create-dstack 0.1.1 → 0.1.2

package/README.md

@@ -6,6 +6,8 @@ Scaffold a production-ready Next.js app with a single command.
 bunx create-dstack my-app
 ```
 
+![Demo](./assets/demo.gif)
+
 ## What's included
 
 

package/dist/index.js

@@ -162,7 +162,7 @@ var require_picocolors = __commonJS((exports, module) => {
 
 // src/index.ts
 var {$: $2 } = globalThis.Bun;
-import { existsSync, cpSync, mkdirSync, appendFileSync } from "fs";
+import { existsSync, cpSync } from "fs";
 import { join, resolve, dirname } from "path";
 import { fileURLToPath } from "url";
 
@@ -619,12 +619,6 @@ function z({ input: r = $, output: t = S, overwrite: e = true, hideCursor: s = t
 }
 var O = (r) => ("columns" in r) && typeof r.columns == "number" ? r.columns : 80;
 var A = (r) => ("rows" in r) && typeof r.rows == "number" ? r.rows : 20;
-function R(r, t, e, s = e) {
-  const i = O(r ?? S);
-  return wrapAnsi(t, i - e.length, { hard: true, trim: false }).split(`
-`).map((n, o) => `${o === 0 ? s : e}${n}`).join(`
-`);
-}
 var p = class {
   input;
   output;
@@ -831,24 +825,6 @@ var H = class extends p {
     }
   }
 };
-
-class Q extends p {
-  get cursor() {
-    return this.value ? 0 : 1;
-  }
-  get _value() {
-    return this.cursor === 0;
-  }
-  constructor(t) {
-    super(t, false), this.value = !!t.initialValue, this.on("userInput", () => {
-      this.value = this._value;
-    }), this.on("confirm", (e) => {
-      this.output.write(import_sisteransi.cursor.move(0, -1)), this.value = e, this.state = "submit", this.close();
-    }), this.on("cursor", () => {
-      this.value = !this.value;
-    });
-  }
-}
 var X = { Y: { type: "year", len: 4 }, M: { type: "month", len: 2 }, D: { type: "day", len: 2 } };
 function L(r) {
   return [...r].map((t) => X[t]);
@@ -1149,61 +1125,6 @@ var V2 = (e) => {
       return t("green", F2);
   }
 };
-var ot2 = (e) => {
-  const i = e.active ?? "Yes", s = e.inactive ?? "No";
-  return new Q({ active: i, inactive: s, signal: e.signal, input: e.input, output: e.output, initialValue: e.initialValue ?? true, render() {
-    const r = e.withGuide ?? u.withGuide, u2 = `${V2(this.state)}  `, n = r ? `${t("gray", d2)}  ` : "", o = R(e.output, e.message, n, u2), c2 = `${r ? `${t("gray", d2)}
-` : ""}${o}
-`, a = this.value ? i : s;
-    switch (this.state) {
-      case "submit": {
-        const l = r ? `${t("gray", d2)}  ` : "";
-        return `${c2}${l}${t("dim", a)}`;
-      }
-      case "cancel": {
-        const l = r ? `${t("gray", d2)}  ` : "";
-        return `${c2}${l}${t(["strikethrough", "dim"], a)}${r ? `
-${t("gray", d2)}` : ""}`;
-      }
-      default: {
-        const l = r ? `${t("cyan", d2)}  ` : "", $2 = r ? t("cyan", E2) : "";
-        return `${c2}${l}${this.value ? `${t("green", z2)} ${i}` : `${t("dim", H2)} ${t("dim", i)}`}${e.vertical ? r ? `
-${t("cyan", d2)}  ` : `
-` : ` ${t("dim", "/")} `}${this.value ? `${t("dim", H2)} ${t("dim", s)}` : `${t("green", z2)} ${s}`}
-${$2}
-`;
-      }
-    }
-  } }).prompt();
-};
-var O2 = { message: (e = [], { symbol: i = t("gray", d2), secondarySymbol: s = t("gray", d2), output: r = process.stdout, spacing: u2 = 1, withGuide: n } = {}) => {
-  const o = [], c2 = n ?? u.withGuide, a = c2 ? s : "", l = c2 ? `${i}  ` : "", $2 = c2 ? `${s}  ` : "";
-  for (let p2 = 0;p2 < u2; p2++)
-    o.push(a);
-  const y2 = Array.isArray(e) ? e : e.split(`
-`);
-  if (y2.length > 0) {
-    const [p2, ...m] = y2;
-    p2.length > 0 ? o.push(`${l}${p2}`) : o.push(c2 ? i : "");
-    for (const g of m)
-      g.length > 0 ? o.push(`${$2}${g}`) : o.push(c2 ? s : "");
-  }
-  r.write(`${o.join(`
-`)}
-`);
-}, info: (e, i) => {
-  O2.message(e, { ...i, symbol: t("blue", he) });
-}, success: (e, i) => {
-  O2.message(e, { ...i, symbol: t("green", pe) });
-}, step: (e, i) => {
-  O2.message(e, { ...i, symbol: t("green", F2) });
-}, warn: (e, i) => {
-  O2.message(e, { ...i, symbol: t("yellow", me) });
-}, warning: (e, i) => {
-  O2.warn(e, i);
-}, error: (e, i) => {
-  O2.message(e, { ...i, symbol: t("red", ge) });
-} };
 var pt = (e = "", i) => {
   const s = i?.output ?? process.stdout, r = i?.withGuide ?? u.withGuide ? `${t("gray", E2)}  ` : "";
   s.write(`${r}${t("red", e)}
@@ -1337,11 +1258,6 @@ async function main() {
     }
     projectName = input;
   }
-  const useStackAuth = await ot2({ message: "Add Stack Auth?" });
-  if (q(useStackAuth)) {
-    pt("Cancelled.");
-    process.exit(0);
-  }
   const projectDir = resolve(process.cwd(), projectName);
   if (existsSync(projectDir)) {
     pt(`Directory "${projectName}" already exists.`);
@@ -1349,7 +1265,7 @@ async function main() {
   }
   const s = fe();
   s.start("preheating the oven...");
-  await $2`bunx create-next-app@latest ${projectName} --typescript --tailwind --no-eslint --app --src-dir --import-alias "@/*" --use-bun`.quiet();
+  await $2`bunx create-next-app@latest ${projectName} --typescript --tailwind --no-eslint --app --no-src-dir --import-alias "@/*" --use-bun`.quiet();
   s.stop("next.js is in the chat");
   s.start("calling convex off the bench...");
   await $2`bun add convex`.cwd(projectDir).quiet();
@@ -1360,29 +1276,8 @@ async function main() {
   s.start("adding the drip (shadcn)...");
   await $2`bunx shadcn@latest init -d`.cwd(projectDir).quiet();
   s.stop("looking fire already");
-  if (useStackAuth) {
-    s.start("sliding stack auth into the dm...");
-    await $2`bun add @stackframe/stack`.cwd(projectDir).quiet();
-    s.stop("auth is cooked and ready");
-    mkdirSync(join(projectDir, "convex"), { recursive: true });
-    copyTemplate(join(TEMPLATES_DIR, "convex", "auth.config.ts"), join(projectDir, "convex", "auth.config.ts"));
-    appendFileSync(join(projectDir, ".env.local"), [
-      "",
-      "# Stack Auth \u2014 fill in from https://app.stack-auth.com",
-      "NEXT_PUBLIC_STACK_PROJECT_ID=",
-      "NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY=",
-      "STACK_SECRET_SERVER_KEY=",
-      ""
-    ].join(`
-`));
-    O2.warn(`Stack Auth needs manual steps:
-` + `  1. Create a project at ${import_picocolors.default.cyan("https://app.stack-auth.com")}
-` + `  2. Fill in ${import_picocolors.default.dim(".env.local")} with your keys
-` + `  3. Set the same vars in your Convex dashboard
-` + `  4. Run ${import_picocolors.default.cyan("bunx @stackframe/stack-cli@latest init")} inside the project to finish wiring up the provider`);
-  }
   s.start("putting the secret sauce on it...");
-  copyTemplate(join(TEMPLATES_DIR, "globals.css"), join(projectDir, "src", "app", "globals.css"));
+  copyTemplate(join(TEMPLATES_DIR, "globals.css"), join(projectDir, "app", "globals.css"));
   copyTemplate(join(TEMPLATES_DIR, "oxlint.json"), join(projectDir, "oxlint.json"));
   copyTemplate(join(TEMPLATES_DIR, "oxfmt.json"), join(projectDir, "oxfmt.json"));
   if (existsSync(join(TEMPLATES_DIR, ".claude"))) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-dstack",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Create a new dstack project — Next.js, Bun, Convex, Shadcn, Oxlint, Oxfmt",
   "type": "module",
   "repository": {

package/templates/CLAUDE.md

@@ -19,7 +19,6 @@ bunx oxfmt --check . # Check formatting
 - React 19
 - TypeScript 5 with strict mode
 - Convex for DB
-- StackAuth for auth, teams, user metadata
 - All database types in Convex
 
 ## Conventions
@@ -49,7 +48,6 @@ API routes: mirror domains (app/api/mail/, app/api/profile/)
 
 ## Authentication & Security
 
-- User endpoints: StackAuth server session for API routes and Server Actions; `useUser` only in client components
 - System/cron: Bearer token
 - Error handling: `throwOnError` or `if (error)` patterns
 

package/templates/agents.md

@@ -19,7 +19,6 @@ bunx oxfmt --check . # Check formatting
 - React 19
 - TypeScript 5 with strict mode
 - Convex for DB
-- StackAuth for auth, teams, user metadata
 - All database types in Convex
 
 ## Conventions
@@ -49,7 +48,6 @@ API routes: mirror domains (app/api/mail/, app/api/profile/)
 
 ## Authentication & Security
 
-- User endpoints: StackAuth server session for API routes and Server Actions; `useUser` only in client components
 - System/cron: Bearer token
 - Error handling: `throwOnError` or `if (error)` patterns
 

package/templates/.cursor/skills/api/SKILL.md

@@ -1,198 +0,0 @@
----
-name: api
-description: Whenever designing or working on API routes
----
-
-# API Development Rules
-
-Every API route is either user-authenticated or system-authenticated. No exceptions.
-
-## 1. Route Handlers
-
-- Use standard Next.js `NextRequest` and `NextResponse` types only
-- No custom middleware that wraps handlers
-
-## 2. Authentication
-
-### User APIs (browser/app requests)
-
-Resolve the signed-in user with **StackAuth on the server**. In Route Handlers and Server Actions, use Stack's server-side session APIs—**not** the React `useUser` hook (that is client-only).
-
-After auth, read and write data through **Convex** (`fetchQuery`, `fetchMutation`, `fetchAction` from `convex/nextjs`) so authorization can rely on `ctx.auth` inside Convex functions. Pass the Convex auth token when your setup requires it (same pattern as other OIDC providers: token option on `fetch*`).
-
-```typescript
-import { fetchMutation } from "convex/nextjs";
-import { api } from "@/convex/_generated/api";
-import type { NextRequest } from "next/server";
-
-export async function PATCH(request: NextRequest) {
-  // 1. Resolve user with StackAuth server APIs; return 401 if missing
-  // 2. Build Convex token if your Stack+Convex integration uses JWT forwarding
-  const token = await getConvexAuthTokenFromRequest(request);
-  const args = await request.json();
-  await fetchMutation(api.example.updateThing, args, { token });
-}
-```
-
-### Cron/System APIs
-
-Use Bearer token + trusted Convex entry points:
-
-```typescript
-const authHeader = request.headers.get("authorization");
-if (authHeader !== `Bearer ${process.env.CRON_SECRET}`) {
-  return new Response("Unauthorized", { status: 401 });
-}
-
-await fetchMutation(api.jobs.runScheduled, payload);
-```
-
-Use **deployment-appropriate** Convex access for system jobs (e.g. internal mutations or HTTP actions that validate the same secret). Never reuse a "god mode" client for user-initiated work.
-
-### Access shape
-
-| Caller            | Auth              | Data layer                          |
-| ----------------- | ----------------- | ----------------------------------- |
-| User API route    | StackAuth session | Convex via `fetch*` + user token    |
-| System / cron API | Bearer secret     | Convex mutation/action for batch/system work |
-
-Never bypass user-level Convex auth for operations that should be scoped to a single user.
-
-## 3. Validation
-
-**Every API route MUST validate with Zod.** No exceptions.
-
-### Validation Order: Fail Fast
-
-1. Authenticate
-2. Parse and validate request body immediately
-3. Then do expensive operations (Convex calls, external APIs)
-
-### Schema Patterns
-
-- Use `.trim()` for strings, `.email()` for emails
-- Use `.refine()` for custom business logic
-- Use `z.discriminatedUnion()` for conditional validation
-
-## 4. Error Response Format
-
-All errors use Stripe-style format:
-
-```typescript
-{
-  error: {
-    type: string;      // Required: validation_error, authentication_error, api_error, etc.
-    message: string;   // Required: Human-readable
-    code?: string;     // Optional: MISSING_EMAIL, QUOTA_EXCEEDED, etc.
-    param?: string;    // Optional: Field name for validation errors
-    details?: unknown; // Optional: Zod errors array
-  }
-}
-```
-
-### Error Types by Status
-
-- `400` validation_error - Invalid input
-- `401` authentication_error - Not authenticated
-- `403` authorization_error - Not authorized
-- `404` not_found_error - Resource missing
-- `429` rate_limit_error - Quota exceeded
-- `500` api_error - Internal error
-- `503` service_unavailable_error - External service down
-
-### Forbidden Formats
-
-```typescript
-// NEVER use these:
-{ success: false, error: "message" }
-{ error: "string" }  // Must be object
-{ message: "..." }   // Must use error.message
-```
-
-## 5. Standard API Template
-
-```typescript
-import { NextRequest, NextResponse } from "next/server";
-import { z } from "zod";
-import { fetchMutation } from "convex/nextjs";
-import { api } from "@/convex/_generated/api";
-
-const schema = z.object({
-  email: z.string().email(),
-  name: z.string().min(1),
-});
-
-export async function POST(request: NextRequest) {
-  const user = await getStackAuthUserFromRequest(request);
-  if (!user) {
-    return NextResponse.json(
-      {
-        error: { type: "authentication_error", message: "Unauthorized" },
-      },
-      { status: 401 },
-    );
-  }
-
-  try {
-    const rawBody = await request.json();
-    const data = schema.parse(rawBody);
-
-    const token = await getConvexAuthTokenFromRequest(request, user);
-    const result = await fetchMutation(api.example.createProfile, data, { token });
-
-    return NextResponse.json({ success: true, data: result });
-  } catch (error) {
-    if (error instanceof z.ZodError) {
-      return NextResponse.json(
-        {
-          error: {
-            type: "validation_error",
-            message: "Validation failed",
-            details: error.issues,
-          },
-        },
-        { status: 400 },
-      );
-    }
-    console.error("API Error:", error);
-    return NextResponse.json(
-      {
-        error: { type: "api_error", message: "Internal server error" },
-      },
-      { status: 500 },
-    );
-  }
-}
-```
-
-Replace `getStackAuthUserFromRequest` / `getConvexAuthTokenFromRequest` with the project's StackAuth server helpers and Convex token bridge.
-
-## 6. Security
-
-- Always sanitize inputs: `.trim()`, `.toLowerCase()` for emails
-- Check user quotas before expensive operations via `user.clientReadOnlyMetadata`
-- Use Supabase query builders, never raw SQL with user input
-- Validate environment variables exist before using
-- There is no SQL layer; do not concatenate user input into query strings for external services
-
-## 7. Database Best Practices (Convex)
-
-- Define schema and indexes in `convex/schema.ts`; query with indexed fields
-- Limit list reads (e.g. `.take(n)` / bounded queries); avoid unbounded scans
-- Use Convex argument validators on every function; keep Zod at the HTTP boundary
-- Use `Promise.allSettled()` for concurrent operations that can fail independently
-- Use `pLimit` for controlled concurrency against external APIs
-
-## 8. Logging
-
-- Use `console.error()` for errors with context (userId, error message, stack)
-- Use `console.log()` sparingly for important business events
-- Never log sensitive data (passwords, tokens, PII)
-- Logs are auto-captured by Vercel
-
-## 9. Testing
-
-- Test files in `__tests__/` within API route folders
-- Mock StackAuth server user resolution and Convex `fetch*` helpers when testing handlers in isolation
-- Mock `request.json()` for body parsing
-- Use `{} as NextRequest` if handler doesn't use request object

package/templates/.cursor/skills/api-timing-logs/SKILL.md

@@ -1,77 +0,0 @@
----
-name: api-timing-logs
-description: Adds readable one-line phase timing logs for API routes and server handlers (local debugging and production correlation). Use when instrumenting slow routes, debugging latency, adding request tracing, or when the user asks for timing logs, speed stats, or structured server logging.
----
-
-# API phase timing logs (gold standard)
-
-## Goals
-
-- **Scannable in a terminal**: one line per phase, aligned columns, no nested objects on the happy path.
-- **Grep-friendly**: fixed bracket tag per feature (e.g. `[ck-gen]`, `[mail-send]`).
-- **Minimal PII**: log `user=…` **once** at start; repeat **only** on error lines that need correlation.
-
-## Log line shape
-
-```
-[TAG] begin  user=<full-user-id>
-[TAG] <step>              <ms>ms  <optional key=value ...>
-```
-
-- **`TAG`**: short, stable, unique within the codebase (2–8 chars after the bracket is enough if unambiguous).
-- **`step`**: lowercase, use **dots** for sub-phases (`db.company_row`, `storage.sign`, `llm`). Pad `step` to a fixed width (e.g. 18 chars) so `ms` columns line up.
-- **`ms`**: wall time for **that phase only** (`Date.now() - phaseStart`), not cumulative unless the step name says `total`.
-- **Detail tail**: space-separated `key=value`. Prefer counts and compact units over raw dumps.
-
-## Helpers (TypeScript pattern)
-
-Copy/adapt per route; keep helpers **file-local** unless three+ routes need the same tag.
-
-```ts
-const TAG = "[feature-tag]";
-
-function elapsedMs(start: number) {
-  return Date.now() - start;
-}
-
-function phaseLog(step: string, ms: number, detail?: string) {
-  const tail = detail ? `  ${detail}` : "";
-  console.info(`${TAG} ${step.padEnd(18)} ${String(ms).padStart(5)}ms${tail}`);
-}
-
-function phaseWarn(bucket: string, detail: string) {
-  console.warn(`${TAG} ${bucket}  ${detail}`);
-}
-
-function phaseErr(step: string, userId: string, detail: string) {
-  console.error(`${TAG} ${step}  user=${userId}  ${detail}`);
-}
-```
-
-After auth (or once `userId` is known): `console.info(\`${TAG} begin  user=${userId}\`);`then use`phaseLog`for every subsequent phase **without** repeating`userId`.
-
-## What to log per phase
-
-- **External I/O**: hub pull, DB reads/writes, storage sign/download, HTTP fetches, LLM calls—each gets its own line with duration.
-- **CPU-ish work** only if it can be large (parse/format of huge payloads); otherwise merge with the phase that produced the bytes.
-- **Final line**: `done` or `total` with end-to-end `ms` plus 1–3 summary stats (`docs=`, `llmIn=34500ch`, etc.).
-
-## Units and compaction
-
-- Prefer **`kch`** (thousands of **characters**) when approximating payload size from string length. Do **not** label char counts as `kB` (misleading).
-- Rough token hints are OK: `~8676tok` with a comment in code that it is approximate (e.g. chars/4).
-- For multiple similar items, one compact tail beats an array of objects:  
-  `ok=3/3 raw~1200kch  [a.json:400kch@800ms, b.pdf:…]`
-- Cap list length in logs (e.g. first 3 files + `+2 more`) if noise gets large.
-
-## Errors
-
-- Use **`phaseErr`** for failures where you need to find the user in logs: include `user=<id>` and a **short** reason (message string, not full stack objects).
-- Keep generic `console.error` for unexpected exceptions if you already logged `begin` with `user=`.
-
-## Anti-patterns
-
-- Repeating `userId` on every `info` line.
-- Dumping **full prompts**, document bodies, or tokens in logs.
-- Large **JSON blobs** for routine success paths—use one line + counts.
-- Inconsistent tags (e.g. mixing `console.info("feature: …")` and `[tag] …` styles) in the same route.

package/templates/.cursor/skills/brand-styling/SKILL.md

@@ -1,104 +0,0 @@
----
-name: brand-styling
-description: dstack brand identity, colors, typography, and visual styling guidelines. Use when creating UI components, pages, or any visual elements.
-disable-model-invocation: true
----
-
-# dstack branding
-
-## Overview
-
-To access dstack's official brand identity and style resources, use this skill.
-
-Keywords: branding, corporate identity, visual identity, styling, brand colors, typography, dstack brand, visual formatting, visual design, dstack
-
-## Brand Guidelines
-
-### Colors
-
-Main Colors:
-
-Teal:
-#0da5a1 - Primary brand color, calls to action, active states
-
-Background:
-#f7f7f4 - Page background (warm off-white, not pure white)
-
-Foreground:
-#26251e - Primary text and dark elements
-
-Card:
-#f2f1ed - Card surfaces and elevated containers
-
-Muted:
-#6e6c5e - Secondary text and subdued labels
-
-Border:
-#d5d4cd - Borders, dividers, and separators
-
-Accent Colors:
-
-Teal Gradient Start:
-#0da5a1 - Brand gradient start (287deg angle)
-
-Teal Gradient End:
-#00d4cf - Brand gradient end (lighter teal)
-
-Semantic Colors:
-
-Success:
-#25935f - Success states and positive indicators
-
-Warning:
-#ec9c13 - Warning states and caution indicators
-
-Error:
-#dc2828 - Error states and destructive actions
-
-Card Hierarchy (light to dark):
-
-#f2f1ed - Card (base surface)
-#f0efeb - Card-01 (slightly elevated)
-#ebeae5 - Card-02 (mid elevation)
-#e6e5e0 - Card-03 (high elevation)
-#e1e0db - Card-04 (highest elevation)
-
-### Typography
-
-Display/Brand: Manrope (with system sans-serif fallback)
-Body Text: Inter (with system sans-serif fallback)
-Data/Labels: System monospace (SF Mono, Menlo, Consolas)
-
-## Features
-
-### Smart Font Application
-
-- Applies Manrope to brand and display text (logo, hero sections, loading screens, onboarding)
-- Applies Inter at light weight to all body text
-- Applies monospace to data labels, statistics, tabular numbers, status badges, and micro-labels
-- Manrope should use tight letter-spacing for brand moments
-- Standard UI text (form labels, table cells, body copy) stays on Inter
-
-### Text Styling
-
-- Headings and brand moments: Manrope, tight tracking
-- Body text: Inter, light weight
-- Data and metrics: Monospace, small size (10-11px), uppercase, wide tracking
-- Tabular numbers always use monospace for alignment
-- Smart color selection based on surface — darker text on light surfaces, lighter text on dark
-- Preserves text hierarchy and formatting
-
-### Color Application
-
-- Warm neutral palette throughout — cream and off-white tones, never stark white
-- Brand teal used for primary actions, focus rings, and interactive highlights
-- Brand gradient reserved for premium or highlight elements — use sparingly
-- Card hierarchy provides layered depth through progressively darker warm neutrals
-- Semantic colors (success, warning, error) only for their intended status meaning
-
-### Shape and Accent Colors
-
-- Non-text elements use the brand teal or card hierarchy colors
-- Brand gradient cycles from #0da5a1 to #00d4cf at a 287deg angle
-- Maintains visual interest while staying on-brand
-- No emojis anywhere — not in UI, copy, or documentation