underpost 3.2.9 → 3.2.11

package/src/server/conf.js

@@ -41,6 +41,20 @@ const logger = loggerFactory(import.meta);
  */
 const ENV_REF_PREFIX = 'env:';
 
+/**
+ * Resolves a standardized context key from host/path descriptors.
+ * The key is used across DB, WS, mailer, and cache registries.
+ *
+ * @method resolveHostKeyContext
+ * @param {{host?: string, path?: string}|string} [context={ host: '', path: '' }] - Context object or prebuilt key.
+ * @returns {string} Host key context string.
+ * @memberof ServerConfBuilder
+ */
+const resolveHostKeyContext = (context = { host: '', path: '' }) => {
+  if (typeof context === 'string') return context;
+  return `${context.host || ''}${context.path || ''}`;
+};
+
 /**
  * Recursively walks a configuration object and replaces every string value that
  * starts with {@link ENV_REF_PREFIX} (`"env:"`) with the corresponding
@@ -320,25 +334,29 @@ const Config = {
 
     if (!fs.existsSync(folder)) fs.mkdirSync(folder, { recursive: true });
 
-    const envTemplate = fs.existsSync('./.env.example')
+    const sharedEnvTemplate = fs.existsSync('./.env.example')
       ? fs.readFileSync('./.env.example', 'utf8')
       : fs.existsSync('./.env.production')
         ? fs.readFileSync('./.env.production', 'utf8')
         : '';
 
-    if (envTemplate) {
-      const prodEnv = envTemplate.replaceAll('dd-default', deployId);
-      fs.writeFileSync(`${folder}/.env.production`, prodEnv, 'utf8');
-      fs.writeFileSync(
-        `${folder}/.env.development`,
-        prodEnv.replace('NODE_ENV=production', 'NODE_ENV=development').replace('PORT=3000', 'PORT=4000'),
-        'utf8',
-      );
-      fs.writeFileSync(
-        `${folder}/.env.test`,
-        prodEnv.replace('NODE_ENV=production', 'NODE_ENV=test').replace('PORT=3000', 'PORT=5000'),
-        'utf8',
-      );
+    const envTemplates = {
+      production: fs.existsSync('./.env.production') ? fs.readFileSync('./.env.production', 'utf8') : sharedEnvTemplate,
+      development: fs.existsSync('./.env.development')
+        ? fs.readFileSync('./.env.development', 'utf8')
+        : sharedEnvTemplate
+          ? sharedEnvTemplate.replace('NODE_ENV=production', 'NODE_ENV=development').replace('PORT=3000', 'PORT=4000')
+          : '',
+      test: fs.existsSync('./.env.test')
+        ? fs.readFileSync('./.env.test', 'utf8')
+        : sharedEnvTemplate
+          ? sharedEnvTemplate.replace('NODE_ENV=production', 'NODE_ENV=test').replace('PORT=3000', 'PORT=5000')
+          : '',
+    };
+
+    for (const [envName, envTemplate] of Object.entries(envTemplates)) {
+      if (!envTemplate) continue;
+      fs.writeFileSync(`${folder}/.env.${envName}`, envTemplate.replaceAll('dd-default', deployId), 'utf8');
     }
 
     fs.writeFileSync(
@@ -1208,7 +1226,11 @@ const validateTemplatePath = (absolutePath = '') => {
   const confSsr = DefaultConf.ssr[ssr];
   const clients = DefaultConf.client.default.services;
 
-  if (absolutePath.match('src/api') && !confServer.apis.find((p) => absolutePath.match(`src/api/${p}/`))) {
+  if (
+    absolutePath.match('src/api') &&
+    !absolutePath.match('src/api/types.js') &&
+    !confServer.apis.find((p) => absolutePath.match(`src/api/${p}/`))
+  ) {
     return false;
   }
   if (absolutePath.match('conf.dd-') && absolutePath.match('.js')) return false;
@@ -1250,14 +1272,8 @@ const validateTemplatePath = (absolutePath = '') => {
     return false;
   }
   if (
-    absolutePath.match('src/client/ssr/offline') &&
-    !confSsr.offline.find((p) => absolutePath.match(`src/client/ssr/offline/${p.client}.js`))
-  ) {
-    return false;
-  }
-  if (
-    absolutePath.match('src/client/ssr/pages') &&
-    !confSsr.pages.find((p) => absolutePath.match(`src/client/ssr/pages/${p.client}.js`))
+    absolutePath.match('src/client/ssr/views') &&
+    !(confSsr.views || []).find((p) => absolutePath.match(`src/client/ssr/views/${p.client}.js`))
   ) {
     return false;
   }
@@ -1287,6 +1303,7 @@ const validateTemplatePath = (absolutePath = '') => {
 const awaitDeployMonitor = async (init = false, deltaMs = 1000) => {
   if (init) Underpost.env.set('await-deploy', new Date().toISOString());
   await timer(deltaMs);
+  if (Underpost.env.get('container-status') === 'error') throw new Error('Container status error');
   if (Underpost.env.get('await-deploy')) return await awaitDeployMonitor();
 };
 
@@ -1312,59 +1329,6 @@ const mergeFile = async (parts = [], outputFilePath) => {
   });
 };
 
-/**
- * @method rebuildConfFactory
- * @description Rebuilds the conf factory.
- * @param {object} options - The options.
- * @param {string} options.deployId - The deploy ID.
- * @param {string} options.valkey - The valkey.
- * @param {boolean} [options.mongo=false] - The mongo.
- * @returns {object} - The rebuild conf factory.
- * @memberof ServerConfBuilder
- */
-const rebuildConfFactory = ({ deployId, valkey, mongo }) => {
-  const confServer = loadReplicas(deployId, loadConfServerJson(`./engine-private/conf/${deployId}/conf.server.json`));
-  const hosts = {};
-  for (const host of Object.keys(confServer)) {
-    hosts[host] = {};
-    for (const path of Object.keys(confServer[host])) {
-      if (!confServer[host][path].db) continue;
-      const { singleReplica, replicas, db } = confServer[host][path];
-      const { provider } = db;
-      if (singleReplica) {
-        for (const replica of replicas) {
-          const deployIdReplica = buildReplicaId({ replica, deployId });
-          const confServerReplica = loadConfServerJson(`./engine-private/replica/${deployIdReplica}/conf.server.json`);
-          for (const _host of Object.keys(confServerReplica)) {
-            for (const _path of Object.keys(confServerReplica[_host])) {
-              hosts[host][_path] = { replica: { host, path } };
-              confServerReplica[_host][_path].valkey = valkey;
-              switch (provider) {
-                case 'mongoose':
-                  confServerReplica[_host][_path].db.host = mongo.host;
-                  break;
-              }
-            }
-          }
-          fs.writeFileSync(
-            `./engine-private/replica/${deployIdReplica}/conf.server.json`,
-            JSON.stringify(confServerReplica, null, 4),
-            'utf8',
-          );
-        }
-      } else hosts[host][path] = {};
-      confServer[host][path].valkey = valkey;
-      switch (provider) {
-        case 'mongoose':
-          confServer[host][path].db.host = mongo.host;
-          break;
-      }
-    }
-  }
-  fs.writeFileSync(`./engine-private/conf/${deployId}/conf.server.json`, JSON.stringify(confServer, null, 4), 'utf8');
-  return { hosts };
-};
-
 /**
  * @method getPathsSSR
  * @description Gets the paths SSR.
@@ -1377,8 +1341,7 @@ const getPathsSSR = (conf) => {
   for (const o of conf.head) paths.push(`src/client/ssr/head/${o}.js`);
   for (const o of conf.body) paths.push(`src/client/ssr/body/${o}.js`);
   for (const o of Object.keys(conf.mailer)) paths.push(`src/client/ssr/mailer/${conf.mailer[o]}.js`);
-  for (const o of conf.offline) paths.push(`src/client/ssr/mailer/${o.client}.js`);
-  for (const o of conf.pages) paths.push(`src/client/ssr/pages/${o.client}.js`);
+  for (const o of conf.views || []) paths.push(`src/client/ssr/views/${o.client}.js`);
   return paths;
 };
 
@@ -1746,6 +1709,44 @@ const loadConfServerJson = (jsonPath, options) => {
   return options && options.resolve === true ? resolveConfSecrets(raw) : raw;
 };
 
+/**
+ * Creates and writes the /etc/hosts file for a deployment.
+ * @method etcHostFactory
+ * @param {Array<string>} hosts - List of hosts to be added to the hosts file.
+ * @param {object} options - Options for the hosts file creation.
+ * @param {boolean} options.append - Whether to append to the existing hosts file.
+ * @returns {object} - Object containing the rendered hosts file.
+ * @memberof ServerConfBuilder
+ */
+const etcHostFactory = (hosts = [], options = { append: false }) => {
+  hosts = hosts.map((host) => {
+    try {
+      if (!host.startsWith('http')) host = `http://${host}`;
+      const hostname = new URL(host).hostname;
+      logger.info('Hostname extract valid', { host, hostname });
+      return hostname;
+    } catch (e) {
+      logger.warn('No hostname extract valid', host);
+      return host;
+    }
+  });
+  const renderHosts = `127.0.0.1         ${hosts.join(
+    ' ',
+  )} localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6`;
+
+  if (options && options.append && fs.existsSync(`/etc/hosts`)) {
+    fs.writeFileSync(
+      `/etc/hosts`,
+      fs.readFileSync(`/etc/hosts`, 'utf8') +
+        `
+${renderHosts}`,
+      'utf8',
+    );
+  } else fs.writeFileSync(`/etc/hosts`, renderHosts, 'utf8');
+  return { renderHosts };
+};
+
 export {
   Config,
   loadConf,
@@ -1774,7 +1775,6 @@ export {
   pathPortAssignmentFactory,
   deployRangePortFactory,
   awaitDeployMonitor,
-  rebuildConfFactory,
   buildCliDoc,
   getInstanceContext,
   buildApiConf,
@@ -1784,6 +1784,7 @@ export {
   devProxyHostFactory,
   isTlsDevProxy,
   getTlsHosts,
+  resolveHostKeyContext,
   resolveConfSecrets,
   loadConfServerJson,
   getConfFolder,
@@ -1792,4 +1793,5 @@ export {
   DEFAULT_DEPLOY_ID,
   loadCronDeployEnv,
   cronDeployIdResolve,
+  etcHostFactory,
 };

package/src/server/process.js

@@ -1,6 +1,22 @@
 /**
  * Module for process and shell command management.
- * Provides utilities for executing shell commands, managing signals, and handling environment details.
+ * Provides utilities for executing shell commands, managing signals, and
+ * handling environment details.
+ *
+ * Execution semantics:
+ *   - `shellExec(cmd)` throws `ShellExecError` on non-zero exit (fail-fast
+ *     is the default). CI/CD chains observe the failure end-to-end.
+ *   - `shellExec(cmd, { silentOnError: true })` opts out — returns the
+ *     `ShellString` result with `.code/.stdout/.stderr` so callers can
+ *     branch on the exit code themselves. Use for existence checks
+ *     (`test -x …`, `command -v …`, `kubectl get` when "missing" is a
+ *     normal answer).
+ *   - `shellExec(cmd, { cwd: "..." })` runs hermetically in `cwd` without
+ *      touching shelljs's global state.
+ *   - All children spawned by `shellExec` register in
+ *     `ProcessController.children` so SIGINT/SIGTERM forwarding can reach
+ *     them before the parent exits.
+ *
  * @module src/server/process.js
  * @namespace Process
  */
@@ -19,6 +35,12 @@ const logger = loggerFactory(import.meta);
 const getRootDirectory = () => process.cwd().replace(/\\/g, '/');
 /**
  * Controls and manages process-level events and signals.
+ *
+ * Subprocess registry: any child process tracked here will receive
+ * SIGTERM (followed by SIGKILL after a short grace period) when the
+ * parent receives SIGINT or SIGTERM. This prevents orphaned children
+ * during Ctrl+C in dev and during pod-termination in K8S.
+ *
  * @namespace ProcessController
  */
 class ProcessController {
@@ -41,9 +63,41 @@ class ProcessController {
     'SIGSEGV',
     'SIGILL',
   ];
+
+  /**
+   * Registry of currently running tracked child processes.
+   * Populated when callers spawn via the streaming Node-native path
+   * (future expansion). The sets are exposed so signal handlers and
+   * test harnesses can introspect / clean up the registry.
+   */
+  static children = new Set();
+
+  /** Internal: forward terminating signals to all tracked children. */
+  static _forwardToChildren(sig) {
+    if (ProcessController.children.size === 0) return;
+    for (const child of [...ProcessController.children]) {
+      try {
+        if (!child.killed) child.kill(sig);
+      } catch (_) {
+        // child may already have exited; ignore.
+      }
+    }
+    // Hard SIGKILL after 5s grace if any child is still alive.
+    setTimeout(() => {
+      for (const child of [...ProcessController.children]) {
+        try {
+          if (!child.killed) child.kill('SIGKILL');
+        } catch (_) {
+          /* noop */
+        }
+      }
+    }, 5000).unref();
+  }
+
   /**
    * Sets up listeners for various process signals defined in {@link ProcessController.SIG}.
-   * Handles graceful exit on 'SIGINT' (Ctrl+C).
+   * Handles graceful exit on 'SIGINT' (Ctrl+C) — but first forwards the
+   * signal to every tracked child so they get a chance to clean up.
    * @memberof ProcessController
    * @returns {Array<process.Process>} An array of process listener handles.
    */
@@ -53,7 +107,14 @@ class ProcessController {
         ProcessController.logger.info(`process on ${sig}`, args);
         switch (sig) {
           case 'SIGINT':
-            return process.exit();
+          case 'SIGTERM':
+          case 'SIGHUP':
+            ProcessController._forwardToChildren('SIGTERM');
+            // Give children a moment to exit cleanly before our own exit.
+            if (sig === 'SIGINT') {
+              setTimeout(() => process.exit(130), 200).unref();
+            }
+            break;
           default:
             break;
         }
@@ -71,33 +132,111 @@ class ProcessController {
     ProcessController.logger = logger;
     process.on('exit', (...args) => {
       ProcessController.logger.info(`process on exit`, args);
+      // Last-chance reap: any tracked child still alive at exit time
+      // gets a hard kill so the parent does not leak orphans into the
+      // pod / shell session.
+      ProcessController._forwardToChildren('SIGKILL');
     });
     ProcessController.onSigListen();
-    Underpost.env.delete('await-deploy');
+  }
+}
+/**
+ * `ShellExecError` — thrown by `shellExec` when the underlying command
+ * exits with a non-zero code (the default fail-fast behaviour). Carries
+ * the exit code, stdout, and stderr for inspection by callers / CI
+ * pipelines that need structured failure data.
+ */
+class ShellExecError extends Error {
+  constructor(cmd, code, stdout, stderr) {
+    super(`shellExec failed (exit=${code}): ${cmd}`);
+    this.name = 'ShellExecError';
+    this.cmd = cmd;
+    this.code = code;
+    this.stdout = stdout;
+    this.stderr = stderr;
   }
 }
 /**
  * Executes a shell command using shelljs.
+ *
+ * **Default behaviour is fail-fast**: a non-zero exit code throws
+ * `ShellExecError`. Callers that need to branch on the exit code
+ * (existence checks, optional commands) must pass `silentOnError: true`
+ * to opt out of throwing.
+ *
+ * The async-callback path is exempt from the throw — shelljs delivers
+ * `(code, stdout, stderr)` to the callback, which owns its own error
+ * handling.
+ *
  * @memberof Process
  * @param {string} cmd - The command string to execute.
  * @param {Object} [options] - Options for execution.
- * @param {boolean} [options.silent=false] - Suppress output from shell commands.
- * @param {boolean} [options.async=false] - Run command asynchronously.
- * @param {boolean} [options.stdout=false] - Return stdout content (string) instead of shelljs result object.
- * @param {boolean} [options.disableLog=false] - Prevent logging of the command.
- * @param {Function} [options.callback=null] - Callback function for asynchronous execution.
- * @returns {string|shelljs.ShellString} The result of the shell command (string if `stdout: true`, otherwise a ShellString object).
+ * @param {boolean} [options.silent=false] - Suppress child stdout/stderr to the parent terminal.
+ * @param {boolean} [options.async=false] - Run the command asynchronously (use with `callback`).
+ * @param {boolean} [options.stdout=false] - Return stdout string instead of the `ShellString` result object.
+ * @param {boolean} [options.disableLog=false] - Skip the `[process] cmd …` info log line.
+ * @param {Function} [options.callback=null] - Async callback `(code, stdout, stderr) => void` when `async: true`.
+ * @param {boolean} [options.silentOnError=false] - When `true`, swallow non-zero exits and return the `ShellString` instead of throwing. Inverse of the previous `throwOnError` flag.
+ * @param {string} [options.cwd] - Hermetic working directory (snapshotted + restored — does NOT leak).
+ * @returns {string|shelljs.ShellString} `ShellString` by default; the stdout string when `stdout: true`.
+ * @throws {ShellExecError} On non-zero exit when `silentOnError` is not set.
  */
-const shellExec = (
-  cmd,
-  options = { silent: false, async: false, stdout: false, disableLog: false, callback: null },
-) => {
+const shellExec = (cmd, options = {}) => {
   if (!options.disableLog) logger.info(`cmd`, cmd);
-  if (options.callback) return shell.exec(cmd, options, options.callback);
-  return options.stdout ? shell.exec(cmd, options).stdout : shell.exec(cmd, options);
+
+  // Whitelist exactly the keys `shelljs.exec` understands. Passing our own
+  // bookkeeping keys through (or a literal `cwd: undefined`) makes shelljs
+  // call `path.resolve(undefined)` and crash with ERR_INVALID_ARG_TYPE.
+  const shellOpts = {};
+  if (options.silent !== undefined) shellOpts.silent = options.silent;
+  if (options.async !== undefined) shellOpts.async = options.async;
+
+  // Hermetic cwd. shelljs.cd mutates a process-wide global; instead we
+  // snapshot the current cwd here, switch for the duration of this call,
+  // and restore in `finally`. We deliberately do NOT forward `cwd` to
+  // shelljs — leaving its `cwd` unset means it inherits our just-changed
+  // `process.cwd()`, and we keep full control of restore semantics.
+  const previousCwd = options.cwd ? process.cwd() : null;
+  if (options.cwd) {
+    try {
+      process.chdir(options.cwd);
+    } catch (err) {
+      if (Underpost.env.isInsideContainer()) Underpost.env.set('container-status', 'error')
+      throw new ShellExecError(cmd, -1, '', `chdir(${options.cwd}) failed: ${err.message}`);
+    }
+  }
+  try {
+    if (options.callback) {
+      // Async path. shelljs invokes the callback with (code, stdout, stderr).
+      // The callback owns its own error handling; the throw default does
+      // not apply here.
+      return shell.exec(cmd, shellOpts, options.callback);
+    }
+    const result = shell.exec(cmd, shellOpts);
+
+    if (!options.silentOnError && result && typeof result.code === 'number' && result.code !== 0) {
+      if (Underpost.env.isInsideContainer()) Underpost.env.set('container-status', 'error')
+      throw new ShellExecError(cmd, result.code, result.stdout || '', result.stderr || '');
+    }
+
+    return options.stdout ? result.stdout : result;
+  } finally {
+    if (previousCwd) {
+      try {
+        process.chdir(previousCwd);
+      } catch (_) {
+        /* best-effort restore */
+      }
+    }
+  }
 };
 /**
  * Changes the current working directory using shelljs.
+ *
+ * Note: `shellCd` mutates global state. Prefer `shellExec(cmd, { cwd })`
+ * for one-shot directory-scoped commands; use `shellCd` only for the
+ * outermost shell where the cwd should persist across many calls.
+ *
  * @memberof Process
  * @param {string} cd - The path to change the directory to.
  * @param {Object} [options] - Options for the CD operation.
@@ -110,6 +249,11 @@ const shellCd = (cd, options = { disableLog: false }) => {
 };
 /**
  * Wraps a command to run it as a daemon process in a shell (keeping the process alive/terminal open).
+ *
+ * NB: callers must ensure `cmd` does not contain unescaped single quotes —
+ * the wrapper uses `bash -c '<cmd>; …'`. For arbitrary user input prefer
+ * a heredoc or a temporary script file.
+ *
  * @memberof Process
  * @param {string} cmd - The command to daemonize.
  * @returns {string} The shell command string for the daemon process.
@@ -119,11 +263,19 @@ const daemonProcess = (cmd) => `exec bash -c '${cmd}; exec tail -f /dev/null'`;
  * Retrieves the process ID (PID) of the most recently created gnome-terminal instance.
  * Note: This function is environment-specific (GNOME/Linux) and uses `pgrep -n`.
  * @memberof Process
- * @returns {number} The PID of the last gnome-terminal process.
+ * @returns {number|null} The PID of the last gnome-terminal process, or null if none running.
  */
 // list all terminals: pgrep gnome-terminal
 // list last terminal: pgrep -n gnome-terminal
-const getTerminalPid = () => JSON.parse(shellExec(`pgrep -n gnome-terminal`, { stdout: true, silent: true }));
+const getTerminalPid = () => {
+  const raw = shellExec(`pgrep -n gnome-terminal`, { stdout: true, silent: true, silentOnError: true });
+  if (!raw || !raw.trim()) return null;
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+};
 /**
  * Copies text content to the system clipboard using clipboardy.
  * Logs the copied content for confirmation.
@@ -135,4 +287,13 @@ function pbcopy(data) {
   clipboard.writeSync(data || '🦄');
   logger.info(`copied to clipboard`, clipboard.readSync());
 }
-export { ProcessController, getRootDirectory, shellExec, shellCd, pbcopy, getTerminalPid, daemonProcess };
+export {
+  ProcessController,
+  ShellExecError,
+  getRootDirectory,
+  shellExec,
+  shellCd,
+  pbcopy,
+  getTerminalPid,
+  daemonProcess,
+};

package/src/server/proxy.js

@@ -9,7 +9,14 @@
 import express from 'express';
 import { createProxyMiddleware } from 'http-proxy-middleware';
 import { loggerFactory, loggerMiddleware } from './logger.js';
-import { buildPortProxyRouter, buildProxyRouter, getTlsHosts, isDevProxyContext, isTlsDevProxy } from './conf.js';
+import {
+  buildPortProxyRouter,
+  buildProxyRouter,
+  etcHostFactory,
+  getTlsHosts,
+  isDevProxyContext,
+  isTlsDevProxy,
+} from './conf.js';
 
 import { shellExec } from './process.js';
 import fs from 'fs-extra';
@@ -114,7 +121,7 @@ class ProxyService {
       logger.info('Proxy running', { port, router: options.router });
       if (process.env.NODE_ENV === 'development')
         logger.info(
-          Underpost.deploy.etcHostFactory(Object.keys(options.router), {
+          etcHostFactory(Object.keys(options.router), {
             append: true,
           }).renderHosts,
         );

package/src/server/runtime.js

@@ -176,7 +176,7 @@ const buildRuntime = async () => {
   }
 
   if (Lampp.enabled() && Lampp.router) Lampp.initService();
-
+  Underpost.env.delete('await-deploy');
   Underpost.start.logRuntimeRouter();
 };
 

package/src/server/start.js

@@ -198,20 +198,32 @@ class UnderpostStartUp {
      */
     async run(deployId = 'dd-default', env = 'development', options = {}) {
       const runCmd = env === 'production' ? 'run prod:container' : 'run dev:container';
+      const makeDeployCallback = (cmd) => (code, out, msg) => {
+        if (code !== 0) {
+          logger.error(`Deployment process exited with code ${code}`, { cmd, msg });
+          Underpost.env.set('container-status', 'error');
+        }
+      };
       if (fs.existsSync(`./engine-private/replica`)) {
         const replicas = await fs.readdir(`./engine-private/replica`);
         for (const replica of replicas) {
           if (!replica.match(deployId)) continue;
           shellExec(`node bin env ${replica} ${env}`);
-          shellExec(`npm ${runCmd} ${replica}`, { async: true });
+          const replicaCmd = `npm ${runCmd} ${replica}`;
+          shellExec(replicaCmd, { async: true, callback: makeDeployCallback(replicaCmd) });
           await awaitDeployMonitor(true);
         }
       }
       shellExec(`node bin env ${deployId} ${env}`);
-      shellExec(`npm ${runCmd} ${deployId}`, { async: true });
+      const deployCmd = `npm ${runCmd} ${deployId}`;
+      shellExec(deployCmd, { async: true, callback: makeDeployCallback(deployCmd) });
       await awaitDeployMonitor(true);
-      if (env === 'production' && Underpost.env.isInsideContainer()) Underpost.secret.globalSecretClean();
-      Underpost.env.set('container-status', `${deployId}-${env}-running-deployment`);
+      if (Underpost.env.get('container-status') !== 'error') {
+        if (env === 'production' && Underpost.env.isInsideContainer()) Underpost.secret.globalSecretClean();
+        Underpost.env.set('container-status', `${deployId}-${env}-running-deployment`);
+      }
+      Underpost.env.set('container-status', 'error');
+      throw new Error('Deployment process exited unexpectedly');
     },
   };
 }

package/src/server/valkey.js

@@ -14,6 +14,7 @@
  */
 import Valkey from 'iovalkey';
 import { loggerFactory } from './logger.js';
+import Underpost from '../index.js';
 
 const logger = loggerFactory(import.meta);
 
@@ -70,6 +71,7 @@ const createValkeyConnection = async (instance = {}, connectionOptions = {}) =>
   client.on('error', (err) => {
     ValkeyStatus[key] = 'error';
     logger.error('Valkey error', { err: err?.message, instance });
+    if (Underpost.env.isInsideContainer()) Underpost.env.set('container-status', 'error');
   });
   client.on('reconnecting', () => {
     ValkeyStatus[key] = 'reconnecting';