AINATIVEM-44 AES-256-GCM token encryption and docker-compose ComposeBuilder refactor#10
Merged
Conversation
youssef-saber-3
changed the title
There was a problem hiding this comment.
Pull request overview
This PR refactors Node generator Docker Compose output to use a typed builder that serializes via the yaml package, and updates the associated test expectations to match the new YAML serialization behavior.
Changes:
- Replaced docker-compose.yml string templating/indentation with a
ComposeBuilderthat assembles typedComposeServiceobjects and serializes once viayaml.stringify. - Updated docker-compose related tests to assert against the new YAML output patterns and added additional ComposeBuilder behavior coverage.
- Added
yamlas a runtime dependency (and lockfile entry) to support YAML serialization.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/generators/node/database.ts | Introduces ComposeBuilder + typed compose config/services and switches docker-compose.yml generation to yaml.stringify. |
| src/generators/node/database.test.ts | Updates and expands tests to validate compose output produced by the new builder/serializer. |
| package.json | Adds yaml dependency required by the new compose serialization approach. |
| package-lock.json | Lockfile updates for the new yaml dependency. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
226
to
230
| expect(content).toContain('postgres:16'); | ||
| expect(content).toContain('db_data:/var/lib/postgresql/data'); | ||
| expect(content).toContain('pg_isready'); | ||
| expect(content).toContain("'-d', 'test-app'"); | ||
| expect(content).toContain(`POSTGRES_DB: ${pgOptions.projectName}`); | ||
| expect(content).toContain('healthcheck'); |
dmitriyeff
approved these changes
May 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
src/crypto/encrypt.ts(AES-256-GCM, 12-byte IV, 16-byte auth tag, base64url format). Token repository encrypts on write and decrypts on read. Columns widened fromvarchar(768)totextto fit ciphertext.ENCRYPTION_KEYadded to.env.examplewithopenssl rand -hex 32hint.USER nodeto generated Dockerfile; addRUN mkdir -p /app/data && chown -R node:node /app/databefore the user switch so the SQLite named volume is writable at startup.indent()with aComposeBuilderclass that accumulates typedComposeServiceobjects and serializes once viayaml.stringify(eemeli). Follows the existingNodeProjectBuilderbuilder pattern with.when()conditional chaining.Test Plan
npm test— 131 tests passdocker-compose up— backend + db both healthydocker-compose up— backend + db both healthydocker-compose up— backend starts, no db container,sqlite_datavolume createdENCRYPTION_KEYmissing → server throws on first token write