@percepta/create 3.0.1 → 3.1.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@percepta/create",
-  "version": "3.0.1",
+  "version": "3.1.2",
   "description": "Scaffold a new Mosaic package",
   "type": "module",
   "bin": {
@@ -27,7 +27,7 @@
     "tsup": "^8.4.0",
     "typescript": "^5.7.3",
     "vitest": "^4.0.0",
-    "@percepta/build": "0.4.0"
+    "@percepta/build": "0.4.1"
   },
   "engines": {
     "node": ">=18.0.0"
@@ -47,6 +47,7 @@
   "license": "MIT",
   "scripts": {
     "build": "tsup src/index.ts --format esm --dts --clean",
+    "create:local": "pnpm build && node dist/index.js",
     "dev": "tsup src/index.ts --format esm --watch",
     "typecheck": "tsc --noEmit",
     "sync-template": "tsx scripts/sync-template.ts",

package/templates/monorepo/gitignore.template

@@ -21,6 +21,7 @@ Thumbs.db
 .env
 .env.local
 .env.*.local
+**/deploy/ryvn/*.secrets.env
 
 # Logs
 *.log

package/templates/webapp/.github/workflows/__APP_NAME__-ryvn-release.yaml

@@ -9,7 +9,7 @@ on:
       - "packages/__APP_NAME__/scripts/**"
       - "packages/__APP_NAME__/Dockerfile"
       - "packages/__APP_NAME__/package.json"
-      - "pnpm-lock.yaml"
+      - "packages/__APP_NAME__/pnpm-lock.yaml"
       - ".github/workflows/__APP_NAME__-ryvn-release.yaml"
   pull_request:
     branches:
@@ -19,7 +19,7 @@ on:
       - "packages/__APP_NAME__/scripts/**"
       - "packages/__APP_NAME__/Dockerfile"
       - "packages/__APP_NAME__/package.json"
-      - "pnpm-lock.yaml"
+      - "packages/__APP_NAME__/pnpm-lock.yaml"
   workflow_dispatch:
 
 env:
@@ -66,6 +66,7 @@ jobs:
           service_name: ${{ env.SERVICE_NAME }}
           version: ${{ steps.generate-tag.outputs.version }}
           build_only: ${{ !(github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || steps.generate-tag.outputs.isPreview == 'true') }}
+          build_args: NPM_TOKEN=${{ secrets.NPM_TOKEN }}
           ryvn_client_id: ${{ secrets.RYVN_CLIENT_ID }}
           ryvn_client_secret: ${{ secrets.RYVN_CLIENT_SECRET }}
 

package/templates/webapp/AGENTS.md

@@ -24,7 +24,7 @@ Next.js 15 full-stack application scaffolded from the Mosaic webapp template via
 - Logger messages must be plain string literals, not variables or templates
 - `no-process-env` is enforced — use `getEnvConfig()` from `src/config/`
 - Use `@percepta/design` components before writing custom UI
-- Use `AsyncContent` from `@percepta/components` for loading/error states
+- For loading/error states, use local UI or add `@percepta/components` if you want `AsyncContent`
 - Tailwind CSS for all styling; icons from `lucide-react`
 
 ## Project Structure
@@ -114,10 +114,16 @@ export default [
 
 Vitest config is also available via `@percepta/build/vitest`.
 
-### @percepta/components — React Utilities
+### @percepta/components — Optional React Utilities
 
 Async data handling and hooks for React Query:
 
+Install this package first if you want these helpers:
+
+```bash
+pnpm add @percepta/components
+```
+
 - **`AsyncContent<T>`** — renders loading spinner, error state, or children based on a React Query result. Use this for all data-fetching UI.
 - **`AsyncArrayContent<T[]>`** — same but for multiple parallel queries
 - **`ErrorContainer`** — consistent error display

package/templates/webapp/Dockerfile

@@ -45,7 +45,6 @@ ENV BASE_PATH=${BASE_PATH}
 # Copy built app from builder stage
 COPY --from=builder /app/.next/standalone ./
 COPY --from=builder /app/.next/static ./.next/static
-COPY --from=builder /app/public ./public
 
 # Copy scripts and source files needed for start.sh and runtime
 COPY --from=builder /app/scripts ./scripts

package/templates/webapp/README.md

@@ -134,6 +134,7 @@ pnpm db:seed
 | `DATABASE_USERNAME` | Database user | `postgres` |
 | `DATABASE_PASSWORD` | Database password | `postgres` |
 | `DATABASE_NAME` | Database name | `__DB_NAME__` |
+| `DATABASE_SCHEMA` | Optional Postgres schema/search path | - |
 | `DATABASE_USE_SSL` | Enable SSL | `false` |
 
 ### Security

package/templates/webapp/agent-skills/database.md

@@ -130,6 +130,7 @@ pnpm docker:down
 | `DATABASE_USERNAME` | `postgres` | Database user |
 | `DATABASE_PASSWORD` | `postgres` | Database password |
 | `DATABASE_NAME` | `__DB_NAME__` | Database name |
+| `DATABASE_SCHEMA` | - | Optional Postgres schema/search path |
 | `DATABASE_USE_SSL` | `false` | Enable SSL connections |
 
 ## Key Concepts

package/templates/webapp/agent-skills/deploy.md

@@ -10,7 +10,7 @@ When this app was created with `@percepta/create`, the IaC files were generated
 - `deploy/ryvn/environments/percepta-test/installations/__APP_NAME__.env.percepta-test.serviceinstallation.yaml` — percepta-test installation
 - `.github/workflows/__APP_NAME__-ryvn-release.yaml` (at the repo root) — release workflow that builds the Docker image and creates a Ryvn release on push to `main`. Path filter scoped to `packages/__APP_NAME__/` so unrelated changes don't trigger builds.
 
-Per-app values (URLs, k8s service names, database name) are substituted at create-time. Shared platform values (Inngest, Langfuse, OTel endpoints) are baked in as literals — they're stable across percepta-test apps. Three secrets stay in the Ryvn UI.
+Per-app values (URLs, k8s service names, database schema) are substituted at create-time. The Better Auth and encryption secrets are written to `deploy/ryvn/percepta-test.secrets.env`, which is ignored by git and intended for Ryvn UI import. Shared platform values (Inngest and OTel endpoints) are baked in as literals because they're stable across percepta-test apps.
 
 See [`deploy/README.md`](../deploy/README.md) for the file-by-file breakdown.
 
@@ -19,51 +19,62 @@ See [`deploy/README.md`](../deploy/README.md) for the file-by-file breakdown.
 - The app repo is under the `Percepta-Core` GitHub org. If not yet, run `gh repo create Percepta-Core/__APP_NAME__ --private --source=. --push` from the monorepo root.
 - The Percepta-Core org has `RYVN_CLIENT_ID`, `RYVN_CLIENT_SECRET`, and `NPM_TOKEN` as org-level GitHub secrets (already in place).
 - The `percepta-internal-terraform` installation provides the shared PostgreSQL — already deployed on percepta-test.
-- The infra repo (`Percepta-Core/infra`) is checked out locally, typically at `../../infra` relative to this package.
+- `git` and `gh` are installed and authenticated.
+- The infra repo (`Percepta-Core/infra`) is checked out locally or can be cloned by the deploy script.
 
 ## Deploy
 
-### Step 1: Open the infra PR
+### Step 1: Open the service/schema infra PR
 
-Copy the two scaffolded files into the infra repo and open a PR:
+Run the generated deploy helper from this package directory:
 
 ```bash
-INFRA=../../infra   # adjust to your local path
-NAME=__APP_NAME__
-
-cp deploy/ryvn/$NAME.service.yaml \
-   $INFRA/ryvn/$NAME.service.yaml
+pnpm deploy:percepta-test -- --phase service --yes
+```
 
-cp deploy/ryvn/environments/percepta-test/installations/$NAME.env.percepta-test.serviceinstallation.yaml \
-   $INFRA/ryvn/environments/percepta-test/installations/$NAME.env.percepta-test.serviceinstallation.yaml
+This script:
 
-cd $INFRA
-git checkout -b deploy/$NAME-percepta-test
-git add ryvn/$NAME.service.yaml ryvn/environments/percepta-test/installations/$NAME.env.percepta-test.serviceinstallation.yaml
-git commit -m "Add $NAME service + percepta-test installation"
-git push -u origin deploy/$NAME-percepta-test
-gh pr create --fill
-```
+- uses `INFRA_REPO` or `--infra <path>` when provided
+- otherwise uses a sibling `../infra` checkout, cloning `Percepta-Core/infra` there if needed
+- copies the Ryvn service YAML into infra
+- appends a `postgresql_schema "__APP_NAME_SNAKE__"` resource to `terraform/percepta-internal/databases.tf`
+- opens the first PR against `Percepta-Core/infra`
 
 Get the PR reviewed and merged.
 
-### Step 2: Set the three secrets in the Ryvn UI
+### Step 2: Wait for service/schema import
 
-After the infra PR merges, Ryvn creates the installation. Open the Ryvn UI for the `__APP_NAME__` installation in `percepta-test` and set:
+After the service/schema PR merges, wait for Ryvn GitOps to import the service. If Ryvn creates a `percepta-internal-terraform` task for the database schema, approve/apply it in Ryvn.
 
-| Secret | Value |
-|--------|-------|
-| `BETTER_AUTH_SECRET` | `openssl rand -base64 32` |
-| `ENCRYPTION_SECRET_KEY` | `openssl rand -hex 16` |
-| `LANGFUSE_SECRET_KEY` | from 1Password: "Percepta Test Secrets" |
+### Step 3: Create the first release
 
-### Step 3: Trigger the first deploy
-
-Push to `main` in the app repo (or `gh workflow run "Build & Release __APP_NAME__"`). The release workflow builds the Docker image and creates a Ryvn release; Ryvn deploys it to percepta-test.
+Push to `main` in the app repo (or `gh workflow run "Build & Release __APP_NAME__"`). The release workflow builds the Docker image and creates a Ryvn release. Do this before creating the ServiceInstallation, otherwise GitOps can fail with `ReleaseNotFound`.
 
 The workflow lives at `.github/workflows/__APP_NAME__-ryvn-release.yaml` (at the repo root, where GitHub Actions picks it up). It only fires on changes under `packages/__APP_NAME__/`, so unrelated edits to other packages in the monorepo won't trigger it.
 
-### Step 4: Verify
+### Step 4: Open the installation infra PR
+
+After the first release exists, open the installation PR:
+
+```bash
+pnpm deploy:percepta-test -- --phase installation --yes
+```
+
+The `--` is the pnpm argument delimiter; it passes `--phase` and `--yes` through to the deploy helper script.
+
+Get the PR reviewed and merged. Ryvn GitOps will import the ServiceInstallation and the Staging channel should deploy the latest release.
+
+### Step 5: Import Ryvn secrets
+
+After GitOps imports the installation, import this generated file in the Ryvn UI for the installation secrets:
+
+```bash
+deploy/ryvn/percepta-test.secrets.env
+```
+
+Also set any app-specific secrets the implementation added, such as `OPENAI_API_KEY`.
+
+### Step 6: Verify
 
 ```bash
 ryvn get installation __APP_NAME__ -e percepta-test
@@ -76,16 +87,18 @@ The app will be available at **https://__APP_NAME__.percepta-test.aitco.dev**.
 
 ## Troubleshooting
 
-- **Pod crash-looping** → secrets probably aren't set yet (Step 2). Check `ryvn logs`.
+- **Auth/sign-in routes fail after install** → import `deploy/ryvn/percepta-test.secrets.env` in the Ryvn UI, then let Ryvn update/restart the installation.
+- **Pod crash-looping** → check `ryvn logs`; migration or database connectivity failures are the most common fresh-deploy causes.
 - **Database connection refused** → verify `DATABASE_USE_SSL=true` and that `percepta-internal-terraform` is deployed.
+- **Database schema missing** → verify the infra PR added `postgresql_schema "__APP_NAME_SNAKE__"` and Ryvn applied `percepta-internal-terraform`.
 - **Inngest can't reach the app** → `INNGEST_APP_URL` must use the k8s service name `__APP_NAME__-web-server`. The scaffolded YAML gets this right; if you renamed anything, double-check.
-- **Image build fails** → check `NPM_TOKEN` in the service definition is current. Build context is `packages/__APP_NAME__`.
+- **Image build fails fetching @percepta packages** → check the `NPM_TOKEN` GitHub org secret. The workflow passes it as a build arg.
 
 For Ryvn CLI operations, use the `/use-ryvn` skill.
 
 ## Updating shared platform values
 
-The Inngest/Langfuse/OTel URLs are baked as literals in every webapp's installation YAML. If percepta-test infra ever changes those endpoints, update them with a single grep across the infra repo:
+The Inngest and OTel URLs are baked as literals in every webapp's installation YAML. If percepta-test infra ever changes those endpoints, update them with a single grep across the infra repo:
 
 ```bash
 grep -rl "inngest.percepta-test.svc.cluster.local:8288" ryvn/environments/percepta-test/installations/

package/templates/webapp/agent-skills/oneshot.md

@@ -122,7 +122,7 @@ If it fails, fix the errors before moving to the next chunk. Do not accumulate b
 ### Implementation Rules
 
 - **Use `@percepta/design` components.** Do not write custom UI for things that exist in the design system (Button, Dialog, Table, Card, Input, etc.). Read `node_modules/@percepta/design/dist/src/index.d.ts` to see what's available.
-- **Use `AsyncContent` for loading states.** Every data-fetching UI should use `AsyncContent` from `@percepta/components`.
+- **Use robust loading states.** `@percepta/components` is optional; add it first if you want `AsyncContent`.
 - **Use `getEnvConfig()` for env vars.** Never use `process.env` directly.
 - **Use `getLogger()` for logging.** Never use `console.log`. Use safe/unsafe field separation.
 - **Follow the singleton pattern** for new services. Follow the existing `DatabaseService` singleton pattern in the codebase.
@@ -179,8 +179,8 @@ git init
 git add -A
 git commit -m "Initial implementation of <app-name>"
 
-# Create the repo under percepta-ai org
-gh repo create percepta-ai/<app-name> --private --source=. --push
+# Create the repo under the Percepta-Core org
+gh repo create Percepta-Core/<app-name> --private --source=. --push
 ```
 
 If `gh` is not authenticated, tell the user to run `gh auth login` and then continue.

package/templates/webapp/deploy/README.md

@@ -12,21 +12,47 @@ deploy/
                 └── __APP_NAME__.env.percepta-test.serviceinstallation.yaml # percepta-test installation
 ```
 
-These files are pre-filled with all values needed to deploy to `https://__APP_NAME__.percepta-test.aitco.dev`. The only manual steps are: open a PR in `Percepta-Core/infra` to copy them in, and set three secrets in the Ryvn UI.
+These files are pre-filled with all base values needed to deploy to `https://__APP_NAME__.percepta-test.aitco.dev`. The generated deploy helper opens the required `Percepta-Core/infra` PRs in two phases.
 
 ## Deploying
 
-Tell Claude "deploy this app to percepta-test" — it'll follow [`agent-skills/deploy.md`](../agent-skills/deploy.md), which walks through copying these files into the infra repo, opening the PR, and the manual Ryvn UI step.
+Tell Claude "deploy this app to percepta-test" — it'll follow [`agent-skills/deploy.md`](../agent-skills/deploy.md), which runs the generated PR helper and then verifies Ryvn.
 
 ## What's in these files
 
-**`__APP_NAME__.service.yaml`** — tells Ryvn how to build the Docker image. Points at `Percepta-Core/__APP_NAME__` (change the repo if you've named the GitHub repo differently). The `NPM_TOKEN` build arg is a read-only npm token shared across all Percepta apps for installing `@percepta/*` packages — it's not a secret.
+**`__APP_NAME__.service.yaml`** — tells Ryvn how to build the Docker image. Points at `Percepta-Core/__APP_NAME__` (change the repo if you've named the GitHub repo differently). The release workflow passes `NPM_TOKEN` as a build arg from GitHub org secrets.
 
 **`__APP_NAME__.env.percepta-test.serviceinstallation.yaml`** — configures the deployment on `percepta-test`. Three categories of values are baked in:
 
-1. **Per-app values** that vary by app name (URLs, k8s service names) — substituted at create-time.
-2. **Shared platform values** (Inngest, Langfuse, OTel endpoints) — copied as literals from the `tc-emo` reference installation. These are stable across percepta-test apps.
-3. **Secrets** (`BETTER_AUTH_SECRET`, `ENCRYPTION_SECRET_KEY`, `LANGFUSE_SECRET_KEY`) — declared in the YAML, value entered once in the Ryvn UI.
+1. **Per-app values** that vary by app name (URLs, k8s service names, database schema) — substituted at create-time.
+2. **Shared platform values** (Inngest and OTel endpoints) — copied as literals from existing percepta-test installations. These are stable across percepta-test apps.
+3. **Database wiring** — points at the shared `demos` database and a per-app schema created by the infra PR.
+
+**`percepta-test.secrets.env`** — generated locally and ignored by git. Import it in the Ryvn UI for `BETTER_AUTH_SECRET` and `ENCRYPTION_SECRET_KEY`; deployment secret values are intentionally not committed to GitOps IaC.
+
+## Deployment order
+
+Use two infra PRs. The Service must exist before the first release can be created, and the first release must exist before the ServiceInstallation can be imported.
+
+1. Open and merge the service/schema PR:
+
+   ```bash
+   pnpm deploy:percepta-test -- --phase service --yes
+   ```
+
+2. Wait for GitOps to import the service. If the schema change creates a `percepta-internal-terraform` task in Ryvn, approve/apply it.
+
+3. Push the app to `main` or run the release workflow so Ryvn has a first release for `__APP_NAME__`.
+
+4. Open and merge the installation PR:
+
+   ```bash
+   pnpm deploy:percepta-test -- --phase installation --yes
+   ```
+
+5. After GitOps imports the installation, import `deploy/ryvn/percepta-test.secrets.env` into the Ryvn UI for the `__APP_NAME__` installation secrets.
+
+The `--` is the pnpm argument delimiter; it passes the flags after it through to `scripts/open-ryvn-deploy-pr.ts`.
 
 ## Repo layout note
 

package/templates/webapp/deploy/ryvn/__APP_NAME__.service.yaml

@@ -5,7 +5,5 @@ spec:
   type: server
   repo: Percepta-Core/__APP_NAME__
   build:
-    args:
-      NPM_TOKEN: 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
     context: packages/__APP_NAME__
     dockerfile: packages/__APP_NAME__/Dockerfile

package/templates/webapp/deploy/ryvn/environments/percepta-test/installations/__APP_NAME__.env.percepta-test.serviceinstallation.yaml

@@ -10,8 +10,23 @@ spec:
     service:
       port: 3000
 
+    startupEnabled: true
+    startupProbe:
+      httpGet:
+        path: /api/healthz
+        port: 3000
+      failureThreshold: 30
+      periodSeconds: 10
     livenessEnabled: true
+    livenessProbe:
+      httpGet:
+        path: /api/healthz
+        port: 3000
     readinessEnabled: true
+    readinessProbe:
+      httpGet:
+        path: /api/readyz
+        port: 3000
 
     resources:
       requests:
@@ -38,29 +53,33 @@ spec:
             - __APP_NAME__.percepta-test.aitco.dev
 
     env:
-      # Database (shared percepta-test RDS, provisioned by percepta-internal-terraform)
+      # Database — shared `demos` DB on the percepta-internal Postgres instance.
+      # Tables live under a per-app schema created by the infra PR. DATABASE_SCHEMA
+      # pins the connection search_path so Drizzle migrations + queries land there.
       - name: DATABASE_HOST
         valueFrom:
           secretKeyRef:
-            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.postgresql_secret_name }}"
+            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.percepta_internal_postgresql_secret_name }}"
             key: host
       - name: DATABASE_PORT
         valueFrom:
           secretKeyRef:
-            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.postgresql_secret_name }}"
+            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.percepta_internal_postgresql_secret_name }}"
             key: port
       - name: DATABASE_USERNAME
         valueFrom:
           secretKeyRef:
-            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.postgresql_secret_name }}"
+            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.percepta_internal_postgresql_secret_name }}"
             key: username
       - name: DATABASE_PASSWORD
         valueFrom:
           secretKeyRef:
-            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.postgresql_secret_name }}"
+            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.percepta_internal_postgresql_secret_name }}"
             key: password
       - name: DATABASE_NAME
-        value: "__DB_NAME__"
+        value: "demos"
+      - name: DATABASE_SCHEMA
+        value: "__APP_NAME_SNAKE__"
       - name: DATABASE_USE_SSL
         value: "true"
 
@@ -74,14 +93,9 @@ spec:
       value: https://__APP_NAME__.percepta-test.aitco.dev
     - key: BETTER_AUTH_URL
       value: https://__APP_NAME__.percepta-test.aitco.dev
-
-    # Auth — generated random, set in Ryvn UI (openssl rand -base64 32)
-    - key: BETTER_AUTH_SECRET
-      isSecret: true
-
-    # Encryption — generated random, set in Ryvn UI (openssl rand -hex 16)
-    - key: ENCRYPTION_SECRET_KEY
-      isSecret: true
+    # Import BETTER_AUTH_SECRET and ENCRYPTION_SECRET_KEY from
+    # deploy/ryvn/percepta-test.secrets.env in the Ryvn UI after the installation
+    # exists. Secret values are intentionally not declared in GitOps IaC.
 
     # Inngest (shared percepta-test instance)
     - key: INNGEST_BASE_URL
@@ -95,14 +109,6 @@ spec:
     - key: INNGEST_SERVE_HOST
       value: http://__APP_NAME__-web-server.percepta-test.svc.cluster.local:3000/api/inngest
 
-    # Langfuse (shared percepta-test instance) — secret key set in Ryvn UI from 1Password
-    - key: LANGFUSE_BASE_URL
-      value: https://percepta-test.aitco.dev/evals
-    - key: LANGFUSE_PUBLIC_KEY
-      value: pk-lf-cc45f2c9-5286-4966-849b-42fd45059390
-    - key: LANGFUSE_SECRET_KEY
-      isSecret: true
-
     # OpenTelemetry
     - key: OTEL_METRICS_EXPORTER_OTLP_ENDPOINT
       value: http://otel-collector-opentelemetry-collector.percepta-test.svc.cluster.local:4318/v1/metrics
@@ -110,12 +116,3 @@ spec:
       value: "60000"
     - key: LOG_LEVEL
       value: debug
-
-  # Set the values for these in the Ryvn UI after the infra PR merges:
-  #   BETTER_AUTH_SECRET    — generate: openssl rand -base64 32
-  #   ENCRYPTION_SECRET_KEY — generate: openssl rand -hex 16
-  #   LANGFUSE_SECRET_KEY   — copy from 1Password "Percepta Test Secrets"
-  secrets:
-    - name: BETTER_AUTH_SECRET
-    - name: ENCRYPTION_SECRET_KEY
-    - name: LANGFUSE_SECRET_KEY

package/templates/webapp/drizzle.config.ts

@@ -1,6 +1,7 @@
 import { loadEnvConfig } from "@next/env";
 import type { Config } from "drizzle-kit";
 import { getEnvConfig } from "./src/config/getEnvConfig";
+import { getPgSearchPathOption } from "./src/drizzle/searchPath";
 
 loadEnvConfig(process.cwd());
 
@@ -10,20 +11,28 @@ const {
   DATABASE_USERNAME: user,
   DATABASE_PASSWORD: password,
   DATABASE_NAME: database,
+  DATABASE_SCHEMA: databaseSchema,
   DATABASE_USE_SSL: useSSL,
 } = getEnvConfig();
 
+const schemaFilter = databaseSchema?.trim() || undefined;
+const searchPathOption = getPgSearchPathOption(schemaFilter);
+const connectionParams = new URLSearchParams();
+if (useSSL) connectionParams.set("sslmode", "require");
+if (searchPathOption) connectionParams.set("options", searchPathOption);
+
+const connectionString =
+  `postgresql://${encodeURIComponent(user)}:${encodeURIComponent(password)}` +
+  `@${host}:${port}/${encodeURIComponent(database)}` +
+  (connectionParams.size > 0 ? `?${connectionParams.toString()}` : "");
+
 const config: Config = {
   schema: "./src/drizzle/schema",
   out: "./src/drizzle/migrations",
   dialect: "postgresql",
+  ...(schemaFilter ? { schemaFilter: [schemaFilter] } : {}),
   dbCredentials: {
-    host,
-    port,
-    user,
-    password,
-    database,
-    ssl: useSSL ? "require" : false,
+    url: connectionString,
   },
 };
 

package/templates/webapp/env.example.template

@@ -8,6 +8,7 @@ DATABASE_PORT=5434
 DATABASE_USERNAME=postgres
 DATABASE_PASSWORD=postgres
 DATABASE_NAME=__DB_NAME__
+# DATABASE_SCHEMA=
 DATABASE_USE_SSL=false
 
 # Authentication (Better Auth)

package/templates/webapp/eslint.config.mjs

@@ -11,6 +11,7 @@ export default [
   {
     ignores: [
       "pnpm-lock.yaml",
+      "package.json",
       ".next/**",
       "next-env.d.ts",
       "public/**",
@@ -24,6 +25,7 @@ export default [
     rules: {
       ...nextPlugin.configs.recommended.rules,
       ...nextPlugin.configs["core-web-vitals"].rules,
+      "react/react-in-jsx-scope": "off",
     },
   },
   {
@@ -49,4 +51,10 @@ export default [
       "n/no-process-env": "error",
     },
   },
+  {
+    files: ["src/config/clientEnvConfig.ts"],
+    rules: {
+      "n/no-process-env": "off",
+    },
+  },
 ];

package/templates/webapp/gitignore.template

@@ -33,6 +33,7 @@ yarn-error.log*
 # env files (can opt-in for committing if needed)
 .env*
 !.env.example
+deploy/ryvn/*.secrets.env
 
 # vercel
 .vercel

package/templates/webapp/package.json.template

@@ -21,6 +21,7 @@
     "db:studio": "drizzle-kit studio",
     "db:create-user": "tsx ./scripts/create-user.ts",
     "db:seed": "tsx ./scripts/seed.ts",
+    "deploy:percepta-test": "tsx ./scripts/open-ryvn-deploy-pr.ts",
     "test": "vitest run",
     "test:watch": "vitest"
   },
@@ -47,11 +48,10 @@
     "@opentelemetry/api": "^1.9.0",
     "@opentelemetry/auto-instrumentations-node": "^0.62.1",
     "@opentelemetry/sdk-node": "^0.203.0",
-    "@percepta/design": "^0.1.6",
-    "@percepta/components": "^0.0.6",
-    "@percepta/logger": "^0.0.4",
-    "@percepta/next-utils": "^0.1.0",
-    "@percepta/utils": "^0.1.5",
+    "@percepta/design": "0.3.2",
+    "@percepta/logger": "0.0.6",
+    "@percepta/next-utils": "0.1.0",
+    "@percepta/utils": "0.1.10",
     "@radix-ui/react-slot": "^1.2.3",
     "@tanstack/react-query": "^5.81.5",
     "@tanstack/react-virtual": "^3.13.12",
@@ -95,7 +95,7 @@
   },
   "devDependencies": {
     "@next/eslint-plugin-next": "^15.3.5",
-    "@percepta/build": "^0.1.3",
+    "@percepta/build": "0.4.0",
     "@tailwindcss/postcss": "^4.1.11",
     "@types/formidable": "^3.4.5",
     "@types/he": "^1.2.3",