@percepta/create 3.6.2 → 4.0.0

package/templates/library/package.json.template

@@ -5,25 +5,29 @@
   "description": "__APP_TITLE__",
   "sideEffects": false,
   "type": "module",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": { "types": "./dist/index.d.ts", "default": "./dist/index.js" },
+      "require": { "types": "./dist/index.d.cts", "default": "./dist/index.cjs" }
+    },
+    "./package.json": "./package.json"
+  },
   "files": [
-    "dist/**/*"
+    "dist"
   ],
   "scripts": {
-    "build": "tsup src/index.ts --format esm --dts --clean",
-    "dev": "tsup src/index.ts --format esm --dts --watch",
+    "build": "tsdown",
+    "dev": "tsdown --watch",
     "clean": "rimraf dist",
-    "lint": "eslint .",
-    "lint:fix": "eslint . --fix",
-    "test": "echo \"No tests configured yet\""
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run"
   },
   "devDependencies": {
+    "@percepta/build": "^1.0.0",
     "@types/node": "^24.1.0",
-    "eslint": "^9.18.0",
-    "rimraf": "^5.0.5",
-    "tsup": "^8.4.0",
-    "typescript": "^5.8.3",
-    "typescript-eslint": "^8.33.0"
+    "vitest": "^4.0.0"
   }
 }

package/templates/library/src/index.test.ts

@@ -0,0 +1,8 @@
+import { describe, expect, it } from "vitest";
+import { hello } from "./index";
+
+describe("hello", () => {
+  it("greets the given name", () => {
+    expect(hello("World")).toBe("Hello, World!");
+  });
+});

package/templates/library/tsconfig.json

@@ -1,19 +1,3 @@
 {
-  "compilerOptions": {
-    "target": "ES2022",
-    "lib": ["ES2022"],
-    "module": "NodeNext",
-    "moduleResolution": "NodeNext",
-    "strict": true,
-    "esModuleInterop": true,
-    "skipLibCheck": true,
-    "forceConsistentCasingInFileNames": true,
-    "declaration": true,
-    "declarationMap": true,
-    "sourceMap": true,
-    "outDir": "dist",
-    "rootDir": "src"
-  },
-  "include": ["src/**/*"],
-  "exclude": ["node_modules", "dist"]
+  "extends": "@percepta/build/tsconfig/library"
 }

package/templates/library/tsdown.config.ts

@@ -0,0 +1,3 @@
+import { defineLibraryConfig } from "@percepta/build/tsdown";
+
+export default defineLibraryConfig({ entry: "src/index.ts" });

package/templates/library/vitest.config.ts

@@ -0,0 +1,3 @@
+import { createVitestConfig } from "@percepta/build/vitest";
+
+export default createVitestConfig({});

package/templates/monorepo/.dockerignore

@@ -8,6 +8,7 @@ dist
 build
 node_modules
 **/.next
+**/.turbo
 **/node_modules
 
 .env

package/templates/monorepo/.github/CODEOWNERS

@@ -0,0 +1,67 @@
+# CODEOWNERS itself:
+/.github/CODEOWNERS @Percepta-Core/build-foundations
+
+# Workspace configuration:
+/pnpm-workspace.yaml @Percepta-Core/build-foundations
+/pnpm-lock.yaml @Percepta-Core/build-foundations
+/turbo.json @Percepta-Core/build-foundations
+/package.json @Percepta-Core/build-foundations
+**/turbo.json @Percepta-Core/build-foundations
+**/package.json @Percepta-Core/build-foundations
+**/.npmrc @Percepta-Core/build-foundations
+**/.nvmrc @Percepta-Core/build-foundations
+**/.node-version @Percepta-Core/build-foundations
+
+# TypeScript configuration:
+**/tsconfig*.json @Percepta-Core/build-foundations
+
+# Linting and formatting:
+**/oxlint.config.* @Percepta-Core/build-foundations
+**/oxfmt.config.* @Percepta-Core/build-foundations
+**/eslint.config.* @Percepta-Core/build-foundations
+**/prettier.config.* @Percepta-Core/build-foundations
+
+# Test runners and test infrastructure:
+**/vitest*.config.* @Percepta-Core/build-foundations
+**/vitest.setup.* @Percepta-Core/build-foundations
+**/jest.config.* @Percepta-Core/build-foundations
+**/playwright.config.* @Percepta-Core/build-foundations
+
+# Bundlers, transpilers, framework configs, codegen:
+**/tsdown.config.* @Percepta-Core/build-foundations
+**/vite.config.* @Percepta-Core/build-foundations
+**/rollup.config.* @Percepta-Core/build-foundations
+**/webpack.config.* @Percepta-Core/build-foundations
+**/esbuild.config.* @Percepta-Core/build-foundations
+**/next.config.* @Percepta-Core/build-foundations
+**/babel.config.* @Percepta-Core/build-foundations
+**/swc.config.* @Percepta-Core/build-foundations
+**/postcss.config.* @Percepta-Core/build-foundations
+**/tailwind.config.* @Percepta-Core/build-foundations
+**/drizzle.config.* @Percepta-Core/build-foundations
+**/orval.config.* @Percepta-Core/build-foundations
+
+# CI/CD:
+/.github/ @Percepta-Core/build-foundations
+**/.github/ @Percepta-Core/build-foundations
+
+# Git hooks, repo metadata:
+/.husky/ @Percepta-Core/build-foundations
+**/.gitattributes @Percepta-Core/build-foundations
+**/.gitignore @Percepta-Core/build-foundations
+
+# Container, orchestration, deploy infrastructure:
+/Dockerfile @Percepta-Core/build-foundations
+/Dockerfile.* @Percepta-Core/build-foundations
+**/Dockerfile @Percepta-Core/build-foundations
+**/Dockerfile.* @Percepta-Core/build-foundations
+/docker-compose*.yml @Percepta-Core/build-foundations
+/docker-compose*.yaml @Percepta-Core/build-foundations
+/.dockerignore @Percepta-Core/build-foundations
+**/.dockerignore @Percepta-Core/build-foundations
+
+# Workspace developer tooling (IDE, agents, in-editor settings):
+/.vscode/ @Percepta-Core/build-foundations
+/.cursor/ @Percepta-Core/build-foundations
+/.codeium/ @Percepta-Core/build-foundations
+/.windsurfrules @Percepta-Core/build-foundations

package/templates/monorepo/.github/actions/ci/action.yml

@@ -0,0 +1,56 @@
+name: CI
+description: Install dependencies, then build, typecheck, lint, format-check, migration-check, and test the workspace. Relies on Turbo's remote cache (when a token is provided) to dedupe work across invocations.
+
+inputs:
+  turbo-token:
+    description: Turborepo remote cache token. Optional; without it, Turbo runs without remote cache.
+    required: false
+  turbo-team:
+    description: Turborepo team slug paired with `turbo-token`.
+    required: false
+
+runs:
+  using: composite
+  steps:
+    - name: Setup PNPM
+      uses: pnpm/action-setup@v4
+
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version-file: .node-version
+        cache: pnpm
+
+    - name: Install dependencies
+      shell: bash
+      env:
+        NPM_TOKEN: ${{ env.NPM_TOKEN }}
+      run: pnpm install --frozen-lockfile
+
+    - name: Fail if lockfile changed
+      shell: bash
+      run: git diff --exit-code pnpm-lock.yaml
+
+    - name: Build, typecheck, test
+      shell: bash
+      env:
+        NODE_OPTIONS: --max-old-space-size=4096
+        TURBO_TOKEN: ${{ inputs.turbo-token }}
+        TURBO_TEAM: ${{ inputs.turbo-team }}
+      run: pnpm exec turbo run build typecheck test --continue
+
+    - name: Lint
+      shell: bash
+      run: pnpm lint
+
+    - name: Format check
+      shell: bash
+      run: pnpm format --check
+
+    - name: Generate migration check
+      shell: bash
+      run: pnpm -r run db:generate
+
+    - name: Check for journal changes
+      shell: bash
+      run: git diff --exit-code -- '**/drizzle/migrations/meta/_journal.json'

package/templates/monorepo/.github/workflows/build-and-publish.yml

@@ -0,0 +1,22 @@
+name: Build and Publish
+
+on:
+  push:
+    branches: [main]
+
+env:
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+jobs:
+  ci:
+    name: CI
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run CI
+        uses: ./.github/actions/ci
+        with:
+          turbo-token: ${{ secrets.TURBO_TOKEN }}
+          turbo-team: ${{ vars.TURBO_TEAM }}

package/templates/monorepo/.github/workflows/pr-build.yml

@@ -0,0 +1,21 @@
+name: PR Build
+
+on:
+  pull_request: {}
+
+env:
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+jobs:
+  ci:
+    name: CI
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run CI
+        uses: ./.github/actions/ci
+        with:
+          turbo-token: ${{ secrets.TURBO_TOKEN }}
+          turbo-team: ${{ vars.TURBO_TEAM }}

package/templates/monorepo/.node-version

@@ -0,0 +1 @@
+24.4.1

package/templates/monorepo/README.md

@@ -11,7 +11,7 @@ pnpm install
 # Run development mode for all packages
 pnpm dev
 
-# Set up local services, access-control topology, databases, and seed users
+# Set up root local services, databases, access-control topology, and seed users
 pnpm run setup
 
 # Add another Mosaic package using this workspace's pinned generator
@@ -35,10 +35,23 @@ pnpm lint
 ```
 access/              # Customer-level SpiceDB fixtures and generated merge artifacts
 auth/                # Shared Better Auth users/groups package for this customer
+docker-compose.yml   # Root-owned local PostgreSQL and SpiceDB services
+scripts/             # Root-owned local infrastructure helpers
 packages/
   └── your-package/  # Application and library packages
 ```
 
+## Local Infrastructure
+
+Local development infrastructure is owned by the monorepo root. `pnpm run setup`
+starts the root Docker Compose services, creates the shared `auth` database,
+discovers app `DATABASE_URL`s from `packages/*/.env.local`, creates those app
+databases, runs auth and app migrations, and seeds local users/grants.
+
+When you add another webapp with `pnpm mosaic add webapp my-app`, the generated
+app gets its own local `DATABASE_URL`. Re-running `pnpm run setup` creates that
+database before running migrations.
+
 ## Access Control
 
 Application builders define app-local Zed schemas in each package's
@@ -56,7 +69,7 @@ PR CI merges the customer schema and runs static schema/manifest validation.
 `access:apply` is reserved for trusted deploy jobs and should run once per
 target environment with that environment's SpiceDB credentials.
 
-For local development, `pnpm run setup` seeds the generated app's default dev
+For local development, `pnpm run setup` seeds each generated app's default dev
 users and access grants. For additional local grants, copy the example fixture
 files in `access/`, fill in customer-global user/group IDs from `auth/`, then
 run:
@@ -83,4 +96,29 @@ pnpm mosaic add webapp my-app
 pnpm mosaic add library my-lib
 ```
 
-The compatibility metadata lives in `.mosaic-workspace.json`.
+The customer slug and compatibility metadata live in `.mosaic-workspace.json`.
+
+## Registering the customer OS blueprint
+
+To register this customer monorepo's OS blueprint in `Percepta-Core/infra`,
+run:
+
+```bash
+pnpm mosaic infra register-os-blueprint
+```
+
+The command reads the customer slug from `.mosaic-workspace.json`, opens or
+updates an infra PR that writes
+`ryvn/definitions/<customer>/blueprints/<customer>-os.blueprint.yaml`, and does
+not create environment installations. It authenticates with `GITHUB_TOKEN`,
+`GH_TOKEN`, or the GitHub CLI's `gh auth token`.
+
+After adding a webapp, register its app database in the customer OS blueprint:
+
+```bash
+pnpm mosaic infra register-app my-app
+```
+
+This opens or updates an infra PR that adds `my-app: {}` to the customer OS
+blueprint's `app_databases` default. Merge the OS blueprint PR before
+registering apps.

package/templates/monorepo/auth/README.md

@@ -22,6 +22,9 @@ lands.
 
 ## Database
 
-By default this package uses the customer monorepo database name generated at
-scaffold time. Override with `AUTH_DATABASE_NAME` or `AUTH_DATABASE_URL` when
-the shared auth database lives somewhere else.
+By default this package uses a shared `auth` database with local PostgreSQL
+defaults. Remote deployments should inject `AUTH_DATABASE_URL` from the
+monorepo auth database Secret.
+
+Do not use app `DATABASE_URL` for this package. That belongs to each webapp's
+own database.

package/templates/monorepo/auth/package.json

@@ -11,20 +11,18 @@
     "./schema": "./src/drizzle/schema/index.ts"
   },
   "scripts": {
-    "build": "tsc -p tsconfig.json",
+    "typecheck": "tsc --noEmit",
     "db:generate": "drizzle-kit generate",
-    "db:migrate": "drizzle-kit migrate",
-    "db:setup": "tsx ./scripts/setup-database.ts",
-    "db:setup-and-migrate": "pnpm db:setup && pnpm db:migrate"
+    "db:migrate": "drizzle-kit migrate"
   },
   "dependencies": {
-    "@percepta/auth": "0.1.3",
+    "@percepta/auth": "^0.1.4",
     "drizzle-orm": "^0.45.2"
   },
   "devDependencies": {
+    "@percepta/build": "^1.0.0",
     "@types/node": "^24.1.0",
     "drizzle-kit": "^0.31.4",
-    "tsx": "^4.20.3",
-    "typescript": "^5.8.3"
+    "tsx": "^4.20.3"
   }
 }

package/templates/monorepo/auth/src/auth.ts

@@ -5,7 +5,6 @@ import { sessions } from "./drizzle/schema/auth/sessions";
 import { verifications } from "./drizzle/schema/auth/verifications";
 import { users } from "./drizzle/schema/users";
 
-// eslint-disable-next-line n/no-process-env -- detecting Next.js build phase
 const isBuildPhase = process.env.NEXT_PHASE === "phase-production-build";
 
 function requiredEnv(name: string): string {

package/templates/monorepo/auth/src/config/database.ts

@@ -7,7 +7,7 @@ import {
 export type { AuthDatabaseConfig } from "@percepta/auth";
 
 export function getAuthDatabaseConfig(): AuthDatabaseConfig {
-  return readAuthDatabaseConfig({ defaultDatabaseName: "__DB_NAME__" });
+  return readAuthDatabaseConfig({ defaultDatabaseName: "auth" });
 }
 
 export function getAuthDatabaseConnectionString(): string {

package/templates/monorepo/auth/tsconfig.json

@@ -1,12 +1,3 @@
 {
-  "extends": "../tsconfig.json",
-  "compilerOptions": {
-    "declaration": false,
-    "declarationMap": false,
-    "module": "ESNext",
-    "moduleResolution": "Bundler",
-    "noEmit": true,
-    "types": ["node"]
-  },
-  "include": ["drizzle.config.ts", "src/**/*.ts"]
+  "extends": "@percepta/build/tsconfig/library"
 }

package/templates/{webapp → monorepo}/docker-compose.yml

@@ -22,11 +22,11 @@ services:
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: postgres
-      POSTGRES_DB: __DB_NAME__
+      POSTGRES_DB: postgres
     volumes:
       - postgres_data:/var/lib/postgresql/data
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U postgres -d __DB_NAME__"]
+      test: ["CMD-SHELL", "pg_isready -U postgres -d postgres"]
       interval: 5s
       timeout: 5s
       retries: 5

package/templates/monorepo/gitignore.template

@@ -6,6 +6,7 @@ node_modules/
 dist/
 build/
 .turbo/
+*.tsbuildinfo
 
 # IDE
 .idea/

package/templates/monorepo/oxfmt.config.ts.template

@@ -0,0 +1,3 @@
+import { defineOxfmtConfig } from "@percepta/build/oxfmt";
+
+export default defineOxfmtConfig();

package/templates/monorepo/oxlint.config.ts.template

@@ -0,0 +1,3 @@
+import { defineOxlintMonorepoConfig } from "@percepta/build/oxlint";
+
+export default defineOxlintMonorepoConfig();

package/templates/monorepo/package.json.template

@@ -3,16 +3,21 @@
   "version": "0.0.1",
   "private": true,
   "description": "__APP_TITLE__",
+  "type": "module",
   "scripts": {
     "preinstall": "npx only-allow pnpm",
     "mosaic": "pnpm dlx __CREATE_PACKAGE__@__CREATE_VERSION__",
-    "setup": "pnpm -r --filter './packages/*' --if-present run docker:up && pnpm run access:apply-local && pnpm run auth:db:setup-and-migrate && pnpm -r --filter './packages/*' --if-present run db:setup-and-migrate && pnpm -r --filter './packages/*' --if-present run db:seed",
+    "setup": "pnpm run docker:up && pnpm run db:setup-local && pnpm run auth:db:migrate && pnpm run access:apply-local && pnpm -r --filter './packages/*' --if-present run db:migrate && pnpm -r --filter './packages/*' --if-present run db:seed",
+    "docker:up": "docker compose up -d --wait",
+    "docker:down": "docker compose down",
+    "db:setup-local": "node scripts/setup-local-databases.mjs",
     "dev": "pnpm -r --parallel --if-present run dev",
-    "build": "pnpm -r --if-present run build",
-    "clean": "pnpm -r --if-present run clean",
-    "lint": "pnpm -r --parallel --no-bail --if-present run lint",
-    "lint:fix": "pnpm -r --no-bail --if-present run lint:fix",
-    "test": "pnpm -r --if-present run test",
+    "build": "turbo run build",
+    "clean": "turbo run clean",
+    "typecheck": "turbo run typecheck",
+    "lint": "oxlint",
+    "format": "oxfmt",
+    "test": "turbo run test",
     "access:merge": "percepta-access-control merge --apps-dir \"$PWD/packages\" --out-dir access",
     "access:validate": "percepta-access-control validate --apps-dir \"$PWD/packages\"",
     "access:apply": "pnpm run access:merge && percepta-access-control apply --schema access/merged.zed --applications access/applications.generated.json",
@@ -22,17 +27,23 @@
     "access:bootstrap-customer-admin": "percepta-access-control bootstrap-customer-admin",
     "access:apply-bootstrap-grants": "percepta-access-control apply-bootstrap-grants --fixture access/bootstrap-grants.yaml",
     "access:reconcile": "percepta-access-control reconcile --input access/reconcile.yaml",
-    "auth:db:setup-and-migrate": "pnpm --dir auth run db:setup-and-migrate"
+    "auth:db:migrate": "pnpm --dir auth run db:migrate"
   },
   "engines": {
     "node": ">=20",
-    "pnpm": ">=9"
+    "pnpm": ">=10"
   },
+  "packageManager": "pnpm@10.6.4",
   "devDependencies": {
-    "@percepta/access-control": "0.8.0",
+    "@percepta/access-control": "^1.0.0",
+    "@percepta/build": "^1.0.0",
     "@types/node": "^24.1.0",
-    "eslint": "^9.18.0",
+    "oxfmt": "^0.47.0",
+    "oxlint": "^1.61.0",
+    "oxlint-tsgolint": "^0.22.0",
     "rimraf": "^5.0.5",
-    "typescript": "^5.8.3"
+    "tsdown": "^0.21.10",
+    "turbo": "^2.9.6",
+    "typescript": "^6.0.3"
   }
 }