npm - @supatype/cli - Versions diffs - 0.1.0-alpha.6 → 0.1.0-alpha.7 - Mend

@supatype/cli 0.1.0-alpha.6 → 0.1.0-alpha.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (309) hide show

package/.turbo/turbo-build.log +1 -1
package/.turbo/turbo-test.log +203 -1
package/.turbo/turbo-typecheck.log +1 -1
package/dist/app-config.d.ts +7 -0
package/dist/app-config.d.ts.map +1 -0
package/dist/app-config.js +113 -0
package/dist/app-config.js.map +1 -0
package/dist/augmentation-generator.d.ts +2 -0
package/dist/augmentation-generator.d.ts.map +1 -0
package/dist/augmentation-generator.js +111 -0
package/dist/augmentation-generator.js.map +1 -0
package/dist/binary-cache.d.ts +89 -0
package/dist/binary-cache.d.ts.map +1 -0
package/dist/binary-cache.js +656 -0
package/dist/binary-cache.js.map +1 -0
package/dist/cli.d.ts.map +1 -1
package/dist/cli.js +13 -7
package/dist/cli.js.map +1 -1
package/dist/commands/admin.d.ts.map +1 -1
package/dist/commands/admin.js +4 -3
package/dist/commands/admin.js.map +1 -1
package/dist/commands/app.d.ts.map +1 -1
package/dist/commands/app.js +56 -209
package/dist/commands/app.js.map +1 -1
package/dist/commands/cache.d.ts +6 -0
package/dist/commands/cache.d.ts.map +1 -0
package/dist/commands/cache.js +105 -0
package/dist/commands/cache.js.map +1 -0
package/dist/commands/cloud.d.ts +12 -0
package/dist/commands/cloud.d.ts.map +1 -1
package/dist/commands/cloud.js +36 -46
package/dist/commands/cloud.js.map +1 -1
package/dist/commands/db.d.ts.map +1 -1
package/dist/commands/db.js +47 -54
package/dist/commands/db.js.map +1 -1
package/dist/commands/deploy.d.ts +2 -1
package/dist/commands/deploy.d.ts.map +1 -1
package/dist/commands/deploy.js +92 -51
package/dist/commands/deploy.js.map +1 -1
package/dist/commands/dev.d.ts +11 -0
package/dist/commands/dev.d.ts.map +1 -1
package/dist/commands/dev.js +751 -384
package/dist/commands/dev.js.map +1 -1
package/dist/commands/diff.d.ts.map +1 -1
package/dist/commands/diff.js +20 -15
package/dist/commands/diff.js.map +1 -1
package/dist/commands/engine.d.ts +1 -3
package/dist/commands/engine.d.ts.map +1 -1
package/dist/commands/engine.js +13 -85
package/dist/commands/engine.js.map +1 -1
package/dist/commands/functions.d.ts.map +1 -1
package/dist/commands/functions.js +92 -105
package/dist/commands/functions.js.map +1 -1
package/dist/commands/generate.d.ts.map +1 -1
package/dist/commands/generate.js +22 -12
package/dist/commands/generate.js.map +1 -1
package/dist/commands/init.d.ts +1 -1
package/dist/commands/init.d.ts.map +1 -1
package/dist/commands/init.js +124 -410
package/dist/commands/init.js.map +1 -1
package/dist/commands/migrate-from-v1.d.ts +5 -0
package/dist/commands/migrate-from-v1.d.ts.map +1 -0
package/dist/commands/migrate-from-v1.js +125 -0
package/dist/commands/migrate-from-v1.js.map +1 -0
package/dist/commands/migrate.d.ts.map +1 -1
package/dist/commands/migrate.js +27 -23
package/dist/commands/migrate.js.map +1 -1
package/dist/commands/pg.d.ts +8 -0
package/dist/commands/pg.d.ts.map +1 -0
package/dist/commands/pg.js +102 -0
package/dist/commands/pg.js.map +1 -0
package/dist/commands/pull.d.ts.map +1 -1
package/dist/commands/pull.js +5 -66
package/dist/commands/pull.js.map +1 -1
package/dist/commands/push.d.ts.map +1 -1
package/dist/commands/push.js +99 -39
package/dist/commands/push.js.map +1 -1
package/dist/commands/seed.d.ts +2 -0
package/dist/commands/seed.d.ts.map +1 -1
package/dist/commands/seed.js +44 -11
package/dist/commands/seed.js.map +1 -1
package/dist/commands/self-host.d.ts +7 -1
package/dist/commands/self-host.d.ts.map +1 -1
package/dist/commands/self-host.js +272 -758
package/dist/commands/self-host.js.map +1 -1
package/dist/commands/self-update.d.ts +9 -0
package/dist/commands/self-update.d.ts.map +1 -0
package/dist/commands/self-update.js +33 -0
package/dist/commands/self-update.js.map +1 -0
package/dist/commands/status.d.ts.map +1 -1
package/dist/commands/status.js +4 -3
package/dist/commands/status.js.map +1 -1
package/dist/commands/types.d.ts +3 -0
package/dist/commands/types.d.ts.map +1 -0
package/dist/commands/types.js +62 -0
package/dist/commands/types.js.map +1 -0
package/dist/commands/update.d.ts +7 -0
package/dist/commands/update.d.ts.map +1 -0
package/dist/commands/update.js +77 -0
package/dist/commands/update.js.map +1 -0
package/dist/components.d.ts +5 -0
package/dist/components.d.ts.map +1 -0
package/dist/components.js +3 -0
package/dist/components.js.map +1 -0
package/dist/config.d.ts +10 -51
package/dist/config.d.ts.map +1 -1
package/dist/config.js +101 -33
package/dist/config.js.map +1 -1
package/dist/docker-postgres.d.ts +39 -0
package/dist/docker-postgres.d.ts.map +1 -0
package/dist/docker-postgres.js +96 -0
package/dist/docker-postgres.js.map +1 -0
package/dist/engine-client.d.ts +67 -0
package/dist/engine-client.d.ts.map +1 -0
package/dist/engine-client.js +156 -0
package/dist/engine-client.js.map +1 -0
package/dist/ensure-binary.d.ts +7 -0
package/dist/ensure-binary.d.ts.map +1 -0
package/dist/ensure-binary.js +17 -0
package/dist/ensure-binary.js.map +1 -0
package/dist/functions-router-gen.d.ts +14 -0
package/dist/functions-router-gen.d.ts.map +1 -0
package/dist/functions-router-gen.js +199 -0
package/dist/functions-router-gen.js.map +1 -0
package/dist/index.d.ts +4 -5
package/dist/index.d.ts.map +1 -1
package/dist/index.js +2 -3
package/dist/index.js.map +1 -1
package/dist/kong-config.d.ts +21 -0
package/dist/kong-config.d.ts.map +1 -0
package/dist/kong-config.js +60 -0
package/dist/kong-config.js.map +1 -0
package/dist/local-gateway.d.ts +7 -0
package/dist/local-gateway.d.ts.map +1 -0
package/dist/local-gateway.js +9 -0
package/dist/local-gateway.js.map +1 -0
package/dist/local-storage.d.ts +8 -0
package/dist/local-storage.d.ts.map +1 -0
package/dist/local-storage.js +14 -0
package/dist/local-storage.js.map +1 -0
package/dist/pgbouncer-userlist.d.ts +5 -0
package/dist/pgbouncer-userlist.d.ts.map +1 -0
package/dist/pgbouncer-userlist.js +14 -0
package/dist/pgbouncer-userlist.js.map +1 -0
package/dist/postgres-ctl.d.ts +44 -0
package/dist/postgres-ctl.d.ts.map +1 -0
package/dist/postgres-ctl.js +137 -0
package/dist/postgres-ctl.js.map +1 -0
package/dist/process-manager.d.ts +41 -0
package/dist/process-manager.d.ts.map +1 -0
package/dist/process-manager.js +120 -0
package/dist/process-manager.js.map +1 -0
package/dist/project-config.d.ts +215 -0
package/dist/project-config.d.ts.map +1 -0
package/dist/project-config.js +145 -0
package/dist/project-config.js.map +1 -0
package/dist/pull-utils.d.ts +15 -0
package/dist/pull-utils.d.ts.map +1 -1
package/dist/pull-utils.js +12 -0
package/dist/pull-utils.js.map +1 -1
package/dist/release-pins.d.ts +7 -0
package/dist/release-pins.d.ts.map +1 -0
package/dist/release-pins.js +27 -0
package/dist/release-pins.js.map +1 -0
package/dist/release-public-key.d.ts +8 -0
package/dist/release-public-key.d.ts.map +1 -0
package/dist/release-public-key.js +13 -0
package/dist/release-public-key.js.map +1 -0
package/dist/runtime-routes.d.ts +25 -0
package/dist/runtime-routes.d.ts.map +1 -0
package/dist/runtime-routes.js +189 -0
package/dist/runtime-routes.js.map +1 -0
package/dist/scripts/postinstall.d.ts +5 -6
package/dist/scripts/postinstall.d.ts.map +1 -1
package/dist/scripts/postinstall.js +36 -20
package/dist/scripts/postinstall.js.map +1 -1
package/dist/self-host-compose.d.ts +14 -0
package/dist/self-host-compose.d.ts.map +1 -0
package/dist/self-host-compose.js +236 -0
package/dist/self-host-compose.js.map +1 -0
package/dist/storage-provision.d.ts +24 -0
package/dist/storage-provision.d.ts.map +1 -0
package/dist/storage-provision.js +44 -0
package/dist/storage-provision.js.map +1 -0
package/dist/systemd.d.ts +26 -0
package/dist/systemd.d.ts.map +1 -0
package/dist/systemd.js +102 -0
package/dist/systemd.js.map +1 -0
package/dist/tsx-runner.d.ts.map +1 -1
package/dist/tsx-runner.js +9 -2
package/dist/tsx-runner.js.map +1 -1
package/dist/type-extractor.d.ts +31 -0
package/dist/type-extractor.d.ts.map +1 -0
package/dist/type-extractor.js +876 -0
package/dist/type-extractor.js.map +1 -0
package/package.json +4 -3
package/releases/deno/VERSION +1 -0
package/scripts/mirror-deno-release.sh +76 -0
package/src/app-config.ts +128 -0
package/src/augmentation-generator.ts +126 -0
package/src/binary-cache.ts +802 -0
package/src/cli.ts +13 -8
package/src/commands/admin.ts +4 -3
package/src/commands/app.ts +67 -231
package/src/commands/cache.ts +117 -0
package/src/commands/cloud.ts +46 -57
package/src/commands/db.ts +54 -63
package/src/commands/deploy.ts +110 -61
package/src/commands/dev.ts +930 -405
package/src/commands/diff.ts +21 -29
package/src/commands/engine.ts +13 -116
package/src/commands/functions.ts +97 -115
package/src/commands/generate.ts +23 -10
package/src/commands/init.ts +136 -414
package/src/commands/migrate-from-v1.ts +131 -0
package/src/commands/migrate.ts +27 -23
package/src/commands/pg.ts +133 -0
package/src/commands/pull.ts +6 -85
package/src/commands/push.ts +128 -59
package/src/commands/seed.ts +54 -12
package/src/commands/self-host.ts +312 -880
package/src/commands/self-update.ts +45 -0
package/src/commands/status.ts +4 -3
package/src/commands/types.ts +76 -0
package/src/commands/update.ts +92 -0
package/src/components.ts +6 -0
package/src/config.ts +127 -94
package/src/docker-postgres.ts +138 -0
package/src/engine-client.ts +231 -0
package/src/ensure-binary.ts +28 -0
package/src/functions-router-gen.ts +224 -0
package/src/index.ts +4 -12
package/src/kong-config.ts +78 -0
package/src/local-gateway.ts +9 -0
package/src/local-storage.ts +14 -0
package/src/pgbouncer-userlist.ts +15 -0
package/src/postgres-ctl.ts +171 -0
package/src/process-manager.ts +151 -0
package/src/project-config.ts +353 -0
package/src/pull-utils.ts +24 -0
package/src/release-pins.ts +31 -0
package/src/release-public-key.ts +12 -0
package/src/runtime-routes.ts +216 -0
package/src/scripts/postinstall.ts +36 -25
package/src/self-host-compose.ts +257 -0
package/src/storage-provision.ts +58 -0
package/src/systemd.ts +137 -0
package/src/tsx-runner.ts +11 -1
package/src/type-extractor.ts +1016 -0
package/tests/app-command.test.ts +54 -0
package/tests/augmentation-generator.test.ts +59 -0
package/tests/binary-cache-cloud-overrides.test.ts +123 -0
package/tests/cached-artifact-format.test.ts +84 -0
package/tests/cli-help.test.ts +40 -14
package/tests/config.test.ts +140 -37
package/tests/engine-distribution.test.ts +3 -3
package/tests/ensure-binary.test.ts +59 -0
package/tests/init.test.ts +28 -86
package/tests/migrate-from-v1.test.ts +29 -0
package/tests/pg-spawn-env.test.ts +18 -0
package/tests/postgres-archive-tag.test.ts +9 -0
package/tests/pull-utils.test.ts +36 -1
package/tests/release-pins.test.ts +28 -0
package/tests/runtime-contract.test.ts +236 -0
package/tests/seed-discover.test.ts +31 -0
package/tests/tsconfig.json +9 -0
package/tests/type-extractor.test.ts +401 -0
package/tsconfig.tsbuildinfo +1 -1
package/vitest.config.ts +12 -0
package/dist/engine/cache.d.ts +0 -37
package/dist/engine/cache.d.ts.map +0 -1
package/dist/engine/cache.js +0 -121
package/dist/engine/cache.js.map +0 -1
package/dist/engine/download.d.ts +0 -19
package/dist/engine/download.d.ts.map +0 -1
package/dist/engine/download.js +0 -108
package/dist/engine/download.js.map +0 -1
package/dist/engine/platform.d.ts +0 -24
package/dist/engine/platform.d.ts.map +0 -1
package/dist/engine/platform.js +0 -50
package/dist/engine/platform.js.map +0 -1
package/dist/engine/resolve.d.ts +0 -37
package/dist/engine/resolve.d.ts.map +0 -1
package/dist/engine/resolve.js +0 -133
package/dist/engine/resolve.js.map +0 -1
package/dist/engine/update-notify.d.ts +0 -11
package/dist/engine/update-notify.d.ts.map +0 -1
package/dist/engine/update-notify.js +0 -43
package/dist/engine/update-notify.js.map +0 -1
package/dist/engine/verify.d.ts +0 -50
package/dist/engine/verify.d.ts.map +0 -1
package/dist/engine/verify.js +0 -161
package/dist/engine/verify.js.map +0 -1
package/dist/engine-version.d.ts +0 -35
package/dist/engine-version.d.ts.map +0 -1
package/dist/engine-version.js +0 -35
package/dist/engine-version.js.map +0 -1
package/dist/engine.d.ts +0 -34
package/dist/engine.d.ts.map +0 -1
package/dist/engine.js +0 -76
package/dist/engine.js.map +0 -1
package/src/engine/cache.ts +0 -135
package/src/engine/download.ts +0 -143
package/src/engine/platform.ts +0 -66
package/src/engine/resolve.ts +0 -197
package/src/engine/update-notify.ts +0 -50
package/src/engine/verify.ts +0 -206
package/src/engine-version.ts +0 -39
package/src/engine.ts +0 -99

package/dist/commands/self-host.js CHANGED Viewed

@@ -1,796 +1,310 @@
-import { existsSync, mkdirSync, writeFileSync, readFileSync, copyFileSync, } from "node:fs";
-import { resolve, join } from "node:path";
-import { randomBytes } from "node:crypto";
+/**
+ * self-host commands — manage self-hosted deployments.
+ *
+ * Compose-based commands are the canonical path.
+ * Native/systemd commands are kept temporarily for migration compatibility.
+ */
+import { Command } from "commander";
+import { existsSync, readFileSync, mkdirSync, writeFileSync } from "node:fs";
+import { join, resolve } from "node:path";
+import { homedir } from "node:os";
 import { spawnSync } from "node:child_process";
-import { signJwt } from "../jwt.js";
+import { gzipSync } from "node:zlib";
+import { loadConfig } from "../config.js";
+import { connectionString } from "../project-config.js";
+import { resolveBinary } from "../binary-cache.js";
+import { generateUnits } from "../systemd.js";
+import { readPid } from "../process-manager.js";
+import { localStorageEnv } from "../local-storage.js";
+import { runDockerCompose, writeSelfHostCompose } from "../self-host-compose.js";
 export function registerSelfHost(program) {
     const selfHostCmd = program
         .command("self-host")
-        .description("Manage self-hosted production deployments");
-    selfHostCmd
-        .command("setup")
-        .description("Generate a production-ready deploy/ directory with Caddy, PgBouncer, and all secrets")
-        .option("--domain <domain>", "Production domain (e.g. api.example.com)")
-        .option("--app-dockerfile <path>", "Path to your app Dockerfile (omit to skip app service)")
-        .option("--app-port <port>", "Port your app listens on", "3000")
-        .option("--ssl-email <email>", "Email address for Let's Encrypt registration")
-        .action(async (opts) => {
-        await setup(process.cwd(), opts);
+        .description("Manage self-hosted deployments (Docker Compose only)");
+    const composeCmd = selfHostCmd
+        .command("compose")
+        .description("Manage compose-based self-host runtime");
+    composeCmd
+        .command("render")
+        .description("Render deterministic self-host compose artifacts")
+        .action(() => {
+        const cwd = process.cwd();
+        const config = loadConfig(cwd);
+        const out = writeSelfHostCompose(cwd, config);
+        console.log(`Wrote ${out.composePath}`);
+        console.log(`Wrote ${out.kongPath}`);
     });
-    selfHostCmd
+    composeCmd
+        .command("up")
+        .description("Render and start compose services")
+        .option("-d, --detach", "Start in detached mode", true)
+        .action((opts) => {
+        const cwd = process.cwd();
+        const config = loadConfig(cwd);
+        const out = writeSelfHostCompose(cwd, config);
+        const status = runDockerCompose(out.composePath, opts.detach ? ["up", "-d"] : ["up"], cwd);
+        process.exitCode = status;
+    });
+    composeCmd
+        .command("down")
+        .description("Stop compose services")
+        .action(() => {
+        const cwd = process.cwd();
+        const config = loadConfig(cwd);
+        const out = writeSelfHostCompose(cwd, config);
+        process.exitCode = runDockerCompose(out.composePath, ["down"], cwd);
+    });
+    composeCmd
         .command("status")
-        .description("Show running service health for the production stack")
+        .description("Show compose service status")
         .action(() => {
-        runDockerCompose(["ps", "--format", "table"], "status");
+        const cwd = process.cwd();
+        const config = loadConfig(cwd);
+        const out = writeSelfHostCompose(cwd, config);
+        process.exitCode = runDockerCompose(out.composePath, ["ps"], cwd);
     });
-    selfHostCmd
+    composeCmd
         .command("logs")
-        .description("Tail logs from production services")
-        .option("--service <name>", "Show logs for a specific service only")
-        .option("--follow", "Follow log output")
+        .description("Tail compose logs")
+        .option("--service <name>", "Filter to one service")
+        .option("-f, --follow", "Follow log output", true)
         .action((opts) => {
+        const cwd = process.cwd();
+        const config = loadConfig(cwd);
+        const out = writeSelfHostCompose(cwd, config);
         const args = ["logs"];
         if (opts.follow)
-            args.push("--follow");
+            args.push("-f");
         if (opts.service)
             args.push(opts.service);
-        runDockerCompose(args, "logs");
-    });
-    selfHostCmd
-        .command("backup")
-        .description("Create a Postgres dump and store it locally")
-        .option("--output <path>", "Output file path", `./backups/backup-${timestamp()}.sql.gz`)
-        .action((opts) => {
-        backup(process.cwd(), opts.output);
+        process.exitCode = runDockerCompose(out.composePath, args, cwd);
     });
-    selfHostCmd
-        .command("update")
-        .description("Pull latest images and restart the production stack (use 'upgrade' for safe rolling upgrades)")
-        .action(() => {
-        update(process.cwd());
-    });
-    selfHostCmd
-        .command("upgrade")
-        .description("Safely upgrade services with backup, rolling restart, and automatic rollback")
-        .option("--skip-backup", "Skip automatic pre-upgrade backup")
-        .option("--skip-migrations", "Skip database migration step")
+    // ── Legacy native/systemd helpers (hidden; use compose for self-host) ─────
+    const legacyCmd = new Command("native");
+    selfHostCmd.addCommand(legacyCmd, { hidden: true });
+    legacyCmd
+        .command("install-service", "Generate systemd unit files and (on Linux) install + enable them")
+        .option("--output-dir <path>", "Write unit files here instead of /etc/systemd/system/")
+        .option("--user <name>", "User to run services as")
+        .option("--no-enable", "Generate unit files but do not enable/start them")
         .action(async (opts) => {
-        await upgrade(process.cwd(), opts);
-    });
-}
-async function fetchLatestTag(repo, fallback) {
-    try {
-        const res = await fetch(`https://api.github.com/repos/${repo}/releases/latest`, {
-            headers: { Accept: "application/vnd.github+json" },
-            signal: AbortSignal.timeout(5000),
+        logLegacyWarning("install-service");
+        const cwd = process.cwd();
+        const config = loadConfig(cwd);
+        const systemdDir = opts.outputDir ?? ".supatype/systemd";
+        const absSystemdDir = resolve(cwd, systemdDir);
+        console.log("Generating systemd unit files...");
+        const { postgres, server } = generateUnits(config, cwd, {
+            outputDir: absSystemdDir,
+            ...(opts.user !== undefined && { user: opts.user }),
         });
-        if (!res.ok)
-            return fallback;
-        const data = await res.json();
-        return data.tag_name ?? fallback;
-    }
-    catch {
-        return fallback;
-    }
-}
-async function setup(cwd, opts) {
-    // Load domain from opts or supatype.config.ts
-    const domain = opts.domain ?? loadDomainFromConfig(cwd);
-    if (!domain) {
-        console.error("Error: --domain is required (or set selfHost.domain in supatype.config.ts)");
-        process.exit(1);
-    }
-    console.log("Fetching latest image versions...");
-    const [postgresTag, authTag] = await Promise.all([
-        fetchLatestTag("supatype/postgres", "17-latest"),
-        fetchLatestTag("supatype/auth", "v1.0.0"),
-    ]);
-    console.log(`  postgres  supatype/postgres:${postgresTag}`);
-    console.log(`  auth      supatype/auth:${authTag}`);
-    const deployDir = resolve(cwd, "deploy");
-    mkdirSync(deployDir, { recursive: true });
-    const write = (rel, content) => {
-        const full = join(deployDir, rel);
-        mkdirSync(resolve(full, ".."), { recursive: true });
-        writeFileSync(full, content, "utf8");
-        console.log(`  created  deploy/${rel}`);
-    };
-    // Generate all secrets
-    const pgPassword = randomBytes(24).toString("hex");
-    const jwtSecret = randomBytes(32).toString("hex");
-    const now = Math.floor(Date.now() / 1000);
-    const exp = now + 10 * 365 * 24 * 60 * 60; // 10 years
-    const anonKey = signJwt({ iss: "supatype", role: "anon", iat: now, exp }, jwtSecret);
-    const serviceKey = signJwt({ iss: "supatype", role: "service_role", iat: now, exp }, jwtSecret);
-    console.log("\nGenerating production deployment files...\n");
-    write(".env.production", envProductionTemplate(domain, pgPassword, jwtSecret, anonKey, serviceKey));
-    write("docker-compose.yml", productionComposeTemplate(domain, opts, postgresTag, authTag));
-    write("Caddyfile", caddyfileTemplate(domain, opts.sslEmail));
-    write("pgbouncer.ini", productionPgbouncerIni());
-    write("userlist.txt", productionUserlist(pgPassword));
-    write("deploy.sh", deployScript(domain));
-    // Copy kong.yml if it exists
-    const kongSrc = resolve(cwd, ".supatype/kong.yml");
-    if (existsSync(kongSrc)) {
-        copyFileSync(kongSrc, join(deployDir, "kong.yml"));
-        console.log("  copied   deploy/kong.yml");
-    }
-    // Make deploy.sh executable on Unix
-    try {
-        spawnSync("chmod", ["+x", join(deployDir, "deploy.sh")]);
-    }
-    catch { /* non-Unix, ignore */ }
-    console.log(`
-╔══════════════════════════════════════════════════════════════╗
-║  SAVE THESE SECRETS — they will not be shown again!         ║
-╚══════════════════════════════════════════════════════════════╝
-POSTGRES_PASSWORD=${pgPassword}
-JWT_SECRET=${jwtSecret}
-ANON_KEY=${anonKey}
-SERVICE_ROLE_KEY=${serviceKey}
-These are also written to deploy/.env.production — back it up securely.
-DO NOT commit deploy/.env.production to source control.
-Next steps:
-  1. Copy the deploy/ directory to your VPS
-  2. SSH into the VPS and run: bash deploy.sh
-  3. Your app will be live at https://${domain}
-`);
-}
-// ─── Operations ───────────────────────────────────────────────────────────────
-function runDockerCompose(args, label) {
-    const deployDir = resolve(process.cwd(), "deploy");
-    if (!existsSync(join(deployDir, "docker-compose.yml"))) {
-        console.error("deploy/docker-compose.yml not found. Run: supatype self-host setup");
-        process.exit(1);
-    }
-    const result = spawnSync("docker", ["compose", "-f", join(deployDir, "docker-compose.yml"), ...args], {
-        stdio: "inherit",
-        cwd: deployDir,
-    });
-    if (result.status !== 0)
-        process.exit(result.status ?? 1);
-}
-function backup(cwd, outputPath) {
-    const deployDir = resolve(cwd, "deploy");
-    if (!existsSync(join(deployDir, "docker-compose.yml"))) {
-        console.error("deploy/docker-compose.yml not found. Run: supatype self-host setup");
-        process.exit(1);
-    }
-    const fullOutput = resolve(cwd, outputPath);
-    mkdirSync(resolve(fullOutput, ".."), { recursive: true });
-    console.log(`Backing up database to ${outputPath}...`);
-    const result = spawnSync("docker", [
-        "compose",
-        "-f", join(deployDir, "docker-compose.yml"),
-        "exec", "-T", "db",
-        "sh", "-c", "pg_dumpall -U postgres | gzip",
-    ], { cwd: deployDir, encoding: "buffer" });
-    if (result.status !== 0) {
-        console.error("Backup failed:", result.stderr?.toString());
-        process.exit(1);
-    }
-    writeFileSync(fullOutput, result.stdout);
-    console.log(`Backup saved to ${outputPath}`);
-}
-function update(cwd) {
-    const deployDir = resolve(cwd, "deploy");
-    console.log("Pulling latest images...");
-    spawnSync("docker", ["compose", "-f", join(deployDir, "docker-compose.yml"), "pull"], {
-        stdio: "inherit",
-        cwd: deployDir,
-    });
-    console.log("Restarting services...");
-    spawnSync("docker", ["compose", "-f", join(deployDir, "docker-compose.yml"), "up", "-d", "--wait"], {
-        stdio: "inherit",
-        cwd: deployDir,
-    });
-    console.log("Update complete.");
-}
-const MANAGED_SERVICES = [
-    { composeName: "db", image: "supatype/postgres", repo: "supatype/postgres", fallbackTag: "17-latest" },
-    { composeName: "gotrue", image: "supatype/auth", repo: "supatype/auth", fallbackTag: "v1.0.0" },
-    { composeName: "postgrest", image: "postgrest/postgrest", repo: "PostgREST/postgrest", fallbackTag: "v12.2.8" },
-    { composeName: "kong", image: "kong", repo: null, fallbackTag: "3.6" },
-    { composeName: "caddy", image: "caddy", repo: null, fallbackTag: "2" },
-    { composeName: "pgbouncer", image: "pgbouncer/pgbouncer", repo: null, fallbackTag: "latest" },
-    { composeName: "functions", image: "denoland/deno", repo: "denoland/deno", fallbackTag: "latest" },
-];
-function getCurrentImageTag(deployDir, serviceName) {
-    const result = spawnSync("docker", ["compose", "-f", join(deployDir, "docker-compose.yml"), "images", serviceName, "--format", "json"], { cwd: deployDir, encoding: "utf8" });
-    if (result.status !== 0 || !result.stdout.trim())
-        return null;
-    try {
-        // docker compose images --format json outputs one JSON object per line
-        const lines = result.stdout.trim().split("\n");
-        for (const line of lines) {
-            const data = JSON.parse(line);
-            if (data.Tag)
-                return data.Tag;
+        console.log(`  wrote ${postgres}`);
+        console.log(`  wrote ${server}`);
+        if (!opts.enable) {
+            console.log(`\nTo install manually:\n` +
+                `  sudo cp ${postgres} /etc/systemd/system/\n` +
+                `  sudo cp ${server} /etc/systemd/system/\n` +
+                `  sudo systemctl daemon-reload\n` +
+                `  sudo systemctl enable --now supatype-postgres supatype-server`);
+            return;
         }
-        return null;
-    }
-    catch {
-        return null;
-    }
-}
-async function fetchLatestRelease(repo) {
-    try {
-        const res = await fetch(`https://api.github.com/repos/${repo}/releases/latest`, {
-            headers: { Accept: "application/vnd.github+json" },
-            signal: AbortSignal.timeout(5000),
+        if (process.platform !== "linux") {
+            console.log("\nNote: systemd unit installation is only supported on Linux.\n" +
+                `Unit files are at ${absSystemdDir}/`);
+            return;
+        }
+        // Install to /etc/systemd/system/
+        console.log("\nInstalling to /etc/systemd/system/ (requires sudo)...");
+        const units = [
+            { src: postgres, dest: "/etc/systemd/system/supatype-postgres.service" },
+            { src: server, dest: "/etc/systemd/system/supatype-server.service" },
+        ];
+        for (const { src, dest } of units) {
+            const cp = spawnSync("sudo", ["cp", src, dest], { stdio: "inherit" });
+            if (cp.status !== 0) {
+                console.error(`Failed to copy ${src} to ${dest}`);
+                process.exit(1);
+            }
+        }
+        const daemonReload = spawnSync("sudo", ["systemctl", "daemon-reload"], { stdio: "inherit" });
+        if (daemonReload.status !== 0) {
+            process.exit(1);
+        }
+        const enable = spawnSync("sudo", ["systemctl", "enable", "--now", "supatype-postgres", "supatype-server"], { stdio: "inherit" });
+        if (enable.status !== 0) {
+            process.exit(1);
+        }
+        console.log("\nServices installed and started.");
+        console.log("  supatype-postgres.service");
+        console.log("  supatype-server.service");
+    });
+    // ── serve ──────────────────────────────────────────────────────────────────
+    legacyCmd
+        .command("serve", "Start supatype-server in the foreground (for standalone mode)")
+        .option("--port <port>", "Override port from config")
+        .action(async (opts) => {
+        logLegacyWarning("serve");
+        const cwd = process.cwd();
+        const config = loadConfig(cwd);
+        const serverBin = await resolveBinary("server", config);
+        const port = opts.port ?? String(config.server.port ?? 54321);
+        const args = [
+            "--port", port,
+            "--mode", config.server.mode,
+            ...(config.server.domain ? ["--domain", config.server.domain] : []),
+        ];
+        const stateDir = join(homedir(), ".supatype", "projects", config.project.name);
+        const storageEnv = config.storage?.provider !== "s3" ? localStorageEnv(stateDir) : {};
+        console.log(`Starting supatype-server on port ${port}...`);
+        const result = spawnSync(serverBin, args, {
+            stdio: "inherit",
+            cwd,
+            env: { ...process.env, ...storageEnv },
         });
-        if (!res.ok)
-            return null;
-        const data = await res.json();
-        if (!data.tag_name)
-            return null;
-        return { tag: data.tag_name, body: data.body ?? "" };
-    }
-    catch {
-        return null;
-    }
-}
-function loadSelfHostConfig(cwd) {
-    try {
-        const { loadConfig } = require("../config.js");
+        process.exitCode = result.status ?? 1;
+    });
+    // ── reload ─────────────────────────────────────────────────────────────────
+    legacyCmd
+        .command("reload", "Reload the running supatype-server (SIGHUP for config reload)")
+        .action(() => {
+        logLegacyWarning("reload");
+        const cwd = process.cwd();
         const config = loadConfig(cwd);
-        return config.selfHost;
-    }
-    catch {
-        return undefined;
-    }
-}
-function isServicePinned(selfHostConfig, serviceName) {
-    if (!selfHostConfig?.services)
-        return undefined;
-    return selfHostConfig.services[serviceName];
-}
-function checkServiceHealth(deployDir, serviceName, timeoutSeconds = 60) {
-    console.log(`  Checking health of ${serviceName}...`);
-    const deadline = Date.now() + timeoutSeconds * 1000;
-    while (Date.now() < deadline) {
-        const result = spawnSync("docker", ["compose", "-f", join(deployDir, "docker-compose.yml"), "ps", serviceName, "--format", "json"], { cwd: deployDir, encoding: "utf8" });
-        if (result.status === 0 && result.stdout.trim()) {
-            const lines = result.stdout.trim().split("\n");
-            for (const line of lines) {
-                try {
-                    const data = JSON.parse(line);
-                    // A service is considered healthy if:
-                    // - it has a healthcheck and Health is "healthy", or
-                    // - it has no healthcheck and State is "running"
-                    if (data.Health === "healthy")
-                        return true;
-                    if (!data.Health && data.State === "running")
-                        return true;
-                    // Status field sometimes contains "Up ... (healthy)"
-                    if (data.Status && data.Status.includes("healthy"))
-                        return true;
-                    if (data.Status && !data.Status.includes("health") && data.State === "running")
-                        return true;
-                }
-                catch { /* skip bad line */ }
+        const stateDir = join(homedir(), ".supatype", "projects", config.project.name);
+        const pid = readPid(join(stateDir, "pid"), "server");
+        if (!pid) {
+            // Try systemctl if running as a service
+            if (process.platform === "linux") {
+                const result = spawnSync("systemctl", ["reload", "supatype-server"], { stdio: "inherit" });
+                process.exitCode = result.status ?? 1;
+                return;
             }
+            console.error("Server does not appear to be running (no PID file found).");
+            process.exitCode = 1;
+            return;
         }
-        spawnSync("sleep", ["3"]);
-    }
-    return false;
-}
-function rollbackService(deployDir, serviceName, previousImage) {
-    console.log(`  Rolling back ${serviceName} to ${previousImage}...`);
-    // Pull the previous image back
-    const pullResult = spawnSync("docker", ["pull", previousImage], { stdio: "inherit", cwd: deployDir });
-    if (pullResult.status !== 0)
-        return false;
-    // Restart the service (docker compose will use the image now available)
-    // We need to re-tag or use docker compose up with the old image.
-    // The simplest reliable approach: stop the service, then start it.
-    // Since compose file may have :latest or a tag, we re-pull and restart.
-    const upResult = spawnSync("docker", ["compose", "-f", join(deployDir, "docker-compose.yml"), "up", "-d", "--no-deps", serviceName], { stdio: "inherit", cwd: deployDir });
-    return upResult.status === 0;
-}
-function applyDatabaseMigrations(deployDir) {
-    console.log("\nApplying database migrations...");
-    // Check if migrations directory exists
-    const migrationsDir = resolve(deployDir, "..", "migrations");
-    if (!existsSync(migrationsDir)) {
-        console.log("  No migrations directory found, skipping.");
-        return true;
-    }
-    // Run migrations via docker exec into the db container
-    const result = spawnSync("docker", [
-        "compose",
-        "-f", join(deployDir, "docker-compose.yml"),
-        "exec", "-T", "db",
-        "sh", "-c",
-        `for f in /migrations/*.sql; do [ -f "$f" ] && psql -U postgres -d supatype -f "$f" && echo "Applied: $f"; done`,
-    ], {
-        cwd: deployDir,
-        stdio: "inherit",
-        // Mount migrations directory
-        env: { ...process.env },
-    });
-    // Also try with a copy approach if the volume isn't mounted
-    if (result.status !== 0) {
-        // Copy and run migrations one at a time
-        const { readdirSync } = require("node:fs");
         try {
-            const files = readdirSync(migrationsDir).filter(f => f.endsWith(".sql")).sort();
-            for (const file of files) {
-                const sqlPath = resolve(migrationsDir, file);
-                const sql = readFileSync(sqlPath, "utf8");
-                const execResult = spawnSync("docker", [
-                    "compose",
-                    "-f", join(deployDir, "docker-compose.yml"),
-                    "exec", "-T", "db",
-                    "psql", "-U", "postgres", "-d", "supatype", "-c", sql,
-                ], { cwd: deployDir, encoding: "utf8" });
-                if (execResult.status !== 0) {
-                    console.error(`  Failed to apply migration ${file}: ${execResult.stderr}`);
-                    return false;
-                }
-                console.log(`  Applied: ${file}`);
-            }
+            process.kill(pid, "SIGHUP");
+            console.log(`Sent SIGHUP to supatype-server (pid ${pid}).`);
         }
         catch (err) {
-            console.error(`  Error reading migrations: ${err}`);
-            return false;
-        }
-    }
-    console.log("  Migrations complete.");
-    return true;
-}
-/** Summarize a release body to a short changelog line. */
-function summarizeChangelog(body) {
-    if (!body.trim())
-        return "(no changelog available)";
-    // Take first 3 non-empty lines, strip markdown headers
-    const lines = body
-        .split("\n")
-        .map(l => l.trim())
-        .filter(l => l.length > 0)
-        .map(l => l.replace(/^#+\s*/, ""))
-        .slice(0, 3);
-    const summary = lines.join("; ");
-    return summary.length > 120 ? summary.slice(0, 117) + "..." : summary;
-}
-async function upgrade(cwd, opts) {
-    const deployDir = resolve(cwd, "deploy");
-    if (!existsSync(join(deployDir, "docker-compose.yml"))) {
-        console.error("deploy/docker-compose.yml not found. Run: supatype self-host setup");
-        process.exit(1);
-    }
-    const selfHostConfig = loadSelfHostConfig(cwd);
-    // ── Step 1: Check current vs latest versions ──────────────────────────────
-    console.log("Checking service versions...\n");
-    const plans = [];
-    for (const svc of MANAGED_SERVICES) {
-        const pin = isServicePinned(selfHostConfig, svc.composeName);
-        const currentTag = getCurrentImageTag(deployDir, svc.composeName);
-        if (pin) {
-            console.log(`  ${svc.composeName.padEnd(12)} pinned at ${pin.version} (skipping)`);
-            plans.push({
-                service: svc,
-                currentTag,
-                latestTag: pin.version,
-                changelog: "",
-                pinned: true,
-            });
-            continue;
+            console.error(`Failed to signal pid ${pid}:`, err.message);
+            process.exitCode = 1;
         }
-        let latestTag = svc.fallbackTag;
-        let changelog = "";
-        if (svc.repo) {
-            const release = await fetchLatestRelease(svc.repo);
-            if (release) {
-                latestTag = release.tag;
-                changelog = summarizeChangelog(release.body);
+    });
+    // ── status ─────────────────────────────────────────────────────────────────
+    legacyCmd
+        .command("status", "Show running status of supatype services")
+        .action(() => {
+        logLegacyWarning("status");
+        const cwd = process.cwd();
+        const config = loadConfig(cwd);
+        const stateDir = join(homedir(), ".supatype", "projects", config.project.name);
+        console.log(`Project: ${config.project.name}\n`);
+        if (process.platform === "linux" && existsSync("/run/systemd/system")) {
+            // systemd is active
+            for (const svc of ["supatype-postgres", "supatype-server"]) {
+                const result = spawnSync("systemctl", ["status", "--no-pager", "--lines=0", svc], {
+                    encoding: "utf8",
+                });
+                const active = result.stdout?.includes("active (running)") ? "running" : "stopped";
+                console.log(`  ${svc}: ${active}`);
             }
         }
-        const needsUpgrade = currentTag !== latestTag;
-        const marker = needsUpgrade ? " *" : "";
-        console.log(`  ${svc.composeName.padEnd(12)} ${(currentTag ?? "unknown").padEnd(16)} -> ${latestTag}${marker}`);
-        if (changelog && needsUpgrade) {
-            console.log(`${"".padEnd(16)}changelog: ${changelog}`);
+        else {
+            // PID file check
+            const serverPid = readPid(join(stateDir, "pid"), "server");
+            const pgPid = readPid(join(stateDir, "pid"), "postgres");
+            console.log(`  postgres:          ${pgPid ? `running (pid ${pgPid})` : "stopped"}`);
+            console.log(`  supatype-server:   ${serverPid ? `running (pid ${serverPid})` : "stopped"}`);
         }
-        plans.push({
-            service: svc,
-            currentTag,
-            latestTag,
-            changelog,
-            pinned: false,
-        });
-    }
-    const upgradeable = plans.filter(p => !p.pinned && p.currentTag !== p.latestTag);
-    if (upgradeable.length === 0) {
-        console.log("\nAll services are up to date. Nothing to upgrade.");
-        return;
-    }
-    console.log(`\n${upgradeable.length} service(s) will be upgraded.\n`);
-    // ── Step 2: Pre-upgrade backup ────────────────────────────────────────────
-    if (!opts.skipBackup) {
-        const backupPath = `./backups/pre-upgrade-${timestamp()}.sql.gz`;
-        console.log(`Creating pre-upgrade backup: ${backupPath}`);
-        backup(cwd, backupPath);
-        console.log("Backup complete.\n");
-    }
-    else {
-        console.log("Skipping pre-upgrade backup (--skip-backup).\n");
-    }
-    // ── Step 3: Apply database migrations ─────────────────────────────────────
-    if (!opts.skipMigrations) {
-        const migrationOk = applyDatabaseMigrations(deployDir);
-        if (!migrationOk) {
-            console.error("\nDatabase migration failed. Aborting upgrade.");
-            console.error("Your pre-upgrade backup is available. To restore:");
-            console.error("  docker compose exec -T db sh -c 'gunzip | psql -U postgres' < <backup-file>");
-            process.exit(1);
+        const logDir = join(stateDir, "logs");
+        if (existsSync(logDir)) {
+            console.log(`\nLogs: ${logDir}`);
         }
-    }
-    // ── Step 4: Rolling restart with health checks and rollback ───────────────
-    console.log("\nStarting rolling upgrade...\n");
-    const failed = [];
-    for (const plan of upgradeable) {
-        const svc = plan.service;
-        const fullImage = `${svc.image}:${plan.latestTag}`;
-        const previousImage = plan.currentTag ? `${svc.image}:${plan.currentTag}` : null;
-        console.log(`Upgrading ${svc.composeName}: ${plan.currentTag ?? "unknown"} -> ${plan.latestTag}`);
-        // Pull new image
-        console.log(`  Pulling ${fullImage}...`);
-        const pullResult = spawnSync("docker", ["pull", fullImage], {
-            stdio: "inherit",
-            cwd: deployDir,
-        });
-        if (pullResult.status !== 0) {
-            console.error(`  Failed to pull ${fullImage}. Skipping ${svc.composeName}.`);
-            failed.push(svc.composeName);
-            continue;
+    });
+    // ── logs ───────────────────────────────────────────────────────────────────
+    selfHostCmd
+        .command("logs", "Tail supatype service logs", { hidden: true })
+        .option("--service <name>", "Show logs for: postgres | server")
+        .option("--lines <n>", "Number of lines to show", "50")
+        .option("-f, --follow", "Follow log output")
+        .action((opts) => {
+        logLegacyWarning("logs");
+        const cwd = process.cwd();
+        const config = loadConfig(cwd);
+        const stateDir = join(homedir(), ".supatype", "projects", config.project.name);
+        const logDir = join(stateDir, "logs");
+        if (process.platform === "linux" && existsSync("/run/systemd/system")) {
+            const args = ["--no-pager", "--lines", opts.lines];
+            if (opts.follow)
+                args.push("--follow");
+            if (opts.service)
+                args.push(`-u`, `supatype-${opts.service}`);
+            else
+                args.push("-u", "supatype-postgres", "-u", "supatype-server");
+            spawnSync("journalctl", args, { stdio: "inherit" });
+            return;
         }
-        // Restart just this service (zero-downtime: one at a time)
-        console.log(`  Restarting ${svc.composeName}...`);
-        const upResult = spawnSync("docker", ["compose", "-f", join(deployDir, "docker-compose.yml"), "up", "-d", "--no-deps", svc.composeName], { stdio: "inherit", cwd: deployDir });
-        if (upResult.status !== 0) {
-            console.error(`  Failed to restart ${svc.composeName}.`);
-            if (previousImage) {
-                rollbackService(deployDir, svc.composeName, previousImage);
-            }
-            failed.push(svc.composeName);
-            continue;
+        // File-based logs
+        const targets = [];
+        if (!opts.service || opts.service === "postgres") {
+            targets.push({ label: "postgres", file: join(logDir, "postgres.log") });
+        }
+        if (!opts.service || opts.service === "server") {
+            targets.push({ label: "server", file: join(logDir, "server.log") });
         }
-        // Verify health
-        const healthy = checkServiceHealth(deployDir, svc.composeName);
-        if (!healthy) {
-            console.error(`  Health check failed for ${svc.composeName} after upgrade.`);
-            if (previousImage) {
-                console.log(`  Initiating rollback for ${svc.composeName}...`);
-                const rolledBack = rollbackService(deployDir, svc.composeName, previousImage);
-                if (rolledBack) {
-                    const healthAfterRollback = checkServiceHealth(deployDir, svc.composeName);
-                    if (healthAfterRollback) {
-                        console.log(`  Rolled back ${svc.composeName} to ${previousImage} successfully.`);
-                    }
-                    else {
-                        console.error(`  WARNING: ${svc.composeName} is unhealthy even after rollback.`);
-                    }
-                }
-                else {
-                    console.error(`  WARNING: Rollback failed for ${svc.composeName}.`);
-                }
+        for (const { label, file } of targets) {
+            if (!existsSync(file)) {
+                console.log(`[${label}] log file not found: ${file}`);
+                continue;
+            }
+            if (opts.follow) {
+                const tail = spawnSync("tail", ["-f", "-n", opts.lines, file], { stdio: "inherit" });
+                process.exitCode = tail.status ?? 0;
+            }
+            else {
+                const n = parseInt(opts.lines, 10);
+                const content = readFileSync(file, "utf8");
+                const lines = content.split("\n");
+                console.log(lines.slice(-n).join("\n"));
             }
-            failed.push(svc.composeName);
-            continue;
         }
-        console.log(`  ${svc.composeName} upgraded and healthy.\n`);
-    }
-    // ── Step 5: Summary ───────────────────────────────────────────────────────
-    if (failed.length === 0) {
-        console.log("Upgrade complete. All services are healthy.");
-    }
-    else {
-        console.error(`\nUpgrade finished with failures in: ${failed.join(", ")}`);
-        console.error("\nManual intervention may be needed:");
-        console.error("  1. Check logs:        supatype self-host logs --service <name>");
-        console.error("  2. Check status:      supatype self-host status");
-        console.error("  3. Restore backup:    docker compose exec -T db sh -c 'gunzip | psql -U postgres' < <backup-file>");
-        console.error("  4. Pin a version:     Add services.<name>.version in supatype.config.ts selfHost config");
-        process.exit(1);
-    }
-}
-// ─── Config helpers ───────────────────────────────────────────────────────────
-function loadDomainFromConfig(cwd) {
-    try {
-        const { loadConfig } = require("../config.js");
+    });
+    // ── backup ─────────────────────────────────────────────────────────────────
+    legacyCmd
+        .command("backup", "Create a Postgres dump of the project database")
+        .option("--output <path>", "Output file path (default: ./backups/backup-<timestamp>.sql.gz)")
+        .option("--connection <url>", "Database connection URL (overrides config)")
+        .action((opts) => {
+        logLegacyWarning("backup");
+        const cwd = process.cwd();
         const config = loadConfig(cwd);
-        return config.selfHost?.domain;
-    }
-    catch {
-        return undefined;
-    }
-}
-function timestamp() {
-    return new Date().toISOString().replace(/[:.]/g, "-").slice(0, 19);
-}
-// ─── Production templates ─────────────────────────────────────────────────────
-function envProductionTemplate(domain, pgPassword, jwtSecret, anonKey, serviceKey) {
-    return `# Production secrets — DO NOT commit this file to source control
-# Generated by: supatype self-host setup
-DOMAIN=${domain}
-POSTGRES_PASSWORD=${pgPassword}
-POSTGRES_DB=supatype
-JWT_SECRET=${jwtSecret}
-ANON_KEY=${anonKey}
-SERVICE_ROLE_KEY=${serviceKey}
-SITE_URL=https://${domain}
-# SMTP — required for user email confirmation in production
-SMTP_HOST=
-SMTP_PORT=587
-SMTP_USER=
-SMTP_PASS=
-SMTP_SENDER_NAME=Supatype
-`;
-}
-function productionComposeTemplate(domain, opts, postgresTag, authTag) {
-    const appService = opts.appDockerfile
-        ? `
-  app:
-    build:
-      context: ..
-      dockerfile: ${opts.appDockerfile}
-    environment:
-      SUPATYPE_URL: http://kong:8000
-      SUPATYPE_ANON_KEY: \${ANON_KEY}
-      SUPATYPE_SERVICE_ROLE_KEY: \${SERVICE_ROLE_KEY}
-    networks:
-      - supatype
-    depends_on:
-      - kong
-    restart: unless-stopped
-`
-        : "";
-    return `# Production docker-compose — generated by supatype self-host setup
-# Run with: docker compose up -d (from within the deploy/ directory)
-services:
-  db:
-    image: supatype/postgres:${postgresTag}
-    environment:
-      POSTGRES_PASSWORD: \${POSTGRES_PASSWORD}
-      POSTGRES_DB: \${POSTGRES_DB:-supatype}
-    volumes:
-      - db-data:/var/lib/postgresql/data
-    networks:
-      - supatype
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U postgres"]
-      interval: 10s
-      timeout: 5s
-      retries: 20
-    restart: unless-stopped
-  pgbouncer:
-    image: pgbouncer/pgbouncer:latest
-    volumes:
-      - ./pgbouncer.ini:/etc/pgbouncer/pgbouncer.ini:ro
-      - ./userlist.txt:/etc/pgbouncer/userlist.txt:ro
-    networks:
-      - supatype
-    depends_on:
-      db:
-        condition: service_healthy
-    restart: unless-stopped
-  gotrue:
-    image: supatype/auth:${authTag}
-    environment:
-      GOTRUE_API_HOST: 0.0.0.0
-      GOTRUE_API_PORT: 9999
-      GOTRUE_DB_DRIVER: postgres
-      GOTRUE_DB_DATABASE_URL: "postgres://postgres:\${POSTGRES_PASSWORD}@pgbouncer:6432/\${POSTGRES_DB:-supatype}?search_path=auth"
-      GOTRUE_SITE_URL: https://${domain}
-      GOTRUE_JWT_SECRET: \${JWT_SECRET}
-      GOTRUE_JWT_EXP: 3600
-      GOTRUE_JWT_AUD: authenticated
-      GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated
-      GOTRUE_JWT_ADMIN_ROLES: service_role
-      GOTRUE_MAILER_AUTOCONFIRM: false
-      GOTRUE_SMTP_HOST: \${SMTP_HOST}
-      GOTRUE_SMTP_PORT: \${SMTP_PORT:-587}
-      GOTRUE_SMTP_USER: \${SMTP_USER}
-      GOTRUE_SMTP_PASS: \${SMTP_PASS}
-      GOTRUE_SMTP_SENDER_NAME: \${SMTP_SENDER_NAME:-Supatype}
-      GOTRUE_MAILER_URLPATHS_CONFIRMATION: /auth/v1/verify
-      GOTRUE_MAILER_URLPATHS_RECOVERY: /auth/v1/verify
-      GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: /auth/v1/verify
-      GOTRUE_MAILER_URLPATHS_INVITE: /auth/v1/verify
-      GOTRUE_DISABLE_SIGNUP: false
-    networks:
-      - supatype
-    depends_on:
-      pgbouncer:
-        condition: service_started
-    restart: unless-stopped
-  postgrest:
-    image: postgrest/postgrest:v12.2.8
-    environment:
-      PGRST_DB_URI: postgresql://authenticator:\${POSTGRES_PASSWORD}@pgbouncer:6432/\${POSTGRES_DB:-supatype}
-      PGRST_DB_SCHEMA: public
-      PGRST_DB_ANON_ROLE: anon
-      PGRST_JWT_SECRET: \${JWT_SECRET}
-      PGRST_DB_EXTRA_SEARCH_PATH: public,extensions
-      PGRST_DB_POOL: 3
-    networks:
-      - supatype
-    depends_on:
-      pgbouncer:
-        condition: service_started
-    restart: unless-stopped
-  kong:
-    image: kong:3.6
-    environment:
-      KONG_DATABASE: "off"
-      KONG_DECLARATIVE_CONFIG: /etc/kong/kong.yml
-      KONG_PROXY_ACCESS_LOG: /dev/stdout
-      KONG_ADMIN_ACCESS_LOG: /dev/stdout
-      KONG_PROXY_ERROR_LOG: /dev/stderr
-      KONG_ADMIN_ERROR_LOG: /dev/stderr
-    volumes:
-      - ./kong.yml:/etc/kong/kong.yml:ro
-    networks:
-      - supatype
-    depends_on:
-      - postgrest
-      - gotrue
-    restart: unless-stopped
-${appService}
-  functions:
-    image: denoland/deno:latest
-    environment:
-      SUPATYPE_URL: http://kong:8000
-      SUPATYPE_ANON_KEY: \${ANON_KEY}
-      SUPATYPE_SERVICE_ROLE_KEY: \${SERVICE_ROLE_KEY}
-      FUNCTIONS_DIR: /functions
-    volumes:
-      - ../supatype/functions:/functions:ro
-    networks:
-      - supatype
-    depends_on:
-      - kong
-    mem_limit: 512m
-    cpus: 1.0
-    restart: unless-stopped
-  caddy:
-    image: caddy:2
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - ./Caddyfile:/etc/caddy/Caddyfile:ro
-      - caddy-data:/data
-      - caddy-config:/config
-    networks:
-      - supatype
-    depends_on:
-      - kong
-    restart: unless-stopped
-networks:
-  supatype:
-    driver: bridge
-volumes:
-  db-data:
-  caddy-data:
-  caddy-config:
-`;
-}
-function caddyfileTemplate(domain, sslEmail) {
-    const emailLine = sslEmail ? `\n\ttls ${sslEmail}\n` : "";
-    return `${domain} {${emailLine}
-\treverse_proxy kong:8000
-\theader {
-\t\tStrict-Transport-Security "max-age=31536000; includeSubDomains"
-\t\tX-Frame-Options "SAMEORIGIN"
-\t\tX-Content-Type-Options "nosniff"
-\t}
-}
-`;
-}
-function productionPgbouncerIni() {
-    return `[databases]
-* = host=db port=5432
-[pgbouncer]
-listen_addr = 0.0.0.0
-listen_port = 6432
-auth_type = md5
-auth_file = /etc/pgbouncer/userlist.txt
-pool_mode = transaction
-default_pool_size = 20
-max_db_connections = 60
-max_client_conn = 100
-server_reset_query = DEALLOCATE ALL
-ignore_startup_parameters = extra_float_digits
-`;
-}
-function productionUserlist(pgPassword) {
-    // PgBouncer md5 format: "md5" + md5(password + username)
-    const md5Hash = (s) => {
-        const { createHash } = require("node:crypto");
-        return createHash("md5").update(s).digest("hex");
-    };
-    const postgresHash = "md5" + md5Hash(pgPassword + "postgres");
-    const authenticatorHash = "md5" + md5Hash(pgPassword + "authenticator");
-    return `# PgBouncer userlist — generated by supatype self-host setup
-# Regenerate by running: supatype self-host setup
-"postgres" "${postgresHash}"
-"authenticator" "${authenticatorHash}"
-`;
+        const conn = opts.connection ?? connectionString(config);
+        const outFile = opts.output ?? resolve(cwd, "backups", `backup-${new Date().toISOString().replace(/[:.]/g, "-")}.sql.gz`);
+        mkdirSync(resolve(outFile, ".."), { recursive: true });
+        console.log(`Backing up database to ${outFile}...`);
+        try {
+            // Avoid shell interpolation of user-supplied values.
+            const pgDump = spawnSync("pg_dump", [conn], {
+                stdio: ["ignore", "pipe", "pipe"],
+            });
+            if (pgDump.status !== 0) {
+                const stderr = pgDump.stderr?.toString("utf8") ?? "";
+                throw new Error(stderr.trim() || "pg_dump failed");
+            }
+            const compressed = gzipSync(pgDump.stdout);
+            writeFileSync(outFile, compressed);
+            console.log("Backup complete.");
+        }
+        catch (err) {
+            console.error("Backup failed:", err.message);
+            process.exit(1);
+        }
+    });
 }
-function deployScript(domain) {
-    return `#!/usr/bin/env bash
-# deploy.sh — generated by supatype self-host setup
-# Run once on a fresh VPS: bash deploy.sh
-set -euo pipefail
-DOMAIN="${domain}"
-echo "Checking prerequisites..."
-# Check Docker
-if ! command -v docker &>/dev/null; then
-  echo "Docker not found. Installing..."
-  curl -fsSL https://get.docker.com | sh
-  usermod -aG docker "$USER"
-  newgrp docker
-fi
-# Check ports 80 and 443 are available
-for port in 80 443; do
-  if ss -tlnp 2>/dev/null | grep -q ":$port " ; then
-    echo "Error: Port $port is already in use. Free it before running deploy.sh."
-    exit 1
-  fi
-done
-echo "Loading environment..."
-if [ ! -f .env.production ]; then
-  echo "Error: .env.production not found in $(pwd)"
-  exit 1
-fi
-# Export env vars from .env.production
-set -a; source .env.production; set +a
-echo "Starting services..."
-docker compose up -d --wait
-echo "Waiting for health checks..."
-timeout=120
-elapsed=0
-while ! docker compose ps --format json 2>/dev/null | grep -q '"Health":"healthy"'; do
-  sleep 5
-  elapsed=$((elapsed + 5))
-  if [ $elapsed -ge $timeout ]; then
-    echo "Timeout waiting for services to become healthy."
-    docker compose ps
-    exit 1
-  fi
-done
-echo ""
-echo "Deployment complete!"
-echo "Your app is live at: https://$DOMAIN"
-`;
+function logLegacyWarning(cmd) {
+    console.warn(`[supatype] self-host native ${cmd} is deprecated. ` +
+        "Use `supatype self-host compose` commands instead.");
 }
 //# sourceMappingURL=self-host.js.map