create-svc 0.1.11 → 0.1.13

package/README.md

@@ -1,6 +1,6 @@
-# create-service
+# service
 
-`create-service` is a local microservice bootstrap CLI for generating standalone API services with:
+`service` is a local microservice CLI for generating standalone API services and operating them after generation with the same command name.
 
 - a single `microservice` generation path
 - explicit deploy target selection: Cloud Run or Cloudflare Workers
@@ -8,7 +8,7 @@
 - HTTP frameworks (`chi` or `hono`) and ConnectRPC variants
 - standalone package output that does not assume repo bootstrap
 - a generated `service.config.ts` manifest
-- a generated `service` lifecycle CLI for create, deploy, migrate, seed, dashboards, doctor, and destroy
+- one `service` CLI for scaffold, create, deploy, migrate, seed, dashboards, doctor, and destroy
 - local Docker Compose Postgres for first-run development
 - Neon-backed remote environments
 - a production API origin at `https://api.<service_id>.anmho.com`
@@ -20,25 +20,27 @@ npm: <https://www.npmjs.com/package/create-svc>
 ## Usage
 
 ```bash
-bun create svc my-service
+service create my-service
 ```
 
-Compatibility alias:
+Inside a generated service repo, the same command operates that repo:
 
 ```bash
-bun create svc my-service
+cd my-service
+service create
+service deploy
 ```
 
-or:
+To install from npm:
 
 ```bash
-bunx create-svc my-service
+bun add -g create-svc
 ```
 
 For the strict one-command production path:
 
 ```bash
-bun create svc my-service --yes
+service create my-service --yes
 ```
 
 `--profile microservice` is accepted as a compatibility no-op. App workspaces live outside this package in private app template repositories.
@@ -46,7 +48,7 @@ bun create svc my-service --yes
 By default, a standalone generated service is initialized as a git repository,
 committed with `Initial commit`, created as a private GitHub repository at
 `anmho/<service-name>`, and pushed to `origin/main`. If the target directory is
-inside an existing git worktree, create-service skips git and GitHub setup so the
+inside an existing git worktree, `service` skips git and GitHub setup so the
 parent repository remains in control. Pass `--no-git` to skip all git and GitHub
 side effects.
 
@@ -57,15 +59,14 @@ Without publishing to npm:
 ```bash
 bun install
 npm pack
-bunx ./create-svc-*.tgz my-service
+bunx ./create-svc-*.tgz create my-service
 ```
 
 For faster iteration against your working tree:
 
 ```bash
 bun link
-bun link create-service
-create-service my-service
+service create my-service
 ```
 
 During scaffold, the generator can discover:
@@ -96,9 +97,9 @@ bun run dev
 bun run gen
 bun run lint
 bun run test
-bun run create
-bun run deploy
-bun run destroy
+service create
+service deploy
+service destroy
 ```
 
 For Go variants:
@@ -109,9 +110,9 @@ make dev
 make gen
 make lint
 make test
-make create
-make deploy
-make destroy
+service create
+service deploy
+service destroy
 ```
 
 Language-specific tasks such as local running, linting, formatting, testing, and building stay in package scripts or Make targets. Service lifecycle operations are exposed through the generated `service` CLI.
@@ -125,7 +126,7 @@ The generated microservice domain is a small waitlist/launch service example wit
 ```bash
 bun install
 bun test src scripts
-bun run index.ts my-service
+bun run index.ts create my-service
 ```
 
 Validate the generated app matrix against local Docker Compose Postgres:
@@ -140,7 +141,7 @@ The validation harness scaffolds generated services into ignored `bin/generated/
 
 ## npm Trusted Publishing
 
-`create-service` is set up for npm trusted publishing from GitHub Actions, so there is no long-lived npm publish token to store in Vault.
+`create-svc` is set up for npm trusted publishing from GitHub Actions, so there is no long-lived npm publish token to store in Vault.
 
 Repository workflow:
 
@@ -150,12 +151,12 @@ Repository workflow:
 
 npm package setup still has to be configured once in the npm UI to trust this repository and workflow:
 
-1. Open the `create-service` package settings on npm.
+1. Open the `create-svc` package settings on npm.
 2. Go to `Settings` -> `Trusted Publisher`.
 3. Select `GitHub Actions`.
 4. Enter:
    - Organization or user: `anmho`
-   - Repository: `create-service`
+   - Repository: `create-svc`
    - Workflow filename: `publish.yml`
 5. Save the trusted publisher.
 

package/index.ts

@@ -1,5 +1,5 @@
 #!/usr/bin/env bun
 
-import { run } from "./src/cli";
+import { runServiceCommand } from "./src/service";
 
-await run(process.argv.slice(2));
+await runServiceCommand(process.argv.slice(2));

package/package.json

@@ -1,17 +1,15 @@
 {
   "name": "create-svc",
-  "version": "0.1.11",
+  "version": "0.1.13",
   "description": "Local microservice bootstrap CLI for Cloud Run and Workers services with Neon-backed data.",
   "module": "index.ts",
   "type": "module",
   "license": "MIT",
   "bin": {
-    "create-service": "bin/create-service.mjs",
-    "create-svc": "bin/create-svc.mjs"
+    "service": "bin/service.mjs"
   },
   "files": [
-    "bin/create-service.mjs",
-    "bin/create-svc.mjs",
+    "bin/service.mjs",
     "index.ts",
     "src",
     "templates",

package/src/cli.ts

@@ -76,7 +76,7 @@ export async function run(argv: string[]) {
 
     await maybeCheckForUpdate(args);
 
-    intro(`${pc.bold("create-service")} ${pc.dim("microservice bootstrap")}`);
+    intro(`${pc.bold("service")} ${pc.dim("microservice bootstrap")}`);
 
     const config = await resolveConfig(args);
     const targetDir = resolve(process.cwd(), config.directory);
@@ -137,13 +137,11 @@ export async function run(argv: string[]) {
         `Local DB: ${pc.cyan("started by local dev command")}`,
         `Migrate: ${pc.cyan(isBun ? "bun run migrate" : "make migrate")}`,
         `Local dev: ${pc.cyan(isBun ? "bun run dev" : "make dev")}`,
-        `Create: ${pc.cyan(isBun ? "bun run service -- create" : "make create")}`,
-        `Deploy: ${pc.cyan(isBun ? "bun run service -- deploy" : "make deploy")}`,
+        `Create: ${pc.cyan("service create")}`,
+        `Deploy: ${pc.cyan("service deploy")}`,
         config.git.enabled ? `Repository: ${pc.cyan(`https://github.com/anmho/${config.git.repository}`)}` : undefined,
         `Personal env: ${pc.cyan(
-          isBun
-            ? `bun run deploy -- --environment personal --name ${config.serviceName}`
-            : `make deploy ARGS="--environment personal --name ${config.serviceName}"`
+          `service deploy --environment personal --name ${config.serviceName}`
         )}`,
         `Production API: ${pc.cyan(`https://${config.apiHostname}`)}`,
       ].filter(Boolean).join("\n")
@@ -827,7 +825,7 @@ export function validateServiceNameInput(rawValue: string, directoryOverride?: s
 function printHelp() {
   log.message(`
 Usage:
-  create-service [service_id] [options]
+  service create [service_id] [options]
 
 Options:
   --target <cloudrun|workers>     Deploy target for the generated service

package/src/scaffold.test.ts

@@ -258,7 +258,7 @@ test("scaffolds all runtime/framework variants with shared cloudrun config", asy
       expect(readme).toContain("AUTH_ENABLED=true");
       expect(readme).toContain("verifies JWT bearer tokens");
       expect(readme).toContain("prod/apps/auth/authctl/cloudflare-access");
-      expect(readme).toContain(variant.runtime === "bun" ? "bun run auth -- resource-server" : 'make auth ARGS="resource-server"');
+      expect(readme).toContain("service auth resource-server");
     }
 
     const deployWorkflow = await Bun.file(join(generatedRoot, ".github", "workflows", "deploy.yml")).text();
@@ -285,8 +285,8 @@ test("scaffolds a backend package cleanly into a nested monorepo-style directory
   expect(readme).toContain("local Postgres service in `docker-compose.yml`");
   expect(readme).toContain("gcloud auth login");
   expect(readme).toContain("known-good CLIs");
-  expect(readme).toContain("bun run create");
-  expect(readme).toContain("bun run deploy");
+  expect(readme).toContain("service create");
+  expect(readme).toContain("service deploy");
   expect(readme).toContain("one-command production create");
   expect(readme).toContain("waitlist/launch service");
   expect(readme).toContain("Terraform is optional");

package/src/scaffold.ts

@@ -214,24 +214,14 @@ function buildReplacements(config: ScaffoldConfig) {
     COMMAND_GEN: config.runtime === "bun" ? "bun run gen" : "make gen",
     COMMAND_LINT: config.runtime === "bun" ? "bun run lint" : "make lint",
     COMMAND_TEST: config.runtime === "bun" ? "bun run test" : "make test",
-    COMMAND_BOOTSTRAP: config.runtime === "bun" ? "bun run create" : "make create",
-    COMMAND_DEPLOY: config.runtime === "bun" ? "bun run deploy" : "make deploy",
-    COMMAND_AUTH_RESOURCE:
-      config.runtime === "bun" ? "bun run auth -- resource-server" : 'make auth ARGS="resource-server"',
-    COMMAND_AUTH_CLIENT:
-      config.runtime === "bun"
-        ? "bun run auth -- client create"
-        : 'make auth ARGS="client create"',
-    COMMAND_DEPLOY_PERSONAL:
-      config.runtime === "bun"
-        ? 'bun run deploy -- --environment personal --name <slug>'
-        : 'make deploy ARGS="--environment personal --name <slug>"',
-    COMMAND_DEPLOY_DESTROY:
-      config.runtime === "bun"
-        ? 'bun run destroy -- --environment personal --name <slug>'
-        : 'make destroy ARGS="--environment personal --name <slug>"',
-    COMMAND_CLEANUP: config.runtime === "bun" ? "bun run destroy" : "make destroy",
-    COMMAND_CLEANUP_PROJECT: config.runtime === "bun" ? "bun run destroy -- --project" : 'make destroy ARGS="--project"',
+    COMMAND_BOOTSTRAP: "service create",
+    COMMAND_DEPLOY: "service deploy",
+    COMMAND_AUTH_RESOURCE: "service auth resource-server",
+    COMMAND_AUTH_CLIENT: "service auth client create",
+    COMMAND_DEPLOY_PERSONAL: "service deploy --environment personal --name <name>",
+    COMMAND_DEPLOY_DESTROY: "service destroy --environment personal --name <name>",
+    COMMAND_CLEANUP: "service destroy",
+    COMMAND_CLEANUP_PROJECT: "service destroy --project",
     GITIGNORE_EXTRA: "",
     LOCAL_INTROSPECTION_NOTE:
       config.framework === "connectrpc"

package/src/service.test.ts

@@ -0,0 +1,30 @@
+import { expect, test } from "bun:test";
+import { mkdtemp, mkdir, writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { findGeneratedServiceRoot, normalizeScaffoldArgs } from "./service";
+
+test("normalizeScaffoldArgs treats service create as the scaffold command outside a service repo", () => {
+  expect(normalizeScaffoldArgs(["create", "launch-api", "--yes"])).toEqual(["launch-api", "--yes"]);
+  expect(normalizeScaffoldArgs(["new", "launch-api"])).toEqual(["launch-api"]);
+  expect(normalizeScaffoldArgs(["init", "launch-api"])).toEqual(["launch-api"]);
+  expect(normalizeScaffoldArgs(["launch-api", "--yes"])).toEqual(["launch-api", "--yes"]);
+});
+
+test("normalizeScaffoldArgs maps service help to generator help outside a service repo", () => {
+  expect(normalizeScaffoldArgs(["help"])).toEqual(["--help"]);
+  expect(normalizeScaffoldArgs(["help", "--verbose"])).toEqual(["--help", "--verbose"]);
+});
+
+test("findGeneratedServiceRoot detects generated service context from nested directories", async () => {
+  const root = await mkdtemp(join(tmpdir(), "create-svc-service-root-"));
+  const serviceRoot = join(root, "generated-api");
+  const nested = join(serviceRoot, "src", "waitlist");
+  await mkdir(join(serviceRoot, "scripts", "cloudrun"), { recursive: true });
+  await mkdir(nested, { recursive: true });
+  await writeFile(join(serviceRoot, "service.config.ts"), "export default {}");
+  await writeFile(join(serviceRoot, "scripts", "cloudrun", "cli.ts"), "");
+
+  expect(findGeneratedServiceRoot(nested)).toBe(serviceRoot);
+  expect(findGeneratedServiceRoot(root)).toBeUndefined();
+});

package/src/service.ts

@@ -0,0 +1,65 @@
+import { existsSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { run as runScaffoldCli } from "./cli";
+
+const SCAFFOLD_COMMANDS = new Set(["create", "new", "init"]);
+
+export async function runServiceCommand(argv: string[], cwd = process.cwd()) {
+  const serviceRoot = findGeneratedServiceRoot(cwd);
+  if (serviceRoot) {
+    delegateToGeneratedService(serviceRoot, argv);
+    return;
+  }
+
+  await runScaffoldCli(normalizeScaffoldArgs(argv));
+}
+
+export function normalizeScaffoldArgs(argv: string[]) {
+  const [command, ...rest] = argv;
+  if (command && SCAFFOLD_COMMANDS.has(command)) {
+    return rest;
+  }
+  if (command === "help") {
+    return ["--help", ...rest];
+  }
+  return argv;
+}
+
+export function findGeneratedServiceRoot(start: string): string | undefined {
+  let current = start;
+  while (true) {
+    if (isGeneratedServiceRoot(current)) {
+      return current;
+    }
+
+    const parent = dirname(current);
+    if (parent === current) {
+      return undefined;
+    }
+    current = parent;
+  }
+}
+
+function isGeneratedServiceRoot(path: string) {
+  return (
+    existsSync(join(path, "service.config.ts")) &&
+    (existsSync(join(path, "scripts", "cloudrun", "cli.ts")) || existsSync(join(path, "scripts", "workers", "cli.ts")))
+  );
+}
+
+function delegateToGeneratedService(serviceRoot: string, argv: string[]) {
+  const cliPath = existsSync(join(serviceRoot, "scripts", "cloudrun", "cli.ts"))
+    ? "./scripts/cloudrun/cli.ts"
+    : "./scripts/workers/cli.ts";
+  const result = Bun.spawnSync(["bun", "run", cliPath, ...argv], {
+    cwd: serviceRoot,
+    env: process.env,
+    stdin: "inherit",
+    stdout: "inherit",
+    stderr: "inherit",
+  });
+
+  if (!result.success) {
+    process.exit(result.exitCode || 1);
+  }
+}

package/src/vault.test.ts

@@ -1,6 +1,6 @@
 import { afterEach, expect, mock, test } from "bun:test";
 import { mkdir } from "node:fs/promises";
-import { readVaultSecret, resolveNeonApiKey, upsertVaultSecretFields } from "./vault";
+import { readVaultSecret, resolveNeonApiKey } from "./vault";
 
 const originalEnv = { ...process.env };
 
@@ -97,63 +97,3 @@ test("readVaultSecret falls back to ~/.vault-token", async () => {
     })
   ).resolves.toBe("vault-token");
 });
-
-test("upsertVaultSecretFields writes merged KV v2 data", async () => {
-  process.env.VAULT_ADDR = "https://vault.example.com";
-  process.env.VAULT_TOKEN = "token-123";
-
-  const requests: Array<{ method: string; url: string; body?: unknown }> = [];
-  const fetchMock = mock(async (input: string | URL | Request, init?: RequestInit) => {
-    const url = String(input);
-    requests.push({
-      method: init?.method ?? "GET",
-      url,
-      body: init?.body ? JSON.parse(String(init.body)) : undefined,
-    });
-
-    if ((init?.method ?? "GET") === "GET") {
-      return new Response(
-        JSON.stringify({
-          data: {
-            data: {
-              existing_field: "keep-me",
-            },
-          },
-        }),
-        { status: 200 }
-      );
-    }
-
-    return new Response(JSON.stringify({}), { status: 200 });
-  });
-
-  globalThis.fetch = fetchMock as unknown as typeof fetch;
-
-  await upsertVaultSecretFields({
-    path: "prod/providers/clerk",
-    fields: {
-      publishable_key: "pk_live_example",
-      secret_key: "sk_live_example",
-      webhook_secret: "whsec_example",
-    },
-  });
-
-  expect(requests).toEqual([
-    {
-      method: "GET",
-      url: "https://vault.example.com/v1/secret/data/prod/providers/clerk",
-    },
-    {
-      method: "POST",
-      url: "https://vault.example.com/v1/secret/data/prod/providers/clerk",
-      body: {
-        data: {
-          existing_field: "keep-me",
-          publishable_key: "pk_live_example",
-          secret_key: "sk_live_example",
-          webhook_secret: "whsec_example",
-        },
-      },
-    },
-  ]);
-});

package/src/vault.ts

@@ -13,14 +13,6 @@ type VaultSecretOptions = {
   field?: string;
 };
 
-type VaultWriteOptions = {
-  addr?: string;
-  token?: string;
-  mount?: string;
-  path: string;
-  fields: Record<string, string>;
-};
-
 export async function resolveNeonApiKey() {
   const direct = process.env.NEON_API_KEY?.trim();
   if (direct) {
@@ -34,59 +26,24 @@ export async function resolveNeonApiKey() {
 }
 
 export async function readVaultSecret(options: VaultSecretOptions = {}) {
-  const field = options.field?.trim() ?? "value";
-  const payload = await readVaultSecretData(options);
+  const addr = options.addr ?? process.env.VAULT_ADDR?.trim() ?? "";
+  const token = options.token ?? (await resolveVaultToken());
   const mount = options.mount ?? process.env.VAULT_SECRET_MOUNT?.trim() ?? DEFAULT_VAULT_SECRET_MOUNT;
   const path = options.path?.trim() ?? "";
-  const normalizedMount = mount.replace(/^\/+|\/+$/g, "");
-  const normalizedPath = path.replace(/^\/+/g, "");
-  const value = payload[field]?.trim();
-  if (!value) {
-    throw new Error(`Vault secret field ${field} is empty at ${normalizedMount}/${normalizedPath}`);
-  }
-
-  return value;
-}
-
-export async function readVaultSecretFields(options: VaultSecretOptions = {}) {
-  return readVaultSecretData(options);
-}
+  const field = options.field?.trim() ?? "value";
 
-export async function upsertVaultSecretFields(options: VaultWriteOptions) {
-  const connection = await resolveVaultConnection(options);
-  const url = vaultKv2Url(connection);
+  if (!addr || !token || !path) {
+    throw new Error("Vault secret resolution requires VAULT_ADDR, a Vault token, and a secret path");
+  }
 
-  const existing = await readVaultSecretData({ ...options, path: connection.normalizedPath }).catch((error) => {
-    if (error instanceof Error && error.message.startsWith("Vault read failed: 404")) {
-      return {};
-    }
-    throw error;
-  });
+  const normalizedAddr = addr.replace(/\/+$/g, "");
+  const normalizedMount = mount.replace(/^\/+|\/+$/g, "");
+  const normalizedPath = path.replace(/^\/+/g, "");
+  const url = `${normalizedAddr}/v1/${normalizedMount}/data/${normalizedPath}`;
 
   const response = await fetch(url, {
-    method: "POST",
     headers: {
-      "Content-Type": "application/json",
-      "X-Vault-Token": connection.token,
-    },
-    body: JSON.stringify({
-      data: {
-        ...existing,
-        ...trimFields(options.fields),
-      },
-    }),
-  });
-
-  if (!response.ok) {
-    throw new Error(`Vault write failed: ${response.status} ${response.statusText}`);
-  }
-}
-
-async function readVaultSecretData(options: VaultSecretOptions = {}) {
-  const connection = await resolveVaultConnection(options);
-  const response = await fetch(vaultKv2Url(connection), {
-    headers: {
-      "X-Vault-Token": connection.token,
+      "X-Vault-Token": token,
     },
   });
 
@@ -100,31 +57,12 @@ async function readVaultSecretData(options: VaultSecretOptions = {}) {
     };
   };
 
-  return payload.data?.data ?? {};
-}
-
-async function resolveVaultConnection(options: Omit<VaultWriteOptions, "fields"> | VaultSecretOptions) {
-  const addr = options.addr ?? process.env.VAULT_ADDR?.trim() ?? "";
-  const token = options.token ?? (await resolveVaultToken());
-  const mount = options.mount ?? process.env.VAULT_SECRET_MOUNT?.trim() ?? DEFAULT_VAULT_SECRET_MOUNT;
-  const path = options.path?.trim() ?? "";
-
-  if (!addr || !token || !path) {
-    throw new Error("Vault secret resolution requires VAULT_ADDR, a Vault token, and a secret path");
+  const value = payload.data?.data?.[field]?.trim();
+  if (!value) {
+    throw new Error(`Vault secret field ${field} is empty at ${normalizedMount}/${normalizedPath}`);
   }
 
-  const normalizedAddr = addr.replace(/\/+$/g, "");
-  const normalizedMount = mount.replace(/^\/+|\/+$/g, "");
-  const normalizedPath = path.replace(/^\/+/g, "");
-  return { normalizedAddr, normalizedMount, normalizedPath, token };
-}
-
-function vaultKv2Url(connection: Awaited<ReturnType<typeof resolveVaultConnection>>) {
-  return `${connection.normalizedAddr}/v1/${connection.normalizedMount}/data/${connection.normalizedPath}`;
-}
-
-function trimFields(fields: Record<string, string>) {
-  return Object.fromEntries(Object.entries(fields).map(([key, value]) => [key, value.trim()]));
+  return value;
 }
 
 async function resolveVaultToken() {

package/templates/shared/README.md

@@ -1,13 +1,13 @@
 # {{SERVICE_NAME}}
 
-Generated by `create-service`.
+Generated by `service create`.
 
 This `{{PROFILE}}` profile targets `{{RUNTIME}} + {{FRAMEWORK}}` on Cloud Run with:
 
 - one generated `service.yaml` manifest
 - a lightweight `{{EXAMPLE_LABEL}}` example surface
 - local Docker Compose Postgres for first-run development
-- a local `service` CLI for create, deploy, doctor, dashboards, and destroy
+- the `service` CLI for create, deploy, doctor, dashboards, and destroy
 - GCP project create with billing and quota-project-aware `gcloud` calls
 - Neon-backed remote database provisioning during create and deploy
 - Better Auth client-credentials resource-server registration through `authctl`
@@ -66,7 +66,7 @@ Create, deploy, and destroy use:
 - known-good CLIs first, especially `gcloud`
 - `gcloud`
 - `NEON_API_KEY`, or a working Vault login via `VAULT_ADDR` plus `VAULT_TOKEN`, `VAULT_TOKEN_FILE`, or `~/.vault-token`
-- the package-local CLI via `npx --no-install service ...`
+- the repo-aware `service` CLI from this package
 
 Local provisioning intentionally prefers known-good CLIs over SDKs for Google Cloud operations.
 
@@ -199,10 +199,10 @@ secrets only when you add a provider adapter. A generic adapter can honor:
 
 The one-command production create path is designed for a fresh standalone service.
 
-When generated through `create-service`, the intended flow is:
+The intended one-command flow is:
 
 ```bash
-bun create service {{SERVICE_NAME}} --yes
+service create {{SERVICE_NAME}} --yes
 ```
 
 That command scaffolds this package, runs `service create`, deploys the production

package/templates/shared/scripts/cloudrun/cli.ts

@@ -26,6 +26,11 @@ import {
 async function main(argv = Bun.argv.slice(2)) {
   const [command, ...rest] = argv;
 
+  if (!command || command === "--help" || command === "-h" || command === "help") {
+    console.log("Usage: service <create|deploy|migrate|seed|dashboards|dns|doctor|destroy|auth|sdk> [args]");
+    return;
+  }
+
   if (command === "create") {
     await runMain("Create", async () => {
       assertServiceNameAvailable(config.serviceName);

package/templates/targets/workers/README.md

@@ -1,12 +1,12 @@
 # {{SERVICE_NAME}}
 
-Generated by `create-service`.
+Generated by `service create`.
 
 This `{{PROFILE}}` profile targets `{{RUNTIME}} + {{FRAMEWORK}}` on Cloudflare Workers with:
 
 - one `wrangler.toml`
 - a lightweight waitlist/launch API
-- a local `service` CLI for create, deploy, doctor, dashboards, DNS, and destroy
+- the `service` CLI for create, deploy, doctor, dashboards, DNS, and destroy
 - Cron Trigger wiring for scheduled follow-up work
 - a Hyperdrive binding for Neon-backed Postgres persistence
 - a production API origin at `https://{{API_HOSTNAME}}`
@@ -18,8 +18,8 @@ wrangler dev
 bun run test
 bun run lint
 bun run migrate
-bun run create
-bun run deploy
+service create
+service deploy
 bun run dashboards
 bun run doctor
 bun run destroy
@@ -50,7 +50,7 @@ small waitlist/trigger schema on first use.
 ## Production
 
 ```bash
-bun run create
+service create
 ```
 
 `service create` deploys the Worker through Wrangler. The custom domain is
@@ -60,7 +60,7 @@ configured in `wrangler.toml`:
 https://{{API_HOSTNAME}}
 ```
 
-Use `bun run doctor` after create to verify Wrangler auth, route config, Cron,
+Use `service doctor` after create to verify Wrangler auth, route config, Cron,
 Hyperdrive, dashboard tooling, auth tooling, and deployed health.
 
 If the Hyperdrive binding id is empty, `service create` uses `DATABASE_URL`, or

package/templates/targets/workers/scripts/workers/cli.ts

@@ -17,6 +17,11 @@ type DoctorStatus = "pass" | "warn" | "fail";
 async function main(argv = Bun.argv.slice(2)) {
   const [command, ...rest] = argv;
 
+  if (!command || command === "--help" || command === "-h" || command === "help") {
+    console.log("Usage: service <create|deploy|migrate|seed|dashboards|dns|doctor|destroy|auth|sdk> [args]");
+    return;
+  }
+
   if (command === "create") {
     return runMain("Create", async () => {
       ensureAuthResourceServer();

package/bin/create-svc.mjs

@@ -1,2 +0,0 @@
-#!/usr/bin/env bun
-import "../index.ts";