create-svc 0.1.13 → 0.1.15

package/src/gcp.ts

@@ -1,6 +1,3 @@
-import { CloudBillingClient } from "@google-cloud/billing";
-import { ProjectsClient } from "@google-cloud/resource-manager";
-
 export type GcpProject = {
   projectId: string;
   name: string;
@@ -20,58 +17,29 @@ export type GcpApi = {
   attachBillingAccount(projectId: string, billingAccountName: string): Promise<void>;
 };
 
-export function createGcpApi(
-  projectsClient = new ProjectsClient(),
-  billingClient = new CloudBillingClient()
-): GcpApi {
+export function createGcpApi(): GcpApi {
   return {
     async listProjects() {
-      const projects: GcpProject[] = [];
-      for await (const project of projectsClient.searchProjectsAsync({}, { autoPaginate: false })) {
-        projects.push({
-          projectId: project.projectId ?? "",
-          name: project.displayName ?? project.projectId ?? "",
-          lifecycleState: `${project.state ?? ""}`,
-        });
-      }
-
-      return projects
-        .filter((project) => project.projectId && project.lifecycleState !== "DELETE_REQUESTED")
-        .sort((left, right) => left.name.localeCompare(right.name));
+      return parseJson<GcpProject[]>(
+        runGcloud(["projects", "list", "--format=json(projectId,name,lifecycleState)"]).stdout,
+        "GCP project discovery"
+      );
     },
 
     async listBillingAccounts() {
-      const accounts: BillingAccount[] = [];
-      for await (const account of billingClient.listBillingAccountsAsync({}, { autoPaginate: false })) {
-        accounts.push({
-          name: account.name ?? "",
-          displayName: account.displayName ?? account.name ?? "",
-          open: Boolean(account.open),
-        });
-      }
-
-      return accounts
-        .filter((account) => account.name && account.open)
-        .sort((left, right) => left.displayName.localeCompare(right.displayName));
+      return parseJson<BillingAccount[]>(
+        runGcloud(["billing", "accounts", "list", "--format=json(name,displayName,open)"]).stdout,
+        "billing account discovery"
+      );
     },
 
     async createProject(projectId: string, name: string) {
-      const [operation] = await projectsClient.createProject({
-        project: {
-          projectId,
-          displayName: name,
-        },
-      });
-      await operation.promise();
+      runGcloud(["projects", "create", projectId, "--name", name]);
     },
 
     async attachBillingAccount(projectId: string, billingAccountName: string) {
-      await billingClient.updateProjectBillingInfo({
-        name: `projects/${projectId}`,
-        projectBillingInfo: {
-          billingAccountName,
-        },
-      });
+      const account = billingAccountName.replace(/^billingAccounts\//, "");
+      runGcloud(["billing", "projects", "link", projectId, "--billing-account", account]);
     },
   };
 }
@@ -95,3 +63,26 @@ export async function createProject(projectId: string, name: string, api = creat
 export async function attachBillingAccount(projectId: string, billingAccountName: string, api = createGcpApi()) {
   await api.attachBillingAccount(projectId, billingAccountName);
 }
+
+function runGcloud(args: string[]) {
+  const result = Bun.spawnSync(["gcloud", ...args], {
+    stdout: "pipe",
+    stderr: "pipe",
+  });
+
+  if (result.exitCode !== 0) {
+    throw new Error(result.stderr.toString().trim() || `gcloud ${args.join(" ")} failed`);
+  }
+
+  return {
+    stdout: result.stdout.toString(),
+  };
+}
+
+function parseJson<T>(value: string, label: string): T {
+  try {
+    return JSON.parse(value) as T;
+  } catch (error) {
+    throw new Error(`Unable to parse ${label} output: ${(error as Error).message}`);
+  }
+}

package/src/git-bootstrap.ts

@@ -30,19 +30,21 @@ export async function bootstrapGitHubRepository(targetDir: string, config: GitBo
     return { status: "skipped-existing-worktree", root: existingRoot };
   }
 
-  run(["git", "--version"], targetDir, "git is required to initialize the generated repository");
-  run(["gh", "--version"], targetDir, "GitHub CLI `gh` is required to create the generated repository");
-  run(["gh", "auth", "status"], targetDir, "Authenticate GitHub CLI with `gh auth login` before creating the repository");
+  run(["git", "--version"], targetDir, "git is required to initialize the generated repository", { quiet: true });
+  run(["gh", "--version"], targetDir, "GitHub CLI `gh` is required to create the generated repository", { quiet: true });
+  run(["gh", "auth", "status"], targetDir, "Authenticate GitHub CLI with `gh auth login` before creating the repository", { quiet: true });
 
-  run(["git", "init", "-b", "main"], targetDir);
+  run(["git", "init", "-b", "main", "--quiet"], targetDir);
   run(["git", "add", "."], targetDir);
 
   if (hasStagedChanges(targetDir)) {
-    run(["git", "commit", "-m", "Initial commit"], targetDir);
+    run(["git", "commit", "--quiet", "-m", "Initial commit"], targetDir);
   }
 
   const repository = `${config.owner}/${config.repository}`;
-  run(["gh", "repo", "create", repository, "--private", "--source", ".", "--remote", "origin", "--push"], targetDir);
+  run(["gh", "repo", "create", repository, "--private", "--source", ".", "--remote", "origin", "--push"], targetDir, undefined, {
+    quiet: true,
+  });
 
   return {
     status: "created",
@@ -55,8 +57,8 @@ export function commitAndPushGeneratedArtifacts(targetDir: string, message: stri
   if (!hasStagedChanges(targetDir)) {
     return { committed: false };
   }
-  run(["git", "commit", "-m", message], targetDir);
-  run(["git", "push"], targetDir);
+  run(["git", "commit", "--quiet", "-m", message], targetDir);
+  run(["git", "push", "--quiet"], targetDir, undefined, { quiet: true });
   return { committed: true };
 }
 
@@ -94,17 +96,18 @@ function hasStagedChanges(cwd: string) {
   return result.exitCode === 1;
 }
 
-function run(command: string[], cwd: string, message?: string) {
+function run(command: string[], cwd: string, message?: string, options: { quiet?: boolean } = {}) {
   const result = Bun.spawnSync(command, {
     cwd,
     stdin: "inherit",
-    stdout: "inherit",
+    stdout: options.quiet ? "pipe" : "inherit",
     stderr: "pipe",
   });
   if (result.exitCode === 0) {
     return;
   }
 
+  const output = result.stdout?.toString().trim() ?? "";
   const detail = result.stderr.toString().trim();
-  throw new Error([message, `Command failed: ${command.join(" ")}`, detail].filter(Boolean).join("\n"));
+  throw new Error([message, `Command failed: ${command.join(" ")}`, output, detail].filter(Boolean).join("\n"));
 }

package/src/naming.test.ts

@@ -11,7 +11,7 @@ test("deriveDefaults uses the service name for project, repo, and database namin
     neonDatabaseName: "edge_api",
     localDatabasePort: deriveLocalPostgresPort("edge-api"),
     apiHostname: "api.edge-api.anmho.com",
-    modulePath: "example.com/edge-api",
+    modulePath: "github.com/anmho/edge-api",
   });
 });
 

package/src/naming.ts

@@ -94,7 +94,7 @@ export function deriveDefaults(serviceName: string) {
     neonDatabaseName: compactDatabaseName(normalizedServiceName),
     localDatabasePort: deriveLocalPostgresPort(normalizedServiceName),
     apiHostname: `api.${normalizedServiceName}.anmho.com`,
-    modulePath: `example.com/${normalizedServiceName}`,
+    modulePath: `github.com/anmho/${normalizedServiceName}`,
   };
 }
 

package/src/post-scaffold.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, test } from "bun:test";
-import { buildPostScaffoldCommands } from "./post-scaffold";
+import { buildDeploymentVerificationCommands, buildPostScaffoldCommands } from "./post-scaffold";
 
 describe("buildPostScaffoldCommands", () => {
   test("runs create and deploy for HTTP services", () => {
@@ -17,3 +17,19 @@ describe("buildPostScaffoldCommands", () => {
     ]);
   });
 });
+
+describe("buildDeploymentVerificationCommands", () => {
+  test("uses curl health checks for HTTP services", () => {
+    expect(buildDeploymentVerificationCommands({ apiHostname: "api.launch.anmho.com", framework: "hono", runtime: "bun" })).toEqual([
+      { command: "curl", args: ["--fail", "--show-error", "--silent", "https://api.launch.anmho.com/healthz"] },
+      { command: "curl", args: ["--fail", "--show-error", "--silent", "https://api.launch.anmho.com/readyz"] },
+    ]);
+  });
+
+  test("uses grpcurl for Go ConnectRPC services", () => {
+    expect(buildDeploymentVerificationCommands({ apiHostname: "api.launch.anmho.com", framework: "connectrpc", runtime: "go" })).toContainEqual({
+      command: "grpcurl",
+      args: ["api.launch.anmho.com:443", "list"],
+    });
+  });
+});

package/src/post-scaffold.ts

@@ -4,6 +4,7 @@ type CommandOptions = {
   cwd: string;
   allowFailure?: boolean;
   input?: string;
+  quiet?: boolean;
 };
 
 type CommandResult = {
@@ -26,12 +27,32 @@ export async function runPostScaffoldFlow(config: ScaffoldConfig, cwd: string) {
     for (const command of buildPostScaffoldCommands(config)) {
       run(command.command, command.args, { cwd });
     }
-    return { message: "Dependencies installed, service created, and service deployed" };
+    for (const command of buildDeploymentVerificationCommands(config)) {
+      run(command.command, command.args, { cwd, quiet: true });
+    }
+    return { message: "Dependencies installed, service created, service deployed, and production health verified" };
   }
 
   return { message: "Backend package generated" };
 }
 
+export function buildDeploymentVerificationCommands(
+  config: Pick<ScaffoldConfig, "apiHostname" | "framework" | "runtime">
+): PostScaffoldCommand[] {
+  const origin = `https://${config.apiHostname}`;
+  return [
+    { command: "curl", args: ["--fail", "--show-error", "--silent", `${origin}/healthz`] },
+    { command: "curl", args: ["--fail", "--show-error", "--silent", `${origin}/readyz`] },
+    ...(config.framework === "connectrpc"
+      ? [
+          config.runtime === "go"
+            ? { command: "grpcurl", args: [`${config.apiHostname}:443`, "list"] }
+            : { command: "curl", args: ["--fail", "--show-error", "--silent", `${origin}/debug/connectrpc`] },
+        ]
+      : []),
+  ];
+}
+
 export function buildPostScaffoldCommands(config: Pick<ScaffoldConfig, "framework">): PostScaffoldCommand[] {
   return [
     ...(config.framework === "connectrpc" ? [{ command: "bun", args: ["run", "service", "--", "sdk", "build"] }] : []),
@@ -56,8 +77,8 @@ function run(command: string, args: string[], options: CommandOptions): CommandR
     cwd: options.cwd,
     env: process.env,
     stdin: options.input === undefined ? undefined : encoder.encode(options.input),
-    stdout: options.allowFailure ? "pipe" : "inherit",
-    stderr: options.allowFailure ? "pipe" : "inherit",
+    stdout: options.allowFailure || options.quiet ? "pipe" : "inherit",
+    stderr: options.allowFailure || options.quiet ? "pipe" : "inherit",
   });
 
   const stdout = result.stdout ? decoder.decode(result.stdout).trim() : "";

package/src/scaffold.test.ts

@@ -9,7 +9,7 @@ function baseConfig(overrides: Partial<ScaffoldConfig> = {}): ScaffoldConfig {
   return {
     directory: "svc",
     serviceName: "dns-api",
-    modulePath: "example.com/dns-api",
+    modulePath: "github.com/anmho/dns-api",
     target: "cloudrun",
     runtime: "bun",
     framework: "hono",
@@ -156,11 +156,17 @@ test("scaffolds all runtime/framework variants with shared cloudrun config", asy
 
     if (variant.runtime === "go") {
       const goMod = await Bun.file(join(generatedRoot, "go.mod")).text();
-      expect(goMod).toContain("module example.com/dns-api");
-      expect(goMod).not.toContain("module github.com/anmho/dns-api");
+      const packageJson = await Bun.file(join(generatedRoot, "package.json")).text();
+      expect(goMod).toContain("module github.com/anmho/dns-api");
+      expect(goMod).not.toContain("module example.com/dns-api");
+      expect(packageJson).toContain('"dev": "make dev"');
+      expect(packageJson).toContain('"migrate": "make migrate"');
+      expect(packageJson).toContain('"create": "bun run ./scripts/cloudrun/cli.ts create"');
+      expect(packageJson).toContain('"deploy": "bun run ./scripts/cloudrun/cli.ts deploy"');
+      expect(packageJson).toContain('"destroy": "bun run ./scripts/cloudrun/cli.ts destroy"');
 
       const mainGo = await Bun.file(join(generatedRoot, "cmd", "server", "main.go")).text();
-      expect(mainGo).toContain("example.com/dns-api");
+      expect(mainGo).toContain("github.com/anmho/dns-api");
       if (variant.framework === "connectrpc") {
         expect(goMod).toContain("connectrpc.com/connect");
         expect(mainGo).toContain("NewWaitlistService");
@@ -202,7 +208,8 @@ test("scaffolds all runtime/framework variants with shared cloudrun config", asy
       expect(packageJson).toContain('"auth": "bun run ./scripts/cloudrun/cli.ts auth"');
       expect(packageJson).toContain('"destroy": "bun run ./scripts/cloudrun/cli.ts destroy"');
       const serviceCli = await Bun.file(join(generatedRoot, "scripts", "cloudrun", "cli.ts")).text();
-      expect(serviceCli).toContain("service <create|deploy|migrate|seed|dashboards|dns|doctor|destroy|auth|sdk>");
+      expect(serviceCli).toContain("service <command> [args]");
+      expect(serviceCli).toContain("Provision auth, database, migrations, and first deploy");
       expect(serviceCli).toContain("assertServiceNameAvailable(config.serviceName)");
       expect(serviceCli).toContain("ensureAuthResourceServer");
       expect(serviceCli).toContain('["resources", "push", "--path", "./grafana"]');

package/src/service.test.ts

@@ -2,7 +2,7 @@ import { expect, test } from "bun:test";
 import { mkdtemp, mkdir, writeFile } from "node:fs/promises";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
-import { findGeneratedServiceRoot, normalizeScaffoldArgs } from "./service";
+import { findGeneratedServiceRoot, generatedDependenciesInstalled, normalizeScaffoldArgs } from "./service";
 
 test("normalizeScaffoldArgs treats service create as the scaffold command outside a service repo", () => {
   expect(normalizeScaffoldArgs(["create", "launch-api", "--yes"])).toEqual(["launch-api", "--yes"]);
@@ -28,3 +28,14 @@ test("findGeneratedServiceRoot detects generated service context from nested dir
   expect(findGeneratedServiceRoot(nested)).toBe(serviceRoot);
   expect(findGeneratedServiceRoot(root)).toBeUndefined();
 });
+
+test("generatedDependenciesInstalled requires node_modules when package.json exists", async () => {
+  const root = await mkdtemp(join(tmpdir(), "create-svc-generated-deps-"));
+  expect(generatedDependenciesInstalled(root)).toBeTrue();
+
+  await writeFile(join(root, "package.json"), "{}");
+  expect(generatedDependenciesInstalled(root)).toBeFalse();
+
+  await mkdir(join(root, "node_modules"));
+  expect(generatedDependenciesInstalled(root)).toBeTrue();
+});

package/src/service.ts

@@ -48,6 +48,8 @@ function isGeneratedServiceRoot(path: string) {
 }
 
 function delegateToGeneratedService(serviceRoot: string, argv: string[]) {
+  ensureGeneratedDependencies(serviceRoot);
+
   const cliPath = existsSync(join(serviceRoot, "scripts", "cloudrun", "cli.ts"))
     ? "./scripts/cloudrun/cli.ts"
     : "./scripts/workers/cli.ts";
@@ -63,3 +65,27 @@ function delegateToGeneratedService(serviceRoot: string, argv: string[]) {
     process.exit(result.exitCode || 1);
   }
 }
+
+export function generatedDependenciesInstalled(serviceRoot: string) {
+  return !existsSync(join(serviceRoot, "package.json")) || existsSync(join(serviceRoot, "node_modules"));
+}
+
+function ensureGeneratedDependencies(serviceRoot: string) {
+  if (generatedDependenciesInstalled(serviceRoot)) {
+    return;
+  }
+
+  const result = Bun.spawnSync(["bun", "install", "--silent"], {
+    cwd: serviceRoot,
+    env: process.env,
+    stdin: "inherit",
+    stdout: "pipe",
+    stderr: "pipe",
+  });
+
+  if (!result.success) {
+    const output = [result.stdout.toString().trim(), result.stderr.toString().trim()].filter(Boolean).join("\n");
+    console.error(["Failed to install generated service dependencies with bun install --silent", output].filter(Boolean).join("\n"));
+    process.exit(result.exitCode || 1);
+  }
+}

package/templates/shared/scripts/authctl.ts

@@ -216,7 +216,7 @@ function authctl(args: string[], options: { allowFailure?: boolean; quiet?: bool
   };
 
   if (!output.success && !options.allowFailure) {
-    throw new Error(`authctl ${args.join(" ")} failed with exit code ${output.exitCode}\n${output.stderr || output.stdout}`);
+    throw new Error(formatAuthctlFailure(args, output));
   }
 
   if (output.stdout && !options.quiet) {
@@ -226,6 +226,22 @@ function authctl(args: string[], options: { allowFailure?: boolean; quiet?: bool
   return output;
 }
 
+function formatAuthctlFailure(args: string[], output: CommandResult) {
+  const detail = output.stderr || output.stdout;
+  if (detail.includes("status_code\":401") || detail.includes("Forbidden. You don't have permission")) {
+    return [
+      `authctl ${args.join(" ")} failed with exit code ${output.exitCode}`,
+      "authctl reached the auth internal API, but Cloudflare Access rejected the request.",
+      "Export the authctl Cloudflare Access service token before running service create:",
+      '  export AUTH_INTERNAL_BASE_URL="$(vault kv get -mount=secret -field=AUTH_INTERNAL_BASE_URL prod/apps/auth/authctl/cloudflare-access)"',
+      '  export CLOUDFLARE_ACCESS_SERVICE_TOKEN_CLIENT_ID="$(vault kv get -mount=secret -field=CLOUDFLARE_ACCESS_SERVICE_TOKEN_CLIENT_ID prod/apps/auth/authctl/cloudflare-access)"',
+      '  export CLOUDFLARE_ACCESS_SERVICE_TOKEN_CLIENT_SECRET="$(vault kv get -mount=secret -field=CLOUDFLARE_ACCESS_SERVICE_TOKEN_CLIENT_SECRET prod/apps/auth/authctl/cloudflare-access)"',
+    ].join("\n");
+  }
+
+  return `authctl ${args.join(" ")} failed with exit code ${output.exitCode}\n${detail}`;
+}
+
 function authctlPath() {
   return existsSync("./node_modules/.bin/authctl") ? "./node_modules/.bin/authctl" : Bun.which("authctl");
 }

package/templates/shared/scripts/cloudrun/cli.ts

@@ -27,7 +27,7 @@ async function main(argv = Bun.argv.slice(2)) {
   const [command, ...rest] = argv;
 
   if (!command || command === "--help" || command === "-h" || command === "help") {
-    console.log("Usage: service <create|deploy|migrate|seed|dashboards|dns|doctor|destroy|auth|sdk> [args]");
+    console.log(formatHelp());
     return;
   }
 
@@ -92,7 +92,26 @@ async function main(argv = Bun.argv.slice(2)) {
     return;
   }
 
-  throw new Error("Usage: service <create|deploy|migrate|seed|dashboards|dns|doctor|destroy|auth|sdk> [args]");
+  throw new Error(`Unknown command: ${command}\n\n${formatHelp()}`);
+}
+
+function formatHelp() {
+  return [
+    "Usage:",
+    "  service <command> [args]",
+    "",
+    "Commands:",
+    "  create      Provision auth, database, migrations, and first deploy",
+    "  deploy      Deploy the current service",
+    "  migrate     Apply database migrations",
+    "  seed        Run the seed script when configured",
+    "  doctor      Check local tools and cloud access",
+    "  auth        Manage auth resource server and clients",
+    "  sdk         Build or publish generated SDK artifacts",
+    "  dns         Repair or inspect DNS mappings",
+    "  dashboards  Publish Grafana resources",
+    "  destroy     Remove service-managed cloud resources",
+  ].join("\n");
 }
 
 function runLanguageTask(task: "migrate", env?: Record<string, string | undefined>) {

package/templates/targets/workers/scripts/workers/cli.ts

@@ -18,7 +18,7 @@ async function main(argv = Bun.argv.slice(2)) {
   const [command, ...rest] = argv;
 
   if (!command || command === "--help" || command === "-h" || command === "help") {
-    console.log("Usage: service <create|deploy|migrate|seed|dashboards|dns|doctor|destroy|auth|sdk> [args]");
+    console.log(formatHelp());
     return;
   }
 
@@ -87,7 +87,25 @@ async function main(argv = Bun.argv.slice(2)) {
     throw new Error("SDK commands are only available for ConnectRPC services");
   }
 
-  throw new Error("Usage: service <create|deploy|migrate|seed|dashboards|dns|doctor|destroy|auth|sdk> [args]");
+  throw new Error(`Unknown command: ${command}\n\n${formatHelp()}`);
+}
+
+function formatHelp() {
+  return [
+    "Usage:",
+    "  service <command> [args]",
+    "",
+    "Commands:",
+    "  create      Provision auth, database, Hyperdrive, and first deploy",
+    "  deploy      Deploy the Worker",
+    "  migrate     Apply database schema",
+    "  seed        Report seed status",
+    "  doctor      Check local tools and cloud access",
+    "  auth        Manage auth resource server and clients",
+    "  dns         Show Workers custom-domain configuration",
+    "  dashboards  Publish Grafana resources",
+    "  destroy     Remove service-managed Worker resources",
+  ].join("\n");
 }
 
 function run(command: string, args: string[], options: { allowFailure?: boolean; capture?: boolean } = {}) {

package/templates/variants/go-chi/package.json

@@ -6,9 +6,17 @@
     "service": "./scripts/cloudrun/cli.ts"
   },
   "scripts": {
+    "dev": "make dev",
     "service": "bun run ./scripts/cloudrun/cli.ts",
+    "migrate": "make migrate",
+    "gen": "make gen",
+    "lint": "make lint",
+    "test": "make test",
+    "create": "bun run ./scripts/cloudrun/cli.ts create",
+    "deploy": "bun run ./scripts/cloudrun/cli.ts deploy",
     "auth": "bun run ./scripts/cloudrun/cli.ts auth",
-    "dashboards": "bun run ./scripts/cloudrun/cli.ts dashboards"
+    "dashboards": "bun run ./scripts/cloudrun/cli.ts dashboards",
+    "destroy": "bun run ./scripts/cloudrun/cli.ts destroy"
   },
   "dependencies": {
     "@anmho/authctl": "0.1.1",

package/templates/variants/go-connectrpc/package.json

@@ -6,9 +6,17 @@
     "service": "./scripts/cloudrun/cli.ts"
   },
   "scripts": {
+    "dev": "make dev",
     "service": "bun run ./scripts/cloudrun/cli.ts",
+    "migrate": "make migrate",
+    "gen": "make gen",
+    "lint": "make lint",
+    "test": "make test",
+    "create": "bun run ./scripts/cloudrun/cli.ts create",
+    "deploy": "bun run ./scripts/cloudrun/cli.ts deploy",
     "auth": "bun run ./scripts/cloudrun/cli.ts auth",
-    "dashboards": "bun run ./scripts/cloudrun/cli.ts dashboards"
+    "dashboards": "bun run ./scripts/cloudrun/cli.ts dashboards",
+    "destroy": "bun run ./scripts/cloudrun/cli.ts destroy"
   },
   "dependencies": {
     "@anmho/authctl": "0.1.1",