npm - @supatype/cli - Versions diffs - 0.1.0-alpha.13 → 0.1.0-alpha.15 - Mend

@supatype/cli 0.1.0-alpha.13 → 0.1.0-alpha.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

package/.turbo/turbo-build.log +1 -1
package/.turbo/turbo-test.log +209 -92
package/.turbo/turbo-typecheck.log +1 -1
package/dist/app-config.d.ts +10 -0
package/dist/app-config.d.ts.map +1 -1
package/dist/app-config.js +72 -0
package/dist/app-config.js.map +1 -1
package/dist/cli.d.ts.map +1 -1
package/dist/cli.js +2 -0
package/dist/cli.js.map +1 -1
package/dist/commands/add.d.ts +3 -0
package/dist/commands/add.d.ts.map +1 -0
package/dist/commands/add.js +83 -0
package/dist/commands/add.js.map +1 -0
package/dist/commands/app.js +2 -2
package/dist/commands/app.js.map +1 -1
package/dist/commands/init.d.ts +29 -1
package/dist/commands/init.d.ts.map +1 -1
package/dist/commands/init.js +569 -90
package/dist/commands/init.js.map +1 -1
package/dist/commands/keys.d.ts +15 -1
package/dist/commands/keys.d.ts.map +1 -1
package/dist/commands/keys.js +39 -4
package/dist/commands/keys.js.map +1 -1
package/dist/commands/self-host.d.ts.map +1 -1
package/dist/commands/self-host.js +5 -5
package/dist/commands/self-host.js.map +1 -1
package/dist/kong-config.d.ts +9 -0
package/dist/kong-config.d.ts.map +1 -1
package/dist/kong-config.js +18 -1
package/dist/kong-config.js.map +1 -1
package/dist/project-config.d.ts +16 -0
package/dist/project-config.d.ts.map +1 -1
package/dist/project-config.js +34 -0
package/dist/project-config.js.map +1 -1
package/dist/prompts.d.ts +8 -0
package/dist/prompts.d.ts.map +1 -0
package/dist/prompts.js +20 -0
package/dist/prompts.js.map +1 -0
package/dist/self-host-compose.d.ts.map +1 -1
package/dist/self-host-compose.js +62 -17
package/dist/self-host-compose.js.map +1 -1
package/package.json +2 -1
package/src/app-config.ts +80 -0
package/src/cli.ts +2 -0
package/src/commands/add.ts +94 -0
package/src/commands/app.ts +2 -2
package/src/commands/init.ts +738 -88
package/src/commands/keys.ts +49 -4
package/src/commands/self-host.ts +25 -5
package/src/kong-config.ts +24 -1
package/src/project-config.ts +45 -0
package/src/prompts.ts +21 -0
package/src/self-host-compose.ts +62 -17
package/tests/config.test.ts +26 -0
package/tests/init.test.ts +128 -15
package/tests/runtime-contract.test.ts +111 -1
package/tsconfig.tsbuildinfo +1 -1

package/src/commands/keys.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import type { Command } from "commander"
-import { readFileSync, existsSync } from "node:fs"
+import { readFileSync, existsSync, writeFileSync } from "node:fs"
 import { resolve } from "node:path"
 import { signJwt } from "../jwt.js"
@@ -41,13 +41,58 @@ export function registerKeys(program: Command): void {
 // ─── Helpers ─────────────────────────────────────────────────────────────────
-export function resolveSecret(): string | undefined {
+/** Mint a long-lived anon + service_role JWT pair from a secret. */
+export function signKeyPair(
+  secret: string,
+  expYears = 10,
+): { anonKey: string; serviceKey: string } {
+  const now = Math.floor(Date.now() / 1000)
+  const exp = now + expYears * 365 * 24 * 60 * 60
+  return {
+    anonKey: signJwt({ iss: "supatype", role: "anon", iat: now, exp }, secret),
+    serviceKey: signJwt({ iss: "supatype", role: "service_role", iat: now, exp }, secret),
+  }
+}
+/**
+ * Generate keys from the JWT_SECRET found in `dir`'s .env (or env var) and
+ * rewrite the ANON_KEY / SERVICE_ROLE_KEY lines in that .env file in place.
+ * Returns the minted pair, or null if no secret could be resolved.
+ */
+export function generateAndWriteKeys(
+  dir: string,
+  expYears = 10,
+): { anonKey: string; serviceKey: string } | null {
+  const secret = resolveSecret(dir)
+  if (!secret) return null
+  const { anonKey, serviceKey } = signKeyPair(secret, expYears)
+  const envPath = resolve(dir, ".env")
+  if (existsSync(envPath)) {
+    let content = readFileSync(envPath, "utf8")
+    content = upsertEnvVar(content, "ANON_KEY", anonKey)
+    content = upsertEnvVar(content, "SERVICE_ROLE_KEY", serviceKey)
+    writeFileSync(envPath, content, "utf8")
+  }
+  return { anonKey, serviceKey }
+}
+function upsertEnvVar(content: string, key: string, value: string): string {
+  const re = new RegExp(`^${key}=.*$`, "m")
+  if (re.test(content)) return content.replace(re, `${key}=${value}`)
+  const sep = content.endsWith("\n") || content.length === 0 ? "" : "\n"
+  return `${content}${sep}${key}=${value}\n`
+}
+export function resolveSecret(dir: string = process.cwd()): string | undefined {
   // 1. Check environment variable
   const fromEnv = process.env["JWT_SECRET"]
   if (fromEnv) return fromEnv
-  // 2. Parse .env file in cwd
-  const envPath = resolve(process.cwd(), ".env")
+  // 2. Parse .env file in the target directory
+  const envPath = resolve(dir, ".env")
   if (!existsSync(envPath)) return undefined
   try {

package/src/commands/self-host.ts CHANGED Viewed

@@ -17,7 +17,7 @@ import { resolveBinary } from "../binary-cache.js"
 import { generateUnits } from "../systemd.js"
 import { readPid } from "../process-manager.js"
 import { localStorageEnv } from "../local-storage.js"
-import { runDockerCompose, writeSelfHostCompose } from "../self-host-compose.js"
+import { composeProjectName, runDockerCompose, writeSelfHostCompose } from "../self-host-compose.js"
 export function registerSelfHost(program: Command): void {
   const selfHostCmd = program
@@ -47,7 +47,12 @@ export function registerSelfHost(program: Command): void {
       const cwd = process.cwd()
       const config = loadConfig(cwd)
       const out = writeSelfHostCompose(cwd, config)
-      const status = runDockerCompose(out.composePath, opts.detach ? ["up", "-d"] : ["up"], cwd)
+      const status = runDockerCompose(
+        out.composePath,
+        opts.detach ? ["up", "-d"] : ["up"],
+        cwd,
+        composeProjectName(config.project.name),
+      )
       process.exitCode = status
     })
@@ -58,7 +63,12 @@ export function registerSelfHost(program: Command): void {
       const cwd = process.cwd()
       const config = loadConfig(cwd)
       const out = writeSelfHostCompose(cwd, config)
-      process.exitCode = runDockerCompose(out.composePath, ["down"], cwd)
+      process.exitCode = runDockerCompose(
+        out.composePath,
+        ["down"],
+        cwd,
+        composeProjectName(config.project.name),
+      )
     })
   composeCmd
@@ -68,7 +78,12 @@ export function registerSelfHost(program: Command): void {
       const cwd = process.cwd()
       const config = loadConfig(cwd)
       const out = writeSelfHostCompose(cwd, config)
-      process.exitCode = runDockerCompose(out.composePath, ["ps"], cwd)
+      process.exitCode = runDockerCompose(
+        out.composePath,
+        ["ps"],
+        cwd,
+        composeProjectName(config.project.name),
+      )
     })
   composeCmd
@@ -83,7 +98,12 @@ export function registerSelfHost(program: Command): void {
       const args = ["logs"]
       if (opts.follow) args.push("-f")
       if (opts.service) args.push(opts.service)
-      process.exitCode = runDockerCompose(out.composePath, args, cwd)
+      process.exitCode = runDockerCompose(
+        out.composePath,
+        args,
+        cwd,
+        composeProjectName(config.project.name),
+      )
     })
   // ── Legacy native/systemd helpers (hidden; use compose for self-host) ─────

package/src/kong-config.ts CHANGED Viewed

@@ -18,6 +18,11 @@ export interface KongDeclarativeOptions {
   studioServiceUrl?: string | undefined
   /** See {@link RuntimeRouteOptions.studioStripPath}. */
   studioStripPath?: boolean | undefined
+  /**
+   * When set, append a global Kong `acme` plugin (Let's Encrypt) with Redis/Valkey
+   * storage so the self-host gateway provisions and renews TLS automatically.
+   */
+  acme?: { email: string; domain: string; redisHost: string } | undefined
 }
 /** Escape a string for use inside YAML double quotes. */
@@ -85,9 +90,27 @@ ${route.paths.map((path) => `          - ${path}`).join("\n")}
 ${protocols}${routePlugins}${graphqlPlugins}`
   }).join("\n")
+  const acme = opts.acme
+  const pluginsBlock = acme
+    ? `
+plugins:
+  - name: acme
+    config:
+      account_email: ${yamlQuotedString(acme.email)}
+      tos_accepted: true
+      domains:
+        - ${yamlQuotedString(acme.domain)}
+      storage: redis
+      storage_config:
+        redis:
+          host: ${yamlQuotedString(acme.redisHost)}
+          port: 6379
+`
+    : ""
   return `_format_version: "3.0"
 ${consumersBlock}
 services:
 ${servicesBlock}
-`
+${pluginsBlock}`
 }

package/src/project-config.ts CHANGED Viewed

@@ -59,6 +59,16 @@ export interface SupatypeProjectConfig {
     postgrestPort?: number
     /** Domain for ACME TLS certificate (mode=standalone). */
     domain?: string
+    /**
+     * TLS for self-host HTTPS (Kong ACME / Let's Encrypt).
+     * Requires `mode: "standalone"` and a non-empty `domain`.
+     */
+    tls?: {
+      /** ACME contact email for Let's Encrypt (required to enable HTTPS). */
+      email?: string
+      /** "kong" (default) = Kong acme plugin; "none" = stay HTTP even with a domain. */
+      provider?: "kong" | "none"
+    }
   }
   app: {
     /**
@@ -298,6 +308,23 @@ export function mergeProjectConfig(
     ...(base.admin !== undefined || override.admin !== undefined
       ? { admin: { ...base.admin, ...override.admin } as NonNullable<SupatypeProjectConfig["admin"]> }
       : {}),
+    ...(base.environments !== undefined || override.environments !== undefined
+      ? (() => {
+          const b = base.environments
+          const o = override.environments
+          const mergedBranchDefaults =
+            b?.branchDefaults !== undefined || o?.branchDefaults !== undefined
+              ? { ...(b?.branchDefaults ?? {}), ...(o?.branchDefaults ?? {}) }
+              : undefined
+          return {
+            environments: {
+              ...b,
+              ...o,
+              ...(mergedBranchDefaults !== undefined ? { branchDefaults: mergedBranchDefaults } : {}),
+            } as NonNullable<SupatypeProjectConfig["environments"]>,
+          }
+        })()
+      : {}),
   }
 }
@@ -373,6 +400,24 @@ export function serverBaseUrl(cfg: SupatypeProjectConfig): string | undefined {
   }
 }
+/**
+ * True when `supatype self-host compose` should render Kong ACME TLS (Let's Encrypt).
+ * Gated on a real self-host render (not `supatype dev`), standalone mode, a non-empty
+ * domain, an ACME contact email, and `tls.provider !== "none"`.
+ */
+export function selfHostTlsEnabled(
+  cfg: SupatypeProjectConfig,
+  devLocal = false,
+): boolean {
+  if (devLocal) return false
+  if (cfg.server.mode !== "standalone") return false
+  const domain = cfg.server.domain?.trim()
+  if (!domain) return false
+  const tls = cfg.server.tls
+  if (!tls || tls.provider === "none") return false
+  return Boolean(tls.email?.trim())
+}
 /** Resolved runtime provider (`config.provider` ?? `database.provider` ?? native). */
 export function resolveRuntimeProvider(cfg: SupatypeProjectConfig): "native" | "docker" {
   return cfg.provider ?? cfg.database.provider ?? "native"

package/src/prompts.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import * as p from "@clack/prompts"
+import { SUPATYPE_ASCII_LOGO_WORDMARK, colorLogoLines } from "./dev-logo.js"
+/** Print the coloured Supatype ASCII wordmark at the top of an interactive command. */
+export function printLogo(): void {
+  console.log()
+  console.log(colorLogoLines([...SUPATYPE_ASCII_LOGO_WORDMARK]).join("\n"))
+  console.log()
+}
+/**
+ * Unwrap a clack prompt result, exiting cleanly when the user cancels (Ctrl-C).
+ * Shared by all interactive commands so cancellation behaves consistently.
+ */
+export function ensureNotCancelled<T>(value: T | symbol, cancelMessage = "Cancelled."): T {
+  if (p.isCancel(value)) {
+    p.cancel(cancelMessage)
+    process.exit(0)
+  }
+  return value as T
+}

package/src/self-host-compose.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs"
 import { dirname, join, relative, resolve } from "node:path"
 import { spawnSync } from "node:child_process"
-import { preferredFunctionsPathFromProject, type SupatypeProjectConfig } from "./project-config.js"
+import { preferredFunctionsPathFromProject, selfHostTlsEnabled, type SupatypeProjectConfig } from "./project-config.js"
 import { hasEngineOverride, hasStudioOverride, pinnedVersion, fetchLatestVersion, VERSION_PIN_LOCAL } from "./binary-cache.js"
 import { buildKongDeclarative } from "./kong-config.js"
@@ -228,6 +228,11 @@ export function renderSelfHostCompose(
   const projectMount = projectMountPath(cwd)
   const kongMount = kongMountPath(cwd)
   const devLocal = options?.devLocal === true
+  const tlsEnabled = selfHostTlsEnabled(config, devLocal)
+  const domain = config.server.domain?.trim() ?? ""
+  // When TLS is on, default external URLs to https://<domain> so auth links/redirects use HTTPS.
+  const externalUrlFallback = tlsEnabled ? `https://${domain}` : "http://localhost:18473"
+  const siteUrlFallback = tlsEnabled ? `https://${domain}` : "http://localhost:3000"
   const studioHostDev = devLocal && hasStudioOverride(config)
   const appEnv = serverAppEnvForCompose(config, devLocal)
   const staticDir = staticDirForCompose(config) ?? "./dist"
@@ -239,7 +244,7 @@ export function renderSelfHostCompose(
   studio:
 ${studioService}
     environment:
-      SUPATYPE_CLOUD_JSON: '{"url":"\${API_EXTERNAL_URL:-http://localhost:18473}","anonKey":"\${ANON_KEY:-}"}'
+      SUPATYPE_CLOUD_JSON: '{"url":"\${API_EXTERNAL_URL:-${externalUrlFallback}}","anonKey":"\${ANON_KEY:-}"}'
     expose:
       - "3002"
 `
@@ -270,6 +275,44 @@ ${studioService}
       - "9000:9000"
       - "9001:9001"
 `
+  const kongTlsEnv = tlsEnabled
+    ? `      KONG_PROXY_LISTEN: "0.0.0.0:8000, 0.0.0.0:8443 ssl"
+      KONG_LUA_SSL_TRUSTED_CERTIFICATE: system
+      KONG_LUA_SSL_VERIFY_DEPTH: "2"
+`
+    : ""
+  const kongPorts = tlsEnabled
+    ? `      - "80:8000"
+      - "443:8443"`
+    : `      - "\${SUPATYPE_KONG_PORT:-18473}:8000"`
+  const kongTlsDependsOn = tlsEnabled ? "\n      - valkey" : ""
+  const valkeyBlock = tlsEnabled
+    ? `
+  valkey:
+    image: \${SUPATYPE_VALKEY_IMAGE:-valkey/valkey:8-alpine}
+    command: ["valkey-server", "--appendonly", "yes"]
+    expose:
+      - "6379"
+    volumes:
+      - valkey-data:/data
+`
+    : ""
+  const tlsHintComment = tlsEnabled
+    ? ""
+    : `  # HTTPS is off. To enable automatic TLS (Let's Encrypt) for production, set in supatype.config.ts:
+  #   server: { mode: "standalone", domain: "your.domain", tls: { email: "you@example.com" } }
+  # then re-run \`supatype self-host compose up -d\`. Kong publishes :80/:443 and provisions certs automatically.
+`
+  const volumesBlock = tlsEnabled
+    ? `volumes:
+  db-data:
+  minio-data:
+  valkey-data:
+`
+    : `volumes:
+  db-data:
+  minio-data:
+`
   return `# Generated by supatype self-host compose
 # Kong → supatype-server (unified gateway) → internal PostgREST / storage / etc.
@@ -330,12 +373,12 @@ ${dbPorts}    volumes:
       SUPATYPE_FUNCTIONS_ROOT: /project/functions
       SUPATYPE_DENO_FUNCTIONS_DIR: /project/functions
       PORT: "8001"
-      SUPATYPE_URL: \${API_EXTERNAL_URL:-http://localhost:18473}
+      SUPATYPE_URL: \${API_EXTERNAL_URL:-${externalUrlFallback}}
       SUPATYPE_ANON_KEY: \${ANON_KEY:-}
       SUPATYPE_SERVICE_ROLE_KEY: \${SERVICE_ROLE_KEY:-}
       STRIPE_SECRET_KEY: \${STRIPE_SECRET_KEY:-}
       STRIPE_WEBHOOK_SECRET: \${STRIPE_WEBHOOK_SECRET:-}
-      SITE_URL: \${SITE_URL:-\${API_EXTERNAL_URL:-http://localhost:18473}}
+      SITE_URL: \${SITE_URL:-\${API_EXTERNAL_URL:-${externalUrlFallback}}}
     depends_on:
       db:
         condition: service_healthy
@@ -374,7 +417,7 @@ ${serverPorts}    volumes:
       SUPATYPE_POSTGREST_URL: http://postgrest:3000
       SUPATYPE_GRAPHQL_URL: http://postgrest:3000
       SUPATYPE_STORAGE_URL: http://storage:5000
-      SUPATYPE_URL: \${API_EXTERNAL_URL:-http://localhost:18473}
+      SUPATYPE_URL: \${API_EXTERNAL_URL:-${externalUrlFallback}}
       SUPATYPE_ANON_KEY: \${ANON_KEY:-}
       SUPATYPE_SERVICE_ROLE_KEY: \${SERVICE_ROLE_KEY:-}
       SUPATYPE_SQL_DATABASE_URL: "postgresql://\${POSTGRES_USER:-supatype_admin}:\${POSTGRES_PASSWORD:-postgres}@db:5432/\${POSTGRES_DB:-supatype}"
@@ -384,11 +427,11 @@ ${serverPorts}    volumes:
 ${appEnv}
       GOTRUE_API_HOST: 0.0.0.0
       GOTRUE_API_PORT: 9999
-      API_EXTERNAL_URL: \${API_EXTERNAL_URL:-http://localhost:18473}
-      GOTRUE_API_EXTERNAL_URL: \${API_EXTERNAL_URL:-http://localhost:18473}
+      API_EXTERNAL_URL: \${API_EXTERNAL_URL:-${externalUrlFallback}}
+      GOTRUE_API_EXTERNAL_URL: \${API_EXTERNAL_URL:-${externalUrlFallback}}
       GOTRUE_DB_DRIVER: postgres
       GOTRUE_DB_DATABASE_URL: "postgres://\${POSTGRES_USER:-supatype_admin}:\${POSTGRES_PASSWORD:-postgres}@db:5432/\${POSTGRES_DB:-supatype}?search_path=auth"
-      GOTRUE_SITE_URL: \${SITE_URL:-http://localhost:3000}
+      GOTRUE_SITE_URL: \${SITE_URL:-${siteUrlFallback}}
       GOTRUE_JWT_SECRET: \${JWT_SECRET:-super-secret-jwt-token-change-in-production}
       GOTRUE_JWT_EXP: 3600
       GOTRUE_JWT_AUD: authenticated
@@ -428,8 +471,7 @@ ${minioPorts}    volumes:
     depends_on:
       db:
         condition: service_healthy
-${studioBlock}
-  kong:
+${studioBlock}${valkeyBlock}${tlsHintComment}  kong:
     image: kong:3.6
     environment:
       KONG_DATABASE: "off"
@@ -438,17 +480,14 @@ ${studioBlock}
       KONG_ADMIN_ACCESS_LOG: /dev/stdout
       KONG_PROXY_ERROR_LOG: /dev/stderr
       KONG_ADMIN_ERROR_LOG: /dev/stderr
-    volumes:
+${kongTlsEnv}    volumes:
       - ${kongMount}:/etc/kong/kong.yml:ro
     ports:
-      - "\${SUPATYPE_KONG_PORT:-18473}:8000"
+${kongPorts}
     depends_on:
-${kongDependsOn}
+${kongDependsOn}${kongTlsDependsOn}
-volumes:
-  db-data:
-  minio-data:
-`
+${volumesBlock}`
 }
 function ensureComposeManifest(cwd: string): void {
@@ -480,6 +519,9 @@ export function writeSelfHostCompose(
   ensureComposeManifest(cwd)
   writeFileSync(paths.composePath, renderSelfHostCompose(config, cwd, options), "utf8")
   const studioHostDev = options?.devLocal === true && hasStudioOverride(config)
+  const tlsEnabled = selfHostTlsEnabled(config, options?.devLocal === true)
+  const domain = config.server.domain?.trim()
+  const acmeEmail = config.server.tls?.email?.trim()
   writeFileSync(
     paths.kongPath,
     buildKongDeclarative({
@@ -488,6 +530,9 @@ export function writeSelfHostCompose(
         studioServiceUrl: COMPOSE_STUDIO_HOST_URL,
         studioStripPath: false,
       }),
+      ...(tlsEnabled && domain && acmeEmail
+        ? { acme: { email: acmeEmail, domain, redisHost: "valkey" } }
+        : {}),
     }),
     "utf8",
   )

package/tests/config.test.ts CHANGED Viewed

@@ -249,4 +249,30 @@ describe("mergeProjectConfig()", () => {
     expect(merged.app.start).toBe("dev:site")
     expect(merged.app.static_dir).toBe("./dist")
   })
+  it("preserves base environments when a local override sets only server.mode", () => {
+    const base = defineConfig({
+      ...minimalProject("p"),
+      server: { mode: "standalone", domain: "api.example.com" },
+      environments: { default: "production" },
+    })
+    const merged = mergeProjectConfig(base, { server: { mode: "dev" } })
+    expect(merged.server.mode).toBe("dev")
+    expect(merged.environments?.default).toBe("production")
+  })
+  it("deep-merges environments.branchDefaults across base and override", () => {
+    const base = defineConfig({
+      ...minimalProject("p"),
+      environments: { default: "production", branchDefaults: { main: "production" } },
+    })
+    const merged = mergeProjectConfig(base, {
+      environments: { branchDefaults: { staging: "preview" } },
+    })
+    expect(merged.environments?.default).toBe("production")
+    expect(merged.environments?.branchDefaults).toEqual({
+      main: "production",
+      staging: "preview",
+    })
+  })
 })