vyft 0.3.0-alpha → 0.4.0-alpha

package/dist/local/index.d.ts

@@ -0,0 +1,2 @@
+export { DevRunner, detectPackageManager, resolveDevEnv } from "./dev.js";
+export { LocalRuntime } from "./runtime.js";

package/dist/local/index.js

@@ -0,0 +1,2 @@
+export { DevRunner, detectPackageManager, resolveDevEnv } from "./dev.js";
+export { LocalRuntime } from "./runtime.js";

package/dist/local/runtime.d.ts

@@ -0,0 +1,61 @@
+import type { Logger } from "pino";
+import type { EnvValue, Secret, Service, Volume } from "../resource.js";
+/**
+ * Docker runtime for local development.
+ *
+ * Runs managed infrastructure (databases, caches, etc.) as plain Docker
+ * containers with ports published to localhost. Secrets are generated
+ * in-memory and injected as environment variables.
+ */
+export declare class LocalRuntime {
+    private docker;
+    private project;
+    private log;
+    private secretValues;
+    private containers;
+    private networkName;
+    constructor(project: string, opts?: {
+        parentLogger?: Logger;
+    });
+    /** Create bridge network for inter-container DNS. */
+    ensureInfrastructure(): Promise<void>;
+    /** Generate a random secret value and store it in memory. */
+    createSecret(secret: Secret): void;
+    /** Get the generated value for a secret. */
+    getSecretValue(id: string): string | undefined;
+    /** Create a Docker volume for persistent data. */
+    createVolume(volume: Volume): Promise<void>;
+    /**
+     * Resolve env vars for a managed service container.
+     *
+     * Secrets become plain `KEY=<value>` env vars.
+     * Interpolations are fully resolved with generated secret values.
+     */
+    resolveEnv(env: Record<string, EnvValue>): string[];
+    /**
+     * Build an entrypoint wrapper that writes secret values to /run/secrets/
+     * before exec'ing the original entrypoint.
+     *
+     * This is needed because some factory images (e.g. redis) read passwords
+     * from `/run/secrets/*-password` via shell glob.
+     */
+    private buildSecretInit;
+    /** Pull, create, and start a container for a managed service. */
+    createService(service: Service): Promise<number>;
+    /** Wait for a container to pass its health check. */
+    waitForHealthy(id: string, timeoutMs?: number): Promise<void>;
+    /** Stream logs from a container. */
+    containerLogs(id: string): AsyncGenerator<{
+        stream: "stdout" | "stderr";
+        text: string;
+    }>;
+    /** Stop and remove all managed containers (keep volumes). */
+    stop(): Promise<void>;
+    /** List running dev containers for this project. */
+    listContainers(): Promise<Array<{
+        id: string;
+        name: string;
+        containerId: string;
+    }>>;
+    private removeContainer;
+}

package/dist/local/runtime.js

@@ -0,0 +1,391 @@
+import { randomBytes } from "node:crypto";
+import { PassThrough } from "node:stream";
+import Docker from "dockerode";
+import { logger as defaultLogger } from "../logger.js";
+import { isInterpolation, isReference } from "../resource.js";
+/**
+ * Docker runtime for local development.
+ *
+ * Runs managed infrastructure (databases, caches, etc.) as plain Docker
+ * containers with ports published to localhost. Secrets are generated
+ * in-memory and injected as environment variables.
+ */
+export class LocalRuntime {
+    docker;
+    project;
+    log;
+    secretValues = new Map();
+    containers = [];
+    networkName;
+    constructor(project, opts) {
+        this.docker = new Docker({ socketPath: "/var/run/docker.sock" });
+        this.project = project;
+        this.networkName = `${project}-dev`;
+        this.log = (opts?.parentLogger ?? defaultLogger).child({
+            component: "local-runtime",
+            project,
+        });
+    }
+    /** Create bridge network for inter-container DNS. */
+    async ensureInfrastructure() {
+        const networks = await this.docker.listNetworks({
+            filters: JSON.stringify({ name: [this.networkName] }),
+        });
+        const exists = networks.some((n) => n.Name === this.networkName);
+        if (!exists) {
+            this.log.debug({ network: this.networkName }, "creating bridge network");
+            await this.docker.createNetwork({
+                Name: this.networkName,
+                Driver: "bridge",
+                Labels: {
+                    "vyft.dev": "true",
+                    "vyft.project": this.project,
+                },
+            });
+        }
+    }
+    /** Generate a random secret value and store it in memory. */
+    createSecret(secret) {
+        const length = secret.config.length || 32;
+        const value = randomBytes(length).toString("base64url");
+        this.secretValues.set(secret.id, value);
+        this.log.debug({ secretName: secret.id }, "secret generated");
+    }
+    /** Get the generated value for a secret. */
+    getSecretValue(id) {
+        return this.secretValues.get(id);
+    }
+    /** Create a Docker volume for persistent data. */
+    async createVolume(volume) {
+        const name = volume.id;
+        try {
+            await this.docker.getVolume(name).inspect();
+            this.log.debug({ volumeName: name }, "volume already exists");
+            return;
+        }
+        catch {
+            // Volume doesn't exist, create it
+        }
+        await this.docker.createVolume({
+            Name: name,
+            Labels: {
+                "vyft.dev": "true",
+                "vyft.project": this.project,
+            },
+        });
+        this.log.debug({ volumeName: name }, "volume created");
+    }
+    /**
+     * Resolve env vars for a managed service container.
+     *
+     * Secrets become plain `KEY=<value>` env vars.
+     * Interpolations are fully resolved with generated secret values.
+     */
+    resolveEnv(env) {
+        const result = [];
+        for (const [key, value] of Object.entries(env)) {
+            if (typeof value === "string") {
+                result.push(`${key}=${value}`);
+            }
+            else if (isReference(value)) {
+                const secretValue = this.secretValues.get(value.id);
+                if (!secretValue) {
+                    throw new Error(`Secret ${value.id} not yet generated`);
+                }
+                result.push(`${key}=${secretValue}`);
+            }
+            else if (isInterpolation(value)) {
+                const parts = [];
+                for (let i = 0; i < value.strings.length; i++) {
+                    parts.push(value.strings[i]);
+                    if (i < value.values.length) {
+                        const v = value.values[i];
+                        if (isReference(v)) {
+                            const secretValue = this.secretValues.get(v.id);
+                            if (!secretValue) {
+                                throw new Error(`Secret ${v.id} not yet generated`);
+                            }
+                            parts.push(secretValue);
+                        }
+                        else {
+                            parts.push(v);
+                        }
+                    }
+                }
+                result.push(`${key}=${parts.join("")}`);
+            }
+        }
+        return result;
+    }
+    /**
+     * Build an entrypoint wrapper that writes secret values to /run/secrets/
+     * before exec'ing the original entrypoint.
+     *
+     * This is needed because some factory images (e.g. redis) read passwords
+     * from `/run/secrets/*-password` via shell glob.
+     */
+    buildSecretInit(secrets, originalEntrypoint, originalCmd) {
+        if (secrets.length === 0) {
+            return { entrypoint: originalEntrypoint, cmd: originalCmd };
+        }
+        const writeCommands = secrets
+            .map((s) => `printf '%s' "$${s.envVar}" > /run/secrets/${s.name}`)
+            .join(" && ");
+        // Build the original command to exec
+        const original = [...originalEntrypoint, ...originalCmd];
+        const execCmd = original.length > 0 ? `exec ${original.map(shellEscape).join(" ")}` : "";
+        const script = `mkdir -p /run/secrets && ${writeCommands}${execCmd ? ` && ${execCmd}` : ""}`;
+        return {
+            entrypoint: ["sh", "-c", script],
+            cmd: [],
+        };
+    }
+    /** Pull, create, and start a container for a managed service. */
+    async createService(service) {
+        const config = service.config;
+        const image = typeof config.image === "string" ? config.image : `${service.id}:latest`;
+        const port = config.port || 3000;
+        // Stop and remove existing container if present
+        await this.removeContainer(service.id);
+        // Pull image
+        this.log.debug({ image }, "pulling image");
+        const pullStream = await this.docker.pull(image);
+        await new Promise((resolve, reject) => {
+            this.docker.modem.followProgress(pullStream, (err) => err ? reject(err) : resolve());
+        });
+        // Resolve env
+        const envList = config.env ? this.resolveEnv(config.env) : [];
+        // Collect secrets that need /run/secrets/ files
+        const secretMappings = [];
+        if (config.env) {
+            let idx = 0;
+            for (const [, value] of Object.entries(config.env)) {
+                if (isReference(value)) {
+                    const envVar = `__VYFT_S${idx}`;
+                    secretMappings.push({
+                        name: value.id.replace(/^.*-/, ""), // short name e.g. "db-password" -> "password"
+                        envVar,
+                    });
+                    // The full id as a file too, for glob patterns like *-password
+                    secretMappings.push({
+                        name: value.id,
+                        envVar,
+                    });
+                    const secretVal = this.secretValues.get(value.id);
+                    if (secretVal) {
+                        envList.push(`${envVar}=${secretVal}`);
+                    }
+                    idx++;
+                }
+            }
+        }
+        // Inspect image for default entrypoint/cmd
+        const imageInfo = await this.docker.getImage(image).inspect();
+        const rawEntrypoint = imageInfo.Config?.Entrypoint ?? [];
+        const defaultEntrypoint = Array.isArray(rawEntrypoint)
+            ? rawEntrypoint
+            : [rawEntrypoint];
+        const rawCmd = imageInfo.Config?.Cmd ?? [];
+        const defaultCmd = Array.isArray(rawCmd) ? rawCmd : [rawCmd];
+        // Use config.command if specified, otherwise image defaults
+        const userCmd = config.command ?? defaultCmd;
+        const { entrypoint, cmd } = this.buildSecretInit(secretMappings, defaultEntrypoint, userCmd);
+        // Build volume mounts
+        const mounts = config.volumes?.map(({ volume, mount }) => ({
+            Type: "volume",
+            Source: volume.id,
+            Target: mount,
+        }));
+        // Health check
+        const healthCheck = config.healthCheck
+            ? {
+                Test: ["CMD", ...config.healthCheck.command],
+                Interval: config.healthCheck.interval
+                    ? parseDurationNs(config.healthCheck.interval)
+                    : undefined,
+                Timeout: config.healthCheck.timeout
+                    ? parseDurationNs(config.healthCheck.timeout)
+                    : undefined,
+                Retries: config.healthCheck.retries,
+                StartPeriod: config.healthCheck.startPeriod
+                    ? parseDurationNs(config.healthCheck.startPeriod)
+                    : undefined,
+            }
+            : undefined;
+        const containerName = `${service.id}-dev`;
+        this.log.debug({ containerName, image, port }, "creating container");
+        const container = await this.docker.createContainer({
+            name: containerName,
+            Image: image,
+            Entrypoint: entrypoint.length > 0 ? entrypoint : undefined,
+            Cmd: cmd.length > 0 ? cmd : undefined,
+            Env: envList,
+            ExposedPorts: { [`${port}/tcp`]: {} },
+            Healthcheck: healthCheck,
+            Labels: {
+                "vyft.dev": "true",
+                "vyft.project": this.project,
+                "vyft.service": service.id,
+            },
+            HostConfig: {
+                PortBindings: {
+                    [`${port}/tcp`]: [{ HostIp: "127.0.0.1", HostPort: `${port}` }],
+                },
+                NetworkMode: this.networkName,
+                Mounts: mounts,
+            },
+        });
+        await container.start();
+        this.containers.push({
+            id: service.id,
+            name: containerName,
+            containerId: container.id,
+        });
+        this.log.debug({ containerName, port }, "container started");
+        return port;
+    }
+    /** Wait for a container to pass its health check. */
+    async waitForHealthy(id, timeoutMs = 120000) {
+        const info = this.containers.find((c) => c.id === id);
+        if (!info)
+            return;
+        const start = performance.now();
+        const interval = 1000;
+        this.log.debug({ resourceId: id }, "waiting for healthy");
+        while (performance.now() - start < timeoutMs) {
+            const container = this.docker.getContainer(info.containerId);
+            const data = await container.inspect();
+            const health = data.State?.Health?.Status;
+            if (health === "healthy") {
+                this.log.debug({ resourceId: id }, "container is healthy");
+                return;
+            }
+            if (health === undefined) {
+                // No health check configured, just check if running
+                if (data.State?.Running) {
+                    this.log.debug({ resourceId: id }, "container running (no health check)");
+                    return;
+                }
+            }
+            await new Promise((r) => setTimeout(r, interval));
+        }
+        throw new Error(`Container ${id} did not become healthy within ${timeoutMs}ms`);
+    }
+    /** Stream logs from a container. */
+    async *containerLogs(id) {
+        const info = this.containers.find((c) => c.id === id);
+        if (!info)
+            return;
+        const container = this.docker.getContainer(info.containerId);
+        const stream = await container.logs({
+            stdout: true,
+            stderr: true,
+            follow: true,
+            tail: 0,
+        });
+        const buffer = [];
+        let notify = null;
+        let done = false;
+        const push = (entry) => {
+            buffer.push(entry);
+            if (notify) {
+                const n = notify;
+                notify = null;
+                n();
+            }
+        };
+        const stdoutPT = new PassThrough();
+        const stderrPT = new PassThrough();
+        stdoutPT.on("data", (chunk) => {
+            for (const line of chunk.toString().split("\n")) {
+                if (line)
+                    push({ stream: "stdout", text: line });
+            }
+        });
+        stderrPT.on("data", (chunk) => {
+            for (const line of chunk.toString().split("\n")) {
+                if (line)
+                    push({ stream: "stderr", text: line });
+            }
+        });
+        this.docker.modem.demuxStream(stream, stdoutPT, stderrPT);
+        stream.on("end", () => {
+            done = true;
+            if (notify) {
+                const n = notify;
+                notify = null;
+                n();
+            }
+        });
+        while (!done || buffer.length > 0) {
+            if (buffer.length === 0) {
+                await new Promise((r) => {
+                    notify = r;
+                });
+            }
+            while (buffer.length > 0) {
+                yield buffer.shift();
+            }
+        }
+    }
+    /** Stop and remove all managed containers (keep volumes). */
+    async stop() {
+        for (const info of this.containers) {
+            try {
+                const container = this.docker.getContainer(info.containerId);
+                await container.stop({ t: 5 });
+                await container.remove();
+                this.log.debug({ containerName: info.name }, "container stopped");
+            }
+            catch {
+                this.log.debug({ containerName: info.name }, "container already stopped");
+            }
+        }
+        this.containers = [];
+    }
+    /** List running dev containers for this project. */
+    async listContainers() {
+        const containers = await this.docker.listContainers({
+            filters: JSON.stringify({
+                label: ["vyft.dev=true", `vyft.project=${this.project}`],
+            }),
+        });
+        return containers.map((c) => ({
+            id: c.Labels["vyft.service"] || "",
+            name: c.Names[0]?.replace(/^\//, "") || "",
+            containerId: c.Id,
+        }));
+    }
+    async removeContainer(serviceId) {
+        const containerName = `${serviceId}-dev`;
+        try {
+            const container = this.docker.getContainer(containerName);
+            await container.stop({ t: 2 });
+            await container.remove();
+            this.log.debug({ containerName }, "removed existing container");
+        }
+        catch {
+            // Container didn't exist
+        }
+    }
+}
+function parseDurationNs(duration) {
+    const match = duration.match(/^(\d+)(ms|s|m|h)$/);
+    if (!match?.[1] || !match[2]) {
+        throw new Error(`Invalid duration format: ${duration}`);
+    }
+    const value = parseInt(match[1], 10);
+    const unit = match[2];
+    const multipliers = {
+        ms: 1_000_000,
+        s: 1_000_000_000,
+        m: 60_000_000_000,
+        h: 3_600_000_000_000,
+    };
+    return value * multipliers[unit];
+}
+function shellEscape(s) {
+    if (/^[a-zA-Z0-9_./:=-]+$/.test(s))
+        return s;
+    return `'${s.replace(/'/g, "'\\''")}'`;
+}

package/dist/resource.d.ts

@@ -139,6 +139,13 @@ export interface ServiceConfig {
      * @defaultValue `"any"`
      */
     restartPolicy?: "none" | "on-failure" | "any";
+    /** Local development configuration. Used by `vyft dev`. */
+    dev?: {
+        /** Shell command to run (e.g. `"bun run dev"`). */
+        command: string;
+        /** Working directory relative to project root. */
+        cwd?: string;
+    };
 }
 /** Configuration for a static site. */
 export interface SiteConfig {

package/dist/runtime.d.ts

@@ -1,8 +1,14 @@
 import type { Resource } from "./resource.js";
+/** Structured result returned by {@link Runtime.create}. */
+export interface CreateResult {
+    action: "created" | "updated";
+    route?: string;
+    duration: number;
+}
 /** Backend that can deploy, query, and tear down resources. */
 export interface Runtime {
     /** Deploy or update a resource. */
-    create(resource: Resource): Promise<void>;
+    create(resource: Resource): Promise<CreateResult>;
     /** Check whether a resource currently exists. */
     exists(resource: Resource): Promise<boolean>;
     /** Tear down a resource. */

package/dist/services/index.d.ts

@@ -4,6 +4,8 @@ export interface Primitives {
     service(id: string, config: ServiceConfig): Service;
     secret(id: string, config?: SecretConfig): Secret;
 }
+/** Returns `true` if a resource was created by a built-in factory. */
+export declare function isManaged(resource: unknown): boolean;
 export declare function createServices(p: Primitives): {
     postgres: (id: string, config?: import("./postgres.js").PostgresConfig) => import("./postgres.js").Postgres;
     redis: (id: string, config?: import("./redis.js").RedisConfig) => import("./redis.js").Redis;

package/dist/services/index.js

@@ -1,3 +1,4 @@
+import { VYFT_MANAGED } from "../symbols.js";
 import { createMinio } from "./minio.js";
 import { createMongo } from "./mongo.js";
 import { createMysql } from "./mysql.js";
@@ -6,15 +7,29 @@ import { createPostgres } from "./postgres.js";
 import { createRabbitmq } from "./rabbitmq.js";
 import { createRedis } from "./redis.js";
 import { createStorage } from "./storage.js";
+function wrapPrimitives(p) {
+    return {
+        volume: (id, cfg) => Object.assign(p.volume(id, cfg), { [VYFT_MANAGED]: true }),
+        service: (id, cfg) => Object.assign(p.service(id, cfg), { [VYFT_MANAGED]: true }),
+        secret: (id, cfg) => Object.assign(p.secret(id, cfg), { [VYFT_MANAGED]: true }),
+    };
+}
+/** Returns `true` if a resource was created by a built-in factory. */
+export function isManaged(resource) {
+    return (typeof resource === "object" &&
+        resource !== null &&
+        resource[VYFT_MANAGED] === true);
+}
 export function createServices(p) {
+    const wrapped = wrapPrimitives(p);
     return {
-        postgres: createPostgres(p),
-        redis: createRedis(p),
-        rabbitmq: createRabbitmq(p),
-        nats: createNats(p),
-        mysql: createMysql(p),
-        mongo: createMongo(p),
-        minio: createMinio(p),
-        storage: createStorage(p),
+        postgres: createPostgres(wrapped),
+        redis: createRedis(wrapped),
+        rabbitmq: createRabbitmq(wrapped),
+        nats: createNats(wrapped),
+        mysql: createMysql(wrapped),
+        mongo: createMongo(wrapped),
+        minio: createMinio(wrapped),
+        storage: createStorage(wrapped),
     };
 }

package/dist/symbols.d.ts

@@ -1,5 +1,7 @@
 /** Symbol key used to attach runtime metadata to every resource. */
 export declare const VYFT_RUNTIME: unique symbol;
+/** Symbol key marking resources created by built-in factories (postgres, redis, etc.). */
+export declare const VYFT_MANAGED: unique symbol;
 /** Metadata describing which runtime backend owns a resource. */
 export interface RuntimeMeta {
     /** Runtime name (e.g. `"swarm"`). */

package/dist/symbols.js

@@ -1,2 +1,4 @@
 /** Symbol key used to attach runtime metadata to every resource. */
 export const VYFT_RUNTIME = Symbol.for("vyft.runtime");
+/** Symbol key marking resources created by built-in factories (postgres, redis, etc.). */
+export const VYFT_MANAGED = Symbol.for("vyft.managed");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vyft",
-  "version": "0.3.0-alpha",
+  "version": "0.4.0-alpha",
   "description": "Deploy apps to Docker Swarm with TypeScript",
   "type": "module",
   "license": "MIT",
@@ -39,6 +39,7 @@
     "@biomejs/biome": "^2.4.4",
     "@types/dockerode": "^4.0.1",
     "@types/node": "^25.3.1",
+    "@types/ssh2": "^1.15.5",
     "@types/tar-fs": "^2.0.4",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
@@ -50,6 +51,7 @@
     "dockerode": "^4.0.9",
     "picocolors": "^1.1.1",
     "pino": "^10.3.1",
+    "ssh2": "^1.17.0",
     "tar-fs": "^3.1.1"
   },
   "engines": {

package/templates/fullstack/package.json

@@ -7,12 +7,8 @@
     "vyft": "latest"
   },
   "scripts": {
-    "predev": "pnpm compose:up",
-    "dev": "pnpm --parallel -r dev",
+    "dev": "vyft dev",
     "build": "pnpm --parallel -r build",
-    "deploy": "vyft deploy",
-    "compose:up": "docker compose up -d",
-    "compose:down": "docker compose down",
-    "compose:stop": "docker compose stop"
+    "deploy": "vyft deploy"
   }
 }

package/templates/fullstack/compose.yaml

@@ -1,14 +0,0 @@
-services:
-  db:
-    image: postgres:17
-    restart: unless-stopped
-    ports:
-      - "5432:5432"
-    environment:
-      POSTGRES_DB: {{name}}
-      POSTGRES_PASSWORD: postgres
-    volumes:
-      - db-data:/var/lib/postgresql/data
-
-volumes:
-  db-data: