vyft 0.1.0-alpha → 0.2.0-alpha

package/README.md

@@ -1,189 +1,56 @@
 # Vyft
 
-Deploy apps with TypeScript.
+Deploy apps with TypeScript
 
-## Install
+## Getting Started
 
 ```bash
-npm install vyft
+npx vyft init
 ```
 
-## Quick Start
+This scaffolds a fullstack project with a Hono API, React SPA, and Postgres — all wired up and ready to deploy.
 
-Create `vyft.config.ts`:
+## Example
 
 ```typescript
+// vyft.config.ts
 import { interpolate } from 'vyft';
 import { swarm } from 'vyft/swarm';
 
-const { secret, volume, service, site } = swarm();
+const { service, secret, volume, site } = swarm();
 
-export const dbPassword = secret('db-password');
-export const dbData = volume('db-data', { size: '20GB' });
+export const dbPassword = secret('db-password', { length: 32 });
+export const dbData = volume('db-data', { size: '10GB' });
 
 export const db = service('db', {
-  image: 'postgres:16',
+  image: 'postgres:17',
+  volumes: [{ volume: dbData, mount: '/var/lib/postgresql/data' }],
   env: {
     POSTGRES_PASSWORD: dbPassword,
-    POSTGRES_DB: 'myapp'
-  },
-  volumes: [
-    { volume: dbData, mount: '/var/lib/postgresql/data' }
-  ]
+    POSTGRES_DB: 'myapp',
+  }
 });
 
 export const api = service('api', {
-  route: 'api.example.com',
-  image: { context: './api' },
+  route: 'example.com/api/*',
+  image: { dockerfile: './apps/api/Dockerfile' },
   env: {
-    DATABASE_URL: interpolate`postgres://postgres:${dbPassword}@${db.host}:5432/myapp`
+    DATABASE_URL: interpolate`postgres://postgres:${dbPassword}@${db.host}:5432/myapp`,
   }
 });
 
-export const app = site('app', {
+export const web = site('web', {
   route: 'example.com',
   spa: true,
-  build: { context: './frontend' }
+  build: { cwd: './apps/web' }
 });
 ```
 
-Deploy:
-
 ```bash
 vyft deploy
 ```
 
-Tear down:
-
-```bash
-vyft destroy
-```
-
-## Runtime
-
-Resources are created through a runtime. The `swarm` runtime manages containers, networking, and routing.
-
-```typescript
-import { swarm } from 'vyft/swarm';
-
-const { secret, volume, service, site } = swarm();
-```
-
-Volumes support size limits (requires xfs with project quotas on the host):
-
-```typescript
-const { volume } = swarm();
-
-export const data = volume('data', { size: '50GB' });
-```
-
-## Primitives
-
-### volume
-
-Persistent storage.
-
-```typescript
-volume('data');
-```
-
-### secret
-
-Auto-generated secure values. Mounted as files at `/run/secrets/<id>`.
-
-```typescript
-const apiKey = secret('api-key');
-const jwtSecret = secret('jwt-secret', { length: 64 });
-```
-
-Pass a secret directly as an env value to mount it. The `_FILE` suffix is added automatically:
-
-```typescript
-env: {
-  API_KEY: apiKey
-}
-// → sets API_KEY_FILE=/run/secrets/api-key
-```
-
-### interpolate
-
-Compose env values that contain secrets. Imported from `vyft`.
-
-```typescript
-import { interpolate } from 'vyft';
-
-env: {
-  DATABASE_URL: interpolate`postgres://user:${dbPassword}@${db.host}:5432/mydb`
-}
-// → sets DATABASE_URL_FILE=/run/secrets/<derived-secret>
-```
-
-The result is stored as a derived secret and mounted as a file.
-
-### service
-
-Run containers.
-
-```typescript
-const api = service('api', {
-  image: { context: './api' },  // Build from directory
-  // or: image: 'node:20',      // Use existing image
-  route: 'api.example.com',
-  port: 3000,
-  env: { NODE_ENV: 'production' },
-  command: ['node', 'server.js'],
-  volumes: [{ volume: data, mount: '/app/data' }],
-  replicas: 3,
-  healthCheck: {
-    command: ['curl', '-f', 'http://localhost:3000/health'],
-    interval: '30s',
-    timeout: '10s',
-    retries: 3
-  },
-  resources: {
-    memory: '512MB',
-    cpus: 0.5
-  },
-  restartPolicy: 'on-failure'
-});
-```
-
-Services expose output properties for referencing elsewhere:
-
-```typescript
-api.host  // internal hostname
-api.port  // internal port (default 3000)
-api.url   // full URL (https if routed, http otherwise)
-```
-
-### site
-
-Serve static sites with automatic builds.
-
-```typescript
-const app = site('app', {
-  route: 'example.com',
-  spa: true,
-  build: {
-    context: './frontend',
-    output: './dist',
-    command: 'npm run build'
-  }
-});
-
-app.url  // https://example.com
-```
-
-## Routing
-
-Routes go through a reverse proxy with automatic SSL.
-
-```typescript
-'example.com'           // Root domain
-'example.com/api/*'     // Path prefix
-'api.example.com'       // Subdomain
-'*.example.com'         // Wildcard subdomain
-```
+Secrets are auto-generated, images are built, static sites are compiled, and everything is routed with automatic SSL.
 
 ## Requirements
 

package/dist/cli.js

@@ -46,6 +46,27 @@ function isResource(value) {
         typeof value.type === "string" &&
         typeof value.id === "string");
 }
+function collectResources(exports) {
+    const seen = new Set();
+    const resources = [];
+    for (const value of Object.values(exports)) {
+        if (isResource(value)) {
+            if (!seen.has(value.id)) {
+                seen.add(value.id);
+                resources.push(value);
+            }
+        }
+        else if (typeof value === "object" && value !== null) {
+            for (const nested of Object.values(value)) {
+                if (isResource(nested) && !seen.has(nested.id)) {
+                    seen.add(nested.id);
+                    resources.push(nested);
+                }
+            }
+        }
+    }
+    return resources;
+}
 function hasRuntime(value) {
     return (typeof value === "object" &&
         value !== null &&
@@ -69,9 +90,10 @@ async function deploy(configFile, verbose) {
     const sessionLog = logger.child({ sessionId, command: "deploy" });
     const start = performance.now();
     const project = await findProjectName(configFile);
+    process.env.VYFT_PROJECT = project;
     intro(`Deploying ${project}`);
     const config = await import(configFile);
-    const resources = Object.values(config).filter(isResource);
+    const resources = collectResources(config);
     if (resources.length === 0) {
         log.warn("No resources found");
         outro();
@@ -87,7 +109,7 @@ async function deploy(configFile, verbose) {
     let skipped = 0;
     for (const resource of resources) {
         const exists = await docker.exists(resource);
-        if (exists) {
+        if (exists && resource.type !== "service" && resource.type !== "site") {
             log.success(resource.id);
             skipped++;
         }
@@ -142,6 +164,7 @@ async function destroy(searchDir) {
             removed++;
         }
     }
+    await docker.removeProjectNetwork();
     const durationMs = Math.round(performance.now() - start);
     sessionLog.info({ project, removed, durationMs }, "destroy completed");
     outro("Destroy complete");
@@ -181,6 +204,20 @@ program
         throw err;
     }
 });
+const proxy = program.command("proxy").description("Manage the proxy");
+proxy
+    .command("logs")
+    .description("View proxy request logs")
+    .option("-f, --follow", "stream logs continuously", false)
+    .option("--tail <n>", "number of lines to show", "100")
+    .action(async (opts) => {
+    const project = await findProjectName(path.join(process.cwd(), "package.json"));
+    const docker = new DockerClient(project);
+    await docker.proxyLogs({
+        follow: opts.follow,
+        tail: parseInt(opts.tail, 10),
+    });
+});
 program
     .command("destroy")
     .description("Destroy all deployed resources")

package/dist/docker.d.ts

@@ -5,7 +5,7 @@ export declare function parseRoute(route: string): {
     host: string;
     path?: string;
 };
-export declare function buildCaddyRoute(project: string, resourceId: string, route: string, handler: Record<string, unknown>): Record<string, unknown>;
+export declare function buildCaddyRoute(resourceId: string, route: string, handler: Record<string, unknown>): Record<string, unknown>;
 export interface ManagedResource {
     id: string;
     type: ResourceType;
@@ -15,11 +15,14 @@ export interface ManagedResource {
 }
 export declare class DockerClient implements Runtime {
     private docker;
+    private localDocker;
+    private isRemote;
     private project;
     private secretValues;
     private log;
     verbose: boolean;
     constructor(project: string, parentLogger?: Logger);
+    private ensureNetwork;
     ensureInfrastructure(): Promise<void>;
     private findProxyContainer;
     private caddyApiRequest;
@@ -43,6 +46,12 @@ export declare class DockerClient implements Runtime {
     private createService;
     private serviceExists;
     private removeService;
+    private pullImage;
     private createStatic;
     private removeStatic;
+    proxyLogs(options: {
+        follow?: boolean;
+        tail?: number;
+    }): Promise<void>;
+    removeProjectNetwork(): Promise<void>;
 }

package/dist/docker.js

@@ -67,13 +67,13 @@ export function parseRoute(route) {
         path: route.slice(slashIndex),
     };
 }
-export function buildCaddyRoute(project, resourceId, route, handler) {
+export function buildCaddyRoute(resourceId, route, handler) {
     const { host, path } = parseRoute(route);
     const match = { host: [host] };
     if (path)
         match.path = [path];
     return {
-        "@id": `vyft-${project}-${resourceId}`,
+        "@id": `vyft-${resourceId}`,
         match: [match],
         terminal: true,
         handle: [handler],
@@ -81,15 +81,19 @@ export function buildCaddyRoute(project, resourceId, route, handler) {
 }
 export class DockerClient {
     docker;
+    localDocker;
+    isRemote;
     project;
     secretValues = new Map();
     log;
     verbose = false;
     constructor(project, parentLogger) {
+        this.localDocker = new Docker({ socketPath: "/var/run/docker.sock" });
         const contextHost = resolveDockerHost();
         if (contextHost)
             process.env.DOCKER_HOST = contextHost;
         this.docker = new Docker();
+        this.isRemote = !!(contextHost || process.env.DOCKER_HOST);
         this.project = project;
         this.log = (parentLogger ?? defaultLogger).child({
             component: "docker",
@@ -98,27 +102,49 @@ export class DockerClient {
         if (contextHost)
             this.log.debug({ host: contextHost }, "using docker context endpoint");
     }
-    async ensureInfrastructure() {
-        const start = performance.now();
-        this.log.debug("checking proxy existence");
-        const exists = await this.serviceExists(PROXY_SERVICE_NAME);
-        if (exists) {
-            this.log.debug("proxy already exists");
-            return;
-        }
-        // Create network for services to communicate
+    async ensureNetwork(name, labels = {}) {
         const networks = await this.docker.listNetworks({
-            filters: JSON.stringify({ name: ["vyft-network"] }),
+            filters: JSON.stringify({ name: [name] }),
         });
-        if (networks.length === 0) {
-            this.log.debug("creating network");
+        const exactMatch = networks.some((n) => n.Name === name);
+        if (!exactMatch) {
+            this.log.debug({ network: name }, "creating network");
             await this.docker.createNetwork({
-                Name: "vyft-network",
+                Name: name,
                 Driver: "overlay",
                 Attachable: true,
-                Labels: { "vyft.infrastructure": "true" },
+                Labels: labels,
             });
         }
+    }
+    async ensureInfrastructure() {
+        const start = performance.now();
+        // Ensure per-project network for inter-service DNS
+        await this.ensureNetwork(`${this.project}-internal`, {
+            "com.docker.stack.namespace": this.project,
+            "vyft.managed": "true",
+            "vyft.project": this.project,
+        });
+        this.log.debug("checking proxy existence");
+        const exists = await this.serviceExists(PROXY_SERVICE_NAME);
+        if (exists) {
+            this.log.debug("proxy already exists, verifying config structure");
+            try {
+                const raw = await this.caddyApiRequest("GET", "/config/");
+                const config = JSON.parse(raw);
+                if (!config?.apps?.http?.servers?.main) {
+                    this.log.debug("proxy config missing servers.main, re-seeding");
+                    await this.seedCaddyConfig();
+                }
+            }
+            catch {
+                this.log.debug("proxy config check failed, re-seeding");
+                await this.seedCaddyConfig();
+            }
+            return;
+        }
+        // Create shared proxy network
+        await this.ensureNetwork("vyft-network", { "vyft.infrastructure": "true" });
         this.log.debug("creating proxy service");
         await this.docker.createService({
             Name: PROXY_SERVICE_NAME,
@@ -266,12 +292,20 @@ export class DockerClient {
             }
         }
         const baseConfig = {
+            logging: {
+                logs: {
+                    default: {
+                        level: "INFO",
+                    },
+                },
+            },
             apps: {
                 http: {
                     servers: {
                         main: {
                             listen: [":443", ":80"],
                             routes: [],
+                            logs: {},
                         },
                     },
                 },
@@ -298,10 +332,10 @@ export class DockerClient {
     }
     async addRoute(resourceId, route, handler) {
         this.log.debug({ resourceId, route }, "adding route");
-        const caddyRoute = buildCaddyRoute(this.project, resourceId, route, handler);
+        const caddyRoute = buildCaddyRoute(resourceId, route, handler);
         // Delete existing route for idempotency
         try {
-            await this.caddyApiRequest("DELETE", `/id/vyft-${this.project}-${resourceId}`);
+            await this.caddyApiRequest("DELETE", `/id/vyft-${resourceId}`);
         }
         catch (err) {
             this.log.debug({ err, resourceId }, "idempotent route delete failed");
@@ -326,7 +360,7 @@ export class DockerClient {
     async removeRoute(resourceId) {
         this.log.debug({ resourceId }, "removing route");
         try {
-            await this.caddyApiRequest("DELETE", `/id/vyft-${this.project}-${resourceId}`);
+            await this.caddyApiRequest("DELETE", `/id/vyft-${resourceId}`);
             this.log.debug({ resourceId }, "route removed");
         }
         catch (err) {
@@ -419,6 +453,7 @@ export class DockerClient {
         this.log.debug({ volumeName: volume.id }, "creating volume");
         const config = volume.config;
         const labels = {
+            "com.docker.stack.namespace": this.project,
             "vyft.managed": "true",
             "vyft.project": this.project,
             "vyft.type": "volume",
@@ -497,6 +532,7 @@ export class DockerClient {
             Name: name,
             Data: Buffer.from(value).toString("base64"),
             Labels: {
+                "com.docker.stack.namespace": this.project,
                 "vyft.managed": "true",
                 "vyft.project": this.project,
                 "vyft.type": "secret",
@@ -531,25 +567,39 @@ export class DockerClient {
                 envList.push(`${envKey}=/run/secrets/${value.id}`);
             }
             else if (isInterpolation(value)) {
-                const parts = [];
-                for (let i = 0; i < value.strings.length; i++) {
-                    parts.push(value.strings[i]);
-                    if (i < value.values.length) {
-                        const v = value.values[i];
-                        if (isReference(v)) {
-                            const secretValue = this.secretValues.get(v.id);
-                            if (secretValue === undefined) {
-                                throw new Error(`Secret "${v.id}" value not available — it must be created in the same deploy session`);
+                const derivedName = `${serviceId}-${key.toLowerCase().replace(/_/g, "-")}`;
+                // Check if all referenced secrets have their values available
+                let allValuesAvailable = true;
+                for (const v of value.values) {
+                    if (isReference(v) && !this.secretValues.has(v.id)) {
+                        allValuesAvailable = false;
+                        break;
+                    }
+                }
+                if (allValuesAvailable) {
+                    // Build the interpolated value and create/update the derived secret
+                    const parts = [];
+                    for (let i = 0; i < value.strings.length; i++) {
+                        parts.push(value.strings[i]);
+                        if (i < value.values.length) {
+                            const v = value.values[i];
+                            if (isReference(v)) {
+                                parts.push(this.secretValues.get(v.id));
+                            }
+                            else {
+                                parts.push(v);
                             }
-                            parts.push(secretValue);
-                        }
-                        else {
-                            parts.push(v);
                         }
                     }
+                    await this.createDerivedSecret(derivedName, parts.join(""), serviceId);
+                }
+                else if (!(await this.secretExists(derivedName))) {
+                    // Source secret values not in memory and derived secret doesn't exist
+                    const missing = value.values
+                        .filter((v) => isReference(v) && !this.secretValues.has(v.id))
+                        .map((v) => v.id);
+                    throw new Error(`Secret(s) ${missing.join(", ")} value not available and derived secret "${derivedName}" does not exist — destroy and redeploy to regenerate`);
                 }
-                const derivedName = `${serviceId}-${key.toLowerCase().replace(/_/g, "-")}`;
-                await this.createDerivedSecret(derivedName, parts.join(""), serviceId);
                 const derivedId = await this.lookupSecretId(derivedName);
                 secrets.push(secretMount(derivedId, derivedName));
                 const envKey = key.endsWith("_FILE") ? key : `${key}_FILE`;
@@ -561,20 +611,25 @@ export class DockerClient {
     }
     async createService(service) {
         const start = performance.now();
+        await this.ensureNetwork(`${this.project}-internal`, {
+            "com.docker.stack.namespace": this.project,
+            "vyft.managed": "true",
+            "vyft.project": this.project,
+        });
         const config = service.config;
         let imageName;
         if (typeof config.image === "object") {
             const { context = ".", dockerfile = "Dockerfile" } = config.image;
-            imageName = `${service.id}:latest`;
+            const buildTag = `${service.id}:latest`;
             this.log.debug({ resourceId: service.id, context, dockerfile }, "image build started");
             const buildStart = performance.now();
             const tarStream = tar.pack(path.resolve(context));
-            const stream = await this.docker.buildImage(tarStream, {
-                t: imageName,
+            const stream = await this.localDocker.buildImage(tarStream, {
+                t: buildTag,
                 dockerfile,
             });
             await new Promise((resolve, reject) => {
-                this.docker.modem.followProgress(stream, (err) => (err ? reject(err) : resolve()), (event) => {
+                this.localDocker.modem.followProgress(stream, (err) => (err ? reject(err) : resolve()), (event) => {
                     if (event.error)
                         log.error(event.error);
                     else if (this.verbose && event.stream)
@@ -585,14 +640,29 @@ export class DockerClient {
             const buildDurationMs = Math.round(performance.now() - buildStart);
             this.log.debug({
                 resourceId: service.id,
-                image: imageName,
+                image: buildTag,
                 durationMs: buildDurationMs,
             }, "image build completed");
-            const images = await this.docker.listImages({
-                filters: JSON.stringify({ reference: [imageName] }),
+            const images = await this.localDocker.listImages({
+                filters: JSON.stringify({ reference: [buildTag] }),
             });
             if (images.length === 0) {
-                throw new Error(`Image ${imageName} was not built successfully`);
+                throw new Error(`Image ${buildTag} was not built successfully`);
+            }
+            // Tag with content hash so the orchestrator detects the new image
+            const shortHash = images[0].Id.replace("sha256:", "").slice(0, 12);
+            imageName = `${service.id}:${shortHash}`;
+            await this.localDocker.getImage(buildTag).tag({
+                repo: service.id,
+                tag: shortHash,
+            });
+            if (this.isRemote) {
+                this.log.debug({ image: imageName }, "transferring image to remote");
+                const transferStart = performance.now();
+                const imageStream = await this.localDocker.getImage(imageName).get();
+                await this.docker.loadImage(imageStream);
+                const transferDurationMs = Math.round(performance.now() - transferStart);
+                this.log.debug({ image: imageName, durationMs: transferDurationMs }, "image transferred to remote");
             }
         }
         else {
@@ -600,11 +670,13 @@ export class DockerClient {
         }
         // Build labels for service and container
         const serviceLabels = {
+            "com.docker.stack.namespace": this.project,
             "vyft.managed": "true",
             "vyft.project": this.project,
             "vyft.type": "service",
         };
         const containerLabels = {
+            "com.docker.stack.namespace": this.project,
             "vyft.managed": "true",
             "vyft.project": this.project,
         };
@@ -641,9 +713,15 @@ export class DockerClient {
                     : undefined,
             };
         }
+        const networks = [
+            { Target: `${this.project}-internal` },
+        ];
+        if (config.route) {
+            networks.push({ Target: "vyft-network" });
+        }
         const taskTemplate = {
             ContainerSpec: containerSpec,
-            Networks: config.route ? [{ Target: "vyft-network" }] : undefined,
+            Networks: networks,
         };
         if (config.resources) {
             taskTemplate.Resources = {
@@ -687,8 +765,20 @@ export class DockerClient {
                 : undefined,
         };
         this.log.trace({ serviceSpec }, "docker create service spec");
-        this.log.debug({ resourceId: service.id }, "docker.createService called");
-        await this.docker.createService(serviceSpec);
+        const existing = await this.serviceExists(service.id);
+        if (existing) {
+            this.log.debug({ resourceId: service.id }, "updating existing service");
+            const svc = this.docker.getService(service.id);
+            const info = await svc.inspect();
+            await svc.update({
+                ...serviceSpec,
+                version: info.Version.Index,
+            });
+        }
+        else {
+            this.log.debug({ resourceId: service.id }, "creating new service");
+            await this.docker.createService(serviceSpec);
+        }
         if (config.route) {
             const port = config.port || 3000;
             await this.addRoute(service.id, config.route, {
@@ -702,8 +792,8 @@ export class DockerClient {
             image: imageName,
             hasRoute: !!config.route,
             durationMs,
-        }, "service created");
-        log.step(`Created ${service.id}`);
+        }, existing ? "service updated" : "service created");
+        log.step(`${existing ? "Updated" : "Created"} ${service.id}`);
     }
     async serviceExists(id) {
         try {
@@ -743,8 +833,21 @@ export class DockerClient {
         this.log.info({ resourceId: id, durationMs }, "service removed");
         log.step(`Removed ${id}`);
     }
+    async pullImage(image) {
+        this.log.debug({ image }, "pulling image");
+        const stream = await this.docker.pull(image);
+        await new Promise((resolve, reject) => {
+            this.docker.modem.followProgress(stream, (err) => err ? reject(err) : resolve());
+        });
+        this.log.debug({ image }, "image pulled");
+    }
     async createStatic(static_) {
         const start = performance.now();
+        await this.ensureNetwork(`${this.project}-internal`, {
+            "com.docker.stack.namespace": this.project,
+            "vyft.managed": "true",
+            "vyft.project": this.project,
+        });
         this.log.debug({ resourceId: static_.id, route: static_.config.route }, "creating static site");
         this.log.debug({ resourceId: static_.id }, "static build starting");
         const { outputPath } = await buildStatic(static_.config.build.cwd, {
@@ -753,17 +856,21 @@ export class DockerClient {
             env: static_.config.build.env,
         }, this.log);
         const volumeName = `${static_.id}-files`;
-        this.log.debug({ volumeName }, "creating static volume");
-        await this.docker.createVolume({
-            Name: volumeName,
-            Labels: {
-                "vyft.managed": "true",
-                "vyft.project": this.project,
-                "vyft.type": "volume",
-                "vyft.static": static_.id,
-            },
-        });
+        if (!(await this.volumeExists(volumeName))) {
+            this.log.debug({ volumeName }, "creating static volume");
+            await this.docker.createVolume({
+                Name: volumeName,
+                Labels: {
+                    "com.docker.stack.namespace": this.project,
+                    "vyft.managed": "true",
+                    "vyft.project": this.project,
+                    "vyft.type": "volume",
+                    "vyft.static": static_.id,
+                },
+            });
+        }
         this.log.debug({ resourceId: static_.id, outputPath }, "tar copy started");
+        await this.pullImage("alpine:latest");
         const tarStream = tar.pack(outputPath);
         const container = await this.docker.createContainer({
             Image: "alpine:latest",
@@ -773,16 +880,24 @@ export class DockerClient {
             },
         });
         await container.start();
+        // Clear old files before copying new ones
+        await container.exec({
+            Cmd: ["sh", "-c", "rm -rf /data/*"],
+            AttachStdout: true,
+            AttachStderr: true,
+        });
         await container.putArchive(tarStream, { path: "/data" });
         await container.remove({ force: true });
         this.log.debug({ resourceId: static_.id }, "tar copy completed");
         const serviceLabels = {
+            "com.docker.stack.namespace": this.project,
             "vyft.managed": "true",
             "vyft.project": this.project,
             "vyft.type": "site",
             "vyft.route": static_.config.route,
         };
         const containerLabels = {
+            "com.docker.stack.namespace": this.project,
             "vyft.managed": "true",
             "vyft.project": this.project,
         };
@@ -793,28 +908,50 @@ export class DockerClient {
                 "printf ':80 {\\nroot * /srv\\ntry_files {path} /index.html\\nfile_server\\n}\\n' > /etc/caddy/Caddyfile && caddy run --config /etc/caddy/Caddyfile --adapter caddyfile",
             ]
             : ["caddy", "file-server", "--root", "/srv", "--listen", ":80"];
-        this.log.debug({ resourceId: static_.id }, "creating caddy service for static site");
-        await this.docker.createService({
+        const serviceSpec = {
             Name: static_.id,
             Labels: serviceLabels,
             TaskTemplate: {
                 ContainerSpec: {
                     Image: "caddy:latest",
                     Command: command,
-                    Mounts: [{ Type: "volume", Source: volumeName, Target: "/srv" }],
+                    Mounts: [
+                        { Type: "volume", Source: volumeName, Target: "/srv" },
+                    ],
                     Labels: containerLabels,
                 },
-                Networks: [{ Target: "vyft-network" }],
+                Networks: [
+                    { Target: `${this.project}-internal` },
+                    { Target: "vyft-network" },
+                ],
             },
             Mode: { Replicated: { Replicas: 1 } },
-        });
+        };
+        const existing = await this.serviceExists(static_.id);
+        if (existing) {
+            this.log.debug({ resourceId: static_.id }, "updating static site service");
+            const svc = this.docker.getService(static_.id);
+            const info = await svc.inspect();
+            await svc.update({
+                ...serviceSpec,
+                version: info.Version.Index,
+                TaskTemplate: {
+                    ...serviceSpec.TaskTemplate,
+                    ForceUpdate: (info.Spec?.TaskTemplate?.ForceUpdate ?? 0) + 1,
+                },
+            });
+        }
+        else {
+            this.log.debug({ resourceId: static_.id }, "creating caddy service for static site");
+            await this.docker.createService(serviceSpec);
+        }
         await this.addRoute(static_.id, static_.config.route, {
             handler: "reverse_proxy",
             upstreams: [{ dial: `${static_.id}:80` }],
         });
         const durationMs = Math.round(performance.now() - start);
-        this.log.info({ resourceId: static_.id, route: static_.config.route, durationMs }, "site created");
-        log.step(`Created ${static_.id}`);
+        this.log.info({ resourceId: static_.id, route: static_.config.route, durationMs }, existing ? "site updated" : "site created");
+        log.step(`${existing ? "Updated" : "Created"} ${static_.id}`);
     }
     async removeStatic(id) {
         const start = performance.now();
@@ -852,4 +989,60 @@ export class DockerClient {
         this.log.info({ resourceId: id, durationMs }, "site removed");
         log.step(`Removed ${id}`);
     }
+    async proxyLogs(options) {
+        const container = await this.findProxyContainer();
+        const tail = options.tail ?? 100;
+        if (options.follow) {
+            const stream = await container.logs({
+                stdout: true,
+                stderr: true,
+                follow: true,
+                tail,
+                timestamps: true,
+            });
+            const stdoutStream = new PassThrough();
+            const stderrStream = new PassThrough();
+            stdoutStream.pipe(process.stdout);
+            stderrStream.pipe(process.stderr);
+            this.docker.modem.demuxStream(stream, stdoutStream, stderrStream);
+            await new Promise((resolve) => {
+                stream.on("end", resolve);
+            });
+        }
+        else {
+            const buf = await container.logs({
+                stdout: true,
+                stderr: true,
+                follow: false,
+                tail,
+                timestamps: true,
+            });
+            // Demux the multiplexed buffer: each frame has an 8-byte header
+            // [stream_type(1), padding(3), size(4)] followed by the payload.
+            let offset = 0;
+            while (offset + 8 <= buf.length) {
+                const type = buf[offset];
+                const size = buf.readUInt32BE(offset + 4);
+                offset += 8;
+                const payload = buf.subarray(offset, offset + size);
+                if (type === 2) {
+                    process.stderr.write(payload);
+                }
+                else {
+                    process.stdout.write(payload);
+                }
+                offset += size;
+            }
+        }
+    }
+    async removeProjectNetwork() {
+        const name = `${this.project}-internal`;
+        try {
+            await this.docker.getNetwork(name).remove();
+            this.log.debug({ network: name }, "project network removed");
+        }
+        catch {
+            this.log.debug({ network: name }, "project network removal skipped");
+        }
+    }
 }

package/dist/swarm/factories.d.ts

@@ -1,8 +1,9 @@
 import type { Secret, SecretConfig, Service, Site, SiteConfig, Volume } from "../resource.js";
-import type { StorageDriver, SwarmConfig, SwarmServiceConfig, SwarmVolumeConfig } from "./types.js";
+import type { Postgres, PostgresConfig, StorageDriver, SwarmConfig, SwarmServiceConfig, SwarmVolumeConfig } from "./types.js";
 export declare function createFactories<D extends StorageDriver = "local">(swarmConfig: SwarmConfig<D>): {
-    volume(id: string, config?: SwarmVolumeConfig<D>): Volume;
-    service(id: string, config: SwarmServiceConfig): Service;
-    secret(id: string, config?: SecretConfig): Secret;
-    site(id: string, config: SiteConfig): Site;
+    volume: (id: string, config?: SwarmVolumeConfig<D>) => Volume;
+    service: (id: string, config: SwarmServiceConfig) => Service;
+    secret: (id: string, config?: SecretConfig) => Secret;
+    site: (id: string, config: SiteConfig) => Site;
+    postgres: (id: string, config?: PostgresConfig) => Postgres;
 };

package/dist/swarm/factories.js

@@ -1,3 +1,4 @@
+import { interpolate } from "../interpolate.js";
 import { validateId, validateRoute } from "../resource.js";
 import { VYFT_RUNTIME } from "../symbols.js";
 function attachRuntime(obj, config) {
@@ -6,45 +7,80 @@ function attachRuntime(obj, config) {
     });
 }
 export function createFactories(swarmConfig) {
-    return {
-        volume(id, config = {}) {
-            validateId(id);
-            return attachRuntime({ type: "volume", id, config }, swarmConfig);
-        },
-        service(id, config) {
-            validateId(id);
-            if (config.route) {
-                validateRoute(config.route);
-            }
-            const port = config.port || 3000;
-            return attachRuntime({
-                type: "service",
-                id,
-                config,
-                host: id,
-                port,
-                url: config.route
-                    ? `https://${config.route}`
-                    : `http://${id}:${port}`,
-            }, swarmConfig);
-        },
-        secret(id, config = {}) {
-            validateId(id);
-            return attachRuntime({
-                type: "secret",
-                id,
-                config,
-            }, swarmConfig);
-        },
-        site(id, config) {
-            validateId(id);
+    const project = process.env.VYFT_PROJECT;
+    const prefix = project ? `${project}-` : "";
+    function volume(id, config = {}) {
+        validateId(id);
+        const fullId = `${prefix}${id}`;
+        return attachRuntime({ type: "volume", id: fullId, config }, swarmConfig);
+    }
+    function service(id, config) {
+        validateId(id);
+        if (config.route) {
             validateRoute(config.route);
-            return attachRuntime({
-                type: "site",
-                id,
-                config,
-                url: `https://${config.route}`,
-            }, swarmConfig);
-        },
-    };
+        }
+        const fullId = `${prefix}${id}`;
+        const port = config.port || 3000;
+        return attachRuntime({
+            type: "service",
+            id: fullId,
+            config,
+            host: fullId,
+            port,
+            url: config.route
+                ? `https://${config.route}`
+                : `http://${fullId}:${port}`,
+        }, swarmConfig);
+    }
+    function secret(id, config = {}) {
+        validateId(id);
+        const fullId = `${prefix}${id}`;
+        return attachRuntime({
+            type: "secret",
+            id: fullId,
+            config,
+        }, swarmConfig);
+    }
+    function site(id, config) {
+        validateId(id);
+        validateRoute(config.route);
+        const fullId = `${prefix}${id}`;
+        return attachRuntime({
+            type: "site",
+            id: fullId,
+            config,
+            url: `https://${config.route}`,
+        }, swarmConfig);
+    }
+    function postgres(id, config = {}) {
+        validateId(id);
+        const version = config.version ?? 18;
+        const mount = version >= 18 ? "/var/lib/postgresql" : "/var/lib/postgresql/data";
+        const password = secret(`${id}-password`, { length: 32 });
+        const vol = volume(`${id}-data`);
+        const svc = service(id, {
+            image: `postgres:${version}`,
+            port: 5432,
+            volumes: [{ volume: vol, mount }],
+            env: {
+                POSTGRES_PASSWORD: password,
+            },
+            healthCheck: {
+                command: ["pg_isready", "-U", "postgres"],
+                interval: "5s",
+                timeout: "5s",
+                retries: 5,
+                startPeriod: "10s",
+            },
+        });
+        return {
+            service: svc,
+            volume: vol,
+            password,
+            host: svc.host,
+            port: 5432,
+            connectionUrl: interpolate `postgres://postgres:${password}@${svc.host}:5432/postgres`,
+        };
+    }
+    return { volume, service, secret, site, postgres };
 }

package/dist/swarm/index.d.ts

@@ -1,10 +1,11 @@
 export { createFactories } from "./factories.js";
-export type { DriverVolumeOptions, StorageDriver, SwarmConfig, SwarmServiceConfig, SwarmVolumeConfig, } from "./types.js";
+export type { DriverVolumeOptions, Postgres, PostgresConfig, StorageDriver, SwarmConfig, SwarmServiceConfig, SwarmVolumeConfig, } from "./types.js";
 import type { Secret, SecretConfig, Service, Site, SiteConfig, Volume } from "../resource.js";
-import type { StorageDriver, SwarmConfig, SwarmServiceConfig, SwarmVolumeConfig } from "./types.js";
+import type { Postgres, PostgresConfig, StorageDriver, SwarmConfig, SwarmServiceConfig, SwarmVolumeConfig } from "./types.js";
 export declare function swarm<D extends StorageDriver = "local">(config?: SwarmConfig<D>): {
     volume: (id: string, config?: SwarmVolumeConfig<D>) => Volume;
     service: (id: string, config: SwarmServiceConfig) => Service;
     secret: (id: string, config?: SecretConfig) => Secret;
     site: (id: string, config: SiteConfig) => Site;
+    postgres: (id: string, config?: PostgresConfig) => Postgres;
 };

package/dist/swarm/types.d.ts

@@ -1,4 +1,4 @@
-import type { HealthCheckConfig, ResourceLimits, ServiceConfig, VolumeConfig } from "../resource.js";
+import type { HealthCheckConfig, Interpolation, ResourceLimits, Secret, Service, ServiceConfig, Volume, VolumeConfig } from "../resource.js";
 export interface DriverVolumeOptions {
     local: {
         size?: string;
@@ -23,3 +23,14 @@ export interface SwarmServiceConfig extends ServiceConfig {
     resources?: ResourceLimits;
     restartPolicy?: "none" | "on-failure" | "any";
 }
+export interface PostgresConfig {
+    version?: number;
+}
+export interface Postgres {
+    service: Service;
+    volume: Volume;
+    password: Secret;
+    host: string;
+    port: number;
+    connectionUrl: Interpolation;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vyft",
-  "version": "0.1.0-alpha",
+  "version": "0.2.0-alpha",
   "description": "Deploy apps to Docker Swarm with TypeScript",
   "type": "module",
   "license": "MIT",

package/templates/fullstack/apps/api/Dockerfile

@@ -8,11 +8,12 @@ COPY apps/api/package.json ./apps/api/
 RUN pnpm install --frozen-lockfile
 
 FROM deps AS build
+COPY tsconfig.json ./
 COPY apps/api/ ./apps/api/
 RUN pnpm --filter {{name}}-api build
 
 FROM build AS deploy
-RUN pnpm --filter {{name}}-api --prod deploy --legacy /prod/api
+RUN pnpm --filter {{name}}-api --prod deploy /prod/api
 
 FROM base
 WORKDIR /app

package/templates/fullstack/package.json

@@ -2,7 +2,8 @@
   "name": "{{name}}",
   "private": true,
   "type": "module",
-  "dependencies": {
+  "packageManager": "pnpm@9.15.9",
+  "devDependencies": {
     "vyft": "latest"
   },
   "scripts": {