npm - create-projx - Versions diffs - 1.7.6 → 1.8.0 - Mend

create-projx 1.7.6 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/{baseline-2PBT5JBT.js → baseline-ACCRNHE4.js} +2 -2
package/dist/{chunk-N66CVDEV.js → chunk-GZUJ235K.js} +4 -10
package/dist/{chunk-NPBLDU4H.js → chunk-NXIFRWTX.js} +58 -10
package/dist/index.js +27 -15
package/dist/{utils-QQUKUZKQ.js → utils-NVIN3FSZ.js} +3 -3
package/package.json +1 -1
package/src/templates/codeowners.ejs +9 -0
package/src/templates/docker-compose.yml.ejs +3 -3
package/src/templates/rollback.sh.ejs +69 -0
package/src/templates/runbook.md.ejs +64 -0

package/dist/{baseline-2PBT5JBT.js → baseline-ACCRNHE4.js} RENAMED Viewed

@@ -8,8 +8,8 @@ import {
   matchesSkip,
   saveBaselineRef,
   writeTemplateToDir
-} from "./chunk-NPBLDU4H.js";
-import "./chunk-N66CVDEV.js";
+} from "./chunk-NXIFRWTX.js";
+import "./chunk-GZUJ235K.js";
 export {
   BASELINE_REF,
   applyTemplate,

package/dist/{chunk-N66CVDEV.js → chunk-GZUJ235K.js} RENAMED Viewed

@@ -395,17 +395,11 @@ async function writeProjxConfig(cwd, data) {
   if (!Array.isArray(out.skip)) out.skip = [];
   await writeFile(path, JSON.stringify(out, null, 2) + "\n");
 }
-var DEFAULT_ROOT_SKIP_PATTERNS = [
+var INSTANCE_AWARE_SHARED = [
   "docker-compose.yml",
-  "README.md",
-  ".githooks/pre-commit",
   ".github/workflows/ci.yml",
-  "scripts/ci-local.sh",
-  "scripts/ci-runner-gc.sh",
-  "scripts/check-bundle-size.sh",
-  "scripts/setup.sh",
-  "scripts/setup-docker.sh",
-  "scripts/setup-ssl.sh"
+  ".githooks/pre-commit",
+  "scripts/setup.sh"
 ];
 var DEFAULT_COMPONENT_SKIP_PATTERNS = {
   fastapi: ["pyproject.toml"],
@@ -627,7 +621,7 @@ export {
   upsertComponentMarker,
   readProjxConfig,
   writeProjxConfig,
-  DEFAULT_ROOT_SKIP_PATTERNS,
+  INSTANCE_AWARE_SHARED,
   DEFAULT_COMPONENT_SKIP_PATTERNS,
   discoverComponentPaths,
   discoverComponentsFromMarkers,

package/dist/{chunk-NPBLDU4H.js → chunk-NXIFRWTX.js} RENAMED Viewed

@@ -1,6 +1,5 @@
 import {
   DEFAULT_COMPONENT_SKIP_PATTERNS,
-  DEFAULT_ROOT_SKIP_PATTERNS,
   copyComponent,
   copyStaticFiles,
   readComponentMarker,
@@ -13,7 +12,7 @@ import {
   toSnake,
   upsertComponentMarker,
   writeProjxConfig
-} from "./chunk-N66CVDEV.js";
+} from "./chunk-GZUJ235K.js";
 // src/baseline.ts
 import { existsSync, writeFileSync, unlinkSync } from "fs";
@@ -90,6 +89,39 @@ async function generateCiYml(vars) {
 async function generateReadme(vars) {
   return renderShared("README.md.ejs", withInstances(vars));
 }
+function infraTemplateVars(vars) {
+  const projectName = vars.projectName;
+  const productionDomain = vars.productionDomain ?? `${projectName}.example.com`;
+  const awsRegion = vars.awsRegion ?? "us-east-1";
+  const githubOwner = vars.githubOwner ?? "TODO";
+  const ecrRepos = vars.ecrRepos ?? [
+    `${projectName}/backend`,
+    `${projectName}/frontend`
+  ];
+  const hasBackendMigrations = vars.components.some(
+    (c) => c === "fastify" || c === "express"
+  );
+  const hasAdminPanelMigrations = vars.components.includes("admin-panel");
+  return {
+    ...vars,
+    productionDomain,
+    awsRegion,
+    githubOwner,
+    ecrRepos,
+    hasBackendMigrations,
+    hasAdminPanelMigrations,
+    displayName: projectName.charAt(0).toUpperCase() + projectName.slice(1)
+  };
+}
+async function generateRollback(vars) {
+  return renderShared("rollback.sh.ejs", infraTemplateVars(vars));
+}
+async function generateCodeowners(vars) {
+  return renderShared("codeowners.ejs", infraTemplateVars(vars));
+}
+async function generateRunbook(vars) {
+  return renderShared("runbook.md.ejs", infraTemplateVars(vars));
+}
 function generateVscodeSettings(vars) {
   const settings = {};
   if (vars.components.includes("fastapi")) {
@@ -128,7 +160,7 @@ function generateVscodeSettings(vars) {
 // src/baseline.ts
 var BASELINE_REF = "refs/projx/baseline";
 async function migrateComponentMarkers(cwd, components, componentPaths, applyDefaults) {
-  const { readComponentMarker: readComponentMarker2, writeComponentMarker } = await import("./utils-QQUKUZKQ.js");
+  const { readComponentMarker: readComponentMarker2, writeComponentMarker } = await import("./utils-NVIN3FSZ.js");
   for (const component of components) {
     const dir = componentPaths[component];
     const markerDir = join2(cwd, dir);
@@ -159,9 +191,7 @@ async function writeManagedProjx(cwd, version, vars, applyDefaults) {
   if (typeof vars.orm === "string" && !merged.orm) {
     merged.orm = vars.orm;
   }
-  if (applyDefaults && !merged.defaultsApplied) {
-    const userSkip = Array.isArray(merged.skip) ? merged.skip : [];
-    merged.skip = [.../* @__PURE__ */ new Set([...userSkip, ...DEFAULT_ROOT_SKIP_PATTERNS])];
+  if (applyDefaults) {
     merged.defaultsApplied = true;
   }
   await writeProjxConfig(cwd, merged);
@@ -419,10 +449,8 @@ async function writeTemplateToDir(dest, repoDir, components, componentPaths, var
   }
   const hasBackend = components.includes("fastapi") || components.includes("fastify") || components.includes("express");
   const userSkip = rootSkip ?? [];
-  const defaultRootSkip = applyDefaults ? DEFAULT_ROOT_SKIP_PATTERNS : [];
-  const effectiveSkip = [.../* @__PURE__ */ new Set([...userSkip, ...defaultRootSkip])];
   const shouldWrite = (file) => {
-    if (!matchesSkip(file, effectiveSkip)) return true;
+    if (!matchesSkip(file, userSkip)) return true;
     return !existsSync(join2(realCwd, file));
   };
   if (hasBackend || components.includes("frontend") || components.includes("admin-panel")) {
@@ -457,6 +485,26 @@ async function writeTemplateToDir(dest, repoDir, components, componentPaths, var
     );
     await chmod(join2(dest, "scripts/setup.sh"), 493);
   }
+  if (vars.components.includes("infra")) {
+    if (shouldWrite("scripts/rollback.sh")) {
+      await mkdir(join2(dest, "scripts"), { recursive: true });
+      await writeFile(
+        join2(dest, "scripts/rollback.sh"),
+        await generateRollback(vars)
+      );
+      await chmod(join2(dest, "scripts/rollback.sh"), 493);
+    }
+    if (shouldWrite(".github/CODEOWNERS")) {
+      await mkdir(join2(dest, ".github"), { recursive: true });
+      await writeFile(
+        join2(dest, ".github/CODEOWNERS"),
+        await generateCodeowners(vars)
+      );
+    }
+    if (shouldWrite("RUNBOOK.md")) {
+      await writeFile(join2(dest, "RUNBOOK.md"), await generateRunbook(vars));
+    }
+  }
   await copyStaticFiles(repoDir, dest);
   if (shouldWrite(".vscode/settings.json")) {
     await mkdir(join2(dest, ".vscode"), { recursive: true });
@@ -613,7 +661,7 @@ function ormNodeDockerfileSource(manifest, vars) {
 ENV PATH="$PNPM_HOME:$PATH"
 RUN corepack enable && corepack prepare pnpm@10.33.0 --activate
 ` : pmName === "yarn" ? "RUN corepack enable\n" : pmName === "bun" ? "RUN npm install -g bun\n" : "";
-  const buildCopy = extraConfigCopy ? `COPY package.json tsconfig.json ${extraConfigCopy} ./` : `COPY package.json tsconfig.json ./`;
+  const buildCopy = extraConfigCopy ? `COPY package.json tsconfig.json tsconfig.build.json ${extraConfigCopy} ./` : `COPY package.json tsconfig.json tsconfig.build.json ./`;
   const migrateStage = migrateCmd ? `FROM build AS migrate
 CMD ["sh", "-c", "${exec} ${migrateCmd}"]

package/dist/index.js CHANGED Viewed

@@ -9,12 +9,12 @@ import {
   matchesSkip,
   saveBaselineRef,
   writeTemplateToDir
-} from "./chunk-NPBLDU4H.js";
+} from "./chunk-NXIFRWTX.js";
 import {
   COMPONENTS,
   COMPONENT_MARKER,
-  DEFAULT_ROOT_SKIP_PATTERNS,
   EXCLUDE,
+  INSTANCE_AWARE_SHARED,
   KNOWN_FEATURES,
   ORM_PROVIDERS,
   PACKAGE_MANAGERS,
@@ -37,7 +37,7 @@ import {
   toSnake,
   writeComponentMarker,
   writeProjxConfig
-} from "./chunk-N66CVDEV.js";
+} from "./chunk-GZUJ235K.js";
 // src/index.ts
 import { existsSync as existsSync11 } from "fs";
@@ -903,7 +903,7 @@ function hasUncommittedChanges(cwd) {
 async function findPinnedFilesWithUpdates(cwd, repoDir, components, componentPaths, vars, version, componentSkips, rootSkip) {
   const { mkdtemp: mkdtemp2, rm: rm2, readFile: readFile8 } = await import("fs/promises");
   const { tmpdir: tmpdir2 } = await import("os");
-  const { writeTemplateToDir: writeTemplateToDir2 } = await import("./baseline-2PBT5JBT.js");
+  const { writeTemplateToDir: writeTemplateToDir2 } = await import("./baseline-ACCRNHE4.js");
   const config = await readProjxConfig(cwd);
   const rootPinned = Array.isArray(config.skip) ? config.skip : [];
   const componentPinned = [];
@@ -1088,6 +1088,17 @@ import { copyFileSync as copyFileSync2, existsSync as existsSync4 } from "fs";
 import { readFile as readFile4 } from "fs/promises";
 import { join as join4 } from "path";
 import * as p4 from "@clack/prompts";
+function reportPinnedShared(cwd, rootSkip, wiringTarget) {
+  const pinned = INSTANCE_AWARE_SHARED.filter(
+    (f) => matchesSkip(f, rootSkip) && existsSync4(join4(cwd, f))
+  );
+  if (pinned.length === 0) return;
+  p4.log.warn(
+    `${pinned.length} shared file(s) are in .projx "skip" and were left untouched \u2014 wire ${wiringTarget} in by hand, or unpin then re-run add:`
+  );
+  for (const f of pinned) p4.log.info(`  ${f}`);
+  p4.log.info(`Unpin:  npx create-projx unpin ${pinned.join(" ")}`);
+}
 async function add(cwd, newComponents, localRepo, skipInstall = false, customName, features) {
   p4.intro("projx add");
   const isLocal = !!localRepo;
@@ -1164,6 +1175,12 @@ async function add(cwd, newComponents, localRepo, skipInstall = false, customNam
       await readFile4(join4(repoDir, "cli/package.json"), "utf-8")
     );
     const version = pkg.version;
+    const rootSkip = Array.isArray(config.skip) ? config.skip : [];
+    const componentSkips = {};
+    for (const inst of existingInstances) {
+      const m = await readComponentMarker(join4(cwd, inst.path));
+      if (m?.skip && m.skip.length > 0) componentSkips[inst.type] = m.skip;
+    }
     const spinner6 = p4.spinner();
     spinner6.start("Adding components");
     await writeTemplateToDir(
@@ -1173,9 +1190,10 @@ async function add(cwd, newComponents, localRepo, skipInstall = false, customNam
       paths,
       vars,
       version,
-      { realCwd: cwd }
+      { componentSkips, rootSkip, realCwd: cwd }
     );
     spinner6.stop("Components added.");
+    reportPinnedShared(cwd, rootSkip, toAdd.join(", "));
     if (features && Object.keys(features).length > 0) {
       const featSpinner = p4.spinner();
       featSpinner.start("Applying features");
@@ -1246,14 +1264,7 @@ async function addInstance(cwd, type, customName, config, existing, localRepo, s
       await readFile4(join4(repoDir, "cli/package.json"), "utf-8")
     );
     const version = pkg.version;
-    const INSTANCE_AWARE_ROOT = /* @__PURE__ */ new Set([
-      ".github/workflows/ci.yml",
-      ".githooks/pre-commit",
-      "scripts/setup.sh",
-      "docker-compose.yml"
-    ]);
-    const rawSkip = Array.isArray(config.skip) ? config.skip : [];
-    const rootSkip = rawSkip.filter((p10) => !INSTANCE_AWARE_ROOT.has(p10));
+    const rootSkip = Array.isArray(config.skip) ? config.skip : [];
     const componentSkips = {};
     for (const inst of existingInstances) {
       const m = await readComponentMarker(join4(cwd, inst.path));
@@ -1275,6 +1286,7 @@ async function addInstance(cwd, type, customName, config, existing, localRepo, s
       [newInstance]
     );
     spinner6.stop(`Scaffolded ${customName}/.`);
+    reportPinnedShared(cwd, rootSkip, customName);
     if (result.status === "merged") {
       p4.log.success(
         `${result.mergedFiles?.length ?? 0} root file(s) merged cleanly.`
@@ -1553,7 +1565,7 @@ async function init(cwd, localRepo) {
   );
   let pm = "npm";
   if (hasJs) {
-    const detected2 = detectPackageManager(cwd);
+    const detected2 = detectPackageManagerFromComponents(cwd, paths);
     if (detected2) {
       pm = detected2;
       p5.log.info(`Detected package manager: ${pm}`);
@@ -1660,7 +1672,7 @@ async function writeBareProjx(cwd, localRepo, isLocal, pm) {
       version: pkg.version,
       createdAt: today,
       updatedAt: today,
-      skip: [...DEFAULT_ROOT_SKIP_PATTERNS],
+      skip: [],
       defaultsApplied: true
     };
     if (pm) config.packageManager = pm;

package/dist/{utils-QQUKUZKQ.js → utils-NVIN3FSZ.js} RENAMED Viewed

@@ -2,8 +2,8 @@ import {
   COMPONENTS,
   COMPONENT_MARKER,
   DEFAULT_COMPONENT_SKIP_PATTERNS,
-  DEFAULT_ROOT_SKIP_PATTERNS,
   EXCLUDE,
+  INSTANCE_AWARE_SHARED,
   KNOWN_FEATURES,
   ORM_PROVIDERS,
   PACKAGE_MANAGERS,
@@ -36,13 +36,13 @@ import {
   upsertComponentMarker,
   writeComponentMarker,
   writeProjxConfig
-} from "./chunk-N66CVDEV.js";
+} from "./chunk-GZUJ235K.js";
 export {
   COMPONENTS,
   COMPONENT_MARKER,
   DEFAULT_COMPONENT_SKIP_PATTERNS,
-  DEFAULT_ROOT_SKIP_PATTERNS,
   EXCLUDE,
+  INSTANCE_AWARE_SHARED,
   KNOWN_FEATURES,
   ORM_PROVIDERS,
   PACKAGE_MANAGERS,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "create-projx",
-  "version": "1.7.6",
+  "version": "1.8.0",
   "description": "Scaffold production-grade fullstack projects in seconds. FastAPI, Fastify, Express, React, Flutter, Terraform — with auth, database, CI/CD, E2E tests, and Docker. One command, ready to deploy.",
   "type": "module",
   "bin": {

package/src/templates/codeowners.ejs ADDED Viewed

@@ -0,0 +1,9 @@
+* @<%= githubOwner %>
+infra/ @<%= githubOwner %>
+.github/workflows/ @<%= githubOwner %>
+scripts/deploy*.sh @<%= githubOwner %>
+scripts/rollback.sh @<%= githubOwner %>
+<% if (hasBackendMigrations) { %>backend/prisma/migrations/ @<%= githubOwner %>
+<% } %><% if (hasAdminPanelMigrations) { %>admin-panel/internal/db/migrations/ @<%= githubOwner %>
+<% } %>

package/src/templates/docker-compose.yml.ejs CHANGED Viewed

@@ -23,7 +23,7 @@ services:
           "CMD",
           "python",
           "-c",
-          "import urllib.request; urllib.request.urlopen('http://localhost:7860/api/health')",
+          "import urllib.request; urllib.request.urlopen('http://localhost:7860/api/health/live')",
         ]
       interval: 30s
       timeout: 10s
@@ -61,7 +61,7 @@ services:
           "CMD",
           "node",
           "-e",
-          "require('http').get('http://localhost:3000/api/health', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))",
+          "require('http').get('http://localhost:3000/api/health/live', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))",
         ]
       interval: 30s
       timeout: 10s
@@ -99,7 +99,7 @@ services:
           "CMD",
           "node",
           "-e",
-          "require('http').get('http://localhost:3000/api/health', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))",
+          "require('http').get('http://localhost:3000/api/health/live', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))",
         ]
       interval: 30s
       timeout: 10s

package/src/templates/rollback.sh.ejs ADDED Viewed

@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+# Roll <%= projectName %> back to a previous main-<sha> image tag in ECR.
+#
+# Usage:
+#   scripts/rollback.sh <previous-sha>
+#
+# Required env on the operator workstation:
+#   AWS_REGION       (default <%= awsRegion %>)
+#   ECR_REGISTRY     (account-id.dkr.ecr.<%= awsRegion %>.amazonaws.com)
+#   EC2_INSTANCE_ID  (the <%= projectName %>-web instance)
+#   DOMAIN           (default <%= productionDomain %>)
+set -euo pipefail
+if [[ $# -ne 1 ]]; then
+  echo "Usage: $0 <previous-sha>" >&2
+  exit 2
+fi
+PREV_SHA="$1"
+AWS_REGION="${AWS_REGION:-<%= awsRegion %>}"
+DOMAIN="${DOMAIN:-<%= productionDomain %>}"
+TAG="main-${PREV_SHA}"
+if [[ -z "${ECR_REGISTRY:-}" ]]; then
+  echo "ECR_REGISTRY is required" >&2
+  exit 2
+fi
+if [[ -z "${EC2_INSTANCE_ID:-}" ]]; then
+  echo "EC2_INSTANCE_ID is required" >&2
+  exit 2
+fi
+REPOS=(<% for (const r of ecrRepos) { %>
+  <%= r %><% } %>
+)
+echo "==> Confirming target image exists in ECR for every service"
+for repo in "${REPOS[@]}"; do
+  if ! aws ecr describe-images --region "$AWS_REGION" --repository-name "$repo" --image-ids imageTag="$TAG" >/dev/null 2>&1; then
+    echo "FATAL: $repo does not have image tag $TAG in ECR" >&2
+    exit 3
+  fi
+done
+echo "==> Re-tagging $TAG as main-latest for every service"
+for repo in "${REPOS[@]}"; do
+  manifest=$(aws ecr batch-get-image --region "$AWS_REGION" --repository-name "$repo" --image-ids imageTag="$TAG" --query 'images[].imageManifest' --output text)
+  if [[ -z "$manifest" ]]; then
+    echo "FATAL: failed to read manifest for $repo:$TAG" >&2
+    exit 4
+  fi
+  aws ecr put-image --region "$AWS_REGION" --repository-name "$repo" --image-tag "main-latest" --image-manifest "$manifest" >/dev/null
+  echo "  re-tagged $repo -> main-latest"
+done
+echo "==> Triggering deploy on $EC2_INSTANCE_ID with IMAGE_TAG=$TAG"
+COMMAND_ID=$(aws ssm send-command \
+  --region "$AWS_REGION" \
+  --instance-ids "$EC2_INSTANCE_ID" \
+  --document-name AWS-RunShellScript \
+  --comment "<%= projectName %> rollback to $TAG" \
+  --parameters commands="[\"IMAGE_TAG=$TAG AWS_REGION=$AWS_REGION ECR_REGISTRY=$ECR_REGISTRY DOMAIN=$DOMAIN bash /opt/<%= projectName %>/scripts/deploy-on-ec2.sh\"]" \
+  --query 'Command.CommandId' \
+  --output text)
+echo "==> SSM command id: $COMMAND_ID"
+echo "Tail logs with:"
+echo "  aws ssm get-command-invocation --region $AWS_REGION --instance-id $EC2_INSTANCE_ID --command-id $COMMAND_ID"

package/src/templates/runbook.md.ejs ADDED Viewed

@@ -0,0 +1,64 @@
+# <%= displayName %> Runbook
+Single source of truth for production recovery, deploys, rollbacks, and incident response.
+## Architecture at a glance
+- Single EC2 (Ubuntu 24.04, `<%= awsRegion %>`) running Docker Compose
+- RDS Postgres, isolated subnets, PITR enabled, `deletion_protection=true`
+- Container registry: ECR
+- IaC: Terraform in [`infra/`](infra/), state in S3 + DynamoDB lock
+## Deploy
+GitHub Actions builds + pushes ECR + SSM SendCommand to the EC2. Operator runs migrate by hand:
+```
+aws ssm start-session --target $EC2_INSTANCE_ID
+cd /opt/<%= projectName %>
+docker compose run --rm migrate
+```
+## Rollback (target RTO < 2 minutes)
+1. Pick last-known-good `main-<sha>` tag in ECR.
+2. `scripts/rollback.sh <sha>` — re-tags ECR + SSM-invokes deploy.
+3. `curl https://<%= productionDomain %>/api/health` must return 200.
+## DB restore (point-in-time)
+Last tested: not yet rehearsed.
+```
+aws rds restore-db-instance-to-point-in-time \
+  --source-db-instance-identifier <%= projectName %>-1 \
+  --target-db-instance-identifier <%= projectName %>-1-restore-$(date +%Y%m%d) \
+  --restore-time <iso8601-utc>
+```
+Then update `/<%= projectName %>/backend/env` `DATABASE_URL` SSM parameter; `docker compose restart backend`.
+## Certificate renewal
+Let's Encrypt via certbot at `/etc/cron.d/<%= projectName %>-certbot`, daily 03:00.
+## Incident channels
+- Internal alarms: `<%= projectName %>-alerts` SNS topic (subscribe via `var.alert_emails`)
+- Application crashes: Sentry (Node backends: `service_configs` row with purpose `sentry`; FastAPI/frontend: `SENTRY_DSN` / `VITE_SENTRY_DSN` env)
+- Customer-facing: TBD
+## Known recovery cliffs (open items)
+- **Single-AZ RDS** — failover takes minutes until `multi_az=true` flipped.
+- **DR untested** — restore procedure above is theoretical until rehearsed.
+- **`docker container prune` + `docker image prune -a` on every deploy** — `scripts/deploy.sh` aggressively cleans the local Docker store after each successful deploy. This keeps the disk small but means **rollback to a previous image always requires a fresh `docker pull`** rather than a local-cache hit. On a slow link or during a registry outage that blocks the pull, rollback time stretches by however long the pull takes. If the rollback target is more than two deploys old it will not be in the registry's hot cache either. **Mitigation:** for the highest-risk deploys (database migrations, auth surface, payment paths), keep the previous container running on a parallel port for the first 15 minutes post-deploy so an in-place revert does not need any pull at all. Skip the prune step on the deploy host for those windows.
+## Common ops
+| Task                       | Command                                                                              |
+| -------------------------- | ------------------------------------------------------------------------------------ |
+| SSH-equivalent             | `aws ssm start-session --target $EC2_INSTANCE_ID`                                    |
+| Tail backend logs          | `docker logs --tail 200 -f backend`                                                  |
+| Run a one-off migration    | `docker compose run --rm migrate`                                                    |
+| Re-issue certbot           | `sudo certbot certonly --nginx --keep-until-expiring -d <%= productionDomain %>`     |