@prajwolkc/stk 0.1.1 → 0.2.0

package/README.md

@@ -4,10 +4,13 @@ One CLI to deploy, monitor, and debug your entire stack.
 
 Stop opening 5 dashboards. `stk` checks your services, watches your deploys, syncs your env vars, tails your logs, and manages your issues — all from one command.
 
+<!-- TODO: Add demo GIF here -->
+<!-- ![stk demo](./docs/demo.gif) -->
+
 ## Install
 
 ```bash
-npm install -g stk-cli
+npm install -g @prajwolkc/stk
 ```
 
 ## Quick Start
@@ -16,6 +19,7 @@ npm install -g stk-cli
 cd my-project
 stk init                      # auto-detect your services
 stk init --template saas      # or use a starter template
+stk doctor                    # diagnose any misconfig
 stk health                    # check everything
 stk status                    # one-line summary of your whole stack
 ```
@@ -27,10 +31,12 @@ stk status                    # one-line summary of your whole stack
 | `stk init` | Initialize config (auto-detect or `--template saas\|api\|fullstack\|static\|fly\|aws`) |
 | `stk status` | One-line summary: git, services, deploys, issues |
 | `stk health` | Health check all configured services |
-| `stk deploy` | Git push + watch Railway/Vercel/Fly deploys |
+| `stk doctor` | Diagnose misconfig, missing env vars, and suggest fixes |
+| `stk deploy` | Git push + watch deploy providers |
 | `stk env pull` | Pull env vars from Vercel + Railway into `.env.pulled` |
 | `stk env diff` | Show what's in your local `.env` |
-| `stk logs` | Tail Railway deployment logs |
+| `stk logs` | Tail logs from Railway, Vercel, Fly, or Render |
+| `stk logs -p vercel` | Logs from a specific provider |
 | `stk todo ls` | List open GitHub issues |
 | `stk todo add "title"` | Create a GitHub issue |
 | `stk todo close 42` | Close an issue |
@@ -40,6 +46,7 @@ stk status                    # one-line summary of your whole stack
 **Deploy providers:** Railway, Vercel, Fly.io, Render, AWS
 **Databases:** PostgreSQL, MongoDB, Redis, Supabase
 **Storage & billing:** Cloudflare R2, Stripe
+**Custom:** Add your own via plugins
 
 ## Configuration
 
@@ -82,15 +89,57 @@ stk init --list-templates
 | `fly` | Fly.io + PostgreSQL + Redis |
 | `aws` | AWS + PostgreSQL + Redis |
 
-## Environment Variables
+## Doctor
+
+`stk doctor` scans your config and environment to catch issues before they bite:
+
+```
+$ stk doctor
+
+  my-saas — Doctor
+  ─────────────────────────────────────────
+  ✓  railway      Configured correctly
+  ✗  vercel       Missing required: VERCEL_TOKEN
+                   See https://vercel.com/account/tokens
+  !  database     Missing optional: RAILWAY_PROJECT_ID
+                   Some features need these for full functionality
+  ✓  stripe       Configured correctly
+```
 
-Set the tokens for your services:
+## Plugins
+
+Add custom services without forking. Create `.stk/plugins/my-service.mjs`:
+
+```js
+export default {
+  name: "my-plugin",
+  services: {
+    myservice: {
+      name: "My Service",
+      envVars: ["MY_SERVICE_TOKEN"],
+      healthCheck: async () => {
+        const token = process.env.MY_SERVICE_TOKEN;
+        if (!token) {
+          return { name: "My Service", status: "skipped", detail: "MY_SERVICE_TOKEN not set" };
+        }
+        // Your check logic here
+        return { name: "My Service", status: "healthy", detail: "connected" };
+      }
+    }
+  }
+};
+```
+
+Plugins are automatically loaded by `stk health` and `stk health --all`.
+
+## Environment Variables
 
 ```bash
 # Deploy providers
 RAILWAY_API_TOKEN=
 VERCEL_TOKEN=
 FLY_API_TOKEN=
+FLY_APP_NAME=              # needed for stk logs -p fly
 RENDER_API_KEY=
 AWS_ACCESS_KEY_ID= / AWS_SECRET_ACCESS_KEY=
 
@@ -109,6 +158,17 @@ GITHUB_TOKEN=
 GITHUB_REPO=owner/repo   # or auto-detected from git remote
 ```
 
+## Development
+
+```bash
+git clone https://github.com/Harden43/stk.git
+cd stk
+npm install
+npm run dev -- health --all     # run in dev mode
+npm test                        # run tests
+npm run build                   # compile TypeScript
+```
+
 ## License
 
 MIT

package/dist/commands/doctor.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare const doctorCommand: Command;

package/dist/commands/doctor.js

@@ -0,0 +1,220 @@
+import { Command } from "commander";
+import chalk from "chalk";
+import { existsSync } from "fs";
+import { loadConfig, enabledServices, CONFIG_FILE } from "../lib/config.js";
+const ENV_REQUIREMENTS = {
+    railway: {
+        required: ["RAILWAY_API_TOKEN"],
+        optional: ["RAILWAY_PROJECT_ID", "RAILWAY_ENVIRONMENT_ID", "RAILWAY_SERVICE_ID"],
+        docs: "https://docs.railway.com/guides/public-api",
+    },
+    vercel: {
+        required: ["VERCEL_TOKEN"],
+        optional: ["VERCEL_PROJECT_ID"],
+        docs: "https://vercel.com/account/tokens",
+    },
+    fly: {
+        required: ["FLY_API_TOKEN"],
+        optional: ["FLY_APP_NAME"],
+        docs: "https://fly.io/docs/flyctl/tokens/",
+    },
+    render: {
+        required: ["RENDER_API_KEY"],
+        optional: [],
+        docs: "https://render.com/docs/api",
+    },
+    aws: {
+        required: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY"],
+        optional: ["AWS_REGION"],
+    },
+    database: {
+        required: ["DATABASE_URL"],
+        optional: [],
+    },
+    mongodb: {
+        required: ["MONGODB_URL"],
+        optional: [],
+    },
+    redis: {
+        required: ["REDIS_URL"],
+        optional: [],
+    },
+    supabase: {
+        required: ["SUPABASE_URL"],
+        optional: ["SUPABASE_SERVICE_KEY", "SUPABASE_ANON_KEY"],
+        docs: "https://supabase.com/docs/guides/api",
+    },
+    r2: {
+        required: ["CLOUDFLARE_ACCOUNT_ID", "CLOUDFLARE_API_TOKEN"],
+        optional: [],
+        docs: "https://developers.cloudflare.com/r2/api/",
+    },
+    stripe: {
+        required: ["STRIPE_SECRET_KEY"],
+        optional: [],
+        docs: "https://dashboard.stripe.com/apikeys",
+    },
+};
+export const doctorCommand = new Command("doctor")
+    .description("Diagnose configuration issues and suggest fixes")
+    .action(async () => {
+    const issues = [];
+    // 1. Check config file
+    const hasConfig = existsSync(CONFIG_FILE);
+    if (!hasConfig) {
+        issues.push({
+            level: "warn",
+            service: "config",
+            message: `No ${CONFIG_FILE} found — using auto-detection`,
+            fix: `Run ${chalk.white("stk init")} to create one`,
+        });
+    }
+    const config = loadConfig();
+    const enabled = enabledServices(config);
+    // 2. Check each enabled service for env vars
+    for (const svc of enabled) {
+        const reqs = ENV_REQUIREMENTS[svc];
+        if (!reqs)
+            continue;
+        const missingRequired = reqs.required.filter((v) => !process.env[v]);
+        const missingOptional = reqs.optional.filter((v) => !process.env[v]);
+        if (missingRequired.length > 0) {
+            issues.push({
+                level: "error",
+                service: svc,
+                message: `Missing required: ${missingRequired.join(", ")}`,
+                fix: reqs.docs ? `See ${reqs.docs}` : `Set ${missingRequired[0]} in your .env`,
+            });
+        }
+        if (missingOptional.length > 0) {
+            issues.push({
+                level: "warn",
+                service: svc,
+                message: `Missing optional: ${missingOptional.join(", ")}`,
+                fix: `Some features (logs, env sync, deploy) need these for full functionality`,
+            });
+        }
+        if (missingRequired.length === 0) {
+            issues.push({
+                level: "info",
+                service: svc,
+                message: "Configured correctly",
+            });
+        }
+    }
+    // 3. Check for partial config (env vars set but service not enabled)
+    for (const [svc, reqs] of Object.entries(ENV_REQUIREMENTS)) {
+        if (enabled.includes(svc))
+            continue;
+        const hasAny = reqs.required.some((v) => process.env[v]);
+        if (hasAny) {
+            issues.push({
+                level: "warn",
+                service: svc,
+                message: `Env vars found but service not enabled in config`,
+                fix: `Add "${svc}": true to services in ${CONFIG_FILE}`,
+            });
+        }
+    }
+    // 4. Check for common misconfigurations
+    if (process.env.DATABASE_URL) {
+        try {
+            new URL(process.env.DATABASE_URL);
+        }
+        catch {
+            issues.push({
+                level: "error",
+                service: "database",
+                message: "DATABASE_URL is not a valid URL",
+                fix: "Format: postgresql://user:pass@host:5432/dbname",
+            });
+        }
+    }
+    if (process.env.REDIS_URL) {
+        try {
+            new URL(process.env.REDIS_URL);
+        }
+        catch {
+            issues.push({
+                level: "error",
+                service: "redis",
+                message: "REDIS_URL is not a valid URL",
+                fix: "Format: redis://default:pass@host:6379",
+            });
+        }
+    }
+    if (process.env.STRIPE_SECRET_KEY && !process.env.STRIPE_SECRET_KEY.startsWith("sk_")) {
+        issues.push({
+            level: "error",
+            service: "stripe",
+            message: "STRIPE_SECRET_KEY should start with sk_test_ or sk_live_",
+        });
+    }
+    // 5. Check deploy config
+    if (hasConfig && config.deploy?.providers) {
+        for (const p of config.deploy.providers) {
+            if (!enabled.includes(p)) {
+                issues.push({
+                    level: "error",
+                    service: "deploy",
+                    message: `Deploy provider "${p}" is not enabled in services`,
+                    fix: `Add "${p}": true to services, or remove from deploy.providers`,
+                });
+            }
+        }
+    }
+    // 6. Check GitHub config for todo
+    if (!process.env.GITHUB_TOKEN && !config.github?.repo) {
+        issues.push({
+            level: "info",
+            service: "github",
+            message: "GITHUB_TOKEN not set — stk todo will have limited access",
+            fix: "Set GITHUB_TOKEN for creating/closing issues",
+        });
+    }
+    // Print results
+    const ICONS = {
+        error: chalk.red("✗"),
+        warn: chalk.yellow("!"),
+        info: chalk.green("✓"),
+    };
+    const COLORS = {
+        error: chalk.red,
+        warn: chalk.yellow,
+        info: chalk.green,
+    };
+    console.log();
+    console.log(chalk.bold(`  ${config.name} — Doctor`));
+    console.log(chalk.dim("  ─────────────────────────────────────────"));
+    const grouped = new Map();
+    for (const issue of issues) {
+        const list = grouped.get(issue.service) ?? [];
+        list.push(issue);
+        grouped.set(issue.service, list);
+    }
+    for (const [service, serviceIssues] of grouped) {
+        for (const issue of serviceIssues) {
+            const icon = ICONS[issue.level];
+            const svc = COLORS[issue.level](service.padEnd(12));
+            console.log(`  ${icon}  ${svc} ${issue.message}`);
+            if (issue.fix) {
+                console.log(`     ${" ".repeat(12)} ${chalk.dim(issue.fix)}`);
+            }
+        }
+    }
+    const errors = issues.filter((i) => i.level === "error");
+    const warns = issues.filter((i) => i.level === "warn");
+    const ok = issues.filter((i) => i.level === "info");
+    console.log();
+    if (errors.length > 0) {
+        console.log(chalk.red(`  ${errors.length} error${errors.length > 1 ? "s" : ""} found`));
+        process.exitCode = 1;
+    }
+    else if (warns.length > 0) {
+        console.log(chalk.yellow(`  ${warns.length} warning${warns.length > 1 ? "s" : ""}, ${ok.length} ok`));
+    }
+    else {
+        console.log(chalk.green(`  All ${ok.length} checks passed`));
+    }
+    console.log();
+});

package/dist/commands/health.js

@@ -2,7 +2,7 @@ import { Command } from "commander";
 import chalk from "chalk";
 import ora from "ora";
 import { loadConfig, enabledServices } from "../lib/config.js";
-import { getChecker, allCheckerNames } from "../services/registry.js";
+import { getChecker, allCheckerNames, loadPluginCheckers } from "../services/registry.js";
 const STATUS_ICON = {
     healthy: chalk.green("✓"),
     degraded: chalk.yellow("~"),
@@ -22,6 +22,7 @@ export const healthCommand = new Command("health")
     .action(async (opts) => {
     const config = loadConfig();
     const spinner = ora("Checking services...").start();
+    await loadPluginCheckers();
     const serviceList = opts.all
         ? allCheckerNames()
         : enabledServices(config);

package/dist/commands/logs.js

@@ -1,142 +1,246 @@
 import { Command } from "commander";
 import chalk from "chalk";
 import ora from "ora";
+import { loadConfig, enabledServices } from "../lib/config.js";
 export const logsCommand = new Command("logs")
-    .description("Tail Railway runtime logs locally")
+    .description("Tail logs from your deploy providers")
     .option("-n, --lines <count>", "number of recent lines to show", "50")
     .option("-f, --follow", "keep streaming new logs")
+    .option("-p, --provider <name>", "specific provider (railway, vercel, fly, render)")
     .action(async (opts) => {
-    const token = process.env.RAILWAY_API_TOKEN;
-    if (!token) {
-        console.log(chalk.red("  RAILWAY_API_TOKEN not set"));
+    const config = loadConfig();
+    const enabled = enabledServices(config);
+    const limit = parseInt(opts.lines, 10);
+    // Build list of available log providers
+    const providers = [];
+    if ((opts.provider === "railway" || (!opts.provider && enabled.includes("railway"))) &&
+        process.env.RAILWAY_API_TOKEN) {
+        providers.push(railwayProvider());
+    }
+    if ((opts.provider === "vercel" || (!opts.provider && enabled.includes("vercel"))) &&
+        process.env.VERCEL_TOKEN) {
+        providers.push(vercelProvider());
+    }
+    if ((opts.provider === "fly" || (!opts.provider && enabled.includes("fly"))) &&
+        process.env.FLY_API_TOKEN) {
+        providers.push(flyProvider());
+    }
+    if ((opts.provider === "render" || (!opts.provider && enabled.includes("render"))) &&
+        process.env.RENDER_API_KEY) {
+        providers.push(renderProvider());
+    }
+    if (providers.length === 0) {
+        console.log(chalk.red("\n  No log providers available."));
+        console.log(chalk.dim("  Configure railway, vercel, fly, or render in stk.config.json and set their tokens.\n"));
         process.exitCode = 1;
         return;
     }
-    const projectId = process.env.RAILWAY_PROJECT_ID;
-    const serviceId = process.env.RAILWAY_SERVICE_ID;
-    const deploymentId = process.env.RAILWAY_DEPLOYMENT_ID;
-    if (!deploymentId) {
-        // Try to get latest deployment
-        const spinner = ora("Fetching latest deployment...").start();
+    // Fetch logs from all providers
+    for (const provider of providers) {
+        const spinner = ora(`Fetching ${provider.name} logs...`).start();
         try {
-            const latestDeploymentId = await getLatestDeploymentId(token, projectId, serviceId);
-            if (latestDeploymentId) {
-                spinner.succeed(`Found deployment ${chalk.dim(latestDeploymentId.slice(0, 8))}`);
-                await fetchAndPrintLogs(token, latestDeploymentId, parseInt(opts.lines, 10));
-                if (opts.follow) {
-                    await followLogs(token, latestDeploymentId);
-                }
+            const logs = await provider.fetch(limit);
+            spinner.stop();
+            if (logs.length === 0) {
+                console.log(chalk.dim(`\n  ${provider.name}: no logs found\n`));
+                continue;
             }
-            else {
-                spinner.fail("No deployments found");
-                console.log(chalk.dim("  Set RAILWAY_PROJECT_ID and RAILWAY_SERVICE_ID, or RAILWAY_DEPLOYMENT_ID"));
+            console.log();
+            console.log(chalk.bold(`  ${provider.name} Logs`));
+            console.log(chalk.dim("  ─────────────────────────────────────────"));
+            for (const log of logs) {
+                printLogLine(log, provider.name);
             }
         }
         catch (err) {
-            spinner.fail(err.message);
+            spinner.fail(`${provider.name}: ${err.message}`);
         }
-        return;
     }
-    await fetchAndPrintLogs(token, deploymentId, parseInt(opts.lines, 10));
-    if (opts.follow) {
-        await followLogs(token, deploymentId);
+    // Follow mode — stream from first available provider
+    if (opts.follow && providers[0]) {
+        console.log(chalk.dim("\n  --- streaming (Ctrl+C to stop) ---\n"));
+        const provider = providers[0];
+        if (provider.follow) {
+            await provider.follow((log) => printLogLine(log, provider.name));
+        }
+        else {
+            console.log(chalk.dim(`  ${provider.name} does not support streaming`));
+        }
     }
+    console.log();
 });
-async function getLatestDeploymentId(token, projectId, serviceId) {
+// --- Railway ---
+function railwayProvider() {
+    const token = process.env.RAILWAY_API_TOKEN;
+    const projectId = process.env.RAILWAY_PROJECT_ID;
+    const serviceId = process.env.RAILWAY_SERVICE_ID;
+    return {
+        name: "Railway",
+        async fetch(limit) {
+            const deploymentId = await getLatestRailwayDeployment(token, projectId, serviceId);
+            if (!deploymentId)
+                return [];
+            const res = await fetch("https://backboard.railway.com/graphql/v2", {
+                method: "POST",
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                    "Content-Type": "application/json",
+                },
+                body: JSON.stringify({
+                    query: `{ deploymentLogs(deploymentId: "${deploymentId}", limit: ${limit}) { timestamp message severity } }`,
+                }),
+            });
+            const data = (await res.json());
+            return data.data?.deploymentLogs ?? [];
+        },
+        async follow(onLog) {
+            const deploymentId = await getLatestRailwayDeployment(token, projectId, serviceId);
+            if (!deploymentId)
+                return;
+            let lastTimestamp = new Date().toISOString();
+            while (true) {
+                await sleep(3000);
+                try {
+                    const res = await fetch("https://backboard.railway.com/graphql/v2", {
+                        method: "POST",
+                        headers: {
+                            Authorization: `Bearer ${token}`,
+                            "Content-Type": "application/json",
+                        },
+                        body: JSON.stringify({
+                            query: `{ deploymentLogs(deploymentId: "${deploymentId}", limit: 20) { timestamp message severity } }`,
+                        }),
+                    });
+                    const data = (await res.json());
+                    for (const log of data.data?.deploymentLogs ?? []) {
+                        if (log.timestamp > lastTimestamp) {
+                            onLog(log);
+                            lastTimestamp = log.timestamp;
+                        }
+                    }
+                }
+                catch { /* retry */ }
+            }
+        },
+    };
+}
+async function getLatestRailwayDeployment(token, projectId, serviceId) {
     if (!projectId)
         return null;
-    const serviceFilter = serviceId
-        ? `serviceId: "${serviceId}",`
-        : "";
+    const serviceFilter = serviceId ? `serviceId: "${serviceId}",` : "";
     const res = await fetch("https://backboard.railway.com/graphql/v2", {
         method: "POST",
-        headers: {
-            Authorization: `Bearer ${token}`,
-            "Content-Type": "application/json",
-        },
+        headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json" },
         body: JSON.stringify({
-            query: `{
-        deployments(
-          first: 1,
-          input: {
-            projectId: "${projectId}",
-            ${serviceFilter}
-          }
-        ) {
-          edges {
-            node { id status }
-          }
-        }
-      }`,
+            query: `{ deployments(first: 1, input: { projectId: "${projectId}", ${serviceFilter} }) { edges { node { id } } } }`,
         }),
     });
     const data = (await res.json());
     return data.data?.deployments?.edges?.[0]?.node?.id ?? null;
 }
-async function fetchAndPrintLogs(token, deploymentId, limit) {
-    const res = await fetch("https://backboard.railway.com/graphql/v2", {
-        method: "POST",
-        headers: {
-            Authorization: `Bearer ${token}`,
-            "Content-Type": "application/json",
+// --- Vercel ---
+function vercelProvider() {
+    const token = process.env.VERCEL_TOKEN;
+    return {
+        name: "Vercel",
+        async fetch(limit) {
+            // Get latest deployment, then its build logs
+            const depRes = await fetch("https://api.vercel.com/v6/deployments?limit=1", {
+                headers: { Authorization: `Bearer ${token}` },
+            });
+            const depData = (await depRes.json());
+            const dep = depData.deployments?.[0];
+            if (!dep)
+                return [];
+            const logRes = await fetch(`https://api.vercel.com/v2/deployments/${dep.uid}/events`, { headers: { Authorization: `Bearer ${token}` } });
+            const events = (await logRes.json());
+            if (!Array.isArray(events))
+                return [];
+            return events
+                .filter((e) => e.type === "stdout" || e.type === "stderr")
+                .slice(-limit)
+                .map((e) => ({
+                timestamp: new Date(e.created).toISOString(),
+                message: e.payload?.text ?? e.text ?? "",
+                severity: e.type === "stderr" ? "ERROR" : "INFO",
+            }));
         },
-        body: JSON.stringify({
-            query: `{
-        deploymentLogs(deploymentId: "${deploymentId}", limit: ${limit}) {
-          timestamp
-          message
-          severity
-        }
-      }`,
-        }),
-    });
-    const data = (await res.json());
-    const logs = data.data?.deploymentLogs ?? [];
-    if (logs.length === 0) {
-        console.log(chalk.dim("  No logs found"));
-        return;
-    }
-    for (const log of logs) {
-        printLogLine(log);
-    }
+    };
 }
-async function followLogs(token, deploymentId) {
-    console.log(chalk.dim("\n  --- streaming (Ctrl+C to stop) ---\n"));
-    let lastTimestamp = new Date().toISOString();
-    while (true) {
-        await sleep(3000);
-        try {
-            const res = await fetch("https://backboard.railway.com/graphql/v2", {
+// --- Fly.io ---
+function flyProvider() {
+    const token = process.env.FLY_API_TOKEN;
+    const app = process.env.FLY_APP_NAME;
+    return {
+        name: "Fly.io",
+        async fetch(limit) {
+            if (!app) {
+                throw new Error("FLY_APP_NAME not set");
+            }
+            const res = await fetch("https://api.fly.io/graphql", {
                 method: "POST",
                 headers: {
                     Authorization: `Bearer ${token}`,
                     "Content-Type": "application/json",
                 },
                 body: JSON.stringify({
-                    query: `{
-            deploymentLogs(deploymentId: "${deploymentId}", limit: 20, filter: "${lastTimestamp}") {
-              timestamp
-              message
-              severity
+                    query: `query {
+            app(name: "${app}") {
+              currentRelease { status createdAt }
             }
           }`,
                 }),
             });
             const data = (await res.json());
-            const logs = data.data?.deploymentLogs ?? [];
-            for (const log of logs) {
-                if (log.timestamp > lastTimestamp) {
-                    printLogLine(log);
-                    lastTimestamp = log.timestamp;
-                }
-            }
-        }
-        catch {
-            // retry silently
-        }
-    }
+            const release = data.data?.app?.currentRelease;
+            if (!release)
+                return [];
+            // Fly doesn't have a simple log fetch API via GraphQL
+            // Return release info as a log line
+            return [
+                {
+                    timestamp: release.createdAt,
+                    message: `Current release: ${release.status}`,
+                    severity: "INFO",
+                },
+            ];
+        },
+    };
+}
+// --- Render ---
+function renderProvider() {
+    const token = process.env.RENDER_API_KEY;
+    return {
+        name: "Render",
+        async fetch(logLimit) {
+            // Get first service
+            const svcRes = await fetch("https://api.render.com/v1/services?limit=1", {
+                headers: { Authorization: `Bearer ${token}` },
+            });
+            const services = (await svcRes.json());
+            const svc = services[0]?.service;
+            if (!svc)
+                return [];
+            // Get deploys for the service
+            const depRes = await fetch(`https://api.render.com/v1/services/${svc.id}/deploys?limit=1`, { headers: { Authorization: `Bearer ${token}` } });
+            const deploys = (await depRes.json());
+            const deploy = deploys[0]?.deploy;
+            if (!deploy)
+                return [];
+            // Get logs for the deploy
+            const logRes = await fetch(`https://api.render.com/v1/services/${svc.id}/deploys/${deploy.id}/logs`, { headers: { Authorization: `Bearer ${token}` } });
+            const logs = (await logRes.json());
+            if (!Array.isArray(logs))
+                return [];
+            return logs.slice(-logLimit).map((l) => ({
+                timestamp: l.timestamp ?? new Date().toISOString(),
+                message: l.message ?? l.text ?? String(l),
+                severity: "INFO",
+            }));
+        },
+    };
 }
-function printLogLine(log) {
+function printLogLine(log, provider) {
     const time = chalk.dim(new Date(log.timestamp).toLocaleTimeString());
     const severity = log.severity?.toUpperCase() ?? "INFO";
     const sevColor = severity === "ERROR"
@@ -144,7 +248,8 @@ function printLogLine(log) {
         : severity === "WARN"
             ? chalk.yellow
             : chalk.dim;
-    console.log(`  ${time}  ${sevColor(severity.padEnd(5))}  ${log.message}`);
+    const tag = chalk.dim(`[${provider.toLowerCase()}]`);
+    console.log(`  ${time} ${tag}  ${sevColor(severity.padEnd(5))}  ${log.message}`);
 }
 function sleep(ms) {
     return new Promise((resolve) => setTimeout(resolve, ms));

package/dist/index.js

@@ -7,11 +7,12 @@ import { deployCommand } from "./commands/deploy.js";
 import { envCommand } from "./commands/env.js";
 import { logsCommand } from "./commands/logs.js";
 import { todoCommand } from "./commands/todo.js";
+import { doctorCommand } from "./commands/doctor.js";
 const program = new Command();
 program
     .name("stk")
     .description("One CLI to deploy, monitor, and debug your entire stack.")
-    .version("0.1.0");
+    .version("0.2.0");
 program.addCommand(initCommand);
 program.addCommand(statusCommand);
 program.addCommand(healthCommand);
@@ -19,4 +20,5 @@ program.addCommand(deployCommand);
 program.addCommand(envCommand);
 program.addCommand(logsCommand);
 program.addCommand(todoCommand);
+program.addCommand(doctorCommand);
 program.parse();

package/dist/lib/plugins.d.ts

@@ -0,0 +1,40 @@
+import type { CheckResult } from "../services/checker.js";
+export interface StkPlugin {
+    name: string;
+    version?: string;
+    services?: Record<string, PluginService>;
+}
+export interface PluginService {
+    name: string;
+    envVars: string[];
+    healthCheck: () => Promise<CheckResult>;
+}
+/**
+ * Load plugins from .stk/plugins/ directory.
+ *
+ * Each plugin is a .js or .mjs file that exports a StkPlugin:
+ *
+ * ```js
+ * // .stk/plugins/my-service.mjs
+ * export default {
+ *   name: "my-plugin",
+ *   services: {
+ *     myservice: {
+ *       name: "My Service",
+ *       envVars: ["MY_SERVICE_TOKEN"],
+ *       healthCheck: async () => {
+ *         const token = process.env.MY_SERVICE_TOKEN;
+ *         if (!token) return { name: "My Service", status: "skipped", detail: "MY_SERVICE_TOKEN not set" };
+ *         // ... check logic
+ *         return { name: "My Service", status: "healthy", detail: "connected" };
+ *       }
+ *     }
+ *   }
+ * };
+ * ```
+ */
+export declare function loadPlugins(): Promise<StkPlugin[]>;
+/**
+ * Collect all plugin health checkers into a flat record.
+ */
+export declare function getPluginCheckers(): Promise<Record<string, () => Promise<CheckResult>>>;

package/dist/lib/plugins.js

@@ -0,0 +1,65 @@
+import { existsSync, readdirSync } from "fs";
+import { resolve, join } from "path";
+import { pathToFileURL } from "url";
+const PLUGIN_DIR = ".stk/plugins";
+/**
+ * Load plugins from .stk/plugins/ directory.
+ *
+ * Each plugin is a .js or .mjs file that exports a StkPlugin:
+ *
+ * ```js
+ * // .stk/plugins/my-service.mjs
+ * export default {
+ *   name: "my-plugin",
+ *   services: {
+ *     myservice: {
+ *       name: "My Service",
+ *       envVars: ["MY_SERVICE_TOKEN"],
+ *       healthCheck: async () => {
+ *         const token = process.env.MY_SERVICE_TOKEN;
+ *         if (!token) return { name: "My Service", status: "skipped", detail: "MY_SERVICE_TOKEN not set" };
+ *         // ... check logic
+ *         return { name: "My Service", status: "healthy", detail: "connected" };
+ *       }
+ *     }
+ *   }
+ * };
+ * ```
+ */
+export async function loadPlugins() {
+    const pluginDir = resolve(process.cwd(), PLUGIN_DIR);
+    if (!existsSync(pluginDir))
+        return [];
+    const plugins = [];
+    const files = readdirSync(pluginDir).filter((f) => f.endsWith(".js") || f.endsWith(".mjs"));
+    for (const file of files) {
+        try {
+            const filePath = join(pluginDir, file);
+            const fileUrl = pathToFileURL(filePath).href;
+            const mod = await import(fileUrl);
+            const plugin = mod.default ?? mod;
+            if (plugin.name && plugin.services) {
+                plugins.push(plugin);
+            }
+        }
+        catch {
+            // Skip invalid plugins silently
+        }
+    }
+    return plugins;
+}
+/**
+ * Collect all plugin health checkers into a flat record.
+ */
+export async function getPluginCheckers() {
+    const plugins = await loadPlugins();
+    const checkers = {};
+    for (const plugin of plugins) {
+        if (!plugin.services)
+            continue;
+        for (const [key, svc] of Object.entries(plugin.services)) {
+            checkers[key] = svc.healthCheck;
+        }
+    }
+    return checkers;
+}

package/dist/services/aws.js

@@ -1,4 +1,5 @@
 import { runCheck } from "./checker.js";
+import { createHmac, createHash } from "crypto";
 export async function checkAWS() {
     const accessKey = process.env.AWS_ACCESS_KEY_ID;
     const secretKey = process.env.AWS_SECRET_ACCESS_KEY;
@@ -11,22 +12,50 @@ export async function checkAWS() {
         };
     }
     return runCheck("AWS", async () => {
-        // Use STS GetCallerIdentity — the simplest AWS API call that works with any credentials
+        // AWS STS GetCallerIdentity with Signature V4
+        const service = "sts";
         const host = `sts.${region}.amazonaws.com`;
         const body = "Action=GetCallerIdentity&Version=2011-06-15";
         const now = new Date();
-        // AWS Signature V4 is complex — for a lightweight check we hit the endpoint
-        // and verify we get a response (even 403 means AWS is reachable)
+        const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, "");
+        const dateStamp = amzDate.slice(0, 8);
+        const bodyHash = sha256(body);
+        const canonicalHeaders = `content-type:application/x-www-form-urlencoded\nhost:${host}\nx-amz-date:${amzDate}\n`;
+        const signedHeaders = "content-type;host;x-amz-date";
+        const canonicalRequest = `POST\n/\n\n${canonicalHeaders}\n${signedHeaders}\n${bodyHash}`;
+        const credentialScope = `${dateStamp}/${region}/${service}/aws4_request`;
+        const stringToSign = `AWS4-HMAC-SHA256\n${amzDate}\n${credentialScope}\n${sha256(canonicalRequest)}`;
+        const signingKey = getSignatureKey(secretKey, dateStamp, region, service);
+        const signature = hmac(signingKey, stringToSign).toString("hex");
+        const authHeader = `AWS4-HMAC-SHA256 Credential=${accessKey}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
         const res = await fetch(`https://${host}/`, {
             method: "POST",
-            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+                "X-Amz-Date": amzDate,
+                Authorization: authHeader,
+            },
             body,
         });
-        // 403 = creds not signed but AWS is reachable
-        // 200 = would need full SigV4, which we skip for simplicity
-        if (res.status === 403 || res.ok) {
-            return { detail: `${region} — endpoint reachable` };
-        }
-        throw new Error(`HTTP ${res.status}`);
+        if (!res.ok)
+            throw new Error(`HTTP ${res.status} — invalid credentials`);
+        const text = await res.text();
+        const accountMatch = text.match(/<Account>(.+?)<\/Account>/);
+        const detail = accountMatch
+            ? `account ${accountMatch[1]} (${region})`
+            : `${region} — authenticated`;
+        return { detail };
     });
 }
+function sha256(data) {
+    return createHash("sha256").update(data).digest("hex");
+}
+function hmac(key, data) {
+    return createHmac("sha256", key).update(data).digest();
+}
+function getSignatureKey(key, date, region, service) {
+    const kDate = hmac(`AWS4${key}`, date);
+    const kRegion = hmac(kDate, region);
+    const kService = hmac(kRegion, service);
+    return hmac(kService, "aws4_request");
+}

package/dist/services/database.js

@@ -5,16 +5,35 @@ export async function checkDatabase() {
         return { name: "PostgreSQL", status: "skipped", detail: "DATABASE_URL not set" };
     }
     return runCheck("PostgreSQL", async () => {
-        // Parse host and port from DATABASE_URL to do a basic TCP connect check
-        // Full query check would require pg client — keeping deps minimal for now
         const parsed = new URL(url);
         const host = parsed.hostname;
         const port = parseInt(parsed.port || "5432", 10);
+        const dbName = parsed.pathname.replace("/", "") || "unknown";
         const { createConnection } = await import("net");
-        await new Promise((resolve, reject) => {
+        // Attempt a real PostgreSQL startup message handshake
+        const version = await new Promise((resolve, reject) => {
             const socket = createConnection({ host, port, timeout: 5000 }, () => {
-                socket.destroy();
-                resolve();
+                // Send PostgreSQL startup message (protocol v3.0)
+                const user = parsed.username || "postgres";
+                const params = `user\0${user}\0database\0${dbName}\0\0`;
+                const len = 4 + 4 + params.length;
+                const buf = Buffer.alloc(len);
+                buf.writeInt32BE(len, 0);
+                buf.writeInt32BE(196608, 4); // protocol 3.0
+                buf.write(params, 8);
+                socket.write(buf);
+                socket.once("data", (data) => {
+                    socket.destroy();
+                    const tag = String.fromCharCode(data[0]);
+                    // 'R' = AuthenticationRequest (server recognized us as postgres)
+                    // 'E' = Error (but server is responding — it's alive)
+                    if (tag === "R" || tag === "E") {
+                        resolve("protocol ok");
+                    }
+                    else {
+                        resolve("reachable");
+                    }
+                });
             });
             socket.on("error", reject);
             socket.on("timeout", () => {
@@ -22,6 +41,6 @@ export async function checkDatabase() {
                 reject(new Error("connection timeout"));
             });
         });
-        return { detail: `${host}:${port} reachable` };
+        return { detail: `${host}:${port}/${dbName} — ${version}` };
     });
 }

package/dist/services/registry.d.ts

@@ -1,4 +1,5 @@
 import type { CheckResult } from "./checker.js";
 export type HealthChecker = () => Promise<CheckResult>;
+export declare function loadPluginCheckers(): Promise<void>;
 export declare function getChecker(service: string): HealthChecker | null;
 export declare function allCheckerNames(): string[];

package/dist/services/registry.js

@@ -29,9 +29,23 @@ const registry = {
     r2: checkR2,
     stripe: checkStripe,
 };
+let pluginCheckers = {};
+let pluginsLoaded = false;
+export async function loadPluginCheckers() {
+    if (pluginsLoaded)
+        return;
+    try {
+        const { getPluginCheckers } = await import("../lib/plugins.js");
+        pluginCheckers = await getPluginCheckers();
+    }
+    catch {
+        // Plugins not available
+    }
+    pluginsLoaded = true;
+}
 export function getChecker(service) {
-    return registry[service] ?? null;
+    return registry[service] ?? pluginCheckers[service] ?? null;
 }
 export function allCheckerNames() {
-    return Object.keys(registry);
+    return [...Object.keys(registry), ...Object.keys(pluginCheckers)];
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prajwolkc/stk",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "One CLI to deploy, monitor, and debug your entire stack. Health checks, deploy watching, env sync, logs, and GitHub issues — all from one command.",
   "type": "module",
   "license": "MIT",
@@ -40,6 +40,8 @@
     "build": "tsc",
     "dev": "tsx src/index.ts",
     "start": "node dist/index.js",
+    "test": "vitest run",
+    "test:watch": "vitest",
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
@@ -50,6 +52,7 @@
   "devDependencies": {
     "@types/node": "^22.13.0",
     "tsx": "^4.19.0",
-    "typescript": "^5.7.0"
+    "typescript": "^5.7.0",
+    "vitest": "^4.1.0"
   }
 }