Releases: danielbfs/easetinker
Release list
v0.1.1 — Tinker credentials end-to-end
First release after introducing the stable branch convention. Production deploys now track stable (this tag). Daily work continues on main.
Highlights since v0.1.0
Tinker API credentials (end-to-end)
- Encrypted storage at rest (AES-256-GCM via
node:cryptowith the auto-generatedENCRYPTION_KEY). - Live validation against the Tinker worker:
/tinker/validatecallsServiceClient().get_server_capabilities_async()with a 20sasyncio.wait_forceiling so the SDK's silent retries can't hang the UI. - Errors are classified and surfaced as clickable links (e.g. 402 → https://tinker-console.thinkingmachines.ai/billing/balance).
- Key is persisted even when validation fails, so the user can fix billing/network and click Revalidate without re-typing.
Framework / infra
- Renamed
middleware.ts→proxy.ts(Next.js 16 convention);auth()still enforced at the page level as defense in depth. - Initial Prisma migration committed at
prisma/migrations/0_init/. - Documented SSH update flow with
--no-cache,--remove-orphans, anddocker image prune -f. - Added
CLAUDE.mdso future sessions land with the right deploy/ops constraints.
Branch model going forward
main— active development, may break.stable— production-ready; advances when a release is cut.- Pre-releases (
vX.Y.Z-beta.N) cut frommainfor semi-ready cuts.
See README.md → Updating to a New Version for the new SSH deploy flow (git pull origin stable).
v0.1.0 — First deployable release - Authentication
First production-ready cut of EaseTinker. The full Next.js + Auth.js + Prisma + Docker
stack runs end-to-end on a Hostinger VPS behind Traefik, with technical secrets that
generate themselves on the first boot.
What's in this release
Auth
- Auth.js v5 (next-auth 5.0.0-beta.31) with Google and GitHub OAuth providers
- Server-side session check on every protected route (root
/and/projects) - Middleware redirect for unauthenticated traffic
AUTH_TRUST_HOST=truebaked into compose so Auth.js accepts the forwarded host
when running behind a reverse proxy
Database
- PostgreSQL 16 (Alpine) with
POSTGRES_PASSWORD_FILEfor password injection - Prisma 6.16+ ORM
prisma migrate deployworks inside the runner container
Worker
Worker
- Python FastAPI service over BullMQ on Redis
- Shared-secret auth between Next.js and the worker
Deploy
- Multi-stage Dockerfile with Next.js standalone build + Prisma CLI shipped in runner
- Docker Compose stack:
init-secrets,app,worker,postgres,redis - Traefik labels for HTTPS/Let's Encrypt (works with Traefik in either bridge or host mode)
.gitattributespins LF line endings so shell scripts survive Windows clones
The big new thing: auto-generated technical secrets
Four technical secrets used to be hand-rolled on every fresh deploy
(POSTGRES_PASSWORD, NEXTAUTH_SECRET, ENCRYPTION_KEY, WORKER_SECRET).
Now an init-secrets compose service runs once on first boot, generates them
via openssl rand, and persists them in the secrets named volume.
A thin entrypoint script (docker/docker-entrypoint.sh) loads them into env vars
when the app and worker start. Subsequent deploys reuse the same files —
no rotation, no broken sessions, no migration-blocking password mismatch.
A fresh Hostinger deploy now only needs APP_DOMAIN plus OAuth keys in .env.
Deploying this version
See README.md (or docs/README.pt-BR.md) for the full walk-through. TL;DR for Hostinger:
- Point your domain at the VPS.
- Deploy via Hostinger Docker Manager pointing at this tag.
- Fill in
APP_DOMAIN,GOOGLE_CLIENT_*and/orGITHUB_CLIENT_*in the project's.env. - After the stack boots, run migrations:
docker compose -p easetinker exec app /usr/local/bin/docker-entrypoint.sh pnpm exec prisma migrate deploy
Known limitations
- The starter is currently a single repo — a generic
nextjs-auth-docker-starter template is on the roadmap (ROADMAP.md). - The middleware.ts convention is deprecated in Next.js 16 (still works,
but emits a warning at build time); migrating to proxy.ts is a follow-up. - No tests yet.
Quer que eu marque o repo como Template Repository também? Isso é via GitHub Settings → "Template repository" (não há gh flag pra isso, é botão na UI). Se ativar, o repo passa a oferecer "Use this
template" pra criar novos projetos a partir dele — bom pra reuso futuro mesmo antes de a gente extrair o starter limpo.