npm - mlgym-deploy - Versions diffs - 3.3.32 → 3.3.40 - Mend

mlgym-deploy 3.3.32 → 3.3.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/index.js +744 -45
package/package.json +1 -1

package/index.js CHANGED Viewed

@@ -18,7 +18,7 @@ import crypto from 'crypto';
 const execAsync = promisify(exec);
 // Current version of this MCP server - INCREMENT FOR WORKFLOW FIXES
-const CURRENT_VERSION = '3.3.32';  // Fix misleading hostname description - URL is always {app_id}.eu{1,2,3}.ezb.net
+const CURRENT_VERSION = '3.3.40';  // Fix auth.jwt_token -> auth.token consistency bug
 const PACKAGE_NAME = 'mlgym-deploy';
 // Debug logging configuration - ENABLED BY DEFAULT
@@ -205,33 +205,40 @@ async function generateSSHKeyPair(email) {
   const sanitizedEmail = email.replace('@', '_at_').replace(/[^a-zA-Z0-9_-]/g, '_');
   const keyPath = path.join(sshDir, `mlgym_${sanitizedEmail}`);
+  let keyExists = false;
+  let publicKey = '';
   try {
     await fs.access(keyPath);
     console.error(`SSH key already exists at ${keyPath}, using existing key`);
-    const publicKey = await fs.readFile(`${keyPath}.pub`, 'utf8');
-    return { publicKey: publicKey.trim(), privateKeyPath: keyPath };
+    publicKey = await fs.readFile(`${keyPath}.pub`, 'utf8');
+    keyExists = true;
   } catch {
     // Key doesn't exist, generate new one
+    console.error(`Generating new SSH key for ${email}...`);
   }
-  const { stdout, stderr } = await execAsync(
-    `ssh-keygen -t ed25519 -f "${keyPath}" -N "" -C "${email}"`,
-    { timeout: 10000 }
-  );
+  if (!keyExists) {
+    const { stdout, stderr } = await execAsync(
+      `ssh-keygen -t ed25519 -f "${keyPath}" -N "" -C "${email}"`,
+      { timeout: 10000 }
+    );
-  if (stderr && !stderr.includes('Generating public/private')) {
-    throw new Error(`SSH key generation failed: ${stderr}`);
-  }
+    if (stderr && !stderr.includes('Generating public/private')) {
+      throw new Error(`SSH key generation failed: ${stderr}`);
+    }
-  await execAsync(`chmod 600 "${keyPath}"`);
-  await execAsync(`chmod 644 "${keyPath}.pub"`);
+    await execAsync(`chmod 600 "${keyPath}"`);
+    await execAsync(`chmod 644 "${keyPath}.pub"`);
-  const publicKey = await fs.readFile(`${keyPath}.pub`, 'utf8');
+    publicKey = await fs.readFile(`${keyPath}.pub`, 'utf8');
+  }
-  // Add to SSH config
+  // FIX: ALWAYS update SSH config to point to THIS user's key
+  // This prevents the bug where User A's key remains in config after User B authenticates
   const configPath = path.join(sshDir, 'config');
   const configEntry = `
-# MLGym GitLab (added by mlgym-deploy)
+# MLGym GitLab (added by mlgym-deploy for ${email})
 Host git.mlgym.io
     User git
     Port 22
@@ -241,18 +248,16 @@ Host git.mlgym.io
   try {
     const existingConfig = await fs.readFile(configPath, 'utf8');
-    if (existingConfig.includes('Host git.mlgym.io')) {
-      // Replace existing MLGym SSH config block with new key
-      const updatedConfig = existingConfig.replace(
-        /# MLGym GitLab.*?Host git\.mlgym\.io.*?(?=\n#|\n\nHost|\n?$)/gs,
-        ''
-      ).trim();
-      await fs.writeFile(configPath, updatedConfig + configEntry, { mode: 0o600 });
-    } else {
-      await fs.appendFile(configPath, configEntry);
-    }
+    // Always remove old MLGym config and add new one for current user
+    const updatedConfig = existingConfig.replace(
+      /\n?# MLGym GitLab[^\n]*\nHost git\.mlgym\.io\n(?:[ \t]+[^\n]+\n)*/g,
+      ''
+    ).trim();
+    await fs.writeFile(configPath, updatedConfig + '\n' + configEntry, { mode: 0o600 });
+    console.error(`SSH config updated to use key for ${email}`);
   } catch {
     await fs.writeFile(configPath, configEntry, { mode: 0o600 });
+    console.error(`SSH config created for ${email}`);
   }
   return { publicKey: publicKey.trim(), privateKeyPath: keyPath };
@@ -525,6 +530,11 @@ async function analyzeProject(local_path = '.') {
         analysis.framework = 'nextjs';
         analysis.build_command = packageJson.scripts?.build || 'npm run build';
         analysis.start_command = packageJson.scripts?.start || 'npm start';
+      } else if (deps['@nestjs/core'] || deps['@nestjs/common']) {
+        // NestJS - TypeScript backend framework requiring build step
+        analysis.framework = 'nestjs';
+        analysis.build_command = packageJson.scripts?.build || 'npm run build';
+        analysis.start_command = packageJson.scripts?.['start:prod'] || 'node dist/main.js';
       } else if (deps.express) {
         analysis.framework = 'express';
         analysis.start_command = packageJson.scripts?.start || 'node index.js';
@@ -608,6 +618,117 @@ async function analyzeProject(local_path = '.') {
       } catch {}
     }
+    // Check for Ruby project (Gemfile)
+    if (analysis.project_type === 'unknown') {
+      try {
+        await fs.access(path.join(absolutePath, 'Gemfile'));
+        analysis.project_type = 'ruby';
+        analysis.detected_files.push('Gemfile');
+        // Try to detect Rails vs Sinatra vs generic Ruby
+        try {
+          const gemfileContent = await fs.readFile(path.join(absolutePath, 'Gemfile'), 'utf8');
+          if (gemfileContent.includes("'rails'") || gemfileContent.includes('"rails"')) {
+            analysis.framework = 'rails';
+            analysis.start_command = 'rails server -b 0.0.0.0';
+          } else if (gemfileContent.includes("'sinatra'") || gemfileContent.includes('"sinatra"')) {
+            analysis.framework = 'sinatra';
+            analysis.start_command = 'ruby app.rb';
+          } else {
+            analysis.framework = 'ruby';
+            analysis.start_command = 'ruby app.rb';
+          }
+        } catch {
+          analysis.framework = 'ruby';
+        }
+      } catch {}
+    }
+    // Check for Rust project (Cargo.toml)
+    if (analysis.project_type === 'unknown') {
+      try {
+        await fs.access(path.join(absolutePath, 'Cargo.toml'));
+        analysis.project_type = 'rust';
+        analysis.detected_files.push('Cargo.toml');
+        analysis.framework = 'rust';
+        analysis.build_command = 'cargo build --release';
+        analysis.start_command = './target/release/app';
+        // Try to get binary name from Cargo.toml
+        try {
+          const cargoContent = await fs.readFile(path.join(absolutePath, 'Cargo.toml'), 'utf8');
+          const nameMatch = cargoContent.match(/name\s*=\s*["']([^"']+)["']/);
+          if (nameMatch) {
+            analysis.binary_name = nameMatch[1];
+            analysis.start_command = `./target/release/${nameMatch[1]}`;
+          }
+        } catch {}
+      } catch {}
+    }
+    // Check for Java project (pom.xml for Maven)
+    if (analysis.project_type === 'unknown') {
+      try {
+        await fs.access(path.join(absolutePath, 'pom.xml'));
+        analysis.project_type = 'java';
+        analysis.detected_files.push('pom.xml');
+        analysis.framework = 'maven';
+        analysis.build_command = 'mvn clean package -DskipTests';
+        analysis.start_command = 'java -jar target/app.jar';
+      } catch {}
+    }
+    // Check for Java project (build.gradle for Gradle)
+    if (analysis.project_type === 'unknown') {
+      try {
+        await fs.access(path.join(absolutePath, 'build.gradle'));
+        analysis.project_type = 'java';
+        analysis.detected_files.push('build.gradle');
+        analysis.framework = 'gradle';
+        analysis.build_command = './gradlew build -x test';
+        analysis.start_command = 'java -jar build/libs/app.jar';
+      } catch {}
+    }
+    // Check for .NET project (*.csproj)
+    if (analysis.project_type === 'unknown') {
+      try {
+        const files = await fs.readdir(absolutePath);
+        const csprojFile = files.find(f => f.endsWith('.csproj'));
+        if (csprojFile) {
+          analysis.project_type = 'dotnet';
+          analysis.detected_files.push(csprojFile);
+          analysis.framework = 'aspnet';
+          analysis.build_command = 'dotnet publish -c Release -o out';
+          analysis.start_command = 'dotnet out/app.dll';
+          analysis.csproj_file = csprojFile;
+        }
+      } catch {}
+    }
+    // Check for Elixir project (mix.exs)
+    if (analysis.project_type === 'unknown') {
+      try {
+        await fs.access(path.join(absolutePath, 'mix.exs'));
+        analysis.project_type = 'elixir';
+        analysis.detected_files.push('mix.exs');
+        // Check for Phoenix framework
+        try {
+          const mixContent = await fs.readFile(path.join(absolutePath, 'mix.exs'), 'utf8');
+          if (mixContent.includes(':phoenix')) {
+            analysis.framework = 'phoenix';
+            analysis.start_command = 'mix phx.server';
+          } else {
+            analysis.framework = 'elixir';
+            analysis.start_command = 'mix run --no-halt';
+          }
+        } catch {
+          analysis.framework = 'elixir';
+        }
+      } catch {}
+    }
     // Check for Scala/sbt project
     if (analysis.project_type === 'unknown') {
       try {
@@ -701,6 +822,24 @@ COPY --from=builder /app/package.json ./
 COPY --from=builder /app/public ./public
 EXPOSE 3000
 CMD ["${packageManager}", "start"]`;
+    } else if (framework === 'nestjs') {
+      // NestJS - TypeScript backend framework requiring build step
+      dockerfile = `# Build stage
+FROM node:18-alpine AS builder
+WORKDIR /app
+COPY package*.json ./
+RUN ${packageManager} ${packageManager === 'npm' ? 'ci' : 'install --frozen-lockfile'}
+COPY . .
+RUN ${packageManager} run build
+# Production stage
+FROM node:18-alpine
+WORKDIR /app
+COPY --from=builder /app/dist ./dist
+COPY --from=builder /app/node_modules ./node_modules
+COPY --from=builder /app/package.json ./
+EXPOSE 3000
+CMD ["node", "dist/main.js"]`;
     } else if (framework === 'express') {
       dockerfile = `FROM node:18-alpine
 WORKDIR /app
@@ -761,33 +900,222 @@ EXPOSE 8000
 CMD ["python", "main.py"]`;
     }
   } else if (projectType === 'php') {
-    dockerfile = `FROM php:8.2-apache
+    if (framework === 'composer' || framework === 'laravel') {
+      // Laravel/Composer PHP project
+      dockerfile = `FROM php:8.2-apache
+# Install PHP extensions and Composer
+RUN apt-get update && apt-get install -y \\
+    libpng-dev libjpeg-dev libfreetype6-dev libzip-dev unzip git \\
+    && docker-php-ext-configure gd --with-freetype --with-jpeg \\
+    && docker-php-ext-install gd pdo pdo_mysql zip \\
+    && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \\
+    && a2enmod rewrite \\
+    && rm -rf /var/lib/apt/lists/*
+# Set document root to Laravel's public folder
+ENV APACHE_DOCUMENT_ROOT /var/www/html/public
+RUN sed -ri -e 's!/var/www/html!\${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/sites-available/*.conf
+RUN sed -ri -e 's!/var/www/!\${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/apache2.conf /etc/apache2/conf-available/*.conf
+WORKDIR /var/www/html
+COPY . .
+# Install dependencies and set permissions
+RUN composer install --no-dev --optimize-autoloader --no-interaction \\
+    && chown -R www-data:www-data /var/www/html \\
+    && chmod -R 755 /var/www/html/storage /var/www/html/bootstrap/cache 2>/dev/null || true
+EXPOSE 80
+CMD ["apache2-foreground"]`;
+    } else {
+      // Simple PHP project
+      dockerfile = `FROM php:8.2-apache
 WORKDIR /var/www/html
 COPY . .
 RUN chown -R www-data:www-data /var/www/html
 EXPOSE 80
 CMD ["apache2-foreground"]`;
+    }
   } else if (projectType === 'static') {
     dockerfile = `FROM nginx:alpine
 COPY . /usr/share/nginx/html
 EXPOSE 80
 CMD ["nginx", "-g", "daemon off;"]`;
   } else if (projectType === 'go') {
+    // Go project with CGO disabled for static binary
     dockerfile = `# Build stage
 FROM golang:1.21-alpine AS builder
 WORKDIR /app
-COPY go.mod go.sum ./
-RUN go mod download
+COPY go.mod go.sum* ./
+RUN go mod download 2>/dev/null || true
 COPY . .
-RUN go build -o app
+RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app .
 # Production stage
 FROM alpine:latest
 RUN apk --no-cache add ca-certificates
-WORKDIR /root/
+WORKDIR /app
 COPY --from=builder /app/app .
 EXPOSE 8080
 CMD ["./app"]`;
+  } else if (projectType === 'ruby') {
+    if (framework === 'rails') {
+      // Ruby on Rails
+      dockerfile = `FROM ruby:3.2-slim
+# Install dependencies
+RUN apt-get update && apt-get install -y \\
+    build-essential libpq-dev nodejs npm \\
+    && rm -rf /var/lib/apt/lists/*
+WORKDIR /app
+COPY Gemfile Gemfile.lock* ./
+RUN bundle install --without development test
+COPY . .
+RUN bundle exec rake assets:precompile 2>/dev/null || true
+EXPOSE 3000
+CMD ["rails", "server", "-b", "0.0.0.0"]`;
+    } else {
+      // Sinatra or generic Ruby
+      dockerfile = `FROM ruby:3.2-slim
+RUN apt-get update && apt-get install -y build-essential && rm -rf /var/lib/apt/lists/*
+WORKDIR /app
+COPY Gemfile Gemfile.lock* ./
+RUN bundle install
+COPY . .
+EXPOSE 4567
+CMD ["ruby", "app.rb"]`;
+    }
+  } else if (projectType === 'rust') {
+    dockerfile = `# Build stage
+FROM rust:1.75-slim AS builder
+WORKDIR /app
+COPY Cargo.toml Cargo.lock* ./
+COPY src ./src
+RUN cargo build --release
+# Production stage
+FROM debian:bookworm-slim
+RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
+WORKDIR /app
+COPY --from=builder /app/target/release/* ./
+EXPOSE 8080
+CMD ["./app"]`;
+  } else if (projectType === 'java') {
+    if (framework === 'maven') {
+      dockerfile = `# Build stage
+FROM maven:3.9-eclipse-temurin-17 AS builder
+WORKDIR /app
+COPY pom.xml .
+RUN mvn dependency:go-offline -B
+COPY src ./src
+RUN mvn clean package -DskipTests -B
+# Production stage
+FROM eclipse-temurin:17-jre-jammy
+WORKDIR /app
+COPY --from=builder /app/target/*.jar app.jar
+EXPOSE 8080
+CMD ["java", "-jar", "app.jar"]`;
+    } else if (framework === 'gradle') {
+      dockerfile = `# Build stage
+FROM gradle:8-jdk17 AS builder
+WORKDIR /app
+COPY build.gradle settings.gradle* gradle* ./
+COPY gradle ./gradle 2>/dev/null || true
+COPY src ./src
+RUN gradle build -x test --no-daemon
+# Production stage
+FROM eclipse-temurin:17-jre-jammy
+WORKDIR /app
+COPY --from=builder /app/build/libs/*.jar app.jar
+EXPOSE 8080
+CMD ["java", "-jar", "app.jar"]`;
+    } else {
+      // Generic Java with Maven fallback
+      dockerfile = `# Build stage
+FROM maven:3.9-eclipse-temurin-17 AS builder
+WORKDIR /app
+COPY pom.xml .
+COPY src ./src
+RUN mvn clean package -DskipTests -B
+# Production stage
+FROM eclipse-temurin:17-jre-jammy
+WORKDIR /app
+COPY --from=builder /app/target/*.jar app.jar
+EXPOSE 8080
+CMD ["java", "-jar", "app.jar"]`;
+    }
+  } else if (projectType === 'dotnet') {
+    dockerfile = `# Build stage
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS builder
+WORKDIR /app
+COPY *.csproj ./
+RUN dotnet restore
+COPY . .
+RUN dotnet publish -c Release -o out
+# Production stage
+FROM mcr.microsoft.com/dotnet/aspnet:8.0
+WORKDIR /app
+COPY --from=builder /app/out .
+EXPOSE 8080
+ENV ASPNETCORE_URLS=http://+:8080
+ENTRYPOINT ["dotnet", "app.dll"]`;
+  } else if (projectType === 'elixir') {
+    if (framework === 'phoenix') {
+      dockerfile = `# Build stage
+FROM elixir:1.16-alpine AS builder
+RUN apk add --no-cache build-base git nodejs npm
+WORKDIR /app
+# Install hex and rebar
+RUN mix local.hex --force && mix local.rebar --force
+# Install dependencies
+COPY mix.exs mix.lock ./
+RUN mix deps.get --only prod
+RUN MIX_ENV=prod mix deps.compile
+# Build assets and release
+COPY . .
+RUN cd assets && npm install && npm run deploy 2>/dev/null || true
+RUN MIX_ENV=prod mix phx.digest 2>/dev/null || true
+RUN MIX_ENV=prod mix release
+# Production stage
+FROM alpine:3.19
+RUN apk add --no-cache libstdc++ openssl ncurses-libs
+WORKDIR /app
+COPY --from=builder /app/_build/prod/rel/app ./
+EXPOSE 4000
+ENV PHX_HOST=localhost
+CMD ["bin/app", "start"]`;
+    } else {
+      dockerfile = `FROM elixir:1.16-alpine
+RUN apk add --no-cache build-base
+WORKDIR /app
+RUN mix local.hex --force && mix local.rebar --force
+COPY mix.exs mix.lock ./
+RUN mix deps.get
+RUN mix deps.compile
+COPY . .
+RUN mix compile
+EXPOSE 4000
+CMD ["mix", "run", "--no-halt"]`;
+    }
   } else if (projectType === 'scala') {
     dockerfile = `# Build stage
 FROM sbtscala/scala-sbt:eclipse-temurin-jammy-17.0.10_7_1.10.2_2.13.15 AS builder
@@ -1379,6 +1707,248 @@ function randomizeVolumeNames(content, suffix) {
   return { content: result, randomized };
 }
+// Known valid Docker image version ranges
+const VALID_IMAGE_VERSIONS = {
+  php: { min: 5, max: 8, latest: '8.3', variants: ['apache', 'fpm', 'cli', 'alpine', 'slim'] },
+  node: { min: 10, max: 22, latest: '20', variants: ['alpine', 'slim', 'bullseye', 'bookworm'] },
+  python: { min: 2, max: 3, latest: '3.12', subVersionMax: { 2: 7, 3: 12 } },
+  ruby: { min: 2, max: 3, latest: '3.3', subVersionMax: { 2: 7, 3: 3 } },
+  golang: { min: 1, max: 1, latest: '1.22', subVersionMax: { 1: 22 } },
+  go: { min: 1, max: 1, latest: '1.22', subVersionMax: { 1: 22 } },
+  java: { min: 8, max: 21, latest: '21' },
+  openjdk: { min: 8, max: 21, latest: '21' },
+  rust: { min: 1, max: 1, latest: '1.75', subVersionMax: { 1: 75 } },
+  perl: { min: 5, max: 5, latest: '5.38', subVersionMax: { 5: 38 } },
+  elixir: { min: 1, max: 1, latest: '1.16', subVersionMax: { 1: 16 } },
+};
+// Validate Docker base image version
+function validateBaseImage(baseImage) {
+  if (!baseImage) return null;
+  // Extract image name and tag
+  const parts = baseImage.split(':');
+  const imageName = parts[0].split('/').pop(); // Handle registry/image:tag format
+  const tag = parts[1] || 'latest';
+  // Check if we know this image type
+  const imageConfig = VALID_IMAGE_VERSIONS[imageName];
+  if (!imageConfig) return null; // Unknown image, can't validate
+  // Extract version number and variant from tag (e.g., "99-apache" -> version: 99, variant: "-apache")
+  const versionMatch = tag.match(/^(\d+)(?:\.(\d+))?(.*)$/);
+  if (!versionMatch) return null; // Can't parse version (e.g., 'latest', 'alpine')
+  const majorVersion = parseInt(versionMatch[1], 10);
+  const minorVersion = versionMatch[2] ? parseInt(versionMatch[2], 10) : null;
+  const variant = versionMatch[3] || ''; // Preserve variant like "-apache", "-alpine", "-slim"
+  // Build the suggested fix preserving the variant
+  const suggestedTag = `${imageConfig.latest}${variant}`;
+  // Check if major version is in valid range
+  if (majorVersion < imageConfig.min || majorVersion > imageConfig.max) {
+    return {
+      invalid: true,
+      reason: `${imageName}:${tag} has invalid version ${majorVersion} (valid: ${imageConfig.min}-${imageConfig.max})`,
+      suggestedFix: `${imageName}:${suggestedTag}`,
+      autofix: 'fix_base_image'
+    };
+  }
+  // Check minor version if we have subversion limits
+  if (minorVersion !== null && imageConfig.subVersionMax && imageConfig.subVersionMax[majorVersion]) {
+    if (minorVersion > imageConfig.subVersionMax[majorVersion]) {
+      return {
+        invalid: true,
+        reason: `${imageName}:${tag} has invalid minor version (${majorVersion}.${minorVersion} doesn't exist)`,
+        suggestedFix: `${imageName}:${suggestedTag}`,
+        autofix: 'fix_base_image'
+      };
+    }
+  }
+  return null; // Valid
+}
+/**
+ * Native file scanner - replaces glob dependency
+ * @param {string} baseDir - Base directory to scan
+ * @param {string[]} extensions - File extensions to match (e.g., ['.py', '.js'])
+ * @param {string[]} ignoreDirs - Directory names to ignore (e.g., ['node_modules', 'venv'])
+ * @returns {string[]} Array of relative file paths
+ */
+async function scanFilesNative(baseDir, extensions, ignoreDirs = []) {
+  const results = [];
+  const ignoreSet = new Set(ignoreDirs);
+  async function scanDir(dir, relativePath = '') {
+    try {
+      const entries = await fs.readdir(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        const relPath = relativePath ? path.join(relativePath, entry.name) : entry.name;
+        if (entry.isDirectory()) {
+          // Skip ignored directories
+          if (!ignoreSet.has(entry.name) && !entry.name.startsWith('.')) {
+            await scanDir(fullPath, relPath);
+          }
+        } else if (entry.isFile()) {
+          const ext = path.extname(entry.name).toLowerCase();
+          if (extensions.includes(ext)) {
+            results.push(relPath);
+          }
+        }
+      }
+    } catch (err) {
+      // Ignore permission errors and other issues
+    }
+  }
+  await scanDir(baseDir);
+  return results;
+}
+/**
+ * Detect port mismatch between application code and Dockerfile EXPOSE
+ * Returns null if no mismatch, or object with details if mismatch found
+ */
+async function detectPortMismatch(projectPath, exposedPort) {
+  if (!exposedPort) return null;
+  const exposedPortNum = parseInt(exposedPort, 10);
+  const appPorts = [];
+  try {
+    // Check Python files for Flask/FastAPI port
+    const pythonFiles = await scanFilesNative(projectPath, ['.py'], ['venv', '__pycache__', '.venv']);
+    for (const file of pythonFiles.slice(0, 10)) {
+      const content = await fs.readFile(path.join(projectPath, file), 'utf-8').catch(() => '');
+      // Flask: app.run(port=5000), app.run(host='0.0.0.0', port=5000)
+      const flaskMatch = content.match(/\.run\s*\([^)]*port\s*=\s*(\d+)/);
+      if (flaskMatch) appPorts.push({ port: parseInt(flaskMatch[1], 10), file, type: 'Flask' });
+      // FastAPI/Uvicorn: uvicorn.run(..., port=8000)
+      const uvicornMatch = content.match(/uvicorn\.run\s*\([^)]*port\s*=\s*(\d+)/);
+      if (uvicornMatch) appPorts.push({ port: parseInt(uvicornMatch[1], 10), file, type: 'Uvicorn' });
+    }
+    // Check Node.js files for Express/HTTP port
+    const jsFiles = await scanFilesNative(projectPath, ['.js', '.ts'], ['node_modules', 'dist', 'build']);
+    for (const file of jsFiles.slice(0, 10)) {
+      const content = await fs.readFile(path.join(projectPath, file), 'utf-8').catch(() => '');
+      // Express: app.listen(3000), server.listen(3000)
+      const listenMatch = content.match(/\.listen\s*\(\s*(\d+)/);
+      if (listenMatch) appPorts.push({ port: parseInt(listenMatch[1], 10), file, type: 'Node.js' });
+      // PORT env: process.env.PORT || 3000
+      const portEnvMatch = content.match(/process\.env\.PORT\s*\|\|\s*(\d+)/);
+      if (portEnvMatch) appPorts.push({ port: parseInt(portEnvMatch[1], 10), file, type: 'Node.js (env fallback)' });
+    }
+    // Check Ruby files for Sinatra/Rails port
+    const rubyFiles = await scanFilesNative(projectPath, ['.rb'], ['vendor', 'bundle']);
+    for (const file of rubyFiles.slice(0, 10)) {
+      const content = await fs.readFile(path.join(projectPath, file), 'utf-8').catch(() => '');
+      // Sinatra: set :port, 4567
+      const sinatraMatch = content.match(/set\s+:port\s*,\s*(\d+)/);
+      if (sinatraMatch) appPorts.push({ port: parseInt(sinatraMatch[1], 10), file, type: 'Sinatra' });
+    }
+    // Check Go files for HTTP port
+    const goFiles = await scanFilesNative(projectPath, ['.go'], ['vendor']);
+    for (const file of goFiles.slice(0, 10)) {
+      const content = await fs.readFile(path.join(projectPath, file), 'utf-8').catch(() => '');
+      // Go: http.ListenAndServe(":8080", ...)
+      const goMatch = content.match(/ListenAndServe\s*\(\s*["':](\d+)/);
+      if (goMatch) appPorts.push({ port: parseInt(goMatch[1], 10), file, type: 'Go HTTP' });
+    }
+    // Find mismatches
+    const mismatches = appPorts.filter(p => p.port !== exposedPortNum);
+    if (mismatches.length > 0) {
+      const mismatch = mismatches[0];
+      return {
+        mismatch: true,
+        exposedPort: exposedPortNum,
+        appPort: mismatch.port,
+        file: mismatch.file,
+        type: mismatch.type,
+        suggestedFix: mismatch.port,
+        autofix: 'fix_expose_port'
+      };
+    }
+  } catch (err) {
+    log.warning(`MCP >>> Port detection failed: ${err.message}`);
+  }
+  return null;
+}
+/**
+ * Detect missing dependencies in Node.js projects
+ * Compares require/import statements with package.json dependencies
+ */
+async function detectMissingNodeDependencies(projectPath) {
+  try {
+    const packageJsonPath = path.join(projectPath, 'package.json');
+    const packageJsonContent = await fs.readFile(packageJsonPath, 'utf-8').catch(() => null);
+    if (!packageJsonContent) return null;
+    const packageJson = JSON.parse(packageJsonContent);
+    const declaredDeps = new Set([
+      ...Object.keys(packageJson.dependencies || {}),
+      ...Object.keys(packageJson.devDependencies || {})
+    ]);
+    // Scan JS/TS files for imports
+    const usedDeps = new Set();
+    const jsFiles = await scanFilesNative(projectPath, ['.js', '.ts', '.jsx', '.tsx'], ['node_modules', 'dist', 'build']);
+    for (const file of jsFiles.slice(0, 20)) {
+      const content = await fs.readFile(path.join(projectPath, file), 'utf-8').catch(() => '');
+      // CommonJS: require('package')
+      const requireMatches = content.matchAll(/require\s*\(\s*['"]([^'"./][^'"]*)['"]\s*\)/g);
+      for (const match of requireMatches) {
+        const pkg = match[1].split('/')[0]; // Handle scoped packages and subpaths
+        if (!pkg.startsWith('@')) usedDeps.add(pkg);
+        else usedDeps.add(match[1].split('/').slice(0, 2).join('/')); // @scope/package
+      }
+      // ES6: import ... from 'package'
+      const importMatches = content.matchAll(/import\s+(?:[^'"]+\s+from\s+)?['"]([^'"./][^'"]*)['"]/g);
+      for (const match of importMatches) {
+        const pkg = match[1].split('/')[0];
+        if (!pkg.startsWith('@')) usedDeps.add(pkg);
+        else usedDeps.add(match[1].split('/').slice(0, 2).join('/'));
+      }
+    }
+    // Built-in Node.js modules to ignore
+    const builtins = new Set(['fs', 'path', 'http', 'https', 'crypto', 'os', 'url', 'util', 'stream', 'events', 'child_process', 'cluster', 'dns', 'net', 'tls', 'zlib', 'buffer', 'querystring', 'readline', 'assert', 'module', 'process', 'timers', 'vm', 'worker_threads']);
+    // Find missing dependencies
+    const missing = [];
+    for (const dep of usedDeps) {
+      if (!builtins.has(dep) && !declaredDeps.has(dep)) {
+        missing.push(dep);
+      }
+    }
+    if (missing.length > 0) {
+      return {
+        missing: true,
+        packages: missing,
+        autofix: 'add_node_deps'
+      };
+    }
+  } catch (err) {
+    log.warning(`MCP >>> Dependency detection failed: ${err.message}`);
+  }
+  return null;
+}
 // Validate Dockerfile for Coolify compliance
 function validateDockerfile(content) {
   const lines = content.split('\n');
@@ -1398,13 +1968,17 @@ function validateDockerfile(content) {
     const trimmed = lines[i].trim();
     const upper = trimmed.toUpperCase();
-    // Track base image
+    // Track base image (use the last non-builder FROM for final image)
     if (upper.startsWith('FROM ')) {
-      baseImage = trimmed.substring(5).split(' ')[0].toLowerCase();
+      const fromImage = trimmed.substring(5).split(' ')[0].toLowerCase();
       // Check for Elixir multi-stage build
-      if (baseImage.includes('elixir') && upper.includes(' AS ')) {
+      if (fromImage.includes('elixir') && upper.includes(' AS ')) {
         isElixirMultiStage = true;
       }
+      // Only track as base image if it's not a builder stage reference
+      if (!fromImage.includes('builder') && !fromImage.includes('build')) {
+        baseImage = fromImage;
+      }
     }
     if (upper.startsWith('EXPOSE')) {
@@ -1433,6 +2007,17 @@ function validateDockerfile(content) {
     }
   }
+  // Validate base image version
+  const baseImageValidation = validateBaseImage(baseImage);
+  if (baseImageValidation && baseImageValidation.invalid) {
+    issues.push({
+      issue: `Invalid Docker base image: ${baseImageValidation.reason}`,
+      fix: `Change FROM to use: ${baseImageValidation.suggestedFix}`,
+      autofix: baseImageValidation.autofix,
+      suggestedImage: baseImageValidation.suggestedFix
+    });
+  }
   if (!hasExpose) {
     issues.push({
       issue: 'Dockerfile does not have an EXPOSE directive',
@@ -1522,6 +2107,41 @@ function autoFixDockerfile(content, issues) {
         }
       }
     }
+    if (issue.autofix === 'fix_base_image') {
+      // Replace invalid base image with valid one
+      const suggestedImage = issue.suggestedImage || issue.suggestedFix;
+      for (let i = 0; i < lines.length; i++) {
+        const trimmed = lines[i].trim().toUpperCase();
+        if (trimmed.startsWith('FROM ')) {
+          const originalLine = lines[i];
+          const indent = originalLine.match(/^(\s*)/)[1];
+          const fromMatch = originalLine.match(/^(\s*FROM\s+)([^\s]+)(\s+AS\s+\S+)?(.*)$/i);
+          if (fromMatch && suggestedImage) {
+            const asClause = fromMatch[3] || '';
+            const rest = fromMatch[4] || '';
+            lines[i] = `${indent}FROM ${suggestedImage}${asClause}${rest}`;
+            modified = true;
+            log.success(`MCP >>> Auto-fixed Dockerfile: replaced invalid base image with ${suggestedImage}`);
+            break;
+          }
+        }
+      }
+    }
+    if (issue.autofix === 'fix_expose_port') {
+      // Replace existing EXPOSE with correct port
+      for (let i = 0; i < lines.length; i++) {
+        const trimmed = lines[i].trim().toUpperCase();
+        if (trimmed.startsWith('EXPOSE')) {
+          const indent = lines[i].match(/^(\s*)/)[1];
+          lines[i] = `${indent}EXPOSE ${issue.suggestedFix}`;
+          modified = true;
+          log.success(`MCP >>> Auto-fixed Dockerfile: changed EXPOSE to ${issue.suggestedFix}`);
+          break;
+        }
+      }
+    }
   }
   return { content: lines.join('\n'), modified };
@@ -1660,7 +2280,7 @@ async function initProject(args) {
           status: 'error',
           message: 'Hostname is required when deployment is enabled',
           required_fields: {
-            hostname: '✗ missing - will be used as subdomain (e.g., "myapp" for myapp.ezb.net)'
+            hostname: '✗ missing - project identifier (actual URL will be https://{app_id}.eu{1,2,3}.ezb.net)'
           }
         }, null, 2)
       }]
@@ -1683,6 +2303,43 @@ async function initProject(args) {
   console.error(`Creating project: ${name}`);
+  // FIX: Check if project already exists on backend before creating (prevents duplicates)
+  // This is critical to prevent race conditions where multiple concurrent requests
+  // could create duplicate projects
+  log.info(`MCP >>> [initProject] Checking if project '${name}' already exists on backend...`);
+  const existingProjectsResult = await apiRequest('GET', '/api/v1/projects', null, true);
+  if (existingProjectsResult.success && Array.isArray(existingProjectsResult.data)) {
+    // Check if any existing project name ends with our project name (user prefix is added by backend)
+    const existingProject = existingProjectsResult.data.find(p =>
+      p.name && (p.name === name || p.name.endsWith(`-${name}`))
+    );
+    if (existingProject) {
+      log.warning(`MCP >>> [initProject] Project '${name}' already exists (found: ${existingProject.name})`);
+      return {
+        content: [{
+          type: 'text',
+          text: JSON.stringify({
+            status: 'already_exists',
+            message: `Project '${name}' already exists on the server`,
+            existing_project: {
+              id: existingProject.id,
+              name: existingProject.name,
+              ssh_url: existingProject.ssh_url_to_repo,
+              web_url: existingProject.web_url,
+              deployment_url: existingProject.deployment_url
+            },
+            next_steps: [
+              'Use the existing project instead of creating a new one',
+              'To update: git push mlgym main',
+              'To check status: use mlgym_status tool'
+            ]
+          }, null, 2)
+        }]
+      };
+    }
+  }
+  log.success(`MCP >>> [initProject] No existing project found, proceeding with creation`);
   // Create project via backend API with FLAT structure (matching CLI)
   const projectData = {
     name: name,
@@ -1743,7 +2400,7 @@ async function initProject(args) {
         projectData.docker_compose_content = composeContent;
         log.info(`MCP >>> [initProject] Sending docker-compose content: ${composeContent.length} bytes`);
       } else {
-        log.warn('MCP >>> [initProject] docker-compose strategy but no compose file found!');
+        log.warning('MCP >>> [initProject] docker-compose strategy but no compose file found!');
       }
     }
@@ -2599,6 +3256,48 @@ async function deployProject(args) {
         } else {
           log.success('MCP >>> Dockerfile is Coolify compliant');
         }
+        // Check for port mismatch between app code and Dockerfile
+        const currentContent = fsSync.readFileSync(dockerfilePath, 'utf8');
+        const currentValidation = validateDockerfile(currentContent);
+        if (currentValidation.exposedPort) {
+          const portMismatch = await detectPortMismatch(local_path, currentValidation.exposedPort);
+          if (portMismatch && portMismatch.mismatch) {
+            log.warning(`MCP >>> Port mismatch detected: App runs on ${portMismatch.appPort} but EXPOSE is ${portMismatch.exposedPort}`);
+            log.info(`MCP >>> Auto-fixing: Changing EXPOSE to ${portMismatch.appPort}`);
+            const fixResult = autoFixDockerfile(currentContent, [{
+              autofix: 'fix_expose_port',
+              suggestedFix: portMismatch.appPort
+            }]);
+            if (fixResult.modified) {
+              fsSync.writeFileSync(dockerfilePath, fixResult.content);
+              log.success(`MCP >>> Fixed port mismatch: EXPOSE now ${portMismatch.appPort}`);
+            }
+          }
+        }
+      }
+    }
+    // Step 4.5: Check for missing Node.js dependencies
+    const packageJsonPath = path.join(local_path, 'package.json');
+    if (fsSync.existsSync(packageJsonPath)) {
+      log.info('MCP >>> Checking for missing Node.js dependencies...');
+      const missingDeps = await detectMissingNodeDependencies(local_path);
+      if (missingDeps && missingDeps.missing && missingDeps.packages.length > 0) {
+        log.warning(`MCP >>> Missing dependencies detected: ${missingDeps.packages.join(', ')}`);
+        log.info('MCP >>> Auto-fixing: Adding missing dependencies to package.json');
+        const packageJsonContent = fsSync.readFileSync(packageJsonPath, 'utf-8');
+        const packageJson = JSON.parse(packageJsonContent);
+        if (!packageJson.dependencies) packageJson.dependencies = {};
+        for (const pkg of missingDeps.packages) {
+          packageJson.dependencies[pkg] = '*'; // Will be resolved to latest during npm install
+        }
+        fsSync.writeFileSync(packageJsonPath + '.backup', packageJsonContent);
+        fsSync.writeFileSync(packageJsonPath, JSON.stringify(packageJson, null, 2));
+        log.success(`MCP >>> Added missing dependencies: ${missingDeps.packages.join(', ')}`);
       }
     }
@@ -2842,11 +3541,11 @@ async function setEnvironmentVariables(args) {
     // Ensure authentication
     let auth = await loadAuth();
-    if (!auth || !auth.jwt_token) {
+    if (!auth || !auth.token) {
       throw new Error('Not authenticated. Please run mlgym_deploy or mlgym_auth_login first');
     }
-    log.debug(`Using JWT token: ${auth.jwt_token.substring(0, 20)}...`);
+    log.debug(`Using JWT token: ${auth.token.substring(0, 20)}...`);
     // Determine project name
     let finalProjectName = project_name;
@@ -2872,7 +3571,7 @@ async function setEnvironmentVariables(args) {
     const projectResponse = await axios.get(backendUrl, {
       headers: {
-        'Authorization': `Bearer ${auth.jwt_token}`,
+        'Authorization': `Bearer ${auth.token}`,
         'Content-Type': 'application/json'
       }
     });
@@ -2944,7 +3643,7 @@ async function getApplicationUUID(projectName, auth) {
   const projectResponse = await axios.get(backendUrl, {
     headers: {
-      'Authorization': `Bearer ${auth.jwt_token}`,
+      'Authorization': `Bearer ${auth.token}`,
       'Content-Type': 'application/json'
     }
   });
@@ -2965,7 +3664,7 @@ async function setHealthCheck(args) {
     // Ensure authentication
     let auth = await loadAuth();
-    if (!auth || !auth.jwt_token) {
+    if (!auth || !auth.token) {
       throw new Error('Not authenticated. Please run mlgym_deploy or mlgym_auth_login first');
     }
@@ -3030,7 +3729,7 @@ async function setDomain(args) {
     log.info(`MCP >>> [setDomain] Setting domain for ${project_name || 'project'}`);
     let auth = await loadAuth();
-    if (!auth || !auth.jwt_token) {
+    if (!auth || !auth.token) {
       throw new Error('Not authenticated. Please run mlgym_deploy or mlgym_auth_login first');
     }
@@ -3092,7 +3791,7 @@ async function setDeploymentCommands(args) {
     log.info(`MCP >>> [setDeploymentCommands] Setting deployment commands for ${project_name || 'project'}`);
     let auth = await loadAuth();
-    if (!auth || !auth.jwt_token) {
+    if (!auth || !auth.token) {
       throw new Error('Not authenticated. Please run mlgym_deploy or mlgym_auth_login first');
     }
@@ -3154,7 +3853,7 @@ async function manualDeploy(args) {
     log.info(`MCP >>> [manualDeploy] Triggering manual deployment for ${project_name || 'project'}`);
     let auth = await loadAuth();
-    if (!auth || !auth.jwt_token) {
+    if (!auth || !auth.token) {
       throw new Error('Not authenticated. Please run mlgym_deploy or mlgym_auth_login first');
     }
@@ -3222,7 +3921,7 @@ async function setOptions(args) {
     log.info(`MCP >>> [setOptions] Setting options for ${project_name || 'project'}`);
     let auth = await loadAuth();
-    if (!auth || !auth.jwt_token) {
+    if (!auth || !auth.token) {
       throw new Error('Not authenticated. Please run mlgym_deploy or mlgym_auth_login first');
     }
@@ -3284,7 +3983,7 @@ async function rollback(args) {
     log.info(`MCP >>> [rollback] Rolling back ${project_name || 'project'}`);
     let auth = await loadAuth();
-    if (!auth || !auth.jwt_token) {
+    if (!auth || !auth.token) {
       throw new Error('Not authenticated. Please run mlgym_deploy or mlgym_auth_login first');
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mlgym-deploy",
-  "version": "3.3.32",
+  "version": "3.3.40",
   "description": "MCP server for MLGym - Complete deployment management: deploy, configure, monitor, and rollback applications",
   "main": "index.js",
   "type": "module",