create-seamless 0.0.3 → 0.0.4

package/index.js

@@ -13,6 +13,34 @@ const streamPipeline = promisify(pipeline);
 const MIN_NODE_MAJOR = 18;
 const nodeMajor = Number(process.versions.node.split(".")[0]);
 
+function printHelp() {
+  console.log(`
+create-seamless
+
+Scaffold a local Seamless Auth development environment.
+
+Usage:
+  npx create-seamless [project-name] [options]
+
+Options:
+  --auth           Include the Seamless Auth server
+  --api            Include the Express API example
+  --web            Include the React web application
+  --no-git         Skip git initialization
+
+  --auth-port <n>  Auth server port (default: 5312)
+  --api-port <n>   API server port (default: 3000)
+  --web-port <n>   Web server port (default: 5173)
+
+  -h, --help       Show this help message
+
+If no component flags are provided, all components are included.
+
+Docs:
+  https://docs.seamlessauth.com
+`);
+}
+
 if (nodeMajor < MIN_NODE_MAJOR) {
   console.error(`
 ❌ Seamless requires Node ${MIN_NODE_MAJOR}+.
@@ -24,6 +52,11 @@ Upgrade at https://nodejs.org
 }
 
 const args = process.argv.slice(2);
+
+if (args.includes("-h") || args.includes("--help")) {
+  printHelp();
+  process.exit(0);
+}
 const projectName = args.find((a) => !a.startsWith("--")) ?? "seamless-app";
 
 const hasFlag = (flag) => args.includes(`--${flag}`);
@@ -35,7 +68,6 @@ const getFlag = (flag, fallback) => {
 const includeAuth = hasFlag("auth");
 const includeWeb = hasFlag("web");
 const includeApi = hasFlag("api");
-const installDeps = hasFlag("install");
 const skipGit = hasFlag("no-git");
 
 const authPort = getFlag("auth-port", "5312");
@@ -71,9 +103,10 @@ It is designed for development environments where you want:
 
 \`\`\`text
 .
-├─ auth/        # Seamless Auth open source server
-├─ api/         # Backend API server (optional)
-├─ web/         # Frontend web application (optional)
+├─ auth/                # Seamless Auth open source server
+├─ api/                 # Backend API server (optional)
+├─ web/                 # Frontend web application (optional)
+├─ Docker-compose.yml   # Docker compose for one command spin up of dev environment
 └─ README.md
 \`\`\`
 
@@ -81,6 +114,54 @@ It is designed for development environments where you want:
 
 ## Running the stack
 
+### Running with Docker (optional)
+
+This project includes a Docker Compose configuration that allows you to run the
+entire Seamless Auth stack locally with a single command.
+
+### Requirements
+
+* Docker
+* Docker Compose
+
+### Start the stack
+
+From the project root, run:
+
+\`\`\`bash
+docker compose up
+\`\`\`
+
+This will start the following services in development mode:
+
+* Postgres database
+* Seamless Auth server
+* API server
+* Web UI
+
+All services are configured with hot reload. Changes to the source code will be
+picked up automatically.
+
+### Access the application
+
+Once all services are running, open:
+
+\`\`\`
+http://localhost:5001
+\`\`\`
+
+This is the main entry point for the web application.
+
+### Stopping the stack
+
+To stop all services:
+
+\`\`\`bash
+docker compose down
+\`\`\`
+
+This will shut down all containers while preserving the local database volume.
+
 Open separate terminals and run each service independently.
 
 ### Auth server
@@ -90,7 +171,7 @@ cd auth
 npm run dev
 \`\`\`
 
-Default port: \`3000\`
+Default port: \`5312\`
 
 ---
 
@@ -101,7 +182,7 @@ cd api
 npm run dev
 \`\`\`
 
-Default port: \`4000\`
+Default port: \`3000\`
 
 ---
 
@@ -112,7 +193,7 @@ cd web
 npm run dev
 \`\`\`
 
-Default port: \`5173\`
+Default port: \`5001\`
 
 ---
 
@@ -145,6 +226,64 @@ includes.
 Review each subproject for its specific license before deploying to production.
 `;
 
+const GENERATED_DOCKER_COMPOSE = `
+version: "3.9"
+
+services:
+  db:
+    image: postgres:16
+    container_name: seamless-db
+    ports:
+      - "5432:5432"
+    environment:
+      POSTGRES_USER: seamless
+      POSTGRES_PASSWORD: seamless
+      POSTGRES_DB: seamless
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+
+  auth:
+    container_name: seamless-auth
+    build: ./auth
+    ports:
+      - "5312:5312"
+    env_file:
+      - ./auth/.env
+    volumes:
+      - ./auth:/app
+    depends_on:
+      - db
+
+  api:
+    container_name: seamless-api
+    build: ./api
+    ports:
+      - "3000:3000"
+    env_file:
+      - ./api/.env
+    volumes:
+      - ./api:/app
+    depends_on:
+      - auth
+      - db
+
+  web:
+    container_name: seamless-web
+    build: ./web
+    ports:
+      - "5001:5001"
+    env_file:
+      - ./web/.env
+    volumes:
+      - ./web:/app
+    depends_on:
+      - auth
+      - api
+
+volumes:
+  pgdata:
+`;
+
 function writeEnv(dir, values) {
   const env = Object.entries(values)
     .map(([k, v]) => `${k}=${v}`)
@@ -202,8 +341,8 @@ async function downloadRepo(repo, dest) {
       VERSION: "1.0.0",
       APP_NAME: "Seamless Auth Example",
       APP_ID: "local-dev",
-      APP_ORIGIN: "http://localhost:3000",
-      ISSUER: "http://localhost:5312",
+      APP_ORIGIN: `http://localhost:${apiPort}`,
+      ISSUER: `http://localhost:${authPort}`,
 
       AUTH_MODE: "server",
       DEMO: "true",
@@ -223,7 +362,7 @@ async function downloadRepo(repo, dest) {
       JWKS_ACTIVE_KID: "dev-main",
 
       RPID: "localhost",
-      ORIGINS: "http://localhost:3000",
+      ORIGINS: `http://localhost:${apiPort}`,
     });
   }
 
@@ -234,7 +373,7 @@ async function downloadRepo(repo, dest) {
     await downloadRepo(REPOS.api, dir);
 
     writeEnv(dir, {
-      AUTH_SERVER_URL: `http://localhost${authPort}`,
+      AUTH_SERVER_URL: `http://localhost:${authPort}`,
       APP_ORIGIN: `http://localhost:${apiPort}`,
       COOKIE_SIGNING_KEY: randomBytes(32).toString("hex"),
       API_SERVICE_TOKEN: API_SERVICE_TOKEN,
@@ -263,14 +402,11 @@ async function downloadRepo(repo, dest) {
     execSync("git init", { cwd: root });
   }
 
-  if (installDeps) {
-    for (const dir of ["auth", "api", "web"]) {
-      const full = path.join(root, dir);
-      if (fs.existsSync(full)) {
-        console.log(`Installing deps in ${dir}...`);
-        execSync("npm install", { cwd: full, stdio: "inherit" });
-      }
-    }
+  if (AUTH && API && WEB) {
+    fs.writeFileSync(
+      path.join(root, "Docker-compose.yml"),
+      GENERATED_DOCKER_COMPOSE,
+    );
   }
 
   console.log(`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-seamless",
-  "version": "0.0.3",
+  "version": "0.0.4",
   "description": "The starter script for Seamless Auth",
   "homepage": "https://github.com/fells-code/create-seamless#readme",
   "bugs": {
@@ -14,6 +14,12 @@
   "author": "Fells Code, LLC",
   "type": "module",
   "main": "index.js",
+  "files": [
+    "index.js",
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"
   },

package/.github/workflows/release.yml

@@ -1,40 +0,0 @@
-name: Publish to npm
-
-on:
-  push:
-    tags:
-      - "v*.*.*"
-
-permissions:
-  contents: read
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Use Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          registry-url: https://registry.npmjs.org
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Verify tag matches package version
-        run: |
-          TAG_VERSION=${GITHUB_REF#refs/tags/v}
-          PKG_VERSION=$(node -p "require('./package.json').version")
-          if [ "$TAG_VERSION" != "$PKG_VERSION" ]; then
-            echo "Tag version ($TAG_VERSION) does not match package.json version ($PKG_VERSION)"
-            exit 1
-          fi
-
-      - name: Publish to npm
-        run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/SECURITY.md

@@ -1,80 +0,0 @@
-# Security Policy
-
-## Reporting a Vulnerability
-
-Seamless Auth takes security seriously.
-We appreciate responsible disclosure and will work quickly with researchers and users to investigate and resolve issues.
-
-**Please do not report security vulnerabilities through public GitHub issues.**
-
----
-
-## How to Report
-
-If you believe you have found a security vulnerability, please report it privately by emailing:
-
-security@seamlessauth.com
-
-Include as much detail as possible:
-
-- A clear description of the issue
-- Steps to reproduce (proof-of-concept if available)
-- Affected package(s) and version(s)
-- Potential impact (authentication bypass, privilege escalation, data exposure, etc.)
-
-Encrypted reports are welcome. If you need a public PGP key, request one in your initial email.
-
----
-
-## Scope
-
-This policy applies to:
-
-- @seamless-auth/core
-- @seamless-auth/express
-- @seamless-auth/react
-- Seamless Auth Api
-- Create seamless
-- Official Docker images published under the Seamless Auth organization
-
-Third-party dependencies are not covered, but reports identifying vulnerable dependency usage are appreciated.
-
----
-
-## What to Expect
-
-- **Acknowledgement** within 72 hours
-- **Initial assessment** within 5 business days
-- **Fix or mitigation** as quickly as possible depending on severity
-
-We will coordinate disclosure timing with you if a fix requires public communication.
-
----
-
-## Supported Versions
-
-Security fixes are applied to:
-
-- The latest published version
-- The current development branch
-
-Older versions may not receive patches unless the issue is critical.
-
----
-
-## Responsible Disclosure
-
-We kindly ask that you:
-
-- Allow reasonable time to investigate and remediate
-- Avoid exploiting vulnerabilities beyond proof-of-concept
-- Avoid public disclosure until a fix is released or coordinated
-
-We believe responsible disclosure helps keep the ecosystem safer for everyone.
-
----
-
-Thank you for helping keep Seamless Auth secure.
-
-— Fells Code, LLC  
-https://seamlessauth.com