business-stack 0.1.1 → 0.1.5

package/README.md

@@ -8,8 +8,9 @@ Install these on your machine and ensure they are on your `PATH`:
 
 | Tool | Purpose |
 |------|---------|
-| [Node.js](https://nodejs.org/) 20+ | Runs the `business-stack` CLI (`setup`, `start`, `doctor`) |
-| [Bun](https://bun.sh) | Installs JS workspaces and runs the gateway |
+| [Node.js](https://nodejs.org/) 20+ | Runs the `business-stack` CLI |
+| **npm** (comes with Node) | `business-stack start` / `dev` use **`npm install`** and **`npm run`** for workspaces and Turborepo |
+| *(optional)* [Bun](https://bun.sh) | Only if you develop the **full monorepo** from git (`bun run dev` at repo root); **not** required for the published `business-stack` package |
 | [uv](https://docs.astral.sh/uv/) | Installs and runs the Python backend |
 | Python **3.12** | Required by the backend (managed via `uv`) |
 
@@ -19,6 +20,18 @@ Check your environment:
 npx business-stack doctor
 ```
 
+### Using `npx` (no install, or one-off runs)
+
+`npx` runs the same `business-stack` binary as a global or local install. Use a version tag so npm does not cache an old release:
+
+```bash
+npx --yes business-stack@latest doctor
+npx --yes business-stack@latest setup --yes
+npx --yes business-stack@latest start
+```
+
+On **Windows Command Prompt**, use the same commands; if `npx` is slow the first time, it is downloading the package.
+
 ## Installation (recommended: project-level)
 
 **Prefer a local (project) install** so the stack, generated `.env` files, and SQLite database live under your project’s `node_modules/business-stack/`, match npm’s default `npm i business-stack`, and avoid permission or PATH issues from global installs.
@@ -49,7 +62,7 @@ npx business-stack start
 ```
 
 - **`setup`** generates secrets, stores them in SQLite (`node_modules/business-stack/gateway/auth.sqlite`, table `stack_secrets`), and writes `gateway/.env`, `frontend/web/.env.local`, and `backend/.env` under that package path. You do not need to create `.env` files by hand.
-- **`start`** runs `bun install`, `uv sync`, production build, Alembic migrations, then starts Next (`next start`), the gateway, and uvicorn. First run can take several minutes.
+- **`start`** runs **`npm install`** (workspaces), **`uv sync`**, **`npm run build`**, Alembic migrations, then **`npm run start`** (Turborepo: Next, gateway, backend). First run can take several minutes.
 
 Optional flags for `start`: `--skip-install`, `--skip-build`, `--skip-migrate`.
 

package/bin/business-stack.cjs

@@ -111,18 +111,108 @@ function writeEnvFile(filePath, content) {
   fs.writeFileSync(filePath, `${content.trim()}\n`, "utf8");
 }
 
+function getCliPackageVersion() {
+  try {
+    const p = path.join(__dirname, "..", "package.json");
+    return JSON.parse(fs.readFileSync(p, "utf8")).version;
+  } catch {
+    return "?";
+  }
+}
+
+function logPhase(msg) {
+  const line = `business-stack: ${msg}`;
+  console.log(line);
+  console.error(line);
+}
+
+/** Microsoft Store / WindowsApps shims often exit 0 immediately with no real Bun — skip them. */
+function isWindowsAppsStub(exePath) {
+  const n = exePath.toLowerCase().replace(/\//g, "\\");
+  return (
+    n.includes("\\windowsapps\\") ||
+    n.includes("microsoft\\windowsapps") ||
+    n.endsWith("appinstaller.exe")
+  );
+}
+
+function whereAll(cmd) {
+  const r = spawnSync("where.exe", [cmd], {
+    encoding: "utf8",
+    windowsHide: true,
+  });
+  if (r.status !== 0 || !r.stdout) {
+    return [];
+  }
+  return r.stdout
+    .split(/\r?\n/)
+    .map((s) => s.trim())
+    .filter(Boolean);
+}
+
+function executableResponds(exe, args) {
+  const r = spawnSync(exe, args, {
+    encoding: "utf8",
+    windowsHide: true,
+    stdio: ["ignore", "pipe", "pipe"],
+    timeout: 20_000,
+  });
+  if (r.error) {
+    return false;
+  }
+  if (r.status !== 0) {
+    return false;
+  }
+  const out = `${String(r.stdout || "")}${String(r.stderr || "")}`.trim();
+  return out.length >= 2;
+}
+
+/**
+ * Resolve `npm` / `bun` / `uv` on Windows: `where` can list a useless WindowsApps stub first.
+ * Pick a path that successfully runs `--version`.
+ */
+function resolveExecutable(cmd) {
+  if (process.platform !== "win32") {
+    return cmd;
+  }
+  const all = whereAll(cmd);
+  if (all.length === 0) {
+    return cmd;
+  }
+  const preferred = all.filter((p) => !isWindowsAppsStub(p));
+  const order = preferred.length > 0 ? preferred : all;
+  for (let i = order.length - 1; i >= 0; i--) {
+    const exe = order[i];
+    if (isWindowsAppsStub(exe)) {
+      continue;
+    }
+    if (executableResponds(exe, ["--version"])) {
+      return exe;
+    }
+  }
+  for (let i = order.length - 1; i >= 0; i--) {
+    const exe = order[i];
+    if (executableResponds(exe, ["--version"])) {
+      return exe;
+    }
+  }
+  return order[order.length - 1] || cmd;
+}
+
 function cmdExists(cmd) {
   const isWin = process.platform === "win32";
   const which = isWin ? "where" : "which";
-  const r = spawnSync(which, [cmd], { encoding: "utf8" });
+  const r = spawnSync(which, [cmd], { encoding: "utf8", windowsHide: isWin });
   return r.status === 0;
 }
 
 function runDoctor() {
   const ok = [];
   const bad = [];
-  if (cmdExists("bun")) ok.push("bun");
-  else bad.push("bun (https://bun.sh)");
+  if (cmdExists("node")) ok.push("node");
+  else bad.push("node (https://nodejs.org/)");
+  if (cmdExists("npm")) ok.push("npm");
+  else bad.push("npm (ships with Node.js)");
   if (cmdExists("uv")) ok.push("uv");
   else bad.push("uv (https://docs.astral.sh/uv/)");
   if (cmdExists("python") || cmdExists("python3")) ok.push("python");
@@ -136,6 +226,9 @@ function runDoctor() {
     return;
   }
   console.log("\nAll common toolchain binaries are on PATH.");
+  console.log(
+    "\nThe gateway runs on **Node** (tsx + better-sqlite3). Bun is optional for monorepo contributors only.",
+  );
 }
 
 async function promptDefaults(rl, defaults) {
@@ -264,29 +357,86 @@ BACKEND_GATEWAY_SECRET=${backendGatewaySecret}
 }
 
 function envFileLooksConfigured(stackRoot) {
-  const g = path.join(stackRoot, "gateway", ".env");
-  if (fs.existsSync(g)) {
-    const t = fs.readFileSync(g, "utf8");
-    if (/BETTER_AUTH_SECRET=\S+/.test(t) || /INTEGRATIONS_ENCRYPTION_KEY=\S+/.test(t)) {
-      return true;
+  try {
+    const g = path.join(stackRoot, "gateway", ".env");
+    if (fs.existsSync(g)) {
+      const t = fs.readFileSync(g, "utf8");
+      if (
+        /^BETTER_AUTH_SECRET=./m.test(t) ||
+        /^INTEGRATIONS_ENCRYPTION_KEY=./m.test(t)
+      ) {
+        return true;
+      }
     }
+    return hasExistingSecrets(stackRoot);
+  } catch (e) {
+    console.error(
+      "business-stack: could not read setup state:",
+      e instanceof Error ? e.message : e,
+    );
+    return false;
   }
-  return hasExistingSecrets(stackRoot);
 }
 
-function runCmd(cmd, args, cwd, extraEnv) {
-  const r = spawnSync(cmd, args, {
+function runCmd(label, cmd, args, cwd, extraEnv) {
+  logPhase(`${label}…`);
+  const exe = resolveExecutable(cmd);
+  if (process.platform === "win32") {
+    logPhase(`using ${cmd} → ${exe}`);
+  }
+  const r = spawnSync(exe, args, {
     cwd,
     stdio: "inherit",
     env: { ...process.env, ...extraEnv },
     shell: false,
+    windowsHide: process.platform === "win32",
   });
+  if (r.error) {
+    console.error(`business-stack: ${label} failed:`, r.error.message);
+    console.error(`  Command: ${exe} ${args.join(" ")}`);
+    console.error(`  cwd: ${cwd}`);
+    process.exit(1);
+  }
+  if (r.signal) {
+    console.error(`business-stack: ${label} killed (${r.signal})`);
+    process.exit(1);
+  }
   if (r.status !== 0) {
     process.exit(r.status ?? 1);
   }
 }
 
-function runStart(opts) {
+/**
+ * Wait for turbo + servers. Async so Commander keeps the Node event loop alive on Windows
+ * until the child exits (avoids exiting immediately with no output).
+ */
+function waitForChild(child, label) {
+  return new Promise((resolve) => {
+    let settled = false;
+    const finish = (code) => {
+      if (settled) return;
+      settled = true;
+      resolve(code ?? 0);
+    };
+
+    child.on("error", (err) => {
+      console.error(`business-stack: ${label} — failed to spawn process:`, err.message);
+      console.error("  Run: business-stack doctor");
+      finish(1);
+    });
+
+    child.on("exit", (code, sig) => {
+      if (sig) {
+        console.error(`business-stack: ${label} — child exited with signal ${sig}`);
+        finish(1);
+        return;
+      }
+      finish(code ?? 0);
+    });
+  });
+}
+
+async function runStart(opts) {
   const stackRoot = getStackRoot();
   if (!envFileLooksConfigured(stackRoot)) {
     console.error(
@@ -295,6 +445,10 @@ function runStart(opts) {
     process.exit(1);
   }
 
+  logPhase("starting (install → sync → build → migrate → servers)");
+  logPhase(`stack root ${stackRoot}`);
+  logPhase(`CLI package v${getCliPackageVersion()} — if there is no output below, run: npm i -g business-stack@latest`);
+
   const fromDb = readStackSecretsEnv(stackRoot);
   const childEnv = { ...process.env };
   for (const [k, v] of Object.entries(fromDb)) {
@@ -304,43 +458,61 @@ function runStart(opts) {
   }
 
   if (!opts.skipInstall) {
-    runCmd("bun", ["install"], stackRoot, childEnv);
+    runCmd(
+      "npm install (workspaces)",
+      "npm",
+      ["install", "--no-fund", "--no-audit"],
+      stackRoot,
+      childEnv,
+    );
   }
-  runCmd("uv", ["sync"], path.join(stackRoot, "backend"), childEnv);
+  runCmd("uv sync (backend)", "uv", ["sync"], path.join(stackRoot, "backend"), childEnv);
   if (!opts.skipBuild) {
-    runCmd("bun", ["run", "build"], stackRoot, childEnv);
+    runCmd("npm run build", "npm", ["run", "build"], stackRoot, childEnv);
   }
   if (!opts.skipMigrate) {
-    runCmd("uv", ["run", "alembic", "upgrade", "head"], path.join(stackRoot, "backend"), childEnv);
+    runCmd(
+      "alembic upgrade head",
+      "uv",
+      ["run", "alembic", "upgrade", "head"],
+      path.join(stackRoot, "backend"),
+      childEnv,
+    );
   }
 
-  const child = spawn("bun", ["run", "start"], {
+  logPhase("launching production servers (turbo start via npm)");
+  const npmExe = resolveExecutable("npm");
+  if (process.platform === "win32") {
+    logPhase(`using npm → ${npmExe}`);
+  }
+  const child = spawn(npmExe, ["run", "start"], {
     cwd: stackRoot,
     stdio: "inherit",
     env: childEnv,
     shell: false,
+    windowsHide: process.platform === "win32",
   });
 
-  function shutdown(signal) {
+  const shutdown = () => {
     try {
-      if (process.platform === "win32") {
+      if (process.platform === "win32" && child.pid) {
         spawnSync("taskkill", ["/PID", String(child.pid), "/T", "/F"], {
           stdio: "ignore",
+          windowsHide: true,
         });
-      } else {
-        child.kill(signal);
+      } else if (child.pid) {
+        child.kill("SIGINT");
       }
     } catch {
       /* ignore */
     }
-  }
+  };
 
-  process.on("SIGINT", () => shutdown("SIGINT"));
-  process.on("SIGTERM", () => shutdown("SIGTERM"));
-  child.on("exit", (code, sig) => {
-    if (sig) process.exit(1);
-    process.exit(code ?? 0);
-  });
+  process.once("SIGINT", shutdown);
+  process.once("SIGTERM", shutdown);
+
+  const code = await waitForChild(child, "turbo start");
+  process.exit(code);
 }
 
 function runDev() {
@@ -352,17 +524,17 @@ function runDev() {
       childEnv[k] = String(v);
     }
   }
-  runCmd("bun", ["run", "dev"], stackRoot, childEnv);
+  runCmd("npm run dev", "npm", ["run", "dev"], stackRoot, childEnv);
 }
 
 program
   .name("business-stack")
   .description("Run the business-stack monorepo (Next + Hono gateway + FastAPI)")
-  .version("0.1.1");
+  .version("0.1.5");
 
 program
   .command("doctor")
-  .description("Check for bun, uv, and python on PATH")
+  .description("Check for node, npm, uv, and python on PATH")
   .action(runDoctor);
 
 program
@@ -382,12 +554,12 @@ program
 program
   .command("start")
   .description("Install deps, build, migrate, run production stack (turbo start)")
-  .option("--skip-install", "Skip bun install")
+  .option("--skip-install", "Skip npm install")
   .option("--skip-build", "Skip turbo build")
   .option("--skip-migrate", "Skip alembic upgrade")
-  .action((o) => {
+  .action(async (o) => {
     try {
-      runStart(o);
+      await runStart(o);
     } catch (e) {
       console.error(e instanceof Error ? e.message : e);
       process.exit(1);

package/gateway/README.md

@@ -1,13 +1,23 @@
-To install dependencies:
+Install dependencies from the **repo root** (workspaces) or in this folder:
+
 ```sh
-bun install
+npm install
 ```
 
-To run:
+Run (development with reload):
+
 ```sh
-bun run dev
+npm run dev
+```
+
+Production-style (no watch):
+
+```sh
+npm run start
 ```
 
 The gateway listens on **port 3001** by default (`PORT`). Open `http://127.0.0.1:3001` (or set `PORT`).
 
+Stack: **Hono**, **Node** via **tsx**, **better-sqlite3** for auth + integration settings, **Better Auth**.
+
 Better Auth needs a public **base URL** (where `/api/auth` is reached in the browser). With the Next.js app proxying auth, set `BETTER_AUTH_URL` to that origin (e.g. `http://localhost:3000`). See `.env.example`. If unset, the gateway defaults to `http://localhost:3000`.

package/gateway/package.json

@@ -1,24 +1,27 @@
 {
   "name": "@business-stack/gateway",
   "private": true,
-  "packageManager": "bun@1.3.1",
   "scripts": {
-    "dev": "bun run --hot src/index.ts",
-    "start": "bun run src/index.ts",
-    "migrate": "bun x @better-auth/cli@latest migrate --yes",
-    "build": "bun -e \"require('fs').mkdirSync('dist',{recursive:true}); require('fs').writeFileSync('dist/.buildstamp','')\"",
+    "dev": "tsx watch src/index.ts",
+    "start": "tsx src/index.ts",
+    "migrate": "npx @better-auth/cli@latest migrate --yes",
+    "build": "node -e \"require('fs').mkdirSync('dist',{recursive:true}); require('fs').writeFileSync('dist/.buildstamp','')\"",
     "lint": "biome check .",
     "lint:fix": "biome check --write .",
     "typecheck": "tsc --noEmit",
-    "test": "bun -e \"process.exit(0)\"",
-    "clean": "bun x rimraf@6 dist"
+    "test": "node -e \"process.exit(0)\"",
+    "clean": "npx rimraf@6 dist"
   },
   "dependencies": {
+    "@hono/node-server": "^1.19.9",
     "better-auth": "1.5.6",
-    "hono": "^4.12.10"
+    "better-sqlite3": "^11.7.0",
+    "hono": "^4.12.10",
+    "tsx": "^4.19.3"
   },
   "devDependencies": {
-    "@types/bun": "latest",
+    "@types/better-sqlite3": "^7.6.12",
+    "@types/node": "^20",
     "typescript": "^5.8.3"
   }
 }

package/gateway/src/auth.ts

@@ -1,11 +1,11 @@
-import { Database } from "bun:sqlite";
 import { betterAuth } from "better-auth";
+import Database from "better-sqlite3";
 import { loadStackSecretsIntoEnv } from "./stack-secrets";
 
 loadStackSecretsIntoEnv();
 
 const dbPath = process.env.BETTER_AUTH_DATABASE_PATH ?? "auth.sqlite";
-const sqlite = new Database(dbPath, { create: true });
+const sqlite = new Database(dbPath);
 
 function parseTrustedOrigins(): string[] {
   const raw = process.env.BETTER_AUTH_TRUSTED_ORIGINS;

package/gateway/src/index.ts

@@ -1,3 +1,4 @@
+import { serve } from "@hono/node-server";
 import { Hono } from "hono";
 import { cors } from "hono/cors";
 import { proxy } from "hono/proxy";
@@ -130,12 +131,14 @@ app.get("/session", (c) => {
 });
 
 const port = Number(process.env.PORT ?? 3001);
+const hostname = process.env.HOST?.trim() || "127.0.0.1";
 
-export default {
-  port,
+serve({
   fetch: app.fetch,
-};
+  port,
+  hostname,
+});
 
 console.log(
-  `Gateway listening on http://localhost:${port} (backend ${backendOrigin}, prefix ${apiGatewayPrefix})`,
+  `Gateway listening on http://${hostname}:${port} (backend ${backendOrigin}, prefix ${apiGatewayPrefix})`,
 );

package/gateway/src/integrations/store.ts

@@ -1,15 +1,15 @@
-import { Database } from "bun:sqlite";
+import Database from "better-sqlite3";
 import { decryptIntegrationValue, encryptIntegrationValue } from "./crypto";
 import { INTEGRATION_DB_KEYS, type IntegrationDbKey } from "./keys";
 
 const dbPath = process.env.BETTER_AUTH_DATABASE_PATH ?? "auth.sqlite";
 
-let _db: Database | null = null;
+let _db: Database.Database | null = null;
 
-function getDb(): Database {
+function getDb(): Database.Database {
   if (!_db) {
-    _db = new Database(dbPath, { create: true });
-    _db.run(`
+    _db = new Database(dbPath);
+    _db.exec(`
       CREATE TABLE IF NOT EXISTS integration_settings (
         key TEXT PRIMARY KEY NOT NULL,
         ciphertext TEXT NOT NULL,
@@ -22,8 +22,8 @@ function getDb(): Database {
 
 export function getEncryptedRow(key: IntegrationDbKey): string | null {
   const row = getDb()
-    .query("SELECT ciphertext FROM integration_settings WHERE key = ?")
-    .get(key) as { ciphertext: string } | null;
+    .prepare("SELECT ciphertext FROM integration_settings WHERE key = ?")
+    .get(key) as { ciphertext: string } | undefined;
   return row?.ciphertext ?? null;
 }
 
@@ -33,16 +33,17 @@ export function setEncryptedRow(
 ): void {
   const ciphertext = encryptIntegrationValue(plaintext);
   const updatedAt = new Date().toISOString();
-  getDb().run(
-    `INSERT INTO integration_settings (key, ciphertext, updated_at)
-     VALUES (?, ?, ?)
-     ON CONFLICT(key) DO UPDATE SET ciphertext = excluded.ciphertext, updated_at = excluded.updated_at`,
-    [key, ciphertext, updatedAt],
-  );
+  getDb()
+    .prepare(
+      `INSERT INTO integration_settings (key, ciphertext, updated_at)
+       VALUES (?, ?, ?)
+       ON CONFLICT(key) DO UPDATE SET ciphertext = excluded.ciphertext, updated_at = excluded.updated_at`,
+    )
+    .run(key, ciphertext, updatedAt);
 }
 
 export function deleteRow(key: IntegrationDbKey): void {
-  getDb().run("DELETE FROM integration_settings WHERE key = ?", [key]);
+  getDb().prepare("DELETE FROM integration_settings WHERE key = ?").run(key);
 }
 
 export function getPlaintext(key: IntegrationDbKey): string | null {

package/gateway/src/stack-secrets.ts

@@ -1,4 +1,4 @@
-import { Database } from "bun:sqlite";
+import Database from "better-sqlite3";
 
 /**
  * If an env var is unset or whitespace-only, fill it from `stack_secrets` in the auth DB.
@@ -6,20 +6,20 @@ import { Database } from "bun:sqlite";
  */
 export function loadStackSecretsIntoEnv(): void {
   const dbPath = process.env.BETTER_AUTH_DATABASE_PATH ?? "auth.sqlite";
-  let db: Database;
+  let db: Database.Database;
   try {
-    db = new Database(dbPath, { create: true });
+    db = new Database(dbPath);
   } catch {
     return;
   }
   try {
-    db.run(`
+    db.exec(`
       CREATE TABLE IF NOT EXISTS stack_secrets (
         key TEXT PRIMARY KEY NOT NULL,
         value TEXT NOT NULL
       )
     `);
-    const rows = db.query("SELECT key, value FROM stack_secrets").all() as {
+    const rows = db.prepare("SELECT key, value FROM stack_secrets").all() as {
       key: string;
       value: string;
     }[];

package/gateway/tsconfig.json

@@ -5,7 +5,7 @@
     "moduleResolution": "bundler",
     "target": "ES2022",
     "lib": ["ES2022"],
-    "types": ["bun-types"],
+    "types": ["node"],
     "skipLibCheck": true,
     "noEmit": true
   },

package/package.json

@@ -1,9 +1,8 @@
 {
   "name": "business-stack",
-  "version": "0.1.1",
+  "version": "0.1.5",
   "description": "Next.js + Hono gateway + FastAPI monorepo",
   "license": "UNLICENSED",
-  "packageManager": "bun@1.3.1",
   "workspaces": ["frontend/web", "gateway", "backend"],
   "scripts": {
     "prepublishOnly": "node ../scripts/sync-npm-package.cjs",