Merge remote-tracking branch 'origin/staging' into KEEP-1155-write-smart-contract

Author: taitsengstock

.dockerignore

@@ -0,0 +1,113 @@
+# Dependencies
+node_modules
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+# Environment files
+.env
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# Next.js build output
+.next
+out
+dist
+
+# Development files
+.git
+.gitignore
+README.md
+Dockerfile
+.dockerignore
+docker-compose.yml
+docker-compose.*.yml
+
+# IDE files
+.vscode
+.idea
+*.swp
+*.swo
+*~
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Logs
+logs
+*.log
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Dependency directories
+jspm_packages/
+
+# Optional npm cache directory
+.npm
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# Svelte build output
+.svelte-kit
+
+# Database
+*.db
+*.sqlite
+
+# Temporary files
+tmp/
+temp/
+
+# Build artifacts
+build/
+dist/

.github/workflows/deploy.yaml

@@ -0,0 +1,102 @@
+on:
+  push:
+    branches:
+      - staging
+      # - main
+  workflow_dispatch:
+
+name: deploy-keeperhub
+jobs:
+  build-and-deploy-keeperhub:
+    environment: ${{ github.ref == 'refs/heads/main' && 'prod' || 'staging' }}
+    runs-on: ubuntu-latest
+    env:
+      HELM_FILE: deploy/${{ github.ref == 'refs/heads/main' && 'prod' || 'staging' }}/values.yaml
+      REGION: ${{ github.ref == 'refs/heads/main' && 'us-east-1' || 'us-east-2' }}
+      CLUSTER_NAME: ${{ github.ref == 'refs/heads/main' && 'maker-prod' || 'maker-staging' }}
+      ENVIRONMENT_TAG: ${{ github.ref == 'refs/heads/main' && 'prod' || 'staging' }}
+      NAMESPACE: keeperhub
+      SERVICE_NAME: keeperhub
+      AWS_ECR_NAME: keeperhub-${{ github.ref == 'refs/heads/main' && 'prod' || 'staging' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.REGION }}
+
+      - name: Login to AWS ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Extract commit hash
+        id: vars
+        if: ${{ !contains(github.event.head_commit.message , '[skip build]') }}
+        shell: bash
+        run: |
+          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+
+      - name: Build, tag, and push app image to ECR
+        id: build-app-image
+        if: ${{ !contains(github.event.head_commit.message , '[skip build]') }}
+        env:
+          SHA_TAG: ${{ steps.vars.outputs.sha_short }}
+          LATEST_TAG: latest
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        run: |
+          # Build Docker containers and push them to ECR ${{ env.AWS_ECR_NAME }}
+          docker pull $ECR_REGISTRY/$AWS_ECR_NAME:$LATEST_TAG || true
+          docker build -t $AWS_ECR_NAME \
+                        -t $ECR_REGISTRY/$AWS_ECR_NAME:$SHA_TAG \
+                        -t $ECR_REGISTRY/$AWS_ECR_NAME:$LATEST_TAG \
+                        -t $ECR_REGISTRY/$AWS_ECR_NAME:$ENVIRONMENT_TAG \
+                        -f ./Dockerfile \
+                        .
+
+          docker push $ECR_REGISTRY/$AWS_ECR_NAME --all-tags
+
+      - name: Build, tag, and push migrator image to ECR
+        id: build-migrator
+        if: ${{ !contains(github.event.head_commit.message , '[skip build]') }}
+        env:
+          SHA_TAG: ${{ steps.vars.outputs.sha_short }}
+          LATEST_TAG: latest
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        run: |
+          # Build image for database migrations
+          docker build --target migrator \
+                        -t $ECR_REGISTRY/$AWS_ECR_NAME:migrator \
+                        -f ./Dockerfile \
+                        .
+
+          docker push $ECR_REGISTRY/$AWS_ECR_NAME:migrator
+
+      - name: Replace variables in the Helm values file
+        id: replace-vars
+        if: ${{ !contains(github.event.head_commit.message , '[skip deploy]') }}
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          IMAGE_TAG: ${{ steps.vars.outputs.sha_short }}
+        run: |
+          sed -i 's|${ECR_REGISTRY}|'"$ECR_REGISTRY"'|g' $HELM_FILE
+          sed -i 's|${IMAGE_TAG}|'"$IMAGE_TAG"'|g' $HELM_FILE
+
+      - name: Deploying Service to Kubernetes with Helm
+        id: deploy
+        uses: bitovi/github-actions-deploy-eks-helm@v1.2.10
+        with:
+          cluster-name: ${{ env.CLUSTER_NAME }}
+          config-files: ${{ env.HELM_FILE }}
+          chart-path: techops-services/common
+          namespace: ${{ env.NAMESPACE }}
+          timeout: 5m0s
+          name: ${{ env.SERVICE_NAME }}
+          chart-repository: https://techops-services.github.io/helm-charts
+          version: 0.0.33
+          atomic: true

.gitignore

@@ -12,6 +12,10 @@
 
 # testing
 /coverage
+/test-results/
+/playwright-report/
+/blob-report/
+/playwright/.cache/
 
 # next.js
 /.next/
@@ -47,4 +51,5 @@ tmp/
 # generated files
 lib/types/integration.ts
 lib/codegen-registry.ts
-lib/step-registry.ts
+lib/step-registry.ts
+lib/output-display-configs.ts

Dockerfile

@@ -0,0 +1,75 @@
+# Multi-stage Dockerfile for Next.js application
+# Stage 1: Dependencies
+FROM node:25-alpine AS deps
+RUN apk add --no-cache libc6-compat
+WORKDIR /app
+
+# Install pnpm
+RUN npm install -g pnpm
+
+# Copy package files
+COPY package.json pnpm-lock.yaml* ./
+COPY .npmrc* ./
+
+# Install dependencies
+RUN pnpm install --frozen-lockfile
+
+# Stage 2: Builder
+FROM node:25-alpine AS builder
+WORKDIR /app
+RUN npm install -g pnpm
+
+# Copy dependencies from deps stage
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+# Create README.md if it doesn't exist to avoid build errors
+RUN touch README.md || true
+
+# Build the application
+RUN pnpm build
+
+# Stage 2.5: Migration stage (optional - for running migrations)
+FROM node:25-alpine AS migrator
+WORKDIR /app
+RUN npm install -g pnpm
+
+# Copy dependencies and migration files
+COPY --from=deps /app/node_modules ./node_modules
+COPY --from=builder /app/drizzle ./drizzle
+COPY --from=builder /app/drizzle.config.ts ./drizzle.config.ts
+COPY --from=builder /app/lib ./lib
+COPY --from=builder /app/package.json ./package.json
+
+# This stage can be used to run migrations
+# Run with: docker build --target migrator -t myapp-migrator .
+# Then: docker run --env DATABASE_URL=xxx myapp-migrator pnpm db:push
+
+# Stage 3: Runner
+FROM node:25-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV NEXT_TELEMETRY_DISABLED=1
+
+# Create non-root user
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+# Copy built application
+COPY --from=builder /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+# Switch to non-root user
+USER nextjs
+
+# Expose port
+EXPOSE 3000
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+  CMD curl -f http://localhost:3000/ || exit 1
+
+# Start the application
+CMD ["node", "server.js"]

README.md

@@ -284,7 +284,7 @@ This template is built on top of Workflow DevKit, a powerful workflow execution
 - Built-in logging and error handling
 - Serverless deployment support
 
-Learn more about Workflow DevKit at [workflow.dev](https://useworkflow.dev)
+Learn more about Workflow DevKit at [useworkflow.dev](https://useworkflow.dev)
 
 ## License
 

app/api/api-keys/[keyId]/route.ts

@@ -0,0 +1,40 @@
+import { and, eq } from "drizzle-orm";
+import { NextResponse } from "next/server";
+import { auth } from "@/lib/auth";
+import { db } from "@/lib/db";
+import { apiKeys } from "@/lib/db/schema";
+
+// DELETE - Delete an API key
+export async function DELETE(
+  request: Request,
+  context: { params: Promise<{ keyId: string }> }
+) {
+  try {
+    const { keyId } = await context.params;
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    });
+
+    if (!session?.user) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    // Delete the key (only if it belongs to the user)
+    const result = await db
+      .delete(apiKeys)
+      .where(and(eq(apiKeys.id, keyId), eq(apiKeys.userId, session.user.id)))
+      .returning({ id: apiKeys.id });
+
+    if (result.length === 0) {
+      return NextResponse.json({ error: "API key not found" }, { status: 404 });
+    }
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    console.error("Failed to delete API key:", error);
+    return NextResponse.json(
+      { error: "Failed to delete API key" },
+      { status: 500 }
+    );
+  }
+}