feat: platform independent core and the new desktop app (#4684)

* feat(desktop): init

* feat(desktop): external app download and setup

* feat(desktop): offload app load to plugin system

* perf(desktop): add rdbms facade and caching layer

* feat: parallelize signing, shared trust, lru cache

* feat: webapp encoder + compressor + hasher server

* feat(desktop): app autoupdate with hashed loader

* feat(kernel): init `hoppscotch-kernel`

* feat(kernel): `io`

* feat(kernel): `network`

* feat(kernel): `network` - native interceptor

* feat(kernel): `network` - interceptor - rest

* feat(kernel): `network` - interceptor - graphql

* feat(kernel): `network` - interceptor - capabilities

* feat(kernel): `network` - interceptor - `FormData`

* feat(kernel): `network` - interceptor - `oauth2.0`

* feat(kernel): `store`

* feat(desktop): dragging, traffic light, plugin workspaces

* feat(kernel|wip): `store`

* feat(kernel): `network` - capabilities - with active

* feat(kernel|wip): `network` - interceptor - `proxy`

* feat(kernel|wip): `network` - relay ext

* feat(kernel): `network` - interceptor - `proxy`

* feat(kernel): `network` - interceptor - decoding

* feat(kernel): `network` - interceptor - Kernel Err

* feat(kernel): `network` - flow transformation

* feat(kernel): `network` - request status

* fix(desktop): repositioning traffic lights on fullscreen exit

* feat(kernel): `network` - interceptor - `agent`

* feat(kernel): `store` - track updates

* feat(kernel): `network` - interceptor - extension

* feat(kernel): `network` - updates as overrides

* feat(interceptor): pre-process request encoding

* fix(ui): mismatched extension button size/position

* feat(kernel): `network` - interceptor - `browser`

* feat(native): common certs componsable

* fix(kernel): interceptor selection store and json parse

* feat(kernel): `network` - consistent multipart encoding

* feat(kernel): `network` - interceptor - `OAuth2.0`

* feat(kernel): `network` - interceptor - cookie support

* feat(agent): registration list, log-sink, relay

* feat(kernel): `network` - interceptor subtitles

* feat(kernel): `store` - persist network settings

* fix(agent): encrypted ser/de certificate requests

* feat(kernel): `kernelInterceptor` spotlight service

* fix(kernel): gql introspection edge-case schema

* ref: conditionals for migrated components

* feat(kernel): `localaccess` capability via relay

* feat(kernel): `network` - explicit types and lint

* feat(kernel): `store` - isolate host and platform

* feat(kernel): `store` - persistence service

* fix(infra): whitelisted origins, non-std engines

* feat(desktop): impl deep-link callbacks

* feat(kernel): `auth`

* feat(kernel): `io` - event listeners

* feat(kernel): platform migration

* fix: dep `vue` import on Win 11

Fixes `error TS2305: Module '"vue"' has no exported member
'VueConstructor'.` arising from `splitpane` dependency.

* fix(webapp-server): platform independent res paths

* feat(desktop): auth and emit via embedded server

* feat(platform): host, csp and bundle compatibility

- Bundle name format for using as host
- Windows UI handler HWND casting and version detection
- CSP headers type handling in URI protocol
- Protocol whitelist in env config

* feat(desktop|wip): login flow with `auth-tokens`

feat(desktop|wip): typesafe auth

* feat(backend): `auth` token flow, gql/websocket

feat(desktop): working auth for gql

feat: gql client with refresh token

* feat(backend): `auth` token flow, authorization bearer

* fix(gen): qualifier clash when invalidating cache

* feat(common): coordinated initialization service

* fix(desktop): appload persistence in data json

* feat(desktop|wip): desktop icons and updater

* fix: typos in readme docs

* fix: docker ignore copying on windows

* fix: update `.lock` file after rebase

* fix: `persistenceService` setup in tests

* fix: remove old console logs

* fix: console error on invalid schema

Show console error if default value is used when loading invalid data from
local storage

* fix(test): `PersistenceService` methods

* fix(test): `PersistenceService` rest tab state

* fix(test): `PersistenceService` gql tab state

* fix(test): `PersistenceService` global env

* fix(test): `PersistenceService` mqtt request

* fix(test): `PersistenceService` sse request

* fix(test): `PersistenceService` socketio request

* fix(test): `PersistenceService` websocket request

* fix(test): `PersistenceService` secret environment

* fix(test): `PersistenceService` selected env

* fix(test): `PersistenceService` collections

* fix(test): `PersistenceService` environments

* fix(test): `PersistenceService` history

* fix(test): `PersistenceService` settings

* fix(test): `PersistenceService` migrations

* fix(test): `InspectionService` request inspector

* feat(desktop): button to clear bundle/key cache

This is useful when there are partial updates to the web app or bundle gen server
which haven't been correctly propagated when the app bundle was downloaded.

If the user were to change the self host instance without updating the
desktop app; which is possible albeit rarely under very certain circumstances,
desktop app will refuse to load the bundle, this is because the desktop app
cannot differentiate between partial updates vs incorrect bundle being hosted
since both will fail verification.

The button lets the user decide what should be the appropriate action,
clear the bundle and trust the hosted app
or make sure the app is built and hosted correctly.

* fix(desktop): enforce one version per instance

This was part of a leftover scaffolding from development.

* fix(desktop): bundle url not stored after download

* fix(desktop): stalling progress on updates

* fix(backend): helper to parse cookie into kv-pairs

* feat(desktop): launch session on working endpoints

* fix(common): preserve `auth` structure and default

* fix: loading native networking with kernel mode

* fix: fallback for unhandled response error

* fix: `urlencoded` content request processing

* feat: `interceptor` - error mapping for `browser`

* fix: backwards compatibility for `digest` auth

* fix: platform check for `initializationService`

* fix: `interceptor` - analytics `strategy` resolution

* fix: `interceptor` - check for `cookies` component

* fix: enable digest auth support for `native`

* test: `interceptor` - kernel interceptor

* fix(relay): `grantType` casing for OAuth2.0

* test(wip): kernel transformers

* fix(relay): auth headers discarding others

* fix(desktop): http version deserialization

* fix(common): `grantType` extractor, auth processor

* fix: `PersistenceService` - parsing edge cases

* fix(infra): post rebase fixup

* fix(web): component structure and lint

* fix(desktop): cohesive splash opener, scroll url section

* fix: explicit auto auth and docs on url auth

* fix(relay): special chars failing proxy auth

* fix: finer cert control setting option

* fix: post-rebase fixup

* feat(appload): ability to vendor pre-built bytes

* fix: avoid copying over `target` dir in containers

* fix: auth key missing in capability set

* fix(desktop): relax `refresh_token` requirement

This is to support Firebase token

* fix(desktop): normalization for Windows WebView

* feat(desktop): instance switcher and vendored app

* fix(desktop): merge artifacts and conflicts

* feat(desktop): instance switcher improvements

* fix: derive instance name from normalized name

* fix: pkg links, lints and UI edge cases

* feat(desktop): restore window state after relaunch

* fix(desktop): distinguish header for cloud/default

* fix: instance switcher in web mode

* fix: close dropdown on new instance modal

* fix: whitelist vendored app origin

* feat(desktop): platform parity - `collections`

* fix: history entries population desync

* fix(desktop): check for history storage status

* fix(desktop): safe parse `globalEnv`

* feat(desktop): platform parity - `environment`

* fix: use settings store for proxy url

* fix: lint, unused imports

* fix: proxy input enabled for other interceptors

* feat: reverse proxy for desktop app server

* fix: duplicate entries after connecting to sh

* fix: specify instance org qualified

* fix: remove debugging logs

* feat(desktop): enable `devtools` in release builds

* fix(desktop): prepend protocol validation edgecase

* feat(desktop): clear cache on removing instance

* fix: better response toast message

* fix: avoid reverse proxy for webapp server

* fix(desktop): ignore subpath in instance name

* feat: switcher ui/ux improvements

* feat: more switcher ui/ux improvements

* feat(server): specify bundle version at build time

* fix(desktop): missing migration as rebase artifact

* fix: minor switcher ui/ux improvement

* fix: rebase artifacts

* fix: consolidated toast on success

* fix: missing i18n strings

* fix(desktop): handle drag and drop fe side

* feat: confirmation modal on instance removal

* chore: minor UI update

* chore: minor UI changes

* fix: gql connection partial refactor

* fix: resolve merge artifacts

* chore: prod lint

* feat(desktop): better desktop app update ux

* fix: broken gql connection.ts

---------

Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>

.dockerignore

@@ -1,2 +1,35 @@
+.devenv*
+.direnv
+.devcontainer
+.git
+.github
+.husky
+.vscode
+
+.envrc
+devenv.yaml
+devenv.nix
+.prettierrc.js
+.prettierignore
+.editorconfig
+.npmrc
+.firebaserc
+
 node_modules
+**/node_modules
 **/*/node_modules
+
+**/dist
+**/build
+**/target
+
+**/__tests__
+**/*.test.*
+**/coverage
+
+*.md
+LICENSE
+CODEOWNERS
+
+.DS_Store
+*.log

.env.example

@@ -20,7 +20,14 @@ DATA_ENCRYPTION_KEY="data encryption key with 32 char"
 
 # Hoppscotch App Domain Config
 REDIRECT_URL="http://localhost:3000"
-WHITELISTED_ORIGINS="http://localhost:3170,http://localhost:3000,http://localhost:3100"
+# Whitelisted origins for the Hoppscotch App.
+# This list controls which origins can interact with the app through cross-origin comms.
+# - localhost ports (3170, 3000, 3100): app, backend, development servers and services
+# - app://localhost_3200: Bundle server origin identifier
+#   NOTE: `3200` here refers to the bundle server (port 3200) that provides the bundles,
+#   NOT where the app runs. The app itself uses the `app://` protocol with dynamic
+#   bundle names like `app://{bundle-name}/`
+WHITELISTED_ORIGINS="http://localhost:3170,http://localhost:3000,http://localhost:3100,app://localhost_3200,app://hoppscotch"
 VITE_ALLOWED_AUTH_PROVIDERS=GOOGLE,GITHUB,MICROSOFT,EMAIL
 
 # Google Auth Config

.envrc

@@ -0,0 +1,3 @@
+source_url "https://raw.githubusercontent.com/cachix/devenv/82c0147677e510b247d8b9165c54f73d32dfd899/direnvrc" "sha256-7u4iDd1nZpxL4tCzmPG0dQgC5V+/44Ba+tHkPob1v2k="
+
+use devenv

.gitignore

@@ -172,3 +172,13 @@ tests/*/videos
 
 # GQL SDL generated for the frontends
 gql-gen/
+
+# Devenv
+.devenv*
+devenv.local.nix
+
+# direnv
+.direnv
+
+# pre-commit
+.pre-commit-config.yaml

aio-subpath-access.Caddyfile

@@ -21,6 +21,11 @@
 		reverse_proxy localhost:8080
 	}
 
+	# Handle requests under `/desktop-app-server*` path
+	handle_path /desktop-app-server* {
+		reverse_proxy localhost:3200
+	}
+
 	# Catch-all route for unknown paths, serves `selfhost-web` SPA
 	handle {
 		root * /site/selfhost-web

aio_run.mjs

@@ -52,6 +52,7 @@ fs.rmSync("build.env")
 const caddyFileName = process.env.ENABLE_SUBPATH_BASED_ACCESS === 'true' ? 'aio-subpath-access.Caddyfile' : 'aio-multiport-setup.Caddyfile'
 const caddyProcess = runChildProcessWithPrefix("caddy", ["run", "--config", `/etc/caddy/${caddyFileName}`, "--adapter", "caddyfile"], "App/Admin Dashboard Caddy")
 const backendProcess = runChildProcessWithPrefix("node", ["/dist/backend/dist/main.js"], "Backend Server")
+const webappProcess = runChildProcessWithPrefix("webapp-server", [], "Webapp Server")
 
 caddyProcess.on("exit", (code) => {
   console.log(`Exiting process because Caddy Server exited with code ${code}`)
@@ -63,11 +64,17 @@ backendProcess.on("exit", (code) => {
   process.exit(code)
 })
 
+webappProcess.on("exit", (code) => {
+  console.log(`Exiting process because Webapp Server exited with code ${code}`)
+  process.exit(code)
+})
+
 process.on('SIGINT', () => {
   console.log("SIGINT received, exiting...")
 
   caddyProcess.kill("SIGINT")
   backendProcess.kill("SIGINT")
+  webappProcess.kill("SIGINT")
 
   process.exit(0)
 })

devenv.lock

@@ -0,0 +1,140 @@
+{
+  "nodes": {
+    "devenv": {
+      "locked": {
+        "dir": "src/modules",
+        "lastModified": 1738772960,
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "7f756cdf3fbb01cab243dcec4de0ca94e6aaa2af",
+        "type": "github"
+      },
+      "original": {
+        "dir": "src/modules",
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "fenix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rust-analyzer-src": "rust-analyzer-src"
+      },
+      "locked": {
+        "lastModified": 1738737274,
+        "owner": "nix-community",
+        "repo": "fenix",
+        "rev": "f82de9980822f3b1efcf54944939b1d514386827",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "fenix",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1733328505,
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "git-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1737465171,
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "git-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1738734093,
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5b2753b0356d1c951d7a3ef1d086ba5a71fff43c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "fenix": "fenix",
+        "git-hooks": "git-hooks",
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": [
+          "git-hooks"
+        ]
+      }
+    },
+    "rust-analyzer-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1738754241,
+        "owner": "rust-lang",
+        "repo": "rust-analyzer",
+        "rev": "ca47cddc31ae76a05e8709ed4aec805c5ef741d3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rust-lang",
+        "ref": "nightly",
+        "repo": "rust-analyzer",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

devenv.nix

@@ -0,0 +1,189 @@
+{ pkgs, lib, config, inputs, ... }:
+
+let
+  rosettaPkgs =
+    if pkgs.stdenv.isDarwin && pkgs.stdenv.isAarch64
+    then pkgs.pkgsx86_64Darwin
+    else pkgs;
+
+  darwinPackages = with pkgs; [
+    darwin.apple_sdk.frameworks.Security
+    darwin.apple_sdk.frameworks.CoreServices
+    darwin.apple_sdk.frameworks.CoreFoundation
+    darwin.apple_sdk.frameworks.Foundation
+    darwin.apple_sdk.frameworks.AppKit
+    darwin.apple_sdk.frameworks.WebKit
+  ];
+
+  linuxPackages = with pkgs; [
+    libsoup_3
+    webkitgtk_4_1
+    librsvg
+    libappindicator
+    libayatana-appindicator
+  ];
+
+in {
+  packages = with pkgs; [
+    git
+    lima
+    colima
+    docker
+    jq
+    # NOTE: In case there's `Cannot find module: ... bcrypt ...` error, try `npm rebuild bcrypt`
+    # See: https://github.com/kelektiv/node.bcrypt.js/issues/800
+    # See: https://github.com/kelektiv/node.bcrypt.js/issues/1055
+    nodejs_20
+    nodePackages.typescript-language-server
+    nodePackages."@volar/vue-language-server"
+    nodePackages.prisma
+    prisma-engines
+    cargo-edit
+  ] ++ lib.optionals pkgs.stdenv.isDarwin darwinPackages
+    ++ lib.optionals pkgs.stdenv.isLinux linuxPackages;
+
+  env = {
+    APP_GREET = "Hoppscotch";
+    DATABASE_URL = "postgresql://postgres:testpass@localhost:5432/hoppscotch?connect_timeout=300";
+    DOCKER_BUILDKIT = "1";
+    COMPOSE_DOCKER_CLI_BUILD = "1";
+  } // lib.optionalAttrs pkgs.stdenv.isLinux {
+    # NOTE: Setting these `PRISMA_*` environment variable fixes
+    # "Error: Failed to fetch sha256 checksum at https://binaries.prisma.sh/all_commits/<hash>/linux-nixos/libquery_engine.so.node.gz.sha256 - 404 Not Found"
+    # See: https://github.com/prisma/prisma/discussions/3120
+    PRISMA_QUERY_ENGINE_LIBRARY = "${pkgs.prisma-engines}/lib/libquery_engine.node";
+    PRISMA_QUERY_ENGINE_BINARY = "${pkgs.prisma-engines}/bin/query-engine";
+    PRISMA_SCHEMA_ENGINE_BINARY = "${pkgs.prisma-engines}/bin/schema-engine";
+
+    LD_LIBRARY_PATH = lib.makeLibraryPath [
+      pkgs.libappindicator
+      pkgs.libayatana-appindicator
+    ];
+  } // lib.optionalAttrs pkgs.stdenv.isDarwin {
+    # Place to put macOS-specific environment variables
+  };
+
+  scripts = {
+    hello.exec = "echo hello from $APP_GREET";
+    e.exec = "emacs";
+    lima-setup.exec = "limactl start template://docker";
+    lima-clean.exec = "limactl rm -f $(limactl ls -q)";
+    colima-start.exec = "colima start --cpu 4 --memory 50";
+
+    docker-prune.exec = ''
+      echo "Cleaning up unused Docker resources..."
+      docker system prune -f
+    '';
+
+    docker-logs.exec = "docker logs -f hoppscotch-aio";
+
+    docker-status.exec = ''
+      echo "Container Status:"
+      docker ps -a --filter "name=hoppscotch-aio" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
+    '';
+
+    db-reset.exec = ''
+      echo "Resetting database..."
+      psql -U postgres -d hoppscotch -c 'DROP SCHEMA public CASCADE; CREATE SCHEMA public;'
+      echo "Database reset complete."
+    '';
+
+    docker-clean-all.exec = ''
+      echo "Starting complete Docker cleanup..."
+
+      echo "1/6: Stopping all running containers..."
+      CONTAINERS=$(docker ps -q)
+      if [ -n "$CONTAINERS" ]; then
+        docker stop $CONTAINERS
+        echo "✓  Containers stopped"
+      else
+        echo "• No running containers found"
+      fi
+
+      echo "2/6: Removing all containers..."
+      CONTAINERS=$(docker ps -aq)
+      if [ -n "$CONTAINERS" ]; then
+        docker rm $CONTAINERS
+        echo "✓  Containers removed"
+      else
+        echo "• No containers to remove"
+      fi
+
+      echo "3/6: Removing all images..."
+      IMAGES=$(docker images -q)
+      if [ -n "$IMAGES" ]; then
+        docker rmi --force $IMAGES
+        echo "✓  Images removed"
+      else
+        echo "• No images to remove"
+      fi
+
+      echo "4/6: Removing all volumes..."
+      VOLUMES=$(docker volume ls -q)
+      if [ -n "$VOLUMES" ]; then
+        docker volume rm $VOLUMES
+        echo "✓  Volumes removed"
+      else
+        echo "• No volumes to remove"
+      fi
+
+      echo "5/6: Removing custom networks..."
+      NETWORKS=$(docker network ls --filter type=custom -q)
+      if [ -n "$NETWORKS" ]; then
+        docker network rm $NETWORKS
+        echo "✓  Networks removed"
+      else
+        echo "• No custom networks to remove"
+      fi
+
+      echo "6/6: Running system prune..."
+      docker system prune --all --force --volumes
+      echo "✓  System pruned"
+
+      echo "Done!"
+    '';
+  };
+
+  enterShell = ''
+    git --version
+    echo "Hoppscotch development environment ready!"
+    ${lib.optionalString pkgs.stdenv.isDarwin ''
+      # Place to put macOS-specific shell initialization
+    ''}
+    ${lib.optionalString pkgs.stdenv.isLinux ''
+      # Place to put Linux-specific shell initialization
+    ''}
+  '';
+
+  enterTest = ''
+    echo "Running tests"
+  '';
+
+  dotenv.enable = true;
+
+  languages = {
+    typescript = {
+      enable = true;
+    };
+    javascript = {
+      package = pkgs.nodejs_20;
+      enable = true;
+      npm.enable = true;
+      pnpm.enable = true;
+    };
+    rust = {
+      enable = true;
+      channel = "nightly";
+      components = [
+        "rustc"
+        "cargo"
+        "clippy"
+        "rustfmt"
+        "rust-analyzer"
+        "llvm-tools-preview"
+        "rust-src"
+        "rustc-codegen-cranelift-preview"
+      ];
+    };
+  };
+}

docker-compose.yml

@@ -2,9 +2,36 @@
 # has a container with a Postgres instance running.
 # You can tweak around this file to match your instances
 
+# PROFILES EXPLANATION:
+#
+# We use Docker Compose profiles to manage different deployment scenarios and avoid port conflicts.
+#
+# These are all the available profiles:
+# - default: All-in-one service + database + auto-migration (recommended for most users)
+# - default-no-db: All-in-one service without database (for users with external DB)
+# - backend: The backend service only
+# - app: The main Hoppscotch application only
+# - admin: The self-host admin dashboard only
+# - webapp: The static web app server only
+# - database: Just the PostgreSQL database
+# - just-backend: All services except webapp for local development
+# - deprecated: All deprecated services (not recommended)
+
+# USAGE:
+#
+# To run the default setup: docker compose --profile default up
+# To run without database: docker compose --profile default-no-db up
+# To run specific components: docker compose --profile backend up
+# To run all except webapp: docker compose --profile just-backend up
+# To run deprecated services: docker compose --profile deprecated up
+
+# NOTE: The default and default-no-db profiles should not be mixed with individual service
+# profiles as they would conflict on ports.
+
 services:
   # This service runs the backend app in the port 3170
   hoppscotch-backend:
+    profiles: ["backend", "just-backend"]
     container_name: hoppscotch-backend
     build:
       dockerfile: prod.Dockerfile
@@ -32,6 +59,7 @@ services:
   # NOTE: To do TLS or play around with how the app is hosted, you can look into the Caddyfile for
   #       the SH admin dashboard server at packages/hoppscotch-selfhost-web/Caddyfile
   hoppscotch-app:
+    profiles: ["app"]
     container_name: hoppscotch-app
     build:
       dockerfile: prod.Dockerfile
@@ -49,6 +77,7 @@ services:
   # NOTE: To do TLS or play around with how the app is hosted, you can look into the Caddyfile for
   #       the SH admin dashboard server at packages/hoppscotch-sh-admin/Caddyfile
   hoppscotch-sh-admin:
+    profiles: ["admin"]
     container_name: hoppscotch-sh-admin
     build:
       dockerfile: prod.Dockerfile
@@ -62,8 +91,22 @@ services:
       - "3280:80"
       - "3100:3100"
 
-  # The service that spins up all 3 services at once in one container
+  # The static server for serving web content to desktop shell, hosted at port 3200
+  hoppscotch-webapp-server:
+    profiles: ["webapp"]
+    container_name: hoppscotch-webapp-server
+    env_file:
+      - ./.env
+    build:
+      dockerfile: prod.Dockerfile
+      context: .
+      target: webapp_server
+    ports:
+      - "3200:3200"
+
+  # The service that spins up all services at once in one container
   hoppscotch-aio:
+    profiles: ["default", "default-no-db"]
     container_name: hoppscotch-aio
     restart: unless-stopped
     build:
@@ -79,12 +122,14 @@ services:
       - "3000:3000"
       - "3100:3100"
       - "3170:3170"
+      - "3200:3200"
       - "3080:80"
 
   # The preset DB service, you can delete/comment the below lines if
   # you are using an external postgres instance
   # This will be exposed at port 5432
   hoppscotch-db:
+    profiles: ["default", "database", "just-backend"]
     image: postgres:15
     ports:
       - "5432:5432"
@@ -105,8 +150,24 @@ services:
       timeout: 5s
       retries: 10
 
-  # All the services listed below are deprececated
+  # Auto-migration service - handles database migrations automatically
+  hoppscotch-migrate:
+    profiles: ["default", "just-backend"]
+    build:
+      dockerfile: prod.Dockerfile
+      context: .
+      target: backend
+    env_file:
+      - ./.env
+    depends_on:
+      hoppscotch-db:
+        condition: service_healthy
+    command: sh -c "pnpx prisma migrate deploy"
+
+  # All the services listed below are deprecated
+  # These services are kept for backward compatibility but should not be used for new deployments
   hoppscotch-old-backend:
+    profiles: ["deprecated"]
     container_name: hoppscotch-old-backend
     build:
       dockerfile: packages/hoppscotch-backend/Dockerfile
@@ -130,6 +191,7 @@ services:
       - "3170:3000"
 
   hoppscotch-old-app:
+    profiles: ["deprecated"]
     container_name: hoppscotch-old-app
     build:
       dockerfile: packages/hoppscotch-selfhost-web/Dockerfile
@@ -142,6 +204,7 @@ services:
       - "3000:8080"
 
   hoppscotch-old-sh-admin:
+    profiles: ["deprecated"]
     container_name: hoppscotch-old-sh-admin
     build:
       dockerfile: packages/hoppscotch-sh-admin/Dockerfile
@@ -152,3 +215,29 @@ services:
       - hoppscotch-old-backend
     ports:
       - "3100:8080"
+
+# DEPLOYMENT SCENARIOS:
+# 1. Default deployment (recommended):
+#    docker compose --profile default up
+#    This will start: AIO + database + auto-migration
+#
+# 2. Default deployment without database:
+#    docker compose --profile default-no-db up
+#    This will start: AIO only (use when you have an external database)
+#
+# 3. Individual service deployment:
+#    docker compose --profile backend up  # Just the backend
+#    docker compose --profile app up      # Just the app
+#    docker compose --profile admin up    # Just the admin dashboard
+#    docker compose --profile webapp up   # Just the static web server
+#    docker compose --profile database up # Just the database
+#
+# 4. Development deployment:
+#    docker compose --profile just-backend up  # All services except webapp
+#
+# 5. Deprecated services:
+#    docker compose --profile deprecated up
+#    This will start all deprecated services (not recommended for new deployments)
+#
+# Remember: The default and default-no-db profiles should not be mixed with individual service
+# profiles as they would conflict on ports.