: string): string {
   return cfg.getOrThrow<string>(key);
 }
+function makeSupabaseDB(cfg: ConfigService): DBStrategy {
+  const client = createClient(
+    requireEnv(cfg, 'SUPABASE_URL'),
+    requireEnv(cfg, 'SUPABASE_SERVICE_ROLE_KEY'),
+    { auth: { autoRefreshToken: false, persistSession: false } },
+  );
+  return new SupabaseDBStrategy({ client });
+}
+function makeFirestoreDB(cfg: ConfigService): DBStrategy {
+  const app = getFirebaseAdmin(cfg);
+  return new FirestoreDBStrategy({
+    db: app.firestore() as unknown as ConstructorParameters<typeof FirestoreDBStrategy>[0]['db'],
+  });
+}
 @Module({
   imports: [
     ConfigModule.forRoot({
@@ -59,28 +74,8 @@ function requireEnv(cfg: ConfigService, key: string): string {
         if (!keys || missing.length > 0) return fallback();
         try {
-          if (provider === 'supabase') {
-            const client = createClient(
-              requireEnv(cfg, 'SUPABASE_URL'),
-              requireEnv(cfg, 'SUPABASE_SERVICE_ROLE_KEY'),
-              { auth: { autoRefreshToken: false, persistSession: false } },
-            );
-            return new SupabaseDBStrategy({ client });
-          }
-          if (admin.apps.length === 0) {
-            admin.initializeApp({
-              credential: admin.credential.cert({
-                projectId: requireEnv(cfg, 'FB_ADMIN_PROJECT_ID'),
-                clientEmail: requireEnv(cfg, 'FB_ADMIN_CLIENT_EMAIL'),
-                privateKey: requireEnv(cfg, 'FB_ADMIN_PRIVATE_KEY').replace(/\\n/g, '\n'),
-              }),
-            });
-          }
-          return new FirestoreDBStrategy({
-            db: admin.firestore() as unknown as ConstructorParameters<
-              typeof FirestoreDBStrategy
-            >[0]['db'],
-          });
+          if (provider === 'supabase') return makeSupabaseDB(cfg);
+          return makeFirestoreDB(cfg);
         } catch (err) {
           return fallback(err instanceof Error ? err.message : String(err));
         }

package/templates/apps/microservices/notes/src/main.ts CHANGED Viewed

@@ -1,28 +1,11 @@
 import { Logger } from '@nestjs/common';
 import { NestFactory } from '@nestjs/core';
 import { MicroserviceOptions } from '@nestjs/microservices';
-import { buildTransportMS } from '@icore/shared';
+import { bootstrapMicroservice, buildTransportMS } from '@icore/shared';
 import { AppModule } from './app/app.module';
-async function bootstrap() {
-  const app = await NestFactory.createMicroservice<MicroserviceOptions>(
-    AppModule,
-    buildTransportMS('NOTES'),
-  );
-  await app.listen();
-}
-bootstrap()
-  .then(() => {
-    const logger = new Logger('Notes-Bootstrap');
-    logger.log(
-      `Notes MS Bootstrap completed: transport=${process.env.NOTES_TRANSPORT ?? 'tcp'} host=${process.env.NOTES_HOST ?? '127.0.0.1'} port=${process.env.NOTES_PORT ?? '4004'}`,
-    );
-  })
-  .catch((err) => {
-    new Logger('Notes-Bootstrap').error(
-      'Notes MS bootstrap failed',
-      err instanceof Error ? err.stack : err,
-    );
-    process.exit(1);
-  });
+void bootstrapMicroservice(
+  'NOTES',
+  () => NestFactory.createMicroservice<MicroserviceOptions>(AppModule, buildTransportMS('NOTES')),
+  new Logger('Notes-Bootstrap'),
+);

package/templates/apps/microservices/payment/src/app/app.module.ts CHANGED Viewed

@@ -40,17 +40,19 @@ const REQUIRED_ENV: Record<string, string[]> = {
             envPath: ENV_PATH,
             headline: `⚠  payment MS — ${provider} credentials missing (payments will fail)`,
           });
-          // Prod: fail fast. Dev: warn — PayPal is lazy, so the MS still boots
-          // and only payment calls fail until creds are set.
+          // Prod: fail fast. Dev: warn + register an EMPTY strategy map so the
+          // MS boots (PaypalStrategy's constructor throws on blank creds, so we
+          // must not instantiate it) — payment endpoints fail until creds are set.
           if (process.env.NODE_ENV === 'production') throw new Error(banner);
           logger.warn(banner);
+          return createPayment({ strategies: {} });
         }
         return createPayment({
           strategies: {
             paypal: new PaypalStrategy({
-              clientId: cfg.get<string>('PAYPAL_CLIENT_ID') ?? '',
-              secret: cfg.get<string>('PAYPAL_CLIENT_SECRET') ?? '',
+              clientId: cfg.getOrThrow<string>('PAYPAL_CLIENT_ID'),
+              secret: cfg.getOrThrow<string>('PAYPAL_CLIENT_SECRET'),
               environment: cfg.get<'sandbox' | 'live'>('PAYPAL_ENVIRONMENT') ?? 'sandbox',
             }),
           },