mysystem-cli 1.0.0 → 1.0.2

package/AGENTS.md

@@ -0,0 +1,66 @@
+# MySystem Agent Guidelines (AGENTS.md)
+
+This file contains critical production-readiness instructions for AI coding agents (Cursor, Claude Code, Lovable, Bolt, Antigravity, etc.).
+
+> [!IMPORTANT]
+> **To the AI Agent**: You MUST read and follow these rules when editing or creating code in this codebase.
+
+---
+
+## 1. Core Production Architecture Rules
+
+### 1.1 Port & Port Binding
+* Always bind the application web server to the port specified in the `PORT` environment variable.
+* If `PORT` is not defined, fall back to a standard default (e.g., `3000` or `8080`), but never hardcode the listen port without checking `process.env.PORT` (Node) or `os.environ.get("PORT")` (Python).
+
+### 1.2 Health Check Endpoint
+* The application must expose a GET `/health` or `/healthz` endpoint.
+* It must return a `200 OK` response (preferably JSON, e.g., `{"status": "healthy"}`) with no authentication required.
+* The AWS Load Balancer uses this endpoint to verify if the container is running. If it fails, the container will be terminated and replaced.
+
+### 1.3 Statelessness & File Storage
+* Do NOT write persistent files to the local container filesystem. The container instances are ephemeral and can be destroyed at any time.
+* For file uploads, use an external object storage service (e.g., AWS S3).
+* For temporary processing, use the system `/tmp` directory, but expect it to disappear.
+
+### 1.4 Environment Variables & Secrets
+* Never hardcode API keys, database credentials, passwords, or secrets.
+* Always read configurations from environment variables.
+* Generate a sample `.env.example` file when adding new environment variables.
+
+### 1.5 Database Migrations
+* Ensure database migrations are safe to run concurrently or executed as a single-run step during deployment (never inside the web server's startup command if scaling to multiple container instances).
+* Design database changes to be backward-compatible (e.g., add new columns as nullable, deprecate columns in a two-stage deployment).
+
+### 1.6 Logging & Error Tracking (Sentry & Pino)
+* **Structured Logging**: For Node.js/TypeScript applications, format production logs in JSON using `pino` (or standard JSON formatters in Python/Go) for easy querying in CloudWatch. Avoid plain-text print statements in production.
+* **Error Tracking**: If the `SENTRY_DSN` environment variable is present:
+  1. Install the appropriate Sentry SDK (e.g., `@sentry/nextjs` for Next.js, `@sentry/node` for Node, or `sentry-sdk` for Python).
+  2. Initialize the SDK in the application entrypoint.
+  3. Ensure unhandled exceptions and runtime errors are automatically captured and reported to Sentry.
+
+### 1.7 EC2 Instance Sizing (Hobbyist Tier)
+If the project is configured to use the **Hobbyist Tier** (single EC2 + Docker Compose), you must select and manage the `instance_type` parameter in `terraform/terraform.tfvars` according to the application footprint:
+* **Micro-services / Static Frontends (Vite/React)**: Use `t4g.nano` (ARM64, 0.5GB RAM, ~$3.20/month) for maximum savings.
+* **Standard Frameworks (Express, Next.js, FastAPI + Postgres)**: Use `t3.micro` (x86, 1GB RAM, **AWS Free Tier eligible**).
+* **Medium Apps (App + Postgres + Redis or memory-intensive runtimes)**: Use `t3.small` (2GB RAM, ~$16/month) to prevent Out-Of-Memory (OOM) crashes.
+* **Large Monoliths**: Scale to `t3.medium` (4GB RAM, ~$32/month) or larger when active traffic warrants it.
+* *Note: When deploying on t4g (ARM) instances, ensure the Dockerfile is compiled for arm64.*
+
+---
+
+## 2. Docker & Container Rules
+* Do not modify the `Dockerfile` in a way that breaks multi-stage optimization.
+* Keep container images small by using minimal base images (e.g., alpine or slim variants).
+* Always run the container application under a non-root user (e.g., `node` in Node.js) for security.
+
+---
+
+## 3. Automated Git Push Workflow (Vibecoder Deployment)
+If the user tells you: **"I have set up the OIDC role / GitHub secrets"** or **"Deploy the app now"**:
+
+1. **Verify Git Status**: Run `git status` via terminal to verify the changes.
+2. **Stage files**: Run `git add .` to stage the changes.
+3. **Commit**: Commit with a clean message: `git commit -m "chore: configure MySystem deployment assets"`
+4. **Push**: Identify the active branch (usually `main` or `master`) and push it: `git push origin main`
+5. **Confirm**: Let the user know the push was successful and the GitHub Actions deployment pipeline has been triggered.

package/copy-templates.js

@@ -0,0 +1,47 @@
+const fs = require('fs');
+const path = require('path');
+
+const rootDir = path.join(__dirname, '../..');
+const cliDir = __dirname;
+
+const srcTemplates = path.join(rootDir, 'templates');
+const destTemplates = path.join(cliDir, 'templates');
+
+const srcAgents = path.join(rootDir, 'AGENTS.md');
+const destAgents = path.join(cliDir, 'AGENTS.md');
+
+// Helper to recursively copy directories
+function copyDirSync(src, dest) {
+  fs.mkdirSync(dest, { recursive: true });
+  const entries = fs.readdirSync(src, { withFileTypes: true });
+
+  for (let entry of entries) {
+    const srcPath = path.join(src, entry.name);
+    const destPath = path.join(dest, entry.name);
+
+    if (entry.isDirectory()) {
+      copyDirSync(srcPath, destPath);
+    } else {
+      fs.copyFileSync(srcPath, destPath);
+    }
+  }
+}
+
+console.log('Copying templates to CLI package...');
+if (fs.existsSync(srcTemplates)) {
+  if (fs.existsSync(destTemplates)) {
+    fs.rmSync(destTemplates, { recursive: true, force: true });
+  }
+  copyDirSync(srcTemplates, destTemplates);
+  console.log('  ✅ Templates copied.');
+} else {
+  console.error('  ❌ Source templates folder not found at:', srcTemplates);
+}
+
+console.log('Copying AGENTS.md to CLI package...');
+if (fs.existsSync(srcAgents)) {
+  fs.copyFileSync(srcAgents, destAgents);
+  console.log('  ✅ AGENTS.md copied.');
+} else {
+  console.error('  ❌ Source AGENTS.md not found at:', srcAgents);
+}

package/dist/commands/init.js

@@ -53,8 +53,21 @@ async function runInit(projectRoot) {
     try {
         const appNameInput = await rl.question(`Enter application name [${detected.name}]: `);
         const appName = appNameInput.trim() || detected.name;
-        const awsRegionInput = await rl.question(`Enter AWS region [us-east-1]: `);
-        const awsRegion = awsRegionInput.trim() || 'us-east-1';
+        let awsRegion = 'us-east-1';
+        const regionRegex = /^[a-z]{2,}-[a-z]+-[0-9]+$/;
+        while (true) {
+            const awsRegionInput = await rl.question(`Enter AWS region [us-east-1]: `);
+            const val = awsRegionInput.trim();
+            if (!val) {
+                awsRegion = 'us-east-1';
+                break;
+            }
+            if (regionRegex.test(val)) {
+                awsRegion = val;
+                break;
+            }
+            console.log('\x1b[31mInvalid AWS region format. Example: us-east-1, eu-west-1, ap-south-1. Please try again.\x1b[0m');
+        }
         console.log('Select your AWS hosting tier:');
         console.log('  \x1b[36m1. Production\x1b[0m [ECS Fargate + RDS + ALB + WAF] (~$17/mo free-tier, ~$51/mo standard)');
         console.log('  \x1b[36m2. Hobbyist\x1b[0m   [Single EC2 + Docker Compose + Postgres] ($0/mo free-tier, ~$3.20/mo standard)');

package/dist/utils/detector.js

@@ -44,7 +44,22 @@ function detectProject(projectRoot) {
         hasRedis: false,
         name: path.basename(projectRoot) || 'mysystem-app',
     };
-    // 1. Read package.json if it exists
+    // 1. Scan for framework config files directly first
+    const hasNextConfig = ['next.config.js', 'next.config.mjs', 'next.config.ts'].some(f => fs.existsSync(path.join(projectRoot, f)));
+    const hasViteConfig = ['vite.config.js', 'vite.config.ts', 'vite.config.mjs'].some(f => fs.existsSync(path.join(projectRoot, f)));
+    const hasPrismaSchema = fs.existsSync(path.join(projectRoot, 'prisma', 'schema.prisma')) || fs.existsSync(path.join(projectRoot, 'schema.prisma'));
+    if (hasNextConfig) {
+        info.type = 'nextjs';
+        info.port = 3000;
+    }
+    else if (hasViteConfig) {
+        info.type = 'react-vite';
+        info.port = 80; // Served via Nginx in production container
+    }
+    if (hasPrismaSchema) {
+        info.hasDatabase = true;
+    }
+    // 2. Read package.json if it exists
     const packageJsonPath = path.join(projectRoot, 'package.json');
     if (fs.existsSync(packageJsonPath)) {
         try {
@@ -56,55 +71,92 @@ function detectProject(projectRoot) {
                 ...packageJson.dependencies,
                 ...packageJson.devDependencies,
             };
-            // Detect database dependencies (pg, prisma, typeorm, sequelize, knex, sqlite3, mysql2)
-            const dbDeps = ['pg', 'postgres', 'prisma', 'typeorm', 'sequelize', 'knex', 'sqlite3', 'mysql2'];
-            if (Object.keys(deps).some(dep => dbDeps.includes(dep))) {
+            // Detect database dependencies (including MongoDB, SQLite, Postgres, MySQL, MariaDB, SQL Server, Drizzle, etc.)
+            const dbDeps = [
+                'pg', 'postgres', 'prisma', 'typeorm', 'sequelize', 'knex', 'sqlite3',
+                'mysql2', 'mongodb', 'mongoose', 'mssql', 'mariadb', 'pg-promise',
+                'drizzle-orm', 'better-sqlite3'
+            ];
+            if (Object.keys(deps).some(dep => dbDeps.includes(dep) || dep.startsWith('@prisma/'))) {
                 info.hasDatabase = true;
             }
             // Detect Redis dependencies
-            const redisDeps = ['redis', 'ioredis', 'bull', 'bullmq', 'handy-redis', 'keyv'];
+            const redisDeps = ['redis', 'ioredis', 'bull', 'bullmq', 'handy-redis', 'keyv', 'redis-om'];
             if (Object.keys(deps).some(dep => redisDeps.includes(dep))) {
                 info.hasRedis = true;
             }
-            // Framework detection
-            if (deps['next']) {
-                info.type = 'nextjs';
-                info.port = 3000;
-            }
-            else if (deps['vite'] || deps['react']) {
-                // A Vite React app (or standard React)
-                info.type = 'react-vite';
-                info.port = 80; // React SPAs get served on port 80 via Nginx in production
-            }
-            else if (deps['express'] || deps['koa'] || deps['fastify'] || deps['nest']) {
-                info.type = 'node';
-                info.port = 3000;
-            }
-            else {
-                info.type = 'node';
-                info.port = 3000;
+            // Fallback Framework detection if config files weren't matched
+            if (info.type === 'unknown') {
+                if (deps['next']) {
+                    info.type = 'nextjs';
+                    info.port = 3000;
+                }
+                else if (deps['vite'] || deps['react']) {
+                    info.type = 'react-vite';
+                    info.port = 80;
+                }
+                else if (deps['express'] || deps['koa'] || deps['fastify'] || deps['nest'] || deps['hapi']) {
+                    info.type = 'node';
+                    info.port = 3000;
+                }
+                else {
+                    info.type = 'node';
+                    info.port = 3000;
+                }
             }
         }
         catch (e) {
-            // Ignore JSON parse errors and continue
+            // Ignore JSON parse errors
         }
     }
-    // 2. Read requirements.txt or main.py if Python
+    // 3. Read requirements.txt or main.py if Python
     const reqTxtPath = path.join(projectRoot, 'requirements.txt');
     const mainPyPath = path.join(projectRoot, 'main.py');
-    if (fs.existsSync(reqTxtPath) || fs.existsSync(mainPyPath)) {
-        info.type = 'fastapi';
-        info.port = 8000;
-        if (fs.existsSync(reqTxtPath)) {
-            const reqs = fs.readFileSync(reqTxtPath, 'utf8');
-            const dbTerms = ['postgresql', 'psycopg2', 'sqlalchemy', 'tortoise-orm', 'peewee', 'asyncpg'];
-            if (dbTerms.some(term => reqs.toLowerCase().includes(term))) {
+    const pyProjectToml = path.join(projectRoot, 'pyproject.toml');
+    if (fs.existsSync(reqTxtPath) || fs.existsSync(mainPyPath) || fs.existsSync(pyProjectToml)) {
+        if (info.type === 'unknown') {
+            info.type = 'fastapi';
+            info.port = 8000;
+        }
+        const checkPythonDeps = (content) => {
+            const dbTerms = ['postgresql', 'psycopg2', 'sqlalchemy', 'tortoise-orm', 'peewee', 'asyncpg', 'pymongo', 'mongoengine', 'mysqlclient'];
+            if (dbTerms.some(term => content.toLowerCase().includes(term))) {
                 info.hasDatabase = true;
             }
             const redisTerms = ['redis', 'django-redis', 'celery'];
-            if (redisTerms.some(term => reqs.toLowerCase().includes(term))) {
+            if (redisTerms.some(term => content.toLowerCase().includes(term))) {
                 info.hasRedis = true;
             }
+        };
+        if (fs.existsSync(reqTxtPath)) {
+            checkPythonDeps(fs.readFileSync(reqTxtPath, 'utf8'));
+        }
+        if (fs.existsSync(pyProjectToml)) {
+            checkPythonDeps(fs.readFileSync(pyProjectToml, 'utf8'));
+        }
+    }
+    // 4. Scan .env, .env.example, .env.local for database/redis keywords (CRITICAL fallback)
+    const envFiles = ['.env', '.env.example', '.env.local', '.env.development', '.env.production'];
+    for (const file of envFiles) {
+        const filePath = path.join(projectRoot, file);
+        if (fs.existsSync(filePath)) {
+            try {
+                const content = fs.readFileSync(filePath, 'utf8');
+                const dbKeywords = [
+                    'DATABASE_URL', 'DATABASE_URI', 'POSTGRES_', 'MONGODB_URI', 'MONGO_URI',
+                    'DB_HOST', 'DB_PASSWORD', 'DB_CONNECTION', 'MYSQL_URL', 'DATABASE_NAME'
+                ];
+                const redisKeywords = ['REDIS_URL', 'REDIS_HOST', 'REDIS_PORT', 'REDIS_PASSWORD'];
+                if (dbKeywords.some(kw => content.includes(kw))) {
+                    info.hasDatabase = true;
+                }
+                if (redisKeywords.some(kw => content.includes(kw))) {
+                    info.hasRedis = true;
+                }
+            }
+            catch {
+                // Ignore file read errors
+            }
         }
     }
     return info;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mysystem-cli",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "Zero-config deployment standard and CLI for AI-generated applications on AWS Fargate",
   "main": "dist/index.js",
   "bin": {
@@ -8,7 +8,7 @@
     "mysystem-cli": "dist/index.js"
   },
   "scripts": {
-    "build": "tsc",
+    "build": "tsc && node copy-templates.js",
     "prepublishOnly": "npm run build"
   },
   "keywords": [

package/src/commands/init.ts

@@ -22,8 +22,21 @@ export async function runInit(projectRoot: string) {
     const appNameInput = await rl.question(`Enter application name [${detected.name}]: `);
     const appName = appNameInput.trim() || detected.name;
 
-    const awsRegionInput = await rl.question(`Enter AWS region [us-east-1]: `);
-    const awsRegion = awsRegionInput.trim() || 'us-east-1';
+    let awsRegion = 'us-east-1';
+    const regionRegex = /^[a-z]{2,}-[a-z]+-[0-9]+$/;
+    while (true) {
+      const awsRegionInput = await rl.question(`Enter AWS region [us-east-1]: `);
+      const val = awsRegionInput.trim();
+      if (!val) {
+        awsRegion = 'us-east-1';
+        break;
+      }
+      if (regionRegex.test(val)) {
+        awsRegion = val;
+        break;
+      }
+      console.log('\x1b[31mInvalid AWS region format. Example: us-east-1, eu-west-1, ap-south-1. Please try again.\x1b[0m');
+    }
 
     console.log('Select your AWS hosting tier:');
     console.log('  \x1b[36m1. Production\x1b[0m [ECS Fargate + RDS + ALB + WAF] (~$17/mo free-tier, ~$51/mo standard)');

package/src/utils/detector.ts

@@ -18,7 +18,24 @@ export function detectProject(projectRoot: string): ProjectInfo {
     name: path.basename(projectRoot) || 'mysystem-app',
   };
 
-  // 1. Read package.json if it exists
+  // 1. Scan for framework config files directly first
+  const hasNextConfig = ['next.config.js', 'next.config.mjs', 'next.config.ts'].some(f => fs.existsSync(path.join(projectRoot, f)));
+  const hasViteConfig = ['vite.config.js', 'vite.config.ts', 'vite.config.mjs'].some(f => fs.existsSync(path.join(projectRoot, f)));
+  const hasPrismaSchema = fs.existsSync(path.join(projectRoot, 'prisma', 'schema.prisma')) || fs.existsSync(path.join(projectRoot, 'schema.prisma'));
+
+  if (hasNextConfig) {
+    info.type = 'nextjs';
+    info.port = 3000;
+  } else if (hasViteConfig) {
+    info.type = 'react-vite';
+    info.port = 80; // Served via Nginx in production container
+  }
+
+  if (hasPrismaSchema) {
+    info.hasDatabase = true;
+  }
+
+  // 2. Read package.json if it exists
   const packageJsonPath = path.join(projectRoot, 'package.json');
   if (fs.existsSync(packageJsonPath)) {
     try {
@@ -32,56 +49,96 @@ export function detectProject(projectRoot: string): ProjectInfo {
         ...packageJson.devDependencies,
       };
 
-      // Detect database dependencies (pg, prisma, typeorm, sequelize, knex, sqlite3, mysql2)
-      const dbDeps = ['pg', 'postgres', 'prisma', 'typeorm', 'sequelize', 'knex', 'sqlite3', 'mysql2'];
-      if (Object.keys(deps).some(dep => dbDeps.includes(dep))) {
+      // Detect database dependencies (including MongoDB, SQLite, Postgres, MySQL, MariaDB, SQL Server, Drizzle, etc.)
+      const dbDeps = [
+        'pg', 'postgres', 'prisma', 'typeorm', 'sequelize', 'knex', 'sqlite3', 
+        'mysql2', 'mongodb', 'mongoose', 'mssql', 'mariadb', 'pg-promise', 
+        'drizzle-orm', 'better-sqlite3'
+      ];
+      if (Object.keys(deps).some(dep => dbDeps.includes(dep) || dep.startsWith('@prisma/'))) {
         info.hasDatabase = true;
       }
 
       // Detect Redis dependencies
-      const redisDeps = ['redis', 'ioredis', 'bull', 'bullmq', 'handy-redis', 'keyv'];
+      const redisDeps = ['redis', 'ioredis', 'bull', 'bullmq', 'handy-redis', 'keyv', 'redis-om'];
       if (Object.keys(deps).some(dep => redisDeps.includes(dep))) {
         info.hasRedis = true;
       }
 
-      // Framework detection
-      if (deps['next']) {
-        info.type = 'nextjs';
-        info.port = 3000;
-      } else if (deps['vite'] || deps['react']) {
-        // A Vite React app (or standard React)
-        info.type = 'react-vite';
-        info.port = 80; // React SPAs get served on port 80 via Nginx in production
-      } else if (deps['express'] || deps['koa'] || deps['fastify'] || deps['nest']) {
-        info.type = 'node';
-        info.port = 3000;
-      } else {
-        info.type = 'node';
-        info.port = 3000;
+      // Fallback Framework detection if config files weren't matched
+      if (info.type === 'unknown') {
+        if (deps['next']) {
+          info.type = 'nextjs';
+          info.port = 3000;
+        } else if (deps['vite'] || deps['react']) {
+          info.type = 'react-vite';
+          info.port = 80;
+        } else if (deps['express'] || deps['koa'] || deps['fastify'] || deps['nest'] || deps['hapi']) {
+          info.type = 'node';
+          info.port = 3000;
+        } else {
+          info.type = 'node';
+          info.port = 3000;
+        }
       }
     } catch (e) {
-      // Ignore JSON parse errors and continue
+      // Ignore JSON parse errors
     }
   }
 
-  // 2. Read requirements.txt or main.py if Python
+  // 3. Read requirements.txt or main.py if Python
   const reqTxtPath = path.join(projectRoot, 'requirements.txt');
   const mainPyPath = path.join(projectRoot, 'main.py');
-  if (fs.existsSync(reqTxtPath) || fs.existsSync(mainPyPath)) {
-    info.type = 'fastapi';
-    info.port = 8000;
+  const pyProjectToml = path.join(projectRoot, 'pyproject.toml');
 
-    if (fs.existsSync(reqTxtPath)) {
-      const reqs = fs.readFileSync(reqTxtPath, 'utf8');
-      const dbTerms = ['postgresql', 'psycopg2', 'sqlalchemy', 'tortoise-orm', 'peewee', 'asyncpg'];
-      if (dbTerms.some(term => reqs.toLowerCase().includes(term))) {
+  if (fs.existsSync(reqTxtPath) || fs.existsSync(mainPyPath) || fs.existsSync(pyProjectToml)) {
+    if (info.type === 'unknown') {
+      info.type = 'fastapi';
+      info.port = 8000;
+    }
+
+    const checkPythonDeps = (content: string) => {
+      const dbTerms = ['postgresql', 'psycopg2', 'sqlalchemy', 'tortoise-orm', 'peewee', 'asyncpg', 'pymongo', 'mongoengine', 'mysqlclient'];
+      if (dbTerms.some(term => content.toLowerCase().includes(term))) {
         info.hasDatabase = true;
       }
 
       const redisTerms = ['redis', 'django-redis', 'celery'];
-      if (redisTerms.some(term => reqs.toLowerCase().includes(term))) {
+      if (redisTerms.some(term => content.toLowerCase().includes(term))) {
         info.hasRedis = true;
       }
+    };
+
+    if (fs.existsSync(reqTxtPath)) {
+      checkPythonDeps(fs.readFileSync(reqTxtPath, 'utf8'));
+    }
+    if (fs.existsSync(pyProjectToml)) {
+      checkPythonDeps(fs.readFileSync(pyProjectToml, 'utf8'));
+    }
+  }
+
+  // 4. Scan .env, .env.example, .env.local for database/redis keywords (CRITICAL fallback)
+  const envFiles = ['.env', '.env.example', '.env.local', '.env.development', '.env.production'];
+  for (const file of envFiles) {
+    const filePath = path.join(projectRoot, file);
+    if (fs.existsSync(filePath)) {
+      try {
+        const content = fs.readFileSync(filePath, 'utf8');
+        const dbKeywords = [
+          'DATABASE_URL', 'DATABASE_URI', 'POSTGRES_', 'MONGODB_URI', 'MONGO_URI', 
+          'DB_HOST', 'DB_PASSWORD', 'DB_CONNECTION', 'MYSQL_URL', 'DATABASE_NAME'
+        ];
+        const redisKeywords = ['REDIS_URL', 'REDIS_HOST', 'REDIS_PORT', 'REDIS_PASSWORD'];
+
+        if (dbKeywords.some(kw => content.includes(kw))) {
+          info.hasDatabase = true;
+        }
+        if (redisKeywords.some(kw => content.includes(kw))) {
+          info.hasRedis = true;
+        }
+      } catch {
+        // Ignore file read errors
+      }
     }
   }
 

package/templates/docker/fastapi.Dockerfile

@@ -0,0 +1,32 @@
+# Multi-stage build for Python FastAPI Applications
+
+# --- Build Stage ---
+FROM python:3.11-slim AS builder
+WORKDIR /app
+RUN python -m venv /opt/venv
+ENV PATH="/opt/venv/bin:$PATH"
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# --- Production Stage ---
+FROM python:3.11-slim AS runner
+WORKDIR /app
+COPY --from=builder /opt/venv /opt/venv
+ENV PATH="/opt/venv/bin:$PATH"
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+
+COPY . .
+
+# Run as non-privileged user
+RUN adduser --disabled-password --gecos "" appuser && chown -R appuser:appuser /app
+USER appuser
+
+# Healthcheck
+HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
+  CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:' + str(os.environ.get('PORT', 8000)) + '/health', timeout=5)" || exit 1
+
+EXPOSE 8000
+ENV PORT=8000
+
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

package/templates/docker/nextjs.Dockerfile

@@ -0,0 +1,45 @@
+# Multi-stage build for Next.js (using Standalone output)
+
+# --- Dependencies Stage ---
+FROM node:20-alpine AS deps
+RUN apk add --no-cache libc6-compat
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci
+
+# --- Build Stage ---
+FROM node:20-alpine AS builder
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+# Set Next.js telemetry disable
+ENV NEXT_TELEMETRY_DISABLED=1
+RUN npm run build
+
+# --- Production Stage ---
+FROM node:20-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV NEXT_TELEMETRY_DISABLED=1
+
+# Create non-root user
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+# Copy standalone build and static assets
+COPY --from=builder /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+USER nextjs
+
+EXPOSE 3000
+ENV PORT=3000
+ENV HOSTNAME="0.0.0.0"
+
+# Healthcheck
+HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
+  CMD node -e "fetch('http://localhost:3000/api/health').then(r => r.status === 200 ? process.exit(0) : process.exit(1)).catch(() => process.exit(1))"
+
+CMD ["node", "server.js"]

package/templates/docker/node.Dockerfile

@@ -0,0 +1,32 @@
+# Multi-stage build for Node.js Applications
+
+# --- Build Stage ---
+FROM node:20-alpine AS builder
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci
+COPY . .
+RUN npm run build --if-present
+
+# --- Production Stage ---
+FROM node:20-alpine AS runner
+WORKDIR /app
+ENV NODE_ENV=production
+COPY package*.json ./
+RUN npm ci --only=production
+COPY --from=builder /app/dist ./dist --keep-directory-structure --if-present
+COPY --from=builder /app/build ./build --keep-directory-structure --if-present
+COPY --from=builder /app/server.js ./server.js --if-present
+COPY --from=builder /app/index.js ./index.js --if-present
+
+# Set safe, non-root user
+USER node
+
+# Health check setup
+HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
+  CMD node -e "fetch('http://localhost:' + (process.env.PORT || 3000) + '/health').then(r => r.status === 200 ? process.exit(0) : process.exit(1)).catch(() => process.exit(1))"
+
+EXPOSE 3000
+ENV PORT=3000
+
+CMD ["node", "dist/index.js"]

package/templates/docker/react.Dockerfile

@@ -0,0 +1,38 @@
+# Multi-stage build for React/Vite Single Page Applications (served via Nginx)
+
+# --- Build Stage ---
+FROM node:20-alpine AS builder
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci
+COPY . .
+RUN npm run build
+
+# --- Production Stage ---
+FROM nginx:alpine AS runner
+COPY --from=builder /app/dist /usr/share/nginx/html
+
+# Custom Nginx configuration to support SPA routing (redirect all fallback routes to index.html)
+RUN echo $'\n\
+server {\n\
+    listen 80;\n\
+    location / {\n\
+        root /usr/share/nginx/html;\n\
+        index index.html index.htm;\n\
+        try_files $uri $uri/ /index.html;\n\
+    }\n\
+    location /health {\n\
+        access_log off;\n\
+        add_header Content-Type text/plain;\n\
+        return 200 "healthy\\n";\n\
+    }\n\
+}' > /etc/nginx/conf.d/default.conf
+
+# Healthcheck
+HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost/health || exit 1
+
+EXPOSE 80
+ENV PORT=80
+
+CMD ["nginx", "-g", "daemon off;"]