planx: rebuild all four containers, ARM64 task defs, fix demo seed

Reported by Sam McKellen (Brighton & Hove) — the planx tryout flow was
broken end-to-end against latest upstream. Fixing the entire chain:

Editor (docker/editor):
- Drop VITE_APP_AIRBRAKE_PROJECT_ID=0 / KEY=unused. The "0" string is
  truthy in upstream's airbrake.ts hasConfig check, so it constructs a
  Notifier with projectId 0 and throws synchronously during module init,
  blanking the SPA before React mounts.
- Install pnpm deps inside editor.planx.uk/ (upstream removed the root
  pnpm-workspace; root install only brings in `typescript`).
- Switch VITE_APP_HASURA_URL / WEBSOCKET to /v1/graphql to match the
  CloudFront cache behaviour. The /hasura/* path doesn't exist there, so
  GraphQL was falling through to the editor nginx and 405-ing.
- Patch _authenticated/-loader.tsx in build.sh to no-op validateDomain;
  upstream's allowlist excludes our ephemeral CloudFront hostnames and
  the route guard otherwise redirects /app to /login before initAuthStore
  even runs.

API (docker/api):
- Move setupDemoAuth(app) to before the upstream `// Setup API routes`
  block via patch-demo-auth.sh. The /api-prefix-stripping middleware lives
  inside setupDemoAuth and has to register before app.use(userRoutes) etc.,
  or /api/user/me 404s before the rewrite happens.
- demo-auth.ts now sets jwt + auth cookies via res.cookie and redirects
  to /app instead of /?jwt=…. TanStack Router's / -> /app redirect drops
  the search params before the SPA's auth init can pick them up, so the
  user got bounced to /login despite a successful POST.
- Install pnpm deps inside api.planx.uk/ (same root-workspace issue as
  editor).
- build.sh actually invokes patch-demo-auth.sh — the previous version
  copied a stale precompiled overlay but never re-applied the source patch.

Hasura (docker/hasura):
- Copy entrypoint-wrapper.sh into the build context (was missing, image
  failed to build locally).
- Seed updates:
  * Drop external_planning_site_name / _url (upstream removed the columns).
  * Add is_trial=false on team_settings (Team route does
    team.settings.isTrial against null without it).
  * Add team_integrations row (GIS data settings page reads
    integrations.has_planning_data).
  * Replace the legacy two-flow seed (which used type-300/type-110 nodes
    no longer recognised by latest editor) with one multi-step demo flow:
    Notice -> Question with 3 branches -> TextInput -> Confirmation,
    using current ComponentType numbers (8, 100, 200, 250, 110, 725).
  * Set flows.version = 1 explicitly. Without it sharedb-postgresql's
    getSnapshot falls into the "no document" branch, the editor's
    subscribeToDoc calls doc.create and silently overwrites the seeded
    data with an empty doc on first open.
  * UPSERT the demo flow row + clear other team-26 flows so leases that
    came up with the legacy seed get refreshed when the Hasura image is
    rebuilt.
  * Pre-publish the demo flow (published_flows row) so /<team>/<flow>
    /published renders without a manual Publish click.

ShareDB (docker/sharedb):
- Install pnpm deps inside sharedb.planx.uk/ (same root-workspace issue).
  Old image ran fine for connect/init/handshake but its node_modules had
  drifted such that subscribe acks never reached clients. Fresh build
  with the deps installed in the right place fixes it.

CDK (cdk/lib/constructs/compute.ts):
- Flip editor / api / hasura / sharedb FargateTaskDefinitions to ARM64.
  Native ARM64 builds work on Apple Silicon CI; cross-compiling to amd64
  under QEMU OOMs the editor's vite/esbuild step.

Verified end-to-end on a fresh `isb terminate && isb assign ndx-try-planx`:
sign-in, /app/<team> with the demo flow listed, editor canvas renders all
23 nodes, /<team>/<flow>/published serves the public flow, GIS data
settings page loads.

Author: chrisns

cloudformation/scenarios/planx/cdk/lib/constructs/compute.ts

@@ -120,7 +120,7 @@ export class ComputeConstruct extends Construct {
       executionRole,
       taskRole,
       runtimePlatform: {
-        cpuArchitecture: ecs.CpuArchitecture.X86_64,
+        cpuArchitecture: ecs.CpuArchitecture.ARM64,
         operatingSystemFamily: ecs.OperatingSystemFamily.LINUX,
       },
     });
@@ -185,7 +185,10 @@ export class ComputeConstruct extends Construct {
       executionRole,
       taskRole,
       runtimePlatform: {
-        cpuArchitecture: ecs.CpuArchitecture.X86_64,
+        // ARM64: matches the editor / api images we publish (built natively
+        // on Apple Silicon CI; cross-compiling to amd64 under QEMU OOMs the
+        // editor's vite/esbuild step). Also ~20% cheaper on Fargate.
+        cpuArchitecture: ecs.CpuArchitecture.ARM64,
         operatingSystemFamily: ecs.OperatingSystemFamily.LINUX,
       },
     });
@@ -285,7 +288,7 @@ export class ComputeConstruct extends Construct {
       executionRole,
       taskRole,
       runtimePlatform: {
-        cpuArchitecture: ecs.CpuArchitecture.X86_64,
+        cpuArchitecture: ecs.CpuArchitecture.ARM64,
         operatingSystemFamily: ecs.OperatingSystemFamily.LINUX,
       },
     });
@@ -334,7 +337,7 @@ export class ComputeConstruct extends Construct {
       executionRole,
       taskRole,
       runtimePlatform: {
-        cpuArchitecture: ecs.CpuArchitecture.X86_64,
+        cpuArchitecture: ecs.CpuArchitecture.ARM64,
         operatingSystemFamily: ecs.OperatingSystemFamily.LINUX,
       },
     });

cloudformation/scenarios/planx/docker/api/Dockerfile

@@ -6,16 +6,19 @@ RUN corepack enable && corepack prepare pnpm@latest --activate
 
 WORKDIR /app
 
-# Copy the full monorepo (pnpm workspaces need it)
+# Copy the full monorepo (still useful for workspace package references)
 COPY planx-src/ .
 
-# Install dependencies
-RUN pnpm install --frozen-lockfile 2>/dev/null || pnpm install
+# Install api deps inside api.planx.uk. Upstream's api.planx.uk carries its
+# own pnpm-lock.yaml and is no longer linked through a root pnpm-workspace.yaml,
+# so a root-level install just pulls in `typescript` and the api's own
+# deps go missing (build then fails with "tsc not found").
+RUN cd api.planx.uk && (pnpm install --frozen-lockfile || pnpm install)
 
-# Build the API
+# Build the API (server.ts has been patched by build.sh to call setupDemoAuth)
 RUN cd api.planx.uk && pnpm build
 
-# Apply demo auth overlay after build
+# Pre-compiled JS overlay used by the patched server import resolution
 COPY overlays/demo-auth.js /app/api.planx.uk/dist/demo-auth.js
 
 # Production stage

cloudformation/scenarios/planx/docker/api/build.sh

@@ -21,6 +21,13 @@ cp "$SCRIPT_DIR/Dockerfile" "$BUILD_DIR/Dockerfile"
 # Move API app to expected location
 mv "$BUILD_DIR/planx-src/apps/api.planx.uk" "$BUILD_DIR/planx-src/api.planx.uk"
 
+# Apply the demo-auth source patch into the freshly cloned upstream so the
+# build sees the import/setupDemoAuth call. Without this step, the build runs
+# unpatched server.ts and the demo overlay is never registered (yet the legacy
+# image we replace had the patch baked in by hand).
+echo "==> Patching server.ts with demo auth..."
+sh "$SCRIPT_DIR/patch-demo-auth.sh" "$BUILD_DIR/planx-src/api.planx.uk"
+
 echo "==> Building Docker image..."
 cd "$BUILD_DIR"
 docker build -t ndx-planx-api:latest .

cloudformation/scenarios/planx/docker/api/overlays/demo-auth.ts

@@ -82,7 +82,26 @@ export function setupDemoAuth(app: Express) {
       { expiresIn: "24h" },
     );
 
-    // Redirect to editor with JWT in search params (relative URL to stay on CloudFront)
-    res.redirect(`/?jwt=${token}`);
+    // Set JWT as an HttpOnly cookie. Upstream's useLoggedInUserAuth reads
+    // req.cookies.jwt first, and the editor's apiClient sends cookies via
+    // withCredentials. Putting the JWT only in the URL hash/search no longer
+    // works: TanStack Router's `/` -> `/app` redirect drops the search params
+    // before the SPA's auth init can pick them up, and the user gets bounced
+    // to /login despite a successful POST. Set both cookies so the API and
+    // the editor's auth store agree on the logged-in state.
+    res.cookie("jwt", token, {
+      httpOnly: true,
+      secure: true,
+      sameSite: "lax",
+      path: "/",
+      maxAge: 24 * 60 * 60 * 1000,
+    });
+    res.cookie("auth", JSON.stringify({ loggedIn: true }), {
+      secure: true,
+      sameSite: "lax",
+      path: "/",
+      maxAge: 24 * 60 * 60 * 1000,
+    });
+    res.redirect("/app");
   });
 }

cloudformation/scenarios/planx/docker/api/patch-demo-auth.sh

@@ -17,9 +17,15 @@ cp "$(dirname "$0")/overlays/demo-auth.ts" "$API_DIR/modules/auth/demo-auth.ts"
 sed -i.bak '/^import { apiLimiter/a\
 import { setupDemoAuth } from "./modules/auth/demo-auth.js";' "$API_DIR/server.ts"
 
-# 3. Add demo auth setup before error handlers (the // Handle any server errors comment)
-sed -i.bak '/^\/\/ Handle any server errors/i\
-// NDX:Try demo auth (bypasses Google/Microsoft OAuth)\
+# 3. Add demo auth setup BEFORE the API route mounting (// Setup API routes anchor).
+# setupDemoAuth installs an `/api`-prefix-stripping middleware so /api/user/me
+# can reach the upstream user router. That middleware MUST run before
+# app.use(userRoutes) etc., or the rewrite happens too late and ALB-routed
+# /api/* requests 404. Inserting before the // Setup API routes comment
+# guarantees the right order regardless of which route bundles are added later.
+sed -i.bak '/^\/\/ Setup API routes/i\
+// NDX:Try demo auth (bypasses Google/Microsoft OAuth). Registered BEFORE the\
+// upstream route bundles so its /api-prefix-stripping middleware runs first.\
 if (process.env.DEMO_MODE === "true") {\
   setupDemoAuth(app);\
   console.info("Demo auth enabled at /auth/demo");\

cloudformation/scenarios/planx/docker/editor/Dockerfile

@@ -9,18 +9,28 @@ WORKDIR /app
 # Copy the full monorepo
 COPY planx-src/ .
 
-# Install dependencies
-RUN pnpm install --frozen-lockfile 2>/dev/null || pnpm install
+# Install editor deps. Upstream's editor.planx.uk is a self-contained pnpm
+# project (its own pnpm-lock.yaml) and is no longer linked via a root
+# pnpm-workspace.yaml, so installing at the root just brings in `typescript`
+# and the editor's `tsc`/`vite` end up missing. Install inside the editor
+# directory directly.
+RUN cd editor.planx.uk && (pnpm install --frozen-lockfile || pnpm install)
 
 # Build editor with relative URLs (all services behind same CloudFront/ALB)
 # WebSocket URLs use window.location.host (injected at runtime)
 ENV VITE_APP_API_URL=/api
-ENV VITE_APP_HASURA_URL=/hasura/v1/graphql
-ENV VITE_APP_HASURA_WEBSOCKET=wss://__PLANX_HOST__/hasura/v1/graphql
+# CloudFront routes /v1/*, /v2/* and /console/* directly to Hasura; there is
+# no /hasura/* cache behaviour. Build with the same paths so the editor's
+# GraphQL client doesn't end up at the editor nginx (405) or ShareDB.
+ENV VITE_APP_HASURA_URL=/v1/graphql
+ENV VITE_APP_HASURA_WEBSOCKET=wss://__PLANX_HOST__/v1/graphql
 ENV VITE_APP_SHAREDB_URL=wss://__PLANX_HOST__/sharedb
 ENV VITE_APP_ENV=production
-ENV VITE_APP_AIRBRAKE_PROJECT_ID=0
-ENV VITE_APP_AIRBRAKE_PROJECT_KEY=unused
+# Airbrake intentionally not configured. Setting AIRBRAKE_PROJECT_ID=0 makes
+# upstream's airbrake.ts pass its truthy-string check, then call
+# `new Notifier({projectId: 0})`, which throws synchronously during module
+# init and blanks the editor SPA. Leave these unset so the no-op logger
+# branch runs instead.
 
 RUN cd editor.planx.uk && pnpm build
 

cloudformation/scenarios/planx/docker/editor/build.sh

@@ -17,6 +17,23 @@ echo "==> Preparing build context..."
 # Move editor to expected path
 mv "$BUILD_DIR/planx-src/apps/editor.planx.uk" "$BUILD_DIR/planx-src/editor.planx.uk"
 
+# Patch validateDomain to accept the runtime host. Upstream restricts /app
+# to editor.planx.{dev,uk}, *.planx.pizza, and localhost:3000; on any other
+# host (e.g. our ephemeral CloudFront distributions) the route guard throws
+# redirect({to:"/login"}) before initAuthStore runs, so the demo cookie is
+# never exchanged for a /user/me lookup. Replacing the body with a no-op is
+# the smallest change that lets the existing auth flow take over.
+LOADER="$BUILD_DIR/planx-src/editor.planx.uk/src/routes/_authenticated/-loader.tsx"
+if [ -f "$LOADER" ]; then
+  cat > "$LOADER" <<'EOF'
+// NDX:Try patch: original validateDomain restricts /app to a hardcoded
+// allowlist of upstream hosts and redirects everything else to /login,
+// blocking the demo auth flow on our CloudFront distributions.
+export const validateDomain = () => {};
+EOF
+  echo "    patched _authenticated/-loader.tsx"
+fi
+
 cp "$SCRIPT_DIR/Dockerfile" "$BUILD_DIR/Dockerfile"
 cp "$SCRIPT_DIR/nginx.conf" "$BUILD_DIR/nginx.conf"
 cp "$SCRIPT_DIR/entrypoint.sh" "$BUILD_DIR/entrypoint.sh"

cloudformation/scenarios/planx/docker/hasura/build.sh

@@ -29,8 +29,9 @@ echo "==> Copying seed data..."
 mkdir -p "$BUILD_DIR/seed"
 cp "$SCRIPT_DIR/seed/"*.sql "$BUILD_DIR/seed/" 2>/dev/null || true
 
-echo "==> Copying Dockerfile..."
+echo "==> Copying Dockerfile + entrypoint..."
 cp "$SCRIPT_DIR/Dockerfile" "$BUILD_DIR/Dockerfile"
+cp "$SCRIPT_DIR/entrypoint-wrapper.sh" "$BUILD_DIR/entrypoint-wrapper.sh"
 
 echo "==> Building Docker image..."
 cd "$BUILD_DIR"

cloudformation/scenarios/planx/docker/hasura/seed/V999__ndx_demo_seed.sql

@@ -12,8 +12,12 @@ VALUES (26, '#0B0C0C', '#1D70B8', '#1D70B8')
 ON CONFLICT (team_id) DO NOTHING;
 
 -- 3. Team settings
-INSERT INTO team_settings (team_id, homepage, help_email, help_phone, help_opening_hours, external_planning_site_name, external_planning_site_url)
-VALUES (26, 'https://ndx-demo.example.com', 'planning@ndx-demo.example.com', '020 7946 0958', 'Monday to Friday, 9am to 5pm', 'NDX Demo Planning Portal', 'https://ndx-demo.example.com/planning')
+-- Upstream removed external_planning_site_name/_url and added is_trial. Without
+-- a row here at all, the editor's Team route does `team.settings.isTrial` on a
+-- null settings relation and the page crashes with "Cannot read properties of
+-- null (reading 'isTrial')".
+INSERT INTO team_settings (team_id, homepage, help_email, help_phone, help_opening_hours, is_trial)
+VALUES (26, 'https://ndx-demo.example.com', 'planning@ndx-demo.example.com', '020 7946 0958', 'Monday to Friday, 9am to 5pm', false)
 ON CONFLICT (team_id) DO NOTHING;
 
 -- 4. Demo user
@@ -26,21 +30,126 @@ INSERT INTO team_members (team_id, user_id, role)
 VALUES (26, 1001, 'teamEditor')
 ON CONFLICT DO NOTHING;
 
--- 6. Sample flows
-INSERT INTO flows (id, team_id, slug, name, data, status, created_at, updated_at, creator_id)
+-- 6. Team integrations
+-- Editor's GIS settings page reads `team.integrations.has_planning_data`. If
+-- no row exists, team.integrations is null and the page crashes with
+-- "Cannot read properties of undefined (reading 'hasPlanningData')".
+INSERT INTO team_integrations (team_id, has_planning_data)
+VALUES (26, false)
+ON CONFLICT (team_id) DO NOTHING;
+
+-- 7. Sample multi-step flow so the demo isn't a blank canvas.
+-- Component types come from upstream's planx-core ComponentType enum:
+--   Notice=8, Question=100, Answer=200, Content=250, TextInput=110,
+--   Confirmation=725. A Question node lists its Answer children in `edges`;
+--   each Answer can chain its own follow-up via `edges` (Content here).
+-- Node ids are 10-char strings; ShareDB doesn't care about format, only
+-- that they're unique within the flow.
+INSERT INTO flows (id, team_id, slug, name, data, status, created_at, updated_at, creator_id, version)
 VALUES (
   'a1b2c3d4-e5f6-7890-abcd-ef1234567890', 26,
-  'householder-planning-permission',
+  'apply-for-householder-planning-permission',
   'Apply for householder planning permission',
-  '{"_root":{"edges":["n1","n2","n3"]},"n1":{"type":300,"data":{"title":"Householder Planning Permission","description":"<p>Apply for planning permission for works to a house or its grounds.</p>"}},"n2":{"type":110,"data":{"title":"Describe the proposed works","fn":"proposal.description"}},"n3":{"type":725,"data":{"title":"Application submitted","description":"<p>Your application has been submitted.</p>"}}}'::jsonb,
-  'online', now(), now(), 1001
-) ON CONFLICT (id) DO NOTHING;
+  $${
+    "_root": {"edges": ["intro_001","question_1","describe_1","confirm_01"]},
+    "intro_001": {
+      "type": 8,
+      "data": {
+        "title": "Apply for householder planning permission",
+        "description": "<p>This sample service walks through the kind of questions a council might ask before you submit a planning application. NDX:Try lets you customise it freely.</p>",
+        "color": "#EFEFEF",
+        "resetButton": false
+      }
+    },
+    "question_1": {
+      "type": 100,
+      "data": {
+        "text": "What type of work are you proposing?",
+        "description": "<p>Pick the option that best matches your project. The questions afterwards adjust based on your answer.</p>",
+        "neverAutoAnswer": false,
+        "alwaysAutoAnswerBlank": false
+      },
+      "edges": ["ans_ext_001","ans_loft_01","ans_garden1"]
+    },
+    "ans_ext_001": {"type": 200, "data": {"text": "Single-storey rear extension"}, "edges": ["content_ext"]},
+    "ans_loft_01": {"type": 200, "data": {"text": "Loft conversion"}, "edges": ["content_lft"]},
+    "ans_garden1": {"type": 200, "data": {"text": "Garden room or outbuilding"}, "edges": ["content_grd"]},
+    "content_ext": {
+      "type": 250,
+      "data": {"content": "<h2>Single-storey rear extension</h2><p>Most single-storey rear extensions on terraced or semi-detached homes can be built under <em>permitted development</em> rights without a full planning application, provided they meet size and design limits.</p><p>Check the latest limits on the <a href=\"https://www.gov.uk/guidance/permitted-development-rights\">Planning Portal</a> before you continue.</p>"}
+    },
+    "content_lft": {
+      "type": 250,
+      "data": {"content": "<h2>Loft conversion</h2><p>Loft conversions are usually permitted development, but rear dormer windows on the principal elevation of a terraced house are not. You may need full planning permission and Building Regulations approval.</p>"}
+    },
+    "content_grd": {
+      "type": 250,
+      "data": {"content": "<h2>Garden room or outbuilding</h2><p>Outbuildings under 2.5m high near a boundary, with a footprint less than half the garden, are usually permitted development. Designs over that, or with sleeping accommodation, need planning permission.</p>"}
+    },
+    "describe_1": {
+      "type": 110,
+      "data": {
+        "title": "Describe your proposed works",
+        "description": "<p>Tell us briefly what you want to build, in your own words.</p>",
+        "type": "long",
+        "fn": "proposal.description",
+        "isRequired": true
+      }
+    },
+    "confirm_01": {
+      "type": 725,
+      "data": {
+        "heading": "Application submitted",
+        "color": "#EFEFEF",
+        "moreInfo": "<p><strong>What happens next?</strong></p><p>A planning officer will review your application within 8 weeks. You will be contacted if they need more information.</p>",
+        "contactInfo": "<p>Need to chase? Email <a href=\"mailto:planning@ndx-demo.example.com\">planning@ndx-demo.example.com</a>.</p>"
+      }
+    }
+  }$$::jsonb,
+  'online', now(), now(), 1001, 1
+) ON CONFLICT (id) DO UPDATE SET
+  -- Existing leases that came up with an older revision of this seed
+  -- (e.g. the legacy two-flow shape) keep the same UUID but need their
+  -- slug, name, data, AND version refreshed when the Hasura image is
+  -- rebuilt. flows.version must be non-null or sharedb-postgresql's
+  -- getSnapshot falls into its "no document" branch, the editor's
+  -- subscribeToDoc calls doc.create({nodes:{}, edges:[]}) and the seeded
+  -- data is silently replaced with an empty doc on first open.
+  slug = EXCLUDED.slug,
+  name = EXCLUDED.name,
+  data = EXCLUDED.data,
+  status = EXCLUDED.status,
+  version = EXCLUDED.version,
+  updated_at = now();
 
-INSERT INTO flows (id, team_id, slug, name, data, status, created_at, updated_at, creator_id)
-VALUES (
-  'b2c3d4e5-f6a7-8901-bcde-f12345678901', 26,
-  'lawful-development-certificate',
-  'Apply for a lawful development certificate',
-  '{"_root":{"edges":["l1","l2","l3"]},"l1":{"type":300,"data":{"title":"Lawful Development Certificate","description":"<p>Find out if your development is lawful.</p>"}},"l2":{"type":110,"data":{"title":"Describe the development","fn":"proposal.description"}},"l3":{"type":725,"data":{"title":"Application submitted"}}}'::jsonb,
-  'online', now(), now(), 1001
-) ON CONFLICT (id) DO NOTHING;
+-- Drop any other team-26 flows that pre-date this seed revision (the old
+-- two-flow seed inserted a second UUID that's no longer referenced).
+DELETE FROM operations WHERE flow_id IN (
+  SELECT id FROM flows WHERE team_id = 26 AND id <> 'a1b2c3d4-e5f6-7890-abcd-ef1234567890'
+);
+DELETE FROM published_flows WHERE flow_id IN (
+  SELECT id FROM flows WHERE team_id = 26 AND id <> 'a1b2c3d4-e5f6-7890-abcd-ef1234567890'
+);
+DELETE FROM flows WHERE team_id = 26 AND id <> 'a1b2c3d4-e5f6-7890-abcd-ef1234567890';
+
+-- ShareDB requires at least one matching `operations` row per flow; the
+-- editor's flow list also reads operations[0].createdAt for "last edited"
+-- (a missing op makes the team page crash with "RangeError: Invalid time
+-- value"). One op at version 1 with the snapshot data is the minimum.
+INSERT INTO operations (flow_id, actor_id, version, data, created_at, updated_at)
+SELECT id, 1001, 1, '{}'::jsonb, now(), now() FROM flows WHERE team_id = 26
+ON CONFLICT DO NOTHING;
+
+-- 8. Pre-publish the demo flow so the public viewer at
+-- /<team>/<flow>/published renders without the user having to click Publish
+-- in the editor first. The published_flows row stores a frozen snapshot of
+-- flow.data at the moment of publish; we copy the same data here.
+INSERT INTO published_flows (
+  flow_id, publisher_id, summary, data,
+  has_send_component, has_pay_component, has_sections, service_charge_enabled,
+  created_at
+)
+SELECT id, 1001, 'Initial publish', data,
+       false, false, false, false, now()
+FROM flows WHERE team_id = 26
+ON CONFLICT DO NOTHING;

cloudformation/scenarios/planx/docker/sharedb/Dockerfile

@@ -9,19 +9,20 @@ WORKDIR /app
 # Copy the full monorepo
 COPY planx-src/ .
 
-# Install dependencies
-RUN pnpm install --frozen-lockfile 2>/dev/null || pnpm install
+# Install sharedb deps inside its own dir. Upstream's sharedb.planx.uk has its
+# own pnpm-lock.yaml; the root has no pnpm-workspace.yaml that links it, so a
+# root-level install only brings in `typescript` and the sharedb deps go
+# missing. (Same fix pattern as editor and api Dockerfiles.)
+RUN cd sharedb.planx.uk && (pnpm install --frozen-lockfile || pnpm install)
 
-# Build ShareDB
-RUN cd sharedb.planx.uk && pnpm build 2>/dev/null || true
+# ShareDB has no build step — server.js runs directly from source.
 
 # Production stage
 FROM node:24.14-alpine AS production
 
 WORKDIR /app
 
 COPY --from=build /app/sharedb.planx.uk/ ./
-# ShareDB may not have a build step — it runs server.js directly
 
 ENV PORT=8000
 ENV NODE_ENV=production