@launchframe/cli 1.0.0-beta.8 → 1.0.0

package/.claude/settings.local.json

@@ -0,0 +1,12 @@
+{
+  "permissions": {
+    "allow": [
+      "WebSearch",
+      "WebFetch(domain:developer.mixpanel.com)",
+      "Bash(node -c:*)",
+      "Bash(node:*)",
+      "Bash(git checkout:*)",
+      "Bash(grep:*)"
+    ]
+  }
+}

package/CLAUDE.md

@@ -0,0 +1,27 @@
+# LaunchFrame CLI
+
+CLI tool for generating new projects from the LaunchFrame template.
+
+## Purpose
+
+The CLI takes user input (project name, domain, GitHub org, etc.) and:
+1. Copies the `services/` template
+2. Replaces all `{{TEMPLATE_VARIABLES}}`
+3. Generates secrets (DB password, auth secret)
+4. Sets up the project structure
+
+## Template Variables
+
+The CLI replaces these placeholders in all files:
+- `{{PROJECT_NAME}}` - lowercase project name
+- `{{PROJECT_NAME_UPPER}}` - uppercase project name
+- `{{GITHUB_ORG}}` - GitHub organization/username
+- `{{PRIMARY_DOMAIN}}` - main domain (e.g., mysaas.com)
+- `{{ADMIN_EMAIL}}` - admin email for Let's Encrypt
+- `{{VPS_HOST}}` - VPS hostname/IP
+- `{{BETTER_AUTH_SECRET}}` - auto-generated (32+ chars)
+- `{{DB_PASSWORD}}` - auto-generated
+
+## Development
+
+TODO: CLI implementation details

package/CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 LaunchFrame
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,6 +1,12 @@
 # LaunchFrame CLI
 
-> Ship your B2B SaaS to production in hours, not weeks.
+> Ship your B2B SaaS to production in hours, not months.
+
+---
+
+**🚀 We're looking for beta testers!** Get free lifetime access to LaunchFrame [here](https://launchframe.dev/#beta-signup). Limited spots available.
+
+---
 
 LaunchFrame is a production-ready SaaS boilerplate that deploys to a single affordable VPS. Get subscriptions, credits, multi-tenancy, feature gating, and API management out of the box.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@launchframe/cli",
-  "version": "1.0.0-beta.8",
+  "version": "1.0.0",
   "description": "Production-ready B2B SaaS boilerplate with subscriptions, credits, and multi-tenancy",
   "main": "src/index.js",
   "bin": {
@@ -28,21 +28,24 @@
   "homepage": "https://launchframe.dev",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/launchframe/cli.git"
+    "url": "git+https://github.com/launchframe-dev/cli.git"
   },
   "bugs": {
-    "url": "https://github.com/launchframe/cli/issues"
+    "url": "https://github.com/launchframe-dev/cli/issues"
   },
   "engines": {
-    "node": ">=16.0.0"
+    "node": ">=22.0.0"
   },
   "publishConfig": {
     "access": "public"
   },
   "dependencies": {
+    "@resvg/resvg-js": "^2.6.2",
+    "bcryptjs": "^2.4.3",
     "chalk": "^4.1.2",
+    "dotenv": "^17.3.1",
     "fs-extra": "^11.1.1",
-    "glob": "^10.3.10",
-    "inquirer": "^8.2.5"
+    "inquirer": "^8.2.5",
+    "to-ico": "^1.1.5"
   }
 }

package/src/commands/cache.js

@@ -1,11 +1,11 @@
 const chalk = require('chalk');
-const { clearCache, getCacheInfo } = require('../utils/module-cache');
+const { clearCache, getCacheInfo } = require('../utils/service-cache');
 
 /**
- * Clear module cache
+ * Clear service cache
  */
 async function cacheClear() {
-  console.log(chalk.yellow('\n⚠️  This will delete all cached modules'));
+  console.log(chalk.yellow('\n⚠️  This will delete all cached services'));
   console.log(chalk.gray('You will need to re-download on next init or service:add\n'));
   
   const inquirer = require('inquirer');
@@ -30,7 +30,7 @@ async function cacheClear() {
 async function cacheInfo() {
   const info = await getCacheInfo();
   
-  console.log(chalk.blue('\n📦 Module Cache Information\n'));
+  console.log(chalk.blue('\n📦 Service Cache Information\n'));
   
   console.log(chalk.white('Location:'));
   console.log(chalk.gray(`  ${info.path}\n`));
@@ -54,14 +54,14 @@ async function cacheInfo() {
     console.log(chalk.gray(`  ${info.lastUpdate.toLocaleString()}\n`));
   }
   
-  if (info.modules && info.modules.length > 0) {
-    console.log(chalk.white('Cached Modules:'));
-    info.modules.forEach(mod => {
+  if (info.services && info.services.length > 0) {
+    console.log(chalk.white('Cached Services:'));
+    info.services.forEach(mod => {
       console.log(chalk.gray(`  • ${mod}`));
     });
     console.log('');
   } else {
-    console.log(chalk.gray('No modules cached yet\n'));
+    console.log(chalk.gray('No services cached yet\n'));
   }
   
   console.log(chalk.gray('Commands:'));
@@ -73,21 +73,21 @@ async function cacheInfo() {
  * Force update cache
  */
 async function cacheUpdate() {
-  const { ensureCacheReady, getCacheInfo } = require('../utils/module-cache');
+  const { ensureCacheReady, getCacheInfo } = require('../utils/service-cache');
   
   console.log(chalk.blue('\n🔄 Forcing cache update...\n'));
   
   try {
     const info = await getCacheInfo();
-    const currentModules = info.modules || [];
+    const currentServices = info.services || [];
     
-    if (currentModules.length === 0) {
-      console.log(chalk.yellow('No modules in cache yet. Use init or service:add to populate.\n'));
+    if (currentServices.length === 0) {
+      console.log(chalk.yellow('No services in cache yet. Use init or service:add to populate.\n'));
       return;
     }
     
-    // Update cache with current modules
-    await ensureCacheReady(currentModules);
+    // Update cache with current services
+    await ensureCacheReady(currentServices);
     console.log(chalk.green('\n✓ Cache updated successfully\n'));
   } catch (error) {
     console.error(chalk.red(`\n❌ Failed to update cache: ${error.message}\n`));

package/src/commands/database-console.js

@@ -0,0 +1,84 @@
+const fs = require('fs');
+const path = require('path');
+const chalk = require('chalk');
+const inquirer = require('inquirer');
+const { spawnSync } = require('child_process');
+const { requireProject, getProjectConfig } = require('../utils/project-helpers');
+
+async function databaseConsole({ remote = false } = {}) {
+  requireProject();
+
+  const infrastructurePath = path.join(process.cwd(), 'infrastructure');
+
+  if (!fs.existsSync(infrastructurePath)) {
+    console.error(chalk.red('\n❌ Error: infrastructure/ directory not found'));
+    console.log(chalk.gray('Make sure you are in the root of your LaunchFrame project.\n'));
+    process.exit(1);
+  }
+
+  if (remote) {
+    // 1. Check deployment is configured
+    const config = getProjectConfig();
+
+    if (!config.deployConfigured || !config.deployment) {
+      console.error(chalk.red('\n❌ Deployment is not configured.'));
+      console.log(chalk.gray('Run deploy:configure first.\n'));
+      process.exit(1);
+    }
+
+    const { vpsUser, vpsHost, vpsAppFolder } = config.deployment;
+
+    // 2. Warn before connecting to production
+    console.log(chalk.yellow.bold('\n⚠️  You are about to connect to the PRODUCTION database.\n'));
+    console.log(chalk.gray(`  Host: ${vpsHost}`));
+    console.log(chalk.gray(`  Folder: ${vpsAppFolder}\n`));
+
+    const { confirmed } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'confirmed',
+        message: 'Are you sure you want to open a console to the production database?',
+        default: false
+      }
+    ]);
+
+    if (!confirmed) {
+      console.log(chalk.gray('\nAborted.\n'));
+      process.exit(0);
+    }
+
+    console.log(chalk.blue.bold('\n🔌 Connecting to production database...\n'));
+
+    // 3. Let the shell inside the container expand $POSTGRES_USER / $POSTGRES_DB.
+    //    Pass the remote command as a single ssh argument (spawnSync array form)
+    //    so the local shell never touches it.
+    const remoteCmd = `cd ${vpsAppFolder}/infrastructure && docker compose -f docker-compose.yml -f docker-compose.prod.yml exec -it database sh -c 'psql -U $POSTGRES_USER $POSTGRES_DB'`;
+
+    const result = spawnSync('ssh', ['-t', `${vpsUser}@${vpsHost}`, remoteCmd], { stdio: 'inherit' });
+
+    if (result.status !== 0) {
+      console.error(chalk.red('\n❌ Could not connect to the production database.'));
+      console.log(chalk.gray('Check that the VPS is reachable and services are running.\n'));
+      process.exit(1);
+    }
+  } else {
+    console.log(chalk.blue.bold('\n🗄️  Opening local database console...\n'));
+
+    // Let the shell inside the container expand $POSTGRES_USER / $POSTGRES_DB
+    const psqlCmd = [
+      'compose', '-f', 'docker-compose.yml', '-f', 'docker-compose.dev.yml',
+      'exec', 'database', 'sh', '-c', 'psql -U $POSTGRES_USER $POSTGRES_DB'
+    ];
+
+    const result = spawnSync('docker', psqlCmd, { cwd: infrastructurePath, stdio: 'inherit' });
+
+    if (result.status !== 0) {
+      console.error(chalk.red('\n❌ Could not connect to the local database container.'));
+      console.log(chalk.gray('Make sure services are running:'));
+      console.log(chalk.white('  launchframe docker:up\n'));
+      process.exit(1);
+    }
+  }
+}
+
+module.exports = { databaseConsole };

package/src/commands/deploy-build.js

@@ -0,0 +1,76 @@
+const chalk = require('chalk');
+const path = require('path');
+const { requireProject, getProjectConfig } = require('../utils/project-helpers');
+const { buildAndPushWorkflow } = require('../utils/docker-helper');
+const { pullImagesOnVPS, restartServicesOnVPS } = require('../utils/ssh-helper');
+
+/**
+ * Build, push, and deploy Docker images
+ * @param {string} [serviceName] - Optional specific service to build (e.g., 'backend', 'admin-portal')
+ */
+async function deployBuild(serviceName) {
+  requireProject();
+
+  const serviceLabel = serviceName ? `(${serviceName})` : '(all services)';
+  console.log(chalk.blue.bold(`\n🔨 LaunchFrame Build & Deploy ${serviceLabel}\n`));
+
+  const config = getProjectConfig();
+  const projectRoot = process.cwd();
+
+  // Validate deployment is configured
+  if (!config.deployConfigured || !config.deployment) {
+    console.log(chalk.red('❌ Error: Deployment not configured yet\n'));
+    console.log(chalk.gray('Run this command first:'));
+    console.log(chalk.white('  launchframe deploy:configure\n'));
+    process.exit(1);
+  }
+
+  const { vpsHost, vpsUser, vpsAppFolder, githubOrg, ghcrToken } = config.deployment;
+  const { projectName, installedServices } = config;
+  const envProdPath = path.join(projectRoot, 'infrastructure', '.env.prod');
+
+  // Step 1-3: Build and push images
+  console.log(chalk.yellow('🐳 Step 1: Building and pushing images...\n'));
+
+  try {
+    await buildAndPushWorkflow({
+      projectRoot,
+      projectName,
+      githubOrg,
+      ghcrToken,
+      envProdPath,
+      installedServices,
+      serviceName
+    });
+  } catch (error) {
+    console.log(chalk.red(`\n❌ ${error.message}\n`));
+    process.exit(1);
+  }
+
+  // Step 4: Pull images on VPS
+  console.log(chalk.yellow('🚀 Step 2: Pulling images on VPS...\n'));
+
+  try {
+    await pullImagesOnVPS(vpsUser, vpsHost, vpsAppFolder);
+  } catch (error) {
+    console.log(chalk.red(`\n❌ ${error.message}\n`));
+    process.exit(1);
+  }
+
+  // Step 5: Restart services
+  console.log(chalk.yellow('\n🔄 Step 3: Restarting services...\n'));
+
+  try {
+    await restartServicesOnVPS(vpsUser, vpsHost, vpsAppFolder);
+  } catch (error) {
+    console.log(chalk.red(`\n❌ ${error.message}\n`));
+    process.exit(1);
+  }
+
+  // Success!
+  console.log(chalk.green.bold('\n✅ Build and deploy complete!\n'));
+
+  console.log(chalk.gray('Your updated application is now running.\n'));
+}
+
+module.exports = { deployBuild };

package/src/commands/deploy-configure.js

@@ -53,14 +53,16 @@ async function deployConfigure() {
     '{{PRIMARY_DOMAIN}}': deployAnswers.primaryDomain,
     '{{ADMIN_EMAIL}}': deployAnswers.adminEmail,
     '{{GITHUB_ORG}}': deployAnswers.githubOrg,
-    '{{VPS_APP_FOLDER}}': deployAnswers.vpsAppFolder
+    '{{VPS_APP_FOLDER}}': deployAnswers.vpsAppFolder,
+    '{{PROJECT_NAME}}': config.projectName,
+    '{{PROJECT_NAME_UPPER}}': config.projectName.toUpperCase()
   };
 
   console.log(chalk.yellow('\n⚙️  Updating configuration files...\n'));
 
   // Files that need template variable replacement
+  // Note: infrastructure/.env is NOT updated - it's for local development only
   const filesToUpdate = [
-    'infrastructure/.env',
     'infrastructure/.env.example',
     'infrastructure/docker-compose.yml',
     'infrastructure/docker-compose.dev.yml',
@@ -74,6 +76,10 @@ async function deployConfigure() {
     'admin-portal/src/App.tsx',
     'admin-portal/src/components/common/PageTitle.tsx',
     'admin-portal/src/sentry.tsx',
+    'backend/.github/workflows/deploy-backend.yml',
+    'admin-portal/.github/workflows/deploy-admin-portal.yml',
+    'website/.github/workflows/deploy-website.yml',
+    'infrastructure/scripts/zero-downtime-deploy.sh',
   ];
 
   if (config.variants.tenancy === 'multi-tenant') {
@@ -86,7 +92,8 @@ async function deployConfigure() {
   if (config.variants.userModel === 'b2b2c') {
     filesToUpdate.push(
       'admin-portal/src/components/settings/CustomDomain.tsx',
-      'customers-portal/src/App.tsx'
+      'customers-portal/src/App.tsx',
+      'customers-portal/.github/workflows/deploy-customers-portal.yml',
     )
   }
 

package/src/commands/deploy-init.js

@@ -1,6 +1,5 @@
 const chalk = require('chalk');
 const path = require('path');
-const fs = require('fs-extra');
 const ora = require('ora');
 const { requireProject, getProjectConfig } = require('../utils/project-helpers');
 const { validateEnvProd } = require('../utils/env-validator');
@@ -9,8 +8,10 @@ const {
   checkSSHKeys,
   executeSSH,
   copyFileToVPS,
-  copyDirectoryToVPS
+  copyDirectoryToVPS,
+  pullImagesOnVPS
 } = require('../utils/ssh-helper');
+const { buildAndPushWorkflow } = require('../utils/docker-helper');
 
 /**
  * Initial VPS setup - copy infrastructure files and configure environment
@@ -30,8 +31,8 @@ async function deployInit() {
     process.exit(1);
   }
 
-  const { vpsHost, vpsUser, vpsAppFolder, githubOrg } = config.deployment;
-  const { projectName } = config;
+  const { vpsHost, vpsUser, vpsAppFolder, githubOrg, ghcrToken } = config.deployment;
+  const { projectName, installedServices } = config;
   const projectRoot = process.cwd();
   const envProdPath = path.join(projectRoot, 'infrastructure', '.env.prod');
 
@@ -86,42 +87,18 @@ async function deployInit() {
   spinner.succeed('Connected to VPS successfully');
   console.log();
 
-  // Step 3.5: Build and push Docker images
-  console.log(chalk.yellow('🐳 Step 3.5: Building Docker images locally...\n'));
-
-  // Check if Docker is running
-  const {
-    checkDockerRunning,
-    loginToGHCR,
-    buildFullAppImages
-  } = require('../utils/docker-helper');
-
-  const dockerRunning = await checkDockerRunning();
-  if (!dockerRunning) {
-    console.log(chalk.red('❌ Docker is not running\n'));
-    console.log(chalk.gray('Please start Docker Desktop and try again.\n'));
-    console.log(chalk.gray('Docker is required to build production images for deployment.\n'));
-    process.exit(1);
-  }
-
-  // Validate GHCR token is configured
-  const { ghcrToken } = config.deployment || {};
-  if (!ghcrToken) {
-    console.log(chalk.red('❌ GHCR token not configured\n'));
-    console.log(chalk.gray('Run this command first:'));
-    console.log(chalk.white('  launchframe deploy:configure\n'));
-    process.exit(1);
-  }
+  // Step 4: Build and push Docker images
+  console.log(chalk.yellow('🐳 Step 4: Building Docker images locally...\n'));
 
   try {
-    // Login to GHCR
-    await loginToGHCR(githubOrg, ghcrToken);
-
-    // Build full-app images (only for installed services)
-    const installedServices = config.installedServices || ['backend', 'admin-portal', 'website'];
-    await buildFullAppImages(projectRoot, projectName, githubOrg, envProdPath, installedServices);
-
-    console.log(chalk.green.bold('\n✅ All images built and pushed to GHCR!\n'));
+    await buildAndPushWorkflow({
+      projectRoot,
+      projectName,
+      githubOrg,
+      ghcrToken,
+      envProdPath,
+      installedServices: installedServices || ['backend', 'admin-portal', 'website']
+    });
   } catch (error) {
     console.log(chalk.red('\n❌ Failed to build Docker images\n'));
     console.log(chalk.gray('Error:'), error.message, '\n');
@@ -135,16 +112,15 @@ async function deployInit() {
     process.exit(1);
   }
 
-
-  // Step 4: Create app directory and copy infrastructure files
-  console.log(chalk.yellow('📦 Step 4: Setting up application on VPS...\n'));
+  // Step 5: Create app directory and copy infrastructure files
+  console.log(chalk.yellow('📦 Step 5: Setting up application on VPS...\n'));
 
   const setupSpinner = ora('Creating app directory...').start();
 
   try {
     // Create infrastructure directory on VPS
     await executeSSH(vpsUser, vpsHost, `mkdir -p ${vpsAppFolder}/infrastructure`);
-    
+
     setupSpinner.text = 'Copying infrastructure files to VPS...';
 
     // Copy entire infrastructure directory to VPS
@@ -205,8 +181,8 @@ async function deployInit() {
     // If error, waitlist probably not running - continue
   }
 
-  // Step 5: Copy .env.prod to VPS (overwrites .env copied from infrastructure/)
-  console.log(chalk.yellow('\n📄 Step 5: Configuring production environment...\n'));
+  // Step 6: Copy .env.prod to VPS (overwrites .env copied from infrastructure/)
+  console.log(chalk.yellow('\n📄 Step 6: Configuring production environment...\n'));
 
   const envSpinner = ora('Copying .env.prod to VPS...').start();
 
@@ -220,27 +196,18 @@ async function deployInit() {
     process.exit(1);
   }
 
-  // Step 6: Pull Docker images
-  console.log(chalk.yellow('\n🐳 Step 6: Pulling Docker images...\n'));
+  // Step 7: Pull Docker images
+  console.log(chalk.yellow('\n🐳 Step 7: Pulling Docker images on VPS...\n'));
   console.log(chalk.gray('This may take several minutes...\n'));
 
-  const dockerSpinner = ora('Pulling Docker images...').start();
-
   try {
-    await executeSSH(
-      vpsUser,
-      vpsHost,
-      `cd ${vpsAppFolder}/infrastructure && docker-compose -f docker-compose.yml -f docker-compose.prod.yml pull`,
-      { timeout: 600000 } // 10 minutes for image pull
-    );
-    dockerSpinner.succeed('Docker images pulled successfully');
+    await pullImagesOnVPS(vpsUser, vpsHost, vpsAppFolder);
   } catch (error) {
-    dockerSpinner.fail('Failed to pull Docker images');
     console.log(chalk.yellow(`\n⚠️  Warning: ${error.message}\n`));
     console.log(chalk.gray('This might mean Docker is not installed on the VPS.'));
     console.log(chalk.gray('Please install Docker and Docker Compose:\n'));
     console.log(chalk.white('  curl -fsSL https://get.docker.com | sh'));
-    console.log(chalk.white('  sudo usermod -aG docker ${vpsUser}\n'));
+    console.log(chalk.white(`  sudo usermod -aG docker ${vpsUser}\n`));
     process.exit(1);
   }