@atlashub/smartstack-cli 3.53.0 → 4.0.0

package/dist/mcp-entry.mjs

@@ -471,8 +471,8 @@ var init_parseUtil = __esm({
     init_errors();
     init_en();
     makeIssue = (params) => {
-      const { data, path: path30, errorMaps, issueData } = params;
-      const fullPath = [...path30, ...issueData.path || []];
+      const { data, path: path32, errorMaps, issueData } = params;
+      const fullPath = [...path32, ...issueData.path || []];
       const fullIssue = {
         ...issueData,
         path: fullPath
@@ -786,11 +786,11 @@ var init_types = __esm({
     init_parseUtil();
     init_util();
     ParseInputLazyPath = class {
-      constructor(parent, value, path30, key) {
+      constructor(parent, value, path32, key) {
         this._cachedPath = [];
         this.parent = parent;
         this.data = value;
-        this._path = path30;
+        this._path = path32;
         this._key = key;
       }
       get path() {
@@ -4367,10 +4367,10 @@ function assignProp(target, prop, value) {
     configurable: true
   });
 }
-function getElementAtPath(obj, path30) {
-  if (!path30)
+function getElementAtPath(obj, path32) {
+  if (!path32)
     return obj;
-  return path30.reduce((acc, key) => acc?.[key], obj);
+  return path32.reduce((acc, key) => acc?.[key], obj);
 }
 function promiseAllObject(promisesObj) {
   const keys = Object.keys(promisesObj);
@@ -4619,11 +4619,11 @@ function aborted(x, startIndex = 0) {
   }
   return false;
 }
-function prefixIssues(path30, issues) {
+function prefixIssues(path32, issues) {
   return issues.map((iss) => {
     var _a;
     (_a = iss).path ?? (_a.path = []);
-    iss.path.unshift(path30);
+    iss.path.unshift(path32);
     return iss;
   });
 }
@@ -14447,8 +14447,8 @@ var require_utils = __commonJS({
       }
       return ind;
     }
-    function removeDotSegments(path30) {
-      let input = path30;
+    function removeDotSegments(path32) {
+      let input = path32;
       const output = [];
       let nextSlash = -1;
       let len = 0;
@@ -14648,8 +14648,8 @@ var require_schemes = __commonJS({
         wsComponent.secure = void 0;
       }
       if (wsComponent.resourceName) {
-        const [path30, query] = wsComponent.resourceName.split("?");
-        wsComponent.path = path30 && path30 !== "/" ? path30 : void 0;
+        const [path32, query] = wsComponent.resourceName.split("?");
+        wsComponent.path = path32 && path32 !== "/" ? path32 : void 0;
         wsComponent.query = query;
         wsComponent.resourceName = void 0;
       }
@@ -23041,12 +23041,12 @@ var init_esm7 = __esm({
       /**
        * Get the Path object referenced by the string path, resolved from this Path
        */
-      resolve(path30) {
-        if (!path30) {
+      resolve(path32) {
+        if (!path32) {
           return this;
         }
-        const rootPath = this.getRootString(path30);
-        const dir = path30.substring(rootPath.length);
+        const rootPath = this.getRootString(path32);
+        const dir = path32.substring(rootPath.length);
         const dirParts = dir.split(this.splitSep);
         const result = rootPath ? this.getRoot(rootPath).#resolveParts(dirParts) : this.#resolveParts(dirParts);
         return result;
@@ -23798,8 +23798,8 @@ var init_esm7 = __esm({
       /**
        * @internal
        */
-      getRootString(path30) {
-        return win32.parse(path30).root;
+      getRootString(path32) {
+        return win32.parse(path32).root;
       }
       /**
        * @internal
@@ -23845,8 +23845,8 @@ var init_esm7 = __esm({
       /**
        * @internal
        */
-      getRootString(path30) {
-        return path30.startsWith("/") ? "/" : "";
+      getRootString(path32) {
+        return path32.startsWith("/") ? "/" : "";
       }
       /**
        * @internal
@@ -23935,11 +23935,11 @@ var init_esm7 = __esm({
       /**
        * Get the depth of a provided path, string, or the cwd
        */
-      depth(path30 = this.cwd) {
-        if (typeof path30 === "string") {
-          path30 = this.cwd.resolve(path30);
+      depth(path32 = this.cwd) {
+        if (typeof path32 === "string") {
+          path32 = this.cwd.resolve(path32);
         }
-        return path30.depth();
+        return path32.depth();
       }
       /**
        * Return the cache of child entries.  Exposed so subclasses can create
@@ -24426,9 +24426,9 @@ var init_esm7 = __esm({
         process3();
         return results;
       }
-      chdir(path30 = this.cwd) {
+      chdir(path32 = this.cwd) {
         const oldCwd = this.cwd;
-        this.cwd = typeof path30 === "string" ? this.cwd.resolve(path30) : path30;
+        this.cwd = typeof path32 === "string" ? this.cwd.resolve(path32) : path32;
         this.cwd[setAsCwd](oldCwd);
       }
     };
@@ -24809,8 +24809,8 @@ var init_processor = __esm({
       }
       // match, absolute, ifdir
       entries() {
-        return [...this.store.entries()].map(([path30, n]) => [
-          path30,
+        return [...this.store.entries()].map(([path32, n]) => [
+          path32,
           !!(n & 2),
           !!(n & 1)
         ]);
@@ -25025,9 +25025,9 @@ var init_walker = __esm({
       signal;
       maxDepth;
       includeChildMatches;
-      constructor(patterns, path30, opts) {
+      constructor(patterns, path32, opts) {
         this.patterns = patterns;
-        this.path = path30;
+        this.path = path32;
         this.opts = opts;
         this.#sep = !opts.posix && opts.platform === "win32" ? "\\" : "/";
         this.includeChildMatches = opts.includeChildMatches !== false;
@@ -25046,11 +25046,11 @@ var init_walker = __esm({
           });
         }
       }
-      #ignored(path30) {
-        return this.seen.has(path30) || !!this.#ignore?.ignored?.(path30);
+      #ignored(path32) {
+        return this.seen.has(path32) || !!this.#ignore?.ignored?.(path32);
       }
-      #childrenIgnored(path30) {
-        return !!this.#ignore?.childrenIgnored?.(path30);
+      #childrenIgnored(path32) {
+        return !!this.#ignore?.childrenIgnored?.(path32);
       }
       // backpressure mechanism
       pause() {
@@ -25265,8 +25265,8 @@ var init_walker = __esm({
     };
     GlobWalker = class extends GlobUtil {
       matches = /* @__PURE__ */ new Set();
-      constructor(patterns, path30, opts) {
-        super(patterns, path30, opts);
+      constructor(patterns, path32, opts) {
+        super(patterns, path32, opts);
       }
       matchEmit(e) {
         this.matches.add(e);
@@ -25303,8 +25303,8 @@ var init_walker = __esm({
     };
     GlobStream = class extends GlobUtil {
       results;
-      constructor(patterns, path30, opts) {
-        super(patterns, path30, opts);
+      constructor(patterns, path32, opts) {
+        super(patterns, path32, opts);
         this.results = new Minipass({
           signal: this.signal,
           objectMode: true
@@ -25634,6 +25634,26 @@ var init_esm8 = __esm({
 });
 
 // src/mcp/utils/fs.ts
+var fs_exports = {};
+__export(fs_exports, {
+  FileSystemError: () => FileSystemError,
+  copyFile: () => copyFile,
+  directoryExists: () => directoryExists,
+  ensureDirectory: () => ensureDirectory,
+  fileExists: () => fileExists,
+  findDirectories: () => findDirectories,
+  findFiles: () => findFiles,
+  normalizePath: () => normalizePath,
+  readJson: () => readJson,
+  readText: () => readText,
+  relativePath: () => relativePath,
+  removeDirectory: () => removeDirectory,
+  removeFile: () => removeFile,
+  safeJoinPath: () => safeJoinPath,
+  validatePathSecurity: () => validatePathSecurity,
+  writeJson: () => writeJson,
+  writeText: () => writeText
+});
 import { stat, mkdir, readFile, writeFile, cp, rm } from "fs/promises";
 import path3 from "path";
 function validatePathSecurity(targetPath, baseDir) {
@@ -25697,6 +25717,20 @@ async function readJson(filePath) {
     );
   }
 }
+async function writeJson(filePath, data) {
+  try {
+    await mkdir(path3.dirname(filePath), { recursive: true });
+    await writeFile(filePath, JSON.stringify(data, null, 2), "utf-8");
+  } catch (error2) {
+    const err = error2 instanceof Error ? error2 : new Error(String(error2));
+    throw new FileSystemError(
+      `Failed to write JSON file: ${filePath} - ${err.message}`,
+      "writeJson",
+      filePath,
+      err
+    );
+  }
+}
 async function readText(filePath) {
   try {
     return await readFile(filePath, "utf-8");
@@ -25724,6 +25758,16 @@ async function writeText(filePath, content) {
     );
   }
 }
+async function copyFile(src, dest) {
+  await mkdir(path3.dirname(dest), { recursive: true });
+  await cp(src, dest, { recursive: true });
+}
+async function removeFile(filePath) {
+  await rm(filePath, { force: true });
+}
+async function removeDirectory(dirPath) {
+  await rm(dirPath, { recursive: true, force: true });
+}
 async function findFiles(pattern, options = {}) {
   const { cwd = process.cwd(), ignore = [] } = options;
   const files = await glob(pattern, {
@@ -25734,6 +25778,27 @@ async function findFiles(pattern, options = {}) {
   });
   return files;
 }
+async function findDirectories(pattern, options = {}) {
+  const { cwd = process.cwd(), ignore = [] } = options;
+  const dirs = await glob(pattern, {
+    cwd,
+    ignore: ["**/node_modules/**", "**/bin/**", "**/obj/**", ...ignore],
+    absolute: true
+  });
+  const results = [];
+  for (const dir of dirs) {
+    if (await directoryExists(dir)) {
+      results.push(dir);
+    }
+  }
+  return results;
+}
+function relativePath(from, to) {
+  return path3.relative(from, to).replace(/\\/g, "/");
+}
+function normalizePath(filePath) {
+  return filePath.replace(/\\/g, "/");
+}
 var FileSystemError;
 var init_fs = __esm({
   "src/mcp/utils/fs.ts"() {
@@ -25741,10 +25806,10 @@ var init_fs = __esm({
     init_esm_shims();
     init_esm8();
     FileSystemError = class extends Error {
-      constructor(message, operation, path30, cause) {
+      constructor(message, operation, path32, cause) {
         super(message);
         this.operation = operation;
-        this.path = path30;
+        this.path = path32;
         this.cause = cause;
         this.name = "FileSystemError";
       }
@@ -25787,7 +25852,7 @@ function tenantModeToTemplateFlags(mode) {
     tenantMode: mode
   };
 }
-var ProjectConfigSchema, SmartStackConfigSchema, ConventionsConfigSchema, EfCoreContextSchema, EfCoreConfigSchema, ScaffoldingConfigSchema, ConfigSchema, TenantModeSchema, ValidateConventionsInputSchema, CheckMigrationsInputSchema, EntityPropertySchema, ScaffoldExtensionInputSchema, ApiDocsInputSchema, SuggestMigrationInputSchema, GeneratePermissionsInputSchema, TestTypeSchema, TestTargetSchema, ScaffoldTestsInputSchema, AnalyzeTestCoverageInputSchema, ValidateTestConventionsInputSchema, SuggestTestScenariosInputSchema, SecurityCheckSchema, ValidateSecurityInputSchema, QualityMetricSchema, AnalyzeCodeQualityInputSchema, ScaffoldApiClientInputSchema, ScaffoldRoutesInputSchema, ValidateFrontendRoutesInputSchema, SlotDefinitionSchema, ScaffoldFrontendExtensionInputSchema, AnalyzeExtensionPointsInputSchema, AnalyzeHierarchyPatternsInputSchema, ReviewCodeCheckSchema, ReviewCodeInputSchema;
+var ProjectConfigSchema, SmartStackConfigSchema, ConventionsConfigSchema, EfCoreContextSchema, EfCoreConfigSchema, ScaffoldingConfigSchema, ConfigSchema, TenantModeSchema, ValidateConventionsInputSchema, CheckMigrationsInputSchema, EntityPropertySchema, ScaffoldExtensionInputSchema, ApiDocsInputSchema, SuggestMigrationInputSchema, GeneratePermissionsInputSchema, TestTypeSchema, TestTargetSchema, ScaffoldTestsInputSchema, AnalyzeTestCoverageInputSchema, ValidateTestConventionsInputSchema, SuggestTestScenariosInputSchema, SecurityCheckSchema, ValidateSecurityInputSchema, QualityMetricSchema, AnalyzeCodeQualityInputSchema, ScaffoldApiClientInputSchema, ScaffoldRoutesInputSchema, ValidateFrontendRoutesInputSchema, SlotDefinitionSchema, ScaffoldFrontendExtensionInputSchema, AnalyzeExtensionPointsInputSchema, ScaffoldDataExportInputSchema, PromptDataExportM2mInputSchema, AnalyzeHierarchyPatternsInputSchema, ReviewCodeCheckSchema, ReviewCodeInputSchema;
 var init_types3 = __esm({
   "src/mcp/types/index.ts"() {
     "use strict";
@@ -26067,6 +26132,26 @@ var init_types3 = __esm({
       target: external_exports.enum(["pages", "components", "forms", "tables", "all"]).default("all").describe("Type of components to analyze"),
       filter: external_exports.string().optional().describe('Filter by file name pattern (e.g., "User*")')
     });
+    ScaffoldDataExportInputSchema = external_exports.object({
+      name: external_exports.string().min(1).describe('Entity name in PascalCase (e.g., "Product", "Order")'),
+      navRoute: external_exports.string().min(1).describe('NavRoute of the source entity (e.g., "business.sales.products") \u2014 used for permission derivation'),
+      options: external_exports.object({
+        entityProperties: external_exports.array(EntityPropertySchema).optional().describe("Properties for the export DTO"),
+        rateLimitPerMinute: external_exports.number().int().positive().default(60).describe("Rate limit per minute (default: 60)"),
+        maxPageSize: external_exports.number().int().positive().default(1e3).describe("Max page size (default: 1000)"),
+        includeAuditFields: external_exports.boolean().default(true).describe("Include CreatedAt/UpdatedAt in DTO (default: true)"),
+        includeFrontendClient: external_exports.boolean().default(false).describe("Generate TypeScript API client (default: false)"),
+        dryRun: external_exports.boolean().default(false).describe("Preview without writing files (default: false)")
+      }).optional()
+    });
+    PromptDataExportM2mInputSchema = external_exports.object({
+      endpoints: external_exports.array(external_exports.string()).optional().describe('Endpoint codes to include (e.g., ["users", "tenants"]). If empty, discovers all available endpoints.'),
+      clientId: external_exports.string().optional().describe("Optional clientId to pre-fill in the prompt"),
+      options: external_exports.object({
+        includeBasePrompt: external_exports.boolean().default(true).describe("Include authentication and common sections (default: true)"),
+        format: external_exports.enum(["full", "endpoints-only"]).default("full").describe('Output format: "full" or "endpoints-only"')
+      }).optional()
+    });
     AnalyzeHierarchyPatternsInputSchema = external_exports.object({
       path: external_exports.string().optional().describe("Project path to analyze (default: SmartStack.app path)"),
       entityFilter: external_exports.string().optional().describe('Filter entities by name pattern (e.g., "User*", "*Group*")'),
@@ -26394,7 +26479,8 @@ var init_config = __esm({
           "ref_",
           "loc_",
           "lic_",
-          "tenant_"
+          "tenant_",
+          "ext_"
         ],
         customTablePrefixes: [],
         scopeTypes: ["Core", "Extension", "Partner", "Community"],
@@ -27258,8 +27344,8 @@ async function validateControllerRoutes(structure, _config, result) {
     const routeAttrMatch = content.match(/\[Route\s*\(\s*"([^"]+)"\s*\)\]/);
     if (!routeAttrMatch) continue;
     const routeValue = routeAttrMatch[1];
-    const relativePath = path8.relative(structure.api, file);
-    const dirParts = path8.dirname(relativePath).split(path8.sep);
+    const relativePath2 = path8.relative(structure.api, file);
+    const dirParts = path8.dirname(relativePath2).split(path8.sep);
     const moduleDir = dirParts.slice(0, Math.min(dirParts.length, 3)).join("/");
     if (!routesByDirectory.has(moduleDir)) {
       routesByDirectory.set(moduleDir, []);
@@ -29863,13 +29949,13 @@ var require_ast = __commonJS({
         helperExpression: function helperExpression(node) {
           return node.type === "SubExpression" || (node.type === "MustacheStatement" || node.type === "BlockStatement") && !!(node.params && node.params.length || node.hash);
         },
-        scopedId: function scopedId(path30) {
-          return /^\.|this\b/.test(path30.original);
+        scopedId: function scopedId(path32) {
+          return /^\.|this\b/.test(path32.original);
         },
         // an ID is simple if it only has one part, and that part is not
         // `..` or `this`.
-        simpleId: function simpleId(path30) {
-          return path30.parts.length === 1 && !AST2.helpers.scopedId(path30) && !path30.depth;
+        simpleId: function simpleId(path32) {
+          return path32.parts.length === 1 && !AST2.helpers.scopedId(path32) && !path32.depth;
         }
       }
     };
@@ -30943,12 +31029,12 @@ var require_helpers2 = __commonJS({
         loc
       };
     }
-    function prepareMustache(path30, params, hash, open, strip, locInfo) {
+    function prepareMustache(path32, params, hash, open, strip, locInfo) {
       var escapeFlag = open.charAt(3) || open.charAt(2), escaped = escapeFlag !== "{" && escapeFlag !== "&";
       var decorator = /\*/.test(open);
       return {
         type: decorator ? "Decorator" : "MustacheStatement",
-        path: path30,
+        path: path32,
         params,
         hash,
         escaped,
@@ -31220,9 +31306,9 @@ var require_compiler = __commonJS({
       },
       DecoratorBlock: function DecoratorBlock(decorator) {
         var program = decorator.program && this.compileProgram(decorator.program);
-        var params = this.setupFullMustacheParams(decorator, program, void 0), path30 = decorator.path;
+        var params = this.setupFullMustacheParams(decorator, program, void 0), path32 = decorator.path;
         this.useDecorators = true;
-        this.opcode("registerDecorator", params.length, path30.original);
+        this.opcode("registerDecorator", params.length, path32.original);
       },
       PartialStatement: function PartialStatement(partial2) {
         this.usePartial = true;
@@ -31286,46 +31372,46 @@ var require_compiler = __commonJS({
         }
       },
       ambiguousSexpr: function ambiguousSexpr(sexpr, program, inverse) {
-        var path30 = sexpr.path, name = path30.parts[0], isBlock = program != null || inverse != null;
-        this.opcode("getContext", path30.depth);
+        var path32 = sexpr.path, name = path32.parts[0], isBlock = program != null || inverse != null;
+        this.opcode("getContext", path32.depth);
         this.opcode("pushProgram", program);
         this.opcode("pushProgram", inverse);
-        path30.strict = true;
-        this.accept(path30);
+        path32.strict = true;
+        this.accept(path32);
         this.opcode("invokeAmbiguous", name, isBlock);
       },
       simpleSexpr: function simpleSexpr(sexpr) {
-        var path30 = sexpr.path;
-        path30.strict = true;
-        this.accept(path30);
+        var path32 = sexpr.path;
+        path32.strict = true;
+        this.accept(path32);
         this.opcode("resolvePossibleLambda");
       },
       helperSexpr: function helperSexpr(sexpr, program, inverse) {
-        var params = this.setupFullMustacheParams(sexpr, program, inverse), path30 = sexpr.path, name = path30.parts[0];
+        var params = this.setupFullMustacheParams(sexpr, program, inverse), path32 = sexpr.path, name = path32.parts[0];
         if (this.options.knownHelpers[name]) {
           this.opcode("invokeKnownHelper", params.length, name);
         } else if (this.options.knownHelpersOnly) {
           throw new _exception2["default"]("You specified knownHelpersOnly, but used the unknown helper " + name, sexpr);
         } else {
-          path30.strict = true;
-          path30.falsy = true;
-          this.accept(path30);
-          this.opcode("invokeHelper", params.length, path30.original, _ast2["default"].helpers.simpleId(path30));
+          path32.strict = true;
+          path32.falsy = true;
+          this.accept(path32);
+          this.opcode("invokeHelper", params.length, path32.original, _ast2["default"].helpers.simpleId(path32));
         }
       },
-      PathExpression: function PathExpression(path30) {
-        this.addDepth(path30.depth);
-        this.opcode("getContext", path30.depth);
-        var name = path30.parts[0], scoped = _ast2["default"].helpers.scopedId(path30), blockParamId = !path30.depth && !scoped && this.blockParamIndex(name);
+      PathExpression: function PathExpression(path32) {
+        this.addDepth(path32.depth);
+        this.opcode("getContext", path32.depth);
+        var name = path32.parts[0], scoped = _ast2["default"].helpers.scopedId(path32), blockParamId = !path32.depth && !scoped && this.blockParamIndex(name);
         if (blockParamId) {
-          this.opcode("lookupBlockParam", blockParamId, path30.parts);
+          this.opcode("lookupBlockParam", blockParamId, path32.parts);
         } else if (!name) {
           this.opcode("pushContext");
-        } else if (path30.data) {
+        } else if (path32.data) {
           this.options.data = true;
-          this.opcode("lookupData", path30.depth, path30.parts, path30.strict);
+          this.opcode("lookupData", path32.depth, path32.parts, path32.strict);
         } else {
-          this.opcode("lookupOnContext", path30.parts, path30.falsy, path30.strict, scoped);
+          this.opcode("lookupOnContext", path32.parts, path32.falsy, path32.strict, scoped);
         }
       },
       StringLiteral: function StringLiteral(string3) {
@@ -31681,16 +31767,16 @@ var require_util2 = __commonJS({
     }
     exports.urlGenerate = urlGenerate;
     function normalize2(aPath) {
-      var path30 = aPath;
+      var path32 = aPath;
       var url2 = urlParse(aPath);
       if (url2) {
         if (!url2.path) {
           return aPath;
         }
-        path30 = url2.path;
+        path32 = url2.path;
       }
-      var isAbsolute = exports.isAbsolute(path30);
-      var parts = path30.split(/\/+/);
+      var isAbsolute = exports.isAbsolute(path32);
+      var parts = path32.split(/\/+/);
       for (var part, up = 0, i = parts.length - 1; i >= 0; i--) {
         part = parts[i];
         if (part === ".") {
@@ -31707,15 +31793,15 @@ var require_util2 = __commonJS({
           }
         }
       }
-      path30 = parts.join("/");
-      if (path30 === "") {
-        path30 = isAbsolute ? "/" : ".";
+      path32 = parts.join("/");
+      if (path32 === "") {
+        path32 = isAbsolute ? "/" : ".";
       }
       if (url2) {
-        url2.path = path30;
+        url2.path = path32;
         return urlGenerate(url2);
       }
-      return path30;
+      return path32;
     }
     exports.normalize = normalize2;
     function join2(aRoot, aPath) {
@@ -34516,8 +34602,8 @@ var require_printer = __commonJS({
       return this.accept(sexpr.path) + " " + params + hash;
     };
     PrintVisitor.prototype.PathExpression = function(id) {
-      var path30 = id.parts.join("/");
-      return (id.data ? "@" : "") + "PATH:" + path30;
+      var path32 = id.parts.join("/");
+      return (id.data ? "@" : "") + "PATH:" + path32;
     };
     PrintVisitor.prototype.StringLiteral = function(string3) {
       return '"' + string3.value + '"';
@@ -46114,11 +46200,11 @@ var require_mime_types = __commonJS({
       }
       return exts[0];
     }
-    function lookup(path30) {
-      if (!path30 || typeof path30 !== "string") {
+    function lookup(path32) {
+      if (!path32 || typeof path32 !== "string") {
         return false;
       }
-      var extension2 = extname("x." + path30).toLowerCase().substr(1);
+      var extension2 = extname("x." + path32).toLowerCase().substr(1);
       if (!extension2) {
         return false;
       }
@@ -47281,7 +47367,7 @@ var require_form_data = __commonJS({
     init_esm_shims();
     var CombinedStream = require_combined_stream();
     var util4 = __require("util");
-    var path30 = __require("path");
+    var path32 = __require("path");
     var http3 = __require("http");
     var https2 = __require("https");
     var parseUrl = __require("url").parse;
@@ -47409,11 +47495,11 @@ var require_form_data = __commonJS({
     FormData3.prototype._getContentDisposition = function(value, options) {
       var filename;
       if (typeof options.filepath === "string") {
-        filename = path30.normalize(options.filepath).replace(/\\/g, "/");
+        filename = path32.normalize(options.filepath).replace(/\\/g, "/");
       } else if (options.filename || value && (value.name || value.path)) {
-        filename = path30.basename(options.filename || value && (value.name || value.path));
+        filename = path32.basename(options.filename || value && (value.name || value.path));
       } else if (value && value.readable && hasOwn(value, "httpVersion")) {
-        filename = path30.basename(value.client._httpMessage.path || "");
+        filename = path32.basename(value.client._httpMessage.path || "");
       }
       if (filename) {
         return 'filename="' + filename + '"';
@@ -47612,9 +47698,9 @@ function isVisitable(thing) {
 function removeBrackets(key) {
   return utils_default.endsWith(key, "[]") ? key.slice(0, -2) : key;
 }
-function renderKey(path30, key, dots) {
-  if (!path30) return key;
-  return path30.concat(key).map(function each(token, i) {
+function renderKey(path32, key, dots) {
+  if (!path32) return key;
+  return path32.concat(key).map(function each(token, i) {
     token = removeBrackets(token);
     return !dots && i ? "[" + token + "]" : token;
   }).join(dots ? "." : "");
@@ -47659,9 +47745,9 @@ function toFormData(obj, formData, options) {
     }
     return value;
   }
-  function defaultVisitor(value, key, path30) {
+  function defaultVisitor(value, key, path32) {
     let arr = value;
-    if (value && !path30 && typeof value === "object") {
+    if (value && !path32 && typeof value === "object") {
       if (utils_default.endsWith(key, "{}")) {
         key = metaTokens ? key : key.slice(0, -2);
         value = JSON.stringify(value);
@@ -47680,7 +47766,7 @@ function toFormData(obj, formData, options) {
     if (isVisitable(value)) {
       return true;
     }
-    formData.append(renderKey(path30, key, dots), convertValue(value));
+    formData.append(renderKey(path32, key, dots), convertValue(value));
     return false;
   }
   const stack = [];
@@ -47689,10 +47775,10 @@ function toFormData(obj, formData, options) {
     convertValue,
     isVisitable
   });
-  function build(value, path30) {
+  function build(value, path32) {
     if (utils_default.isUndefined(value)) return;
     if (stack.indexOf(value) !== -1) {
-      throw Error("Circular reference detected in " + path30.join("."));
+      throw Error("Circular reference detected in " + path32.join("."));
     }
     stack.push(value);
     utils_default.forEach(value, function each(el, key) {
@@ -47700,11 +47786,11 @@ function toFormData(obj, formData, options) {
         formData,
         el,
         utils_default.isString(key) ? key.trim() : key,
-        path30,
+        path32,
         exposedHelpers
       );
       if (result === true) {
-        build(el, path30 ? path30.concat(key) : [key]);
+        build(el, path32 ? path32.concat(key) : [key]);
       }
     });
     stack.pop();
@@ -47990,7 +48076,7 @@ var init_platform = __esm({
 // node_modules/axios/lib/helpers/toURLEncodedForm.js
 function toURLEncodedForm(data, options) {
   return toFormData_default(data, new platform_default.classes.URLSearchParams(), {
-    visitor: function(value, key, path30, helpers) {
+    visitor: function(value, key, path32, helpers) {
       if (platform_default.isNode && utils_default.isBuffer(value)) {
         this.append(key, value.toString("base64"));
         return false;
@@ -48029,11 +48115,11 @@ function arrayToObject(arr) {
   return obj;
 }
 function formDataToJSON(formData) {
-  function buildPath(path30, value, target, index) {
-    let name = path30[index++];
+  function buildPath(path32, value, target, index) {
+    let name = path32[index++];
     if (name === "__proto__") return true;
     const isNumericKey = Number.isFinite(+name);
-    const isLast = index >= path30.length;
+    const isLast = index >= path32.length;
     name = !name && utils_default.isArray(target) ? target.length : name;
     if (isLast) {
       if (utils_default.hasOwnProp(target, name)) {
@@ -48046,7 +48132,7 @@ function formDataToJSON(formData) {
     if (!target[name] || !utils_default.isObject(target[name])) {
       target[name] = [];
     }
-    const result = buildPath(path30, value, target[name], index);
+    const result = buildPath(path32, value, target[name], index);
     if (result && utils_default.isArray(target[name])) {
       target[name] = arrayToObject(target[name]);
     }
@@ -50946,9 +51032,9 @@ var init_http = __esm({
           auth = urlUsername + ":" + urlPassword;
         }
         auth && headers.delete("authorization");
-        let path30;
+        let path32;
         try {
-          path30 = buildURL(
+          path32 = buildURL(
             parsed.pathname + parsed.search,
             config2.params,
             config2.paramsSerializer
@@ -50966,7 +51052,7 @@ var init_http = __esm({
           false
         );
         const options = {
-          path: path30,
+          path: path32,
           method,
           headers: headers.toJSON(),
           agents: { http: config2.httpAgent, https: config2.httpsAgent },
@@ -51219,14 +51305,14 @@ var init_cookies = __esm({
     cookies_default = platform_default.hasStandardBrowserEnv ? (
       // Standard browser envs support document.cookie
       {
-        write(name, value, expires, path30, domain, secure, sameSite) {
+        write(name, value, expires, path32, domain, secure, sameSite) {
           if (typeof document === "undefined") return;
           const cookie = [`${name}=${encodeURIComponent(value)}`];
           if (utils_default.isNumber(expires)) {
             cookie.push(`expires=${new Date(expires).toUTCString()}`);
           }
-          if (utils_default.isString(path30)) {
-            cookie.push(`path=${path30}`);
+          if (utils_default.isString(path32)) {
+            cookie.push(`path=${path32}`);
           }
           if (utils_default.isString(domain)) {
             cookie.push(`domain=${domain}`);
@@ -57587,8 +57673,8 @@ function formatResult4(result, input) {
   lines.push("## Generated Files");
   lines.push("");
   for (const file of result.files) {
-    const relativePath = file.path.replace(/\\/g, "/").split("/src/").pop() || file.path;
-    lines.push(`### ${relativePath}`);
+    const relativePath2 = file.path.replace(/\\/g, "/").split("/src/").pop() || file.path;
+    lines.push(`### ${relativePath2}`);
     lines.push("");
     lines.push("```typescript");
     lines.push(file.content.substring(0, 1500) + (file.content.length > 1500 ? "\n// ... (truncated)" : ""));
@@ -58473,8 +58559,8 @@ function formatResult5(result, input) {
   lines.push("## Generated Files");
   lines.push("");
   for (const file of result.files) {
-    const relativePath = file.path.replace(/\\/g, "/").split("/src/").pop() || file.path;
-    lines.push(`### ${relativePath}`);
+    const relativePath2 = file.path.replace(/\\/g, "/").split("/src/").pop() || file.path;
+    lines.push(`### ${relativePath2}`);
     lines.push("");
     lines.push("```tsx");
     lines.push(file.content.substring(0, 2e3) + (file.content.length > 2e3 ? "\n// ... (truncated)" : ""));
@@ -58690,7 +58776,7 @@ async function validateApiClients(webPath, backendRoutes, result) {
   for (const file of clientFiles) {
     try {
       const content = await readText(file);
-      const relativePath = path20.relative(webPath, file);
+      const relativePath2 = path20.relative(webPath, file);
       const usesRegistry = content.includes("getRoute('") || content.includes('getRoute("');
       if (!usesRegistry) {
         const hardcodedMatch = content.match(/apiClient\.(get|post|put|delete)\s*[<(]\s*['"`]([^'"`]+)['"`]/);
@@ -58698,7 +58784,7 @@ async function validateApiClients(webPath, backendRoutes, result) {
           result.apiClients.issues.push({
             type: "invalid-path",
             severity: "warning",
-            file: relativePath,
+            file: relativePath2,
             message: `Hardcoded API path: ${hardcodedMatch[2]}`,
             suggestion: "Use getRoute() from navRoutes.generated.ts instead"
           });
@@ -58712,7 +58798,7 @@ async function validateApiClients(webPath, backendRoutes, result) {
             result.apiClients.issues.push({
               type: "missing-route",
               severity: "error",
-              file: relativePath,
+              file: relativePath2,
               navRoute,
               message: `NavRoute "${navRoute}" not found in backend controllers`,
               suggestion: "Verify the NavRoute path or update the backend controller"
@@ -60093,11 +60179,11 @@ async function analyzeFile(filePath, srcPath, target) {
   try {
     const content = await readText(filePath);
     if (!content) return null;
-    const relativePath = path21.relative(srcPath, filePath).replace(/\\/g, "/");
+    const relativePath2 = path21.relative(srcPath, filePath).replace(/\\/g, "/");
     const componentName = extractComponentName(content, filePath);
     const isPage = filePath.includes("/pages/") || filePath.includes("\\pages\\");
     const analysis = {
-      file: relativePath,
+      file: relativePath2,
       componentName,
       type: isPage ? "page" : "component",
       suggestedSlots: [],
@@ -60107,7 +60193,7 @@ async function analyzeFile(filePath, srcPath, target) {
       imports: extractImports(content),
       lineCount: content.split("\n").length
     };
-    const slotPrefix = generateSlotPrefix(componentName, relativePath);
+    const slotPrefix = generateSlotPrefix(componentName, relativePath2);
     if (target === "forms" && !analysis.hasForm) return null;
     if (target === "tables" && !analysis.hasTable) return null;
     if (isPage) {
@@ -62091,8 +62177,1105 @@ var init_analyze_code_quality = __esm({
   }
 });
 
-// src/mcp/tools/analyze-hierarchy-patterns.ts
+// src/mcp/tools/scaffold-data-export.ts
 import path25 from "path";
+async function handleScaffoldDataExport(args, config2) {
+  const input = ScaffoldDataExportInputSchema.parse(args);
+  logger.info("Scaffolding Data Export", { name: input.name, navRoute: input.navRoute });
+  const result = await scaffoldDataExport(input, config2);
+  return formatResult9(result, input);
+}
+async function scaffoldDataExport(input, config2) {
+  const result = {
+    success: true,
+    files: [],
+    instructions: []
+  };
+  const { name, navRoute, options } = input;
+  const dryRun = options?.dryRun ?? false;
+  const includeAuditFields = options?.includeAuditFields ?? true;
+  const includeFrontendClient = options?.includeFrontendClient ?? false;
+  const rateLimitPerMinute = options?.rateLimitPerMinute ?? 60;
+  const maxPageSize = options?.maxPageSize ?? 1e3;
+  const entityProperties = options?.entityProperties ?? [];
+  const nameLower = name.charAt(0).toLowerCase() + name.slice(1);
+  const namePlural = pluralize(nameLower);
+  const segments = navRoute.split(".");
+  const permissionPath = segments.join(".");
+  const baseNamespace = config2.conventions.namespaces.api.replace(".Api", "");
+  const appSegment = segments.length >= 2 ? toPascalCase2(segments[1]) : "Default";
+  const moduleSegment = segments.length >= 3 ? toPascalCase2(segments[2]) : name;
+  const projectRoot = config2.smartstack.projectPath;
+  const structure = await findSmartStackStructure(projectRoot);
+  const apiPath = structure.api || path25.join(projectRoot, "Api");
+  const applicationPath = structure.application || path25.join(projectRoot, "Application");
+  const infrastructurePath = structure.infrastructure || path25.join(projectRoot, "Infrastructure");
+  const webPath = structure.web || path25.join(projectRoot, "web");
+  const controllerContent = generateExportController(name, namePlural, permissionPath, baseNamespace, maxPageSize);
+  const controllerFile = path25.join(apiPath, "Controllers", "DataExport", "v1", `Export${name}Controller.cs`);
+  if (!dryRun) {
+    await ensureDirectory(path25.dirname(controllerFile));
+    await writeText(controllerFile, controllerContent);
+  }
+  result.files.push({ path: controllerFile, content: controllerContent, type: "created" });
+  const interfaceContent = generateExportServiceInterface(name, baseNamespace);
+  const interfaceFile = path25.join(applicationPath, "Common", "Interfaces", `IExport${name}Service.cs`);
+  if (!dryRun) {
+    await ensureDirectory(path25.dirname(interfaceFile));
+    await writeText(interfaceFile, interfaceContent);
+  }
+  result.files.push({ path: interfaceFile, content: interfaceContent, type: "created" });
+  const serviceContent = generateExportService(name, namePlural, baseNamespace, entityProperties, includeAuditFields);
+  const serviceFile = path25.join(infrastructurePath, "Services", "DataExport", `Export${name}Service.cs`);
+  if (!dryRun) {
+    await ensureDirectory(path25.dirname(serviceFile));
+    await writeText(serviceFile, serviceContent);
+  }
+  result.files.push({ path: serviceFile, content: serviceContent, type: "created" });
+  const dtoContent = generateExportDto(name, baseNamespace, entityProperties, includeAuditFields);
+  const dtoFile = path25.join(applicationPath, "DataExport", "Dtos", `Export${name}Dto.cs`);
+  if (!dryRun) {
+    await ensureDirectory(path25.dirname(dtoFile));
+    await writeText(dtoFile, dtoContent);
+  }
+  result.files.push({ path: dtoFile, content: dtoContent, type: "created" });
+  const seedContent = generateSeedDataFragment(name, namePlural, permissionPath, appSegment, moduleSegment, rateLimitPerMinute, maxPageSize);
+  const seedFile = path25.join(infrastructurePath, "Persistence", "Seeding", "Data", "DataExport", `Export${name}EndpointSeedData.cs`);
+  if (!dryRun) {
+    await ensureDirectory(path25.dirname(seedFile));
+    await writeText(seedFile, seedContent);
+  }
+  result.files.push({ path: seedFile, content: seedContent, type: "created" });
+  if (includeFrontendClient) {
+    const clientContent = generateFrontendClient(name, nameLower, namePlural);
+    const clientFile = path25.join(webPath, "src", "services", "api", `export${name}.ts`);
+    if (!dryRun) {
+      await ensureDirectory(path25.dirname(clientFile));
+      await writeText(clientFile, clientContent);
+    }
+    result.files.push({ path: clientFile, content: clientContent, type: "created" });
+  }
+  result.instructions.push(`Register IExport${name}Service in DI container (Program.cs or DependencyInjection.cs)`);
+  result.instructions.push(`Add the export permission "${permissionPath}.export" to PermissionConfiguration.cs`);
+  result.instructions.push(`Add the seed data to DataExportEndpointConfiguration or call the fragment from your seeder`);
+  result.instructions.push(`Create an EF Core migration to apply the new seed data`);
+  result.instructions.push(`Update the KNOWN_ENDPOINTS registry in prompt-data-export-m2m.ts (MCP) and ExternalAppPromptTab.tsx (frontend) with the new endpoint metadata`);
+  result.instructions.push(`Use prompt_data_export_m2m to generate an integration prompt for this endpoint`);
+  if (includeFrontendClient) {
+    result.instructions.push(`Import the client: import { export${name}Api } from './services/api/export${name}';`);
+  }
+  return result;
+}
+function generateExportController(name, namePlural, permissionPath, baseNamespace, maxPageSize) {
+  return `using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.RateLimiting;
+using ${baseNamespace}.Application.Common.Models;
+using ${baseNamespace}.Application.DataExport.Dtos;
+using ${baseNamespace}.Application.Common.Interfaces;
+using ${baseNamespace}.Api.Authorization;
+
+namespace ${baseNamespace}.Api.Controllers.DataExport.v1;
+
+/// <summary>
+/// Data Export endpoint for ${name} entities.
+/// Security: JWT authentication + RequirePermission + Rate limiting + DataExportAccessMiddleware
+/// Tenant isolation: Required tenantId query parameter
+/// </summary>
+[ApiController]
+[Route("api/v1/export")]
+[Authorize]
+[EnableRateLimiting("ExternalApp")]
+public class Export${name}Controller : ControllerBase
+{
+    private readonly IExport${name}Service _exportService;
+
+    public Export${name}Controller(IExport${name}Service exportService)
+    {
+        _exportService = exportService;
+    }
+
+    /// <summary>
+    /// Export ${name} data with pagination, tenant isolation, and optional modified-since filter.
+    /// </summary>
+    [HttpGet("${namePlural}")]
+    [RequirePermission(Permissions.${permissionPath.split(".").map((s) => toPascalCase2(s)).join(".")}.Export)]
+    [ProducesResponseType(typeof(PaginatedResult<Export${name}Dto>), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status400BadRequest)]
+    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)]
+    public async Task<ActionResult<PaginatedResult<Export${name}Dto>>> Export(
+        [FromQuery] Guid tenantId,
+        [FromQuery] int page = 1,
+        [FromQuery] int pageSize = 100,
+        [FromQuery] DateTime? modifiedSince = null,
+        CancellationToken ct = default)
+    {
+        if (tenantId == Guid.Empty)
+        {
+            return BadRequest(new ProblemDetails
+            {
+                Title = "Invalid Tenant",
+                Detail = "tenantId is required and must be a valid GUID",
+                Status = StatusCodes.Status400BadRequest
+            });
+        }
+
+        pageSize = Math.Clamp(pageSize, 1, ${maxPageSize});
+        page = Math.Max(1, page);
+
+        var result = await _exportService.ExportAsync(tenantId, page, pageSize, modifiedSince, ct);
+        return Ok(result);
+    }
+}
+`;
+}
+function generateExportServiceInterface(name, baseNamespace) {
+  return `using ${baseNamespace}.Application.Common.Models;
+using ${baseNamespace}.Application.DataExport.Dtos;
+
+namespace ${baseNamespace}.Application.Common.Interfaces;
+
+/// <summary>
+/// Service interface for ${name} data export.
+/// Enforces tenant isolation via tenantId parameter.
+/// </summary>
+public interface IExport${name}Service
+{
+    /// <summary>
+    /// Export ${name} data with tenant isolation, pagination, and optional modified-since filter.
+    /// </summary>
+    Task<PaginatedResult<Export${name}Dto>> ExportAsync(
+        Guid tenantId,
+        int page = 1,
+        int pageSize = 100,
+        DateTime? modifiedSince = null,
+        CancellationToken ct = default);
+}
+`;
+}
+function generateExportService(name, namePlural, baseNamespace, entityProperties, includeAuditFields) {
+  const projectionFields = ["        Id = x.Id"];
+  for (const prop of entityProperties) {
+    projectionFields.push(`        ${prop.name} = x.${prop.name}`);
+  }
+  if (includeAuditFields) {
+    projectionFields.push("        CreatedAt = x.CreatedAt");
+    projectionFields.push("        UpdatedAt = x.UpdatedAt");
+  }
+  const projectionBlock = projectionFields.join(",\n");
+  return `using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Logging;
+using ${baseNamespace}.Application.Common.Interfaces;
+using ${baseNamespace}.Application.Common.Models;
+using ${baseNamespace}.Application.DataExport.Dtos;
+using ${baseNamespace}.Infrastructure.Persistence;
+
+namespace ${baseNamespace}.Infrastructure.Services.DataExport;
+
+/// <summary>
+/// Data export service for ${name} entities.
+/// Enforces tenant isolation via tenantId parameter validation.
+/// </summary>
+public class Export${name}Service : IExport${name}Service
+{
+    private readonly ApplicationDbContext _db;
+    private readonly ICurrentUserService _currentUser;
+    private readonly ILogger<Export${name}Service> _logger;
+
+    public Export${name}Service(
+        ApplicationDbContext db,
+        ICurrentUserService currentUser,
+        ILogger<Export${name}Service> logger)
+    {
+        _db = db;
+        _currentUser = currentUser;
+        _logger = logger;
+    }
+
+    public async Task<PaginatedResult<Export${name}Dto>> ExportAsync(
+        Guid tenantId,
+        int page = 1,
+        int pageSize = 100,
+        DateTime? modifiedSince = null,
+        CancellationToken ct = default)
+    {
+        if (tenantId == Guid.Empty)
+        {
+            throw new ArgumentException("Tenant ID cannot be empty", nameof(tenantId));
+        }
+
+        _logger.LogInformation("Data export requested for ${name} by {UserId}, tenant {TenantId}, page {Page}",
+            _currentUser.UserId, tenantId, page);
+
+        var query = _db.${toPascalCase2(namePlural)}
+            .Where(x => x.TenantId == tenantId)
+            .AsNoTracking();
+
+        if (modifiedSince.HasValue)
+        {
+            query = query.Where(x => x.UpdatedAt >= modifiedSince.Value
+                                  || x.CreatedAt >= modifiedSince.Value);
+        }
+
+        var totalCount = await query.CountAsync(ct);
+
+        var items = await query
+            .OrderBy(x => x.Id)
+            .Skip((page - 1) * pageSize)
+            .Take(pageSize)
+            .Select(x => new Export${name}Dto
+            {
+${projectionBlock}
+            })
+            .ToListAsync(ct);
+
+        return new PaginatedResult<Export${name}Dto>(items, totalCount, page, pageSize);
+    }
+}
+`;
+}
+function generateExportDto(name, baseNamespace, entityProperties, includeAuditFields) {
+  const properties = ["    public Guid Id { get; init; }"];
+  for (const prop of entityProperties) {
+    const nullableSuffix = prop.required ? "" : "?";
+    properties.push(`    public ${prop.type}${nullableSuffix} ${prop.name} { get; init; }`);
+  }
+  if (includeAuditFields) {
+    properties.push("    public DateTime CreatedAt { get; init; }");
+    properties.push("    public DateTime? UpdatedAt { get; init; }");
+  }
+  return `namespace ${baseNamespace}.Application.DataExport.Dtos;
+
+/// <summary>
+/// Flat DTO for ${name} data export (external consumption).
+/// Auto-generated by SmartStack MCP \u2014 customize as needed.
+/// </summary>
+public class Export${name}Dto
+{
+${properties.join("\n")}
+}
+`;
+}
+function generateSeedDataFragment(name, namePlural, permissionPath, appSegment, moduleSegment, rateLimitPerMinute, maxPageSize) {
+  return `// ============================================================================
+// Data Export Endpoint Seed Data \u2014 ${name}
+// Auto-generated by SmartStack MCP \u2014 add to DataExportEndpointConfiguration.cs
+// ============================================================================
+//
+// Copy the HasData() block below into your DataExportEndpointConfiguration
+// or IClientSeedDataProvider to register this export endpoint.
+//
+// builder.HasData(new
+// {
+//     Id = DeterministicGuid.Create("data-export:${namePlural}"),
+//     Code = "${namePlural}",
+//     Name = "${name} Export",
+//     RouteTemplate = "/api/v1/export/${namePlural}",
+//     RequiredPermission = "${permissionPath}.export",
+//     EntityType = "${name}",
+//     IsActive = true,
+//     DefaultRateLimitPerMinute = ${rateLimitPerMinute},
+//     DefaultMaxPageSize = ${maxPageSize},
+//     CreatedAt = seedDate
+// });
+//
+// IMPORTANT: NavigationApplicationId and NavigationModuleId must reference
+// actual seed data IDs from NavigationApplicationSeedData and
+// NavigationModuleSeedData respectively.
+//
+// Permission to add to PermissionConfiguration.cs:
+//   "${permissionPath}.export" \u2014 Export ${name} data via M2M API
+`;
+}
+function generateFrontendClient(name, nameLower, namePlural) {
+  return `/**
+ * ${name} Data Export API Client
+ *
+ * Auto-generated by SmartStack MCP - DO NOT EDIT MANUALLY
+ * Endpoint: /api/v1/export/${namePlural}
+ * Note: tenantId is required and must be passed for all requests
+ */
+
+import { apiClient } from '../lib/apiClient';
+
+export interface Export${name}Dto {
+  id: string;
+  [key: string]: unknown;
+  createdAt: string;
+  updatedAt?: string;
+}
+
+export interface ExportParams {
+  tenantId: string; // Required: tenant identifier
+  page?: number;
+  pageSize?: number;
+  modifiedSince?: string;
+}
+
+export interface PaginatedExportResult<T> {
+  items: T[];
+  totalCount: number;
+  page: number;
+  pageSize: number;
+  totalPages: number;
+  hasPreviousPage: boolean;
+  hasNextPage: boolean;
+}
+
+const EXPORT_ENDPOINT = '/api/v1/export/${namePlural}';
+
+export const export${name}Api = {
+  /**
+   * Fetch paginated export data for a specific tenant
+   * @param tenantId - Required tenant identifier
+   * @param params - Pagination and filter parameters
+   */
+  async getPage(tenantId: string, params?: Omit<ExportParams, 'tenantId'>): Promise<PaginatedExportResult<Export${name}Dto>> {
+    const response = await apiClient.get<PaginatedExportResult<Export${name}Dto>>(EXPORT_ENDPOINT, {
+      params: { tenantId, ...params }
+    });
+    return response.data;
+  },
+
+  /**
+   * Download all pages as a blob (CSV/JSON) for a specific tenant
+   * @param tenantId - Required tenant identifier
+   * @param format - Output format (default: json)
+   */
+  async downloadAll(tenantId: string, format: 'json' | 'csv' = 'json'): Promise<Blob> {
+    const response = await apiClient.get(EXPORT_ENDPOINT, {
+      params: { tenantId, pageSize: 1000, format },
+      responseType: 'blob',
+    });
+    return response.data;
+  },
+};
+
+export default export${name}Api;
+`;
+}
+function formatResult9(result, input) {
+  const lines = [];
+  const namePlural = pluralize(input.name.charAt(0).toLowerCase() + input.name.slice(1));
+  lines.push(`# Scaffold Data Export: ${input.name}`);
+  lines.push("");
+  if (input.options?.dryRun) {
+    lines.push("> **DRY RUN** - No files were written");
+    lines.push("");
+  }
+  lines.push("## Export Endpoint");
+  lines.push("");
+  lines.push(`- **Entity**: \`${input.name}\``);
+  lines.push(`- **NavRoute**: \`${input.navRoute}\``);
+  lines.push(`- **Permission**: \`${input.navRoute}.export\``);
+  lines.push(`- **Endpoint**: \`GET /api/v1/export/${namePlural}\``);
+  lines.push(`- **Rate Limit**: ${input.options?.rateLimitPerMinute ?? 60}/min`);
+  lines.push(`- **Max Page Size**: ${input.options?.maxPageSize ?? 1e3}`);
+  lines.push("");
+  lines.push("## Security Layers");
+  lines.push("");
+  lines.push("1. **Authentication** \u2014 `[Authorize]` + JWT assertion from ExternalApplicationAuthService");
+  lines.push(`2. **Authorization** \u2014 \`[RequirePermission("${input.navRoute}.export")]\``);
+  lines.push("3. **Access Control** \u2014 DataExportAccessMiddleware verifies per-app endpoint access");
+  lines.push(`4. **Rate Limiting** \u2014 \`[EnableRateLimiting("ExternalApp")]\` (${input.options?.rateLimitPerMinute ?? 60}/min)`);
+  lines.push("");
+  lines.push("## Generated Files");
+  lines.push("");
+  for (const file of result.files) {
+    const relativePath2 = file.path.replace(/\\/g, "/");
+    const parts = relativePath2.split("/");
+    const srcIdx = parts.findIndex((p) => ["Controllers", "Application", "Infrastructure", "services", "Persistence"].includes(p));
+    const displayPath = srcIdx >= 0 ? parts.slice(srcIdx).join("/") : parts.slice(-3).join("/");
+    lines.push(`### ${displayPath}`);
+    lines.push("");
+    const ext2 = file.path.endsWith(".ts") ? "typescript" : "csharp";
+    const truncated = file.content.length > 2e3 ? file.content.substring(0, 2e3) + "\n// ... (truncated)" : file.content;
+    lines.push(`\`\`\`${ext2}`);
+    lines.push(truncated);
+    lines.push("```");
+    lines.push("");
+  }
+  lines.push("## Next Steps");
+  lines.push("");
+  for (const instruction of result.instructions) {
+    lines.push(`- ${instruction}`);
+  }
+  return lines.join("\n");
+}
+function toPascalCase2(s) {
+  return s.split("-").map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join("");
+}
+function pluralize(s) {
+  if (s.endsWith("y") && !["ay", "ey", "oy", "uy"].some((v) => s.endsWith(v))) {
+    return s.slice(0, -1) + "ies";
+  }
+  if (s.endsWith("s") || s.endsWith("x") || s.endsWith("z") || s.endsWith("ch") || s.endsWith("sh")) {
+    return s + "es";
+  }
+  return s + "s";
+}
+var scaffoldDataExportTool;
+var init_scaffold_data_export = __esm({
+  "src/mcp/tools/scaffold-data-export.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_types3();
+    init_logger();
+    init_detector();
+    init_fs();
+    scaffoldDataExportTool = {
+      name: "scaffold_data_export",
+      description: `Generate Data Export API for a SmartStack entity.
+
+Creates all code needed to expose an entity via the M2M Data Export API with 3-layer security:
+- Export Controller (versioned, rate-limited, permission-protected)
+- Export Service (interface + implementation with tenant isolation)
+- Export DTO (flat projection for external consumption)
+- Seed data fragment (DataExportEndpointConfiguration HasData)
+- Frontend client (optional, TypeScript blob download)
+
+Example:
+  scaffold_data_export name="Product" navRoute="business.sales.products"
+
+The generated code follows the External Application & Data Export pattern
+documented in smartstack-api.md.`,
+      inputSchema: {
+        type: "object",
+        properties: {
+          name: {
+            type: "string",
+            description: 'Entity name in PascalCase (e.g., "Product", "Order")'
+          },
+          navRoute: {
+            type: "string",
+            description: 'NavRoute of the source entity (e.g., "business.sales.products") \u2014 used for permission derivation'
+          },
+          options: {
+            type: "object",
+            properties: {
+              entityProperties: {
+                type: "array",
+                items: {
+                  type: "object",
+                  properties: {
+                    name: { type: "string" },
+                    type: { type: "string" },
+                    required: { type: "boolean" },
+                    maxLength: { type: "number" }
+                  },
+                  required: ["name", "type"]
+                },
+                description: "Properties for the export DTO"
+              },
+              rateLimitPerMinute: {
+                type: "number",
+                default: 60,
+                description: "Rate limit per minute (default: 60)"
+              },
+              maxPageSize: {
+                type: "number",
+                default: 1e3,
+                description: "Max page size (default: 1000)"
+              },
+              includeAuditFields: {
+                type: "boolean",
+                default: true,
+                description: "Include CreatedAt/UpdatedAt in DTO (default: true)"
+              },
+              includeFrontendClient: {
+                type: "boolean",
+                default: false,
+                description: "Generate TypeScript API client (default: false)"
+              },
+              dryRun: {
+                type: "boolean",
+                default: false,
+                description: "Preview without writing files (default: false)"
+              }
+            }
+          }
+        },
+        required: ["name", "navRoute"]
+      }
+    };
+  }
+});
+
+// src/mcp/tools/prompt-data-export-m2m.ts
+import path26 from "path";
+async function handlePromptDataExportM2m(args, config2) {
+  const input = PromptDataExportM2mInputSchema.parse(args);
+  logger.info("Generating M2M data export prompt", {
+    endpoints: input.endpoints,
+    clientId: input.clientId ? "***" : void 0,
+    format: input.options?.format
+  });
+  let selectedEndpoints;
+  if (input.endpoints && input.endpoints.length > 0) {
+    selectedEndpoints = KNOWN_ENDPOINTS.filter((e) => input.endpoints.includes(e.code));
+    const unknown2 = input.endpoints.filter((code) => !KNOWN_ENDPOINTS.find((e) => e.code === code));
+    if (unknown2.length > 0) {
+      const discovered = await discoverEndpointsFromProject(config2, unknown2);
+      selectedEndpoints.push(...discovered);
+      const stillUnknown = unknown2.filter((code) => !discovered.find((e) => e.code === code));
+      if (stillUnknown.length > 0) {
+        logger.warn("Unknown endpoint codes", { codes: stillUnknown });
+      }
+    }
+  } else {
+    selectedEndpoints = [...KNOWN_ENDPOINTS];
+    const discovered = await discoverEndpointsFromProject(config2);
+    for (const ep of discovered) {
+      if (!selectedEndpoints.find((e) => e.code === ep.code)) {
+        selectedEndpoints.push(ep);
+      }
+    }
+  }
+  if (selectedEndpoints.length === 0) {
+    return "# No Endpoints Found\n\nNo data export endpoints were found. Use `scaffold_data_export` to create one.";
+  }
+  const format = input.options?.format ?? "full";
+  const includeBase = input.options?.includeBasePrompt !== false;
+  const clientId = input.clientId ?? "<your-client-id>";
+  const prompt = buildPrompt(selectedEndpoints, clientId, format, includeBase);
+  return `# M2M Data Export Integration Prompt
+
+**Endpoints included**: ${selectedEndpoints.map((e) => e.code).join(", ")}
+**Format**: ${format}
+
+---
+
+\`\`\`markdown
+${prompt}
+\`\`\`
+
+---
+
+> Copy the content above (inside the code block) and paste it into your VibeCoding session.
+> The AI will have all the context needed to implement the full M2M client.`;
+}
+function buildPrompt(endpoints, clientId, format, includeBase) {
+  const lines = [];
+  if (includeBase && format === "full") {
+    lines.push("## Contexte");
+    lines.push("");
+    lines.push("Tu dois implementer un client HTTP qui consomme l'API DataExport de SmartStack en mode **machine-to-machine** (M2M). Il n'y a aucune interaction utilisateur : ton application s'authentifie avec un `clientId` et un `clientSecret`, obtient un token JWT, puis appelle les endpoints d'export de donnees.");
+    lines.push("");
+    lines.push("---");
+    lines.push("");
+    lines.push("## 1. Authentification (HMAC-JWT Assertion)");
+    lines.push("");
+    lines.push("L'authentification se fait en 2 etapes :");
+    lines.push("");
+    lines.push("### Etape 1 : Creer une assertion JWT signee HMAC-SHA256");
+    lines.push("");
+    lines.push("Ton application doit generer un JWT **signe avec le `clientSecret`** (HMAC-SHA256) :");
+    lines.push("");
+    lines.push("```");
+    lines.push('Header: { "alg": "HS256", "typ": "JWT" }');
+    lines.push("Payload: {");
+    lines.push(`  "sub": "${clientId}",          // ton clientId`);
+    lines.push('  "iat": <timestamp-unix-actuel>,     // timestamp Unix actuel');
+    lines.push('  "exp": <timestamp-unix + 300>,      // expiration (max 5 min apres iat)');
+    lines.push('  "jti": "<uuid-unique>"              // nonce anti-replay');
+    lines.push("}");
+    lines.push("Signature: HMAC-SHA256(header.payload, Base64Decode(clientSecret))");
+    lines.push("```");
+    lines.push("");
+    lines.push("**Important** : Le `clientSecret` est encode en Base64. Tu dois le **decoder** avant de l'utiliser comme cle HMAC.");
+    lines.push("");
+    lines.push("### Etape 2 : Echanger l'assertion contre un access token");
+    lines.push("");
+    lines.push("```http");
+    lines.push("POST {baseUrl}/api/auth/external-app/token");
+    lines.push("Content-Type: application/json");
+    lines.push("");
+    lines.push("{");
+    lines.push('  "assertion": "<jwt-assertion-de-etape-1>"');
+    lines.push("}");
+    lines.push("```");
+    lines.push("");
+    lines.push("**Reponse succes (200)** :");
+    lines.push("```json");
+    lines.push("{");
+    lines.push('  "accessToken": "eyJhbGciOiJIUz...",');
+    lines.push('  "expiresAt": "2026-02-25T11:00:00Z",');
+    lines.push('  "permissions": ["administration.users.read", ...]');
+    lines.push("}");
+    lines.push("```");
+    lines.push("");
+    lines.push("### Erreurs d'authentification");
+    lines.push("");
+    lines.push("| HTTP | errorCode | Cause |");
+    lines.push("|------|-----------|-------|");
+    lines.push("| 401 | `invalid_assertion` | JWT mal forme ou invalide |");
+    lines.push("| 401 | `missing_client_id` | Claim `sub` absent du JWT |");
+    lines.push("| 401 | `unknown_client` | ClientId inconnu |");
+    lines.push("| 401 | `app_inactive` | Application desactivee |");
+    lines.push("| 401 | `ip_blocked` | IP pas dans la whitelist |");
+    lines.push("| 401 | `invalid_signature` | Signature HMAC invalide |");
+    lines.push("");
+    lines.push("### Regles de gestion du token");
+    lines.push("");
+    lines.push("- Cache le token et renouvelle-le 5 min avant `expiresAt`");
+    lines.push("- N'appelle PAS `/token` a chaque requete");
+    lines.push("");
+    lines.push("---");
+    lines.push("");
+  }
+  lines.push(`## ${format === "full" ? "2" : "1"}. Endpoints a implementer (${endpoints.length})`);
+  lines.push("");
+  for (const ep of endpoints) {
+    lines.push(`### ${ep.name}`);
+    lines.push("");
+    lines.push("```http");
+    lines.push(`${ep.method} {baseUrl}${ep.route}`);
+    lines.push("Authorization: Bearer <accessToken>");
+    lines.push("```");
+    lines.push("");
+    if (ep.params.length > 0) {
+      lines.push("**Parametres (query string)** :");
+      lines.push("");
+      lines.push("| Parametre | Type | Defaut | Description |");
+      lines.push("|-----------|------|--------|-------------|");
+      for (const p of ep.params) {
+        lines.push(`| \`${p.name}\` | ${p.type} | ${p.default} | ${p.description} |`);
+      }
+      lines.push("");
+    } else {
+      lines.push("**Aucun parametre** - appel direct sans query string.");
+      lines.push("");
+    }
+    if (ep.paginated) {
+      lines.push("**Reponse (paginee)** :");
+      lines.push("```json");
+      lines.push("{");
+      lines.push('  "items": [');
+      lines.push("    {");
+      for (let i = 0; i < ep.responseFields.length; i++) {
+        const f = ep.responseFields[i];
+        const comma = i < ep.responseFields.length - 1 ? "," : "";
+        lines.push(`      "${f.name}": ${getJsonExample(f.type)}${comma}  // ${f.type} - ${f.description}`);
+      }
+      lines.push("    }");
+      lines.push("  ],");
+      lines.push('  "page": 1,');
+      lines.push('  "pageSize": 100,');
+      lines.push('  "totalCount": 250,');
+      lines.push('  "totalPages": 3,');
+      lines.push('  "hasMore": true');
+      lines.push("}");
+      lines.push("```");
+    } else {
+      lines.push("**Reponse (tableau direct, NON pagine)** :");
+      lines.push("```json");
+      lines.push("[");
+      lines.push("  {");
+      for (let i = 0; i < ep.responseFields.length; i++) {
+        const f = ep.responseFields[i];
+        const comma = i < ep.responseFields.length - 1 ? "," : "";
+        lines.push(`    "${f.name}": ${getJsonExample(f.type)}${comma}  // ${f.type} - ${f.description}`);
+      }
+      lines.push("  }");
+      lines.push("]");
+      lines.push("```");
+    }
+    lines.push("");
+    lines.push(`**Rate limit** : ${ep.defaultRateLimit} requetes/minute | Page size max : ${ep.defaultMaxPageSize}`);
+    if (ep.notes) {
+      lines.push(`**Note** : ${ep.notes}`);
+    }
+    lines.push("");
+  }
+  if (format === "full") {
+    lines.push("---");
+    lines.push("");
+    lines.push("## 3. Isolation par tenant");
+    lines.push("");
+    lines.push("**Important** : Tous les endpoints (sauf `navigation`) necessitent le parametre `tenantId` pour delimiter l'export a un tenant specifique. Cela assure la securite multi-tenant et evite les fuites de donnees.");
+    lines.push("");
+    lines.push("```");
+    lines.push("GET /api/v1/export/users?tenantId=<uuid>&page=1");
+    lines.push("GET /api/v1/export/roles?tenantId=<uuid>&page=1");
+    lines.push("GET /api/v1/export/tickets?tenantId=<uuid>&page=1");
+    lines.push("```");
+    lines.push("");
+    lines.push("Exemple avec boucle :");
+    lines.push("```");
+    lines.push("1. Recuprer la liste de tous les tenants via GET /api/v1/export/navigation");
+    lines.push("2. Pour chaque tenant, exporter ses donnees : users, roles, tickets");
+    lines.push("3. Concatener les resultats ou synchroniser par tenant");
+    lines.push("```");
+    lines.push("");
+    lines.push("---");
+    lines.push("");
+    const hasPaginated = endpoints.some((e) => e.paginated);
+    if (hasPaginated) {
+      lines.push("## 4. Pagination");
+      lines.push("");
+      lines.push("Pour parcourir toutes les pages : boucle tant que `hasMore === true`, en incrementant `page`.");
+      lines.push("Les resultats sont tries par `createdAt ASC` (ordre stable).");
+      lines.push("");
+      lines.push("---");
+      lines.push("");
+      lines.push("## 5. Synchronisation incrementale");
+      lines.push("");
+      lines.push("Utilise `modifiedSince` pour ne recuperer que les changements :");
+      lines.push("1. Premiere synchro : appelle sans `modifiedSince` (recupere tout)");
+      lines.push("2. Stocke `DateTime.UtcNow` du debut de la synchro");
+      lines.push("3. Synchros suivantes : passe `modifiedSince=<timestamp-stocke>`");
+      lines.push("");
+      lines.push("Le filtre retourne les entites ou `UpdatedAt >= modifiedSince OR CreatedAt >= modifiedSince`.");
+      lines.push("");
+      lines.push("---");
+      lines.push("");
+    }
+    lines.push("## 6. Rate Limiting");
+    lines.push("");
+    lines.push("| Aspect | Valeur |");
+    lines.push("|--------|--------|");
+    lines.push("| Algorithme | Fenetre fixe de 1 minute |");
+    lines.push("| Cle de partition | {clientId}:{endpointCode} (independant par endpoint) |");
+    lines.push("");
+    lines.push("Quand tu depasses la limite :");
+    lines.push("```");
+    lines.push("HTTP/1.1 429 Too Many Requests");
+    lines.push("Retry-After: 42");
+    lines.push("```");
+    lines.push("Lis le header `Retry-After` et attends. Implemente un backoff exponentiel.");
+    lines.push("");
+    lines.push("---");
+    lines.push("");
+    lines.push("## 7. Gestion des erreurs");
+    lines.push("");
+    lines.push("| HTTP | Action |");
+    lines.push("|------|--------|");
+    lines.push("| 200 | Traite les donnees |");
+    lines.push("| 400 | TenantId manquant ou invalide - verifie le parametre |");
+    lines.push("| 401 | Renouvelle le token et relance |");
+    lines.push("| 403 | Acces export non accorde - contacte l'admin |");
+    lines.push("| 404 | Tenant non trouve - verifie le tenantId |");
+    lines.push("| 429 | Attends `Retry-After` secondes |");
+    lines.push("| 500 | Retry avec backoff exponentiel |");
+    lines.push("");
+    lines.push("---");
+    lines.push("");
+    lines.push("## 8. Checklist d'implementation");
+    lines.push("");
+    lines.push("### 8.1 Configuration");
+    lines.push("```");
+    lines.push("SMARTSTACK_BASE_URL=https://smartstack.example.com");
+    lines.push(`SMARTSTACK_CLIENT_ID=${clientId}`);
+    lines.push("SMARTSTACK_CLIENT_SECRET=<base64-encoded-secret>");
+    lines.push("TENANT_IDS=<comma-separated-uuids>  # Ou recuperer dynamiquement via navigation");
+    lines.push("```");
+    lines.push("Ne hardcode JAMAIS le clientId/clientSecret. Utilise des variables d'environnement ou un vault.");
+    lines.push("");
+    lines.push("### 8.2 Service d'authentification");
+    lines.push("```");
+    lines.push("SmartStackAuthService:");
+    lines.push("  - generateAssertion() \u2192 JWT HMAC-SHA256 signe avec le secret decode du Base64");
+    lines.push("  - getAccessToken() \u2192 POST /api/auth/external-app/token");
+    lines.push("  - cachedToken / expiresAt \u2192 cache le token, renouvelle 5 min avant expiration");
+    lines.push("```");
+    lines.push("");
+    lines.push("### 8.3 Client HTTP generique");
+    lines.push("```");
+    lines.push("SmartStackExportClient:");
+    lines.push("  - fetchExport(endpointCode, tenantId, page?, pageSize?, modifiedSince?, extraParams?)");
+    lines.push("      \u2192 GET /api/v1/export/{endpointCode}?tenantId=<uuid>");
+    lines.push("  - fetchAllPages(endpointCode, tenantId, pageSize?, modifiedSince?)");
+    lines.push("      \u2192 boucle automatique sur toutes les pages avec tenantId");
+    lines.push("  - Gere 400 (tenantId invalide), 401 (retry token), 404 (tenant non trouve), 429 (Retry-After), 5xx (backoff)");
+    lines.push("```");
+    lines.push("");
+    lines.push("### 8.4 Synchroniseur incremental par tenant");
+    lines.push("```");
+    lines.push("SmartStackSyncService:");
+    lines.push(`  - endpoints: [${endpoints.map((e) => `"${e.code}"`).join(", ")}]`);
+    lines.push("  - syncAllTenants() \u2192 pour chaque tenant, appelle syncTenant()");
+    lines.push("  - syncTenant(tenantId):");
+    lines.push("    1. Pour chaque endpoint (sauf navigation):");
+    lines.push("      a. Lit le dernier timestamp de synchro pour ce tenant+endpoint");
+    lines.push("      b. Appelle fetchAllPages(endpoint, tenantId, modifiedSince)");
+    lines.push("      c. Upsert les donnees (INSERT si nouveau, UPDATE si existant, par `id`)");
+    lines.push("      d. Sauve le timestamp");
+    lines.push("```");
+    lines.push("");
+    lines.push("### 8.5 Securite");
+    lines.push("");
+    lines.push("- Stocke le clientSecret dans un vault (Azure Key Vault, etc.)");
+    lines.push("- L'assertion JWT a une duree courte (5 min max)");
+    lines.push("- Ne log jamais le token d'acces");
+    lines.push("- Toutes les requetes sont auditees cote SmartStack (IP, User-Agent)");
+  }
+  return lines.join("\n");
+}
+async function discoverEndpointsFromProject(config2, filterCodes) {
+  const discovered = [];
+  try {
+    const structure = await findSmartStackStructure(config2.smartstack.projectPath);
+    if (!structure.api) return discovered;
+    const exportControllerDir = path26.join(structure.api, "Controllers", "DataExport", "v1");
+    const { findFiles: findFiles2 } = await Promise.resolve().then(() => (init_fs(), fs_exports));
+    const controllerFiles = await findFiles2(path26.join(exportControllerDir, "Export*Controller.cs"));
+    for (const file of controllerFiles) {
+      const content = await readText(file);
+      if (!content) continue;
+      const routeMatch = content.match(/\[HttpGet\("api\/v1\/export\/([^"]+)"\)\]/);
+      if (!routeMatch) continue;
+      const code = routeMatch[1];
+      if (KNOWN_ENDPOINTS.find((e) => e.code === code)) continue;
+      if (filterCodes && !filterCodes.includes(code)) continue;
+      const classMatch = content.match(/class Export(\w+)Controller/);
+      const entityName = classMatch ? classMatch[1] : code;
+      discovered.push({
+        code,
+        name: `${entityName} Export`,
+        route: `/api/v1/export/${code}`,
+        method: "GET",
+        paginated: content.includes("PaginatedExportResult"),
+        params: [
+          { name: "page", type: "int", default: "1", description: "Numero de page" },
+          { name: "pageSize", type: "int", default: "100", description: "Elements par page" },
+          { name: "modifiedSince", type: "DateTime?", default: "null", description: "Filtre incremental UTC" }
+        ],
+        responseFields: [
+          { name: "id", type: "UUID", description: "Identifiant unique" },
+          { name: "...", type: "...", description: `Voir Export${entityName}Dto pour la structure complete` }
+        ],
+        defaultRateLimit: 60,
+        defaultMaxPageSize: 1e3,
+        notes: `Endpoint decouvert automatiquement. Verifier le DTO Export${entityName}Dto pour la structure exacte.`
+      });
+    }
+  } catch {
+    logger.debug("Could not discover endpoints from project");
+  }
+  return discovered;
+}
+function getJsonExample(type) {
+  switch (type) {
+    case "UUID":
+      return '"3fa85f64-5717-4562-b3fc-2c963f66afa6"';
+    case "UUID?":
+      return "null";
+    case "string":
+      return '"..."';
+    case "string?":
+      return '"..."';
+    case "boolean":
+      return "true";
+    case "int":
+      return "0";
+    case "DateTime":
+      return '"2026-01-15T10:30:00Z"';
+    case "DateTime?":
+      return "null";
+    case "string[]":
+      return '["item1", "item2"]';
+    case "UUID[]":
+      return '["uuid1", "uuid2"]';
+    case "object[]":
+      return '[{"id": "...", "code": "...", "label": "..."}]';
+    default:
+      return '"..."';
+  }
+}
+var promptDataExportM2mTool, KNOWN_ENDPOINTS;
+var init_prompt_data_export_m2m = __esm({
+  "src/mcp/tools/prompt-data-export-m2m.ts"() {
+    "use strict";
+    init_esm_shims();
+    init_types3();
+    init_logger();
+    init_detector();
+    init_fs();
+    promptDataExportM2mTool = {
+      name: "prompt_data_export_m2m",
+      description: `Generate a ready-to-use M2M integration prompt for SmartStack Data Export API.
+
+Creates a complete prompt containing:
+- HMAC-JWT authentication flow (assertion + token exchange)
+- Selected endpoint details (route, parameters, response structure)
+- Pagination and incremental sync patterns
+- Rate limiting and error handling
+- Implementation checklist (auth service, HTTP client, sync service)
+
+The prompt is designed to be pasted into a VibeCoding session (Claude, Cursor, etc.)
+so the AI can implement the full client without additional context.
+
+Example:
+  prompt_data_export_m2m endpoints=["users","tenants","roles"]
+  prompt_data_export_m2m endpoints=["users"] clientId="app_abc123"
+
+If no endpoints specified, scans the project to discover all available export endpoints.`,
+      inputSchema: {
+        type: "object",
+        properties: {
+          endpoints: {
+            type: "array",
+            items: { type: "string" },
+            description: 'Endpoint codes to include (e.g., ["users", "tenants", "roles"]). If empty, discovers all available endpoints.'
+          },
+          clientId: {
+            type: "string",
+            description: 'Optional clientId to pre-fill in the prompt (e.g., "app_abc123...")'
+          },
+          options: {
+            type: "object",
+            properties: {
+              includeBasePrompt: {
+                type: "boolean",
+                default: true,
+                description: "Include authentication and common sections (default: true)"
+              },
+              format: {
+                type: "string",
+                enum: ["full", "endpoints-only"],
+                default: "full",
+                description: 'Output format: "full" includes auth+endpoints+checklist, "endpoints-only" just endpoint details'
+              }
+            }
+          }
+        }
+      }
+    };
+    KNOWN_ENDPOINTS = [
+      {
+        code: "users",
+        name: "Users Export",
+        route: "/api/v1/export/users",
+        method: "GET",
+        paginated: true,
+        params: [
+          { name: "tenantId", type: "UUID", default: "required", description: "ID du tenant pour limiter l'export a ses utilisateurs" },
+          { name: "page", type: "int", default: "1", description: "Numero de page (commence a 1)" },
+          { name: "pageSize", type: "int", default: "100", description: "Elements par page (max 1000)" },
+          { name: "modifiedSince", type: "DateTime?", default: "null", description: "Filtre incremental UTC - entites creees ou modifiees apres cette date" },
+          { name: "isActive", type: "bool?", default: "null", description: "Filtre par statut actif/inactif" }
+        ],
+        responseFields: [
+          { name: "id", type: "UUID", description: "Identifiant unique" },
+          { name: "email", type: "string", description: "Adresse email" },
+          { name: "firstName", type: "string?", description: "Prenom" },
+          { name: "lastName", type: "string?", description: "Nom de famille" },
+          { name: "displayName", type: "string?", description: "Nom affiche" },
+          { name: "isActive", type: "boolean", description: "Compte actif" },
+          { name: "createdAt", type: "DateTime", description: "Date de creation (UTC)" },
+          { name: "updatedAt", type: "DateTime?", description: "Date de derniere modification (UTC)" },
+          { name: "roles", type: "string[]", description: "Noms des roles attribues" },
+          { name: "tenantIds", type: "UUID[]", description: "IDs des tenants associes" }
+        ],
+        defaultRateLimit: 60,
+        defaultMaxPageSize: 1e3
+      },
+      {
+        code: "tenants",
+        name: "Tenants Export",
+        route: "/api/v1/export/tenants",
+        method: "GET",
+        paginated: true,
+        params: [
+          { name: "tenantId", type: "UUID", default: "required", description: "ID du tenant a exporter - retourne le tenant specifie et ses donnees associees" },
+          { name: "page", type: "int", default: "1", description: "Numero de page (commence a 1)" },
+          { name: "pageSize", type: "int", default: "100", description: "Elements par page (max 1000)" },
+          { name: "modifiedSince", type: "DateTime?", default: "null", description: "Filtre incremental UTC" }
+        ],
+        responseFields: [
+          { name: "id", type: "UUID", description: "Identifiant unique" },
+          { name: "name", type: "string", description: "Nom du tenant" },
+          { name: "slug", type: "string", description: "Slug URL-friendly" },
+          { name: "type", type: "string", description: "Type de tenant" },
+          { name: "status", type: "string", description: "Statut (Active, Suspended, etc.)" },
+          { name: "description", type: "string?", description: "Description" },
+          { name: "createdAt", type: "DateTime", description: "Date de creation (UTC)" },
+          { name: "updatedAt", type: "DateTime?", description: "Date de derniere modification (UTC)" },
+          { name: "memberCount", type: "int", description: "Nombre de membres" }
+        ],
+        defaultRateLimit: 60,
+        defaultMaxPageSize: 1e3
+      },
+      {
+        code: "roles",
+        name: "Roles Export",
+        route: "/api/v1/export/roles",
+        method: "GET",
+        paginated: true,
+        params: [
+          { name: "tenantId", type: "UUID", default: "required", description: "ID du tenant pour limiter l'export a ses roles" },
+          { name: "page", type: "int", default: "1", description: "Numero de page (commence a 1)" },
+          { name: "pageSize", type: "int", default: "100", description: "Elements par page (max 1000)" },
+          { name: "modifiedSince", type: "DateTime?", default: "null", description: "Filtre incremental UTC" }
+        ],
+        responseFields: [
+          { name: "id", type: "UUID", description: "Identifiant unique" },
+          { name: "name", type: "string", description: "Nom du role" },
+          { name: "shortName", type: "string?", description: "Nom court" },
+          { name: "code", type: "string?", description: "Code technique" },
+          { name: "category", type: "string", description: "Categorie (Global, Admin, Manager, Contributor, Viewer, Custom)" },
+          { name: "description", type: "string?", description: "Description du role" },
+          { name: "isSystem", type: "boolean", description: "Role systeme (non modifiable)" },
+          { name: "createdAt", type: "DateTime", description: "Date de creation (UTC)" },
+          { name: "updatedAt", type: "DateTime?", description: "Date de derniere modification (UTC)" },
+          { name: "permissions", type: "string[]", description: "Codes des permissions attribuees" }
+        ],
+        defaultRateLimit: 60,
+        defaultMaxPageSize: 1e3
+      },
+      {
+        code: "tickets",
+        name: "Tickets Export",
+        route: "/api/v1/export/tickets",
+        method: "GET",
+        paginated: true,
+        params: [
+          { name: "tenantId", type: "UUID", default: "required", description: "ID du tenant pour limiter l'export a ses tickets" },
+          { name: "page", type: "int", default: "1", description: "Numero de page (commence a 1)" },
+          { name: "pageSize", type: "int", default: "100", description: "Elements par page (max 500)" },
+          { name: "modifiedSince", type: "DateTime?", default: "null", description: "Filtre incremental UTC" }
+        ],
+        responseFields: [
+          { name: "id", type: "UUID", description: "Identifiant unique" },
+          { name: "title", type: "string", description: "Titre du ticket" },
+          { name: "type", type: "string", description: "Type (Bug, Feature, Support, etc.)" },
+          { name: "status", type: "string", description: "Statut (Open, InProgress, Resolved, Closed)" },
+          { name: "priority", type: "string", description: "Priorite (Low, Medium, High, Critical)" },
+          { name: "assignedToUserId", type: "UUID?", description: "ID utilisateur assigne" },
+          { name: "createdByUserId", type: "UUID", description: "ID createur" },
+          { name: "tenantId", type: "UUID?", description: "ID tenant associe" },
+          { name: "createdAt", type: "DateTime", description: "Date de creation (UTC)" },
+          { name: "updatedAt", type: "DateTime?", description: "Date de derniere modification (UTC)" },
+          { name: "resolvedAt", type: "DateTime?", description: "Date de resolution (UTC)" },
+          { name: "closedAt", type: "DateTime?", description: "Date de fermeture (UTC)" }
+        ],
+        defaultRateLimit: 30,
+        defaultMaxPageSize: 500,
+        notes: "Rate limit reduit a 30 req/min. Page size max 500."
+      },
+      {
+        code: "navigation",
+        name: "Navigation Export",
+        route: "/api/v1/export/navigation",
+        method: "GET",
+        paginated: false,
+        params: [],
+        responseFields: [
+          { name: "id", type: "UUID", description: "Identifiant de l'application" },
+          { name: "code", type: "string", description: "Code technique de l'application" },
+          { name: "label", type: "string", description: "Libelle affiche" },
+          { name: "modules", type: "object[]", description: "Liste des modules (chacun: id, code, label)" }
+        ],
+        defaultRateLimit: 60,
+        defaultMaxPageSize: 1e3,
+        notes: "Endpoint NON pagine. Retourne directement un tableau JSON (pas d'envelope de pagination). Contient la structure de navigation : applications avec leurs modules."
+      }
+    ];
+  }
+});
+
+// src/mcp/tools/analyze-hierarchy-patterns.ts
+import path27 from "path";
 async function handleAnalyzeHierarchyPatterns(args, config2) {
   const input = AnalyzeHierarchyPatternsInputSchema.parse(args);
   const projectPath = input.path || config2.smartstack.projectPath;
@@ -62115,7 +63298,7 @@ async function handleAnalyzeHierarchyPatterns(args, config2) {
     recommendations,
     circularDependencies: detectCircularDependencies(entityGraph)
   };
-  return formatResult9(result, outputFormat, structure.root);
+  return formatResult10(result, outputFormat, structure.root);
 }
 async function buildEntityGraph(domainPath, filter3) {
   const entityFiles = await findFiles("**/*.cs", { cwd: domainPath });
@@ -62171,7 +63354,7 @@ async function buildEntityGraph(domainPath, filter3) {
   return entityMap;
 }
 function parseEntity(content, file, domainPath) {
-  const fileName = path25.basename(file, ".cs");
+  const fileName = path27.basename(file, ".cs");
   if (fileName.endsWith("Dto") || fileName.endsWith("Command") || fileName.endsWith("Query") || fileName.endsWith("Handler") || fileName.endsWith("Validator") || fileName.endsWith("Exception") || fileName.startsWith("I")) {
     return null;
   }
@@ -62215,7 +63398,7 @@ function parseEntity(content, file, domainPath) {
   const parentEntity = foreignKeys.length > 0 ? foreignKeys[0].referencedEntity : void 0;
   return {
     name: entityName,
-    file: path25.relative(domainPath, file),
+    file: path27.relative(domainPath, file),
     baseClass: hasSystemEntity ? "SystemEntity" : "BaseEntity",
     isTenantAware: hasITenantEntity,
     isSystemEntity: hasSystemEntity,
@@ -62246,24 +63429,24 @@ function detectCircularDependencies(entityMap) {
   const cycles = [];
   for (const [name] of entityMap) {
     let dfs2 = function(current) {
-      if (path30.includes(current)) {
-        const cycleStart = path30.indexOf(current);
-        cycles.push([...path30.slice(cycleStart), current]);
+      if (path32.includes(current)) {
+        const cycleStart = path32.indexOf(current);
+        cycles.push([...path32.slice(cycleStart), current]);
         return true;
       }
       if (visited.has(current)) return false;
       visited.add(current);
-      path30.push(current);
+      path32.push(current);
       const node = entityMap.get(current);
       if (node?.parent) {
         dfs2(node.parent);
       }
-      path30.pop();
+      path32.pop();
       return false;
     };
     var dfs = dfs2;
     const visited = /* @__PURE__ */ new Set();
-    const path30 = [];
+    const path32 = [];
     dfs2(name);
   }
   const unique = /* @__PURE__ */ new Map();
@@ -62470,7 +63653,7 @@ function getImplementationSteps(pattern, node) {
       return [];
   }
 }
-function formatResult9(result, format, _rootPath) {
+function formatResult10(result, format, _rootPath) {
   if (format === "json") {
     return JSON.stringify(result, null, 2);
   }
@@ -64875,13 +66058,13 @@ async function getFilesToAnalyze(projectPath, scope, _structure) {
     try {
       const fullPath = filePath.startsWith(projectPath) ? filePath : `${projectPath}/${filePath}`;
       const content = await readText(fullPath);
-      const relativePath = filePath.replace(projectPath, "").replace(/^[/\\]/, "");
+      const relativePath2 = filePath.replace(projectPath, "").replace(/^[/\\]/, "");
       files.push({
         path: fullPath,
-        relativePath,
+        relativePath: relativePath2,
         content,
         language: detectLanguage(filePath),
-        layer: detectLayer(relativePath),
+        layer: detectLayer(relativePath2),
         lineCount: content.split("\n").length
       });
     } catch {
@@ -64911,8 +66094,8 @@ function detectLanguage(filePath) {
       return "other";
   }
 }
-function detectLayer(relativePath) {
-  const lower = relativePath.toLowerCase();
+function detectLayer(relativePath2) {
+  const lower = relativePath2.toLowerCase();
   if (lower.includes("/domain/") || lower.includes("\\domain\\")) return "domain";
   if (lower.includes("/application/") || lower.includes("\\application\\")) return "application";
   if (lower.includes("/infrastructure/") || lower.includes("\\infrastructure\\")) return "infrastructure";
@@ -66412,7 +67595,7 @@ var init_conventions = __esm({
 });
 
 // src/mcp/resources/project-info.ts
-import path26 from "path";
+import path28 from "path";
 async function getProjectInfoResource(config2) {
   const projectPath = config2.smartstack.projectPath;
   const projectInfo = await detectProject(projectPath);
@@ -66443,16 +67626,16 @@ async function getProjectInfoResource(config2) {
   lines.push("```");
   lines.push(`${projectInfo.name}/`);
   if (structure.domain) {
-    lines.push(`\u251C\u2500\u2500 ${path26.basename(structure.domain)}/          # Domain layer (entities)`);
+    lines.push(`\u251C\u2500\u2500 ${path28.basename(structure.domain)}/          # Domain layer (entities)`);
   }
   if (structure.application) {
-    lines.push(`\u251C\u2500\u2500 ${path26.basename(structure.application)}/     # Application layer (services)`);
+    lines.push(`\u251C\u2500\u2500 ${path28.basename(structure.application)}/     # Application layer (services)`);
   }
   if (structure.infrastructure) {
-    lines.push(`\u251C\u2500\u2500 ${path26.basename(structure.infrastructure)}/  # Infrastructure (EF Core)`);
+    lines.push(`\u251C\u2500\u2500 ${path28.basename(structure.infrastructure)}/  # Infrastructure (EF Core)`);
   }
   if (structure.api) {
-    lines.push(`\u251C\u2500\u2500 ${path26.basename(structure.api)}/             # API layer (controllers)`);
+    lines.push(`\u251C\u2500\u2500 ${path28.basename(structure.api)}/             # API layer (controllers)`);
   }
   if (structure.web) {
     lines.push(`\u2514\u2500\u2500 web/smartstack-web/      # React frontend`);
@@ -66465,9 +67648,9 @@ async function getProjectInfoResource(config2) {
     lines.push("| Project | Path |");
     lines.push("|---------|------|");
     for (const csproj of projectInfo.csprojFiles) {
-      const name = path26.basename(csproj, ".csproj");
-      const relativePath = path26.relative(projectPath, csproj);
-      lines.push(`| ${name} | \`${relativePath}\` |`);
+      const name = path28.basename(csproj, ".csproj");
+      const relativePath2 = path28.relative(projectPath, csproj);
+      lines.push(`| ${name} | \`${relativePath2}\` |`);
     }
     lines.push("");
   }
@@ -66476,10 +67659,10 @@ async function getProjectInfoResource(config2) {
       cwd: structure.migrations,
       ignore: ["*.Designer.cs"]
     });
-    const migrations = migrationFiles.map((f) => path26.basename(f)).filter((f) => !f.includes("ModelSnapshot") && !f.includes(".Designer.")).sort();
+    const migrations = migrationFiles.map((f) => path28.basename(f)).filter((f) => !f.includes("ModelSnapshot") && !f.includes(".Designer.")).sort();
     lines.push("## EF Core Migrations");
     lines.push("");
-    lines.push(`**Location**: \`${path26.relative(projectPath, structure.migrations)}\``);
+    lines.push(`**Location**: \`${path28.relative(projectPath, structure.migrations)}\``);
     lines.push(`**Total Migrations**: ${migrations.length}`);
     lines.push("");
     if (migrations.length > 0) {
@@ -66514,11 +67697,11 @@ async function getProjectInfoResource(config2) {
   lines.push("dotnet build");
   lines.push("");
   lines.push("# Run API");
-  lines.push(`cd ${structure.api ? path26.relative(projectPath, structure.api) : "src/Api"}`);
+  lines.push(`cd ${structure.api ? path28.relative(projectPath, structure.api) : "src/Api"}`);
   lines.push("dotnet run");
   lines.push("");
   lines.push("# Run frontend");
-  lines.push(`cd ${structure.web ? path26.relative(projectPath, structure.web) : "web"}`);
+  lines.push(`cd ${structure.web ? path28.relative(projectPath, structure.web) : "web"}`);
   lines.push("npm run dev");
   lines.push("");
   lines.push("# Create migration");
@@ -66556,7 +67739,7 @@ var init_project_info = __esm({
 });
 
 // src/mcp/resources/api-endpoints.ts
-import path27 from "path";
+import path29 from "path";
 async function getApiEndpointsResource(config2, endpointFilter) {
   const structure = await findSmartStackStructure(config2.smartstack.projectPath);
   if (!structure.api) {
@@ -66575,7 +67758,7 @@ async function getApiEndpointsResource(config2, endpointFilter) {
 }
 async function parseController(filePath, _rootPath) {
   const content = await readText(filePath);
-  const fileName = path27.basename(filePath, ".cs");
+  const fileName = path29.basename(filePath, ".cs");
   const controllerName = fileName.replace("Controller", "");
   const endpoints = [];
   const routeMatch = content.match(/\[Route\s*\(\s*"([^"]+)"\s*\)\]/);
@@ -66737,7 +67920,7 @@ var init_api_endpoints = __esm({
 });
 
 // src/mcp/resources/db-schema.ts
-import path28 from "path";
+import path30 from "path";
 async function getDbSchemaResource(config2, tableFilter) {
   const structure = await findSmartStackStructure(config2.smartstack.projectPath);
   if (!structure.domain && !structure.infrastructure) {
@@ -66821,7 +68004,7 @@ async function parseEntity2(filePath, rootPath, _config) {
     tableName,
     properties,
     relationships,
-    file: path28.relative(rootPath, filePath)
+    file: path30.relative(rootPath, filePath)
   };
 }
 async function enrichFromConfigurations(entities, infrastructurePath, _config) {
@@ -66982,7 +68165,7 @@ var init_db_schema = __esm({
 });
 
 // src/mcp/resources/entities.ts
-import path29 from "path";
+import path31 from "path";
 async function getEntitiesResource(config2, entityFilter) {
   const structure = await findSmartStackStructure(config2.smartstack.projectPath);
   if (!structure.domain) {
@@ -67036,7 +68219,7 @@ async function parseEntitySummary(filePath, rootPath, config2) {
     hasSoftDelete,
     hasRowVersion,
     file: filePath,
-    relativePath: path29.relative(rootPath, filePath)
+    relativePath: path31.relative(rootPath, filePath)
   };
 }
 function inferTableInfo(entityName, config2) {
@@ -67094,11 +68277,11 @@ function inferTableInfo(entityName, config2) {
   if (!validPrefixes.includes(tablePrefix)) {
     tablePrefix = "ref_";
   }
-  const tableName = `${tablePrefix}${pluralize(entityName)}`;
+  const tableName = `${tablePrefix}${pluralize2(entityName)}`;
   const schema = config2.conventions.schemas.platform;
   return { tableName, tablePrefix, schema };
 }
-function pluralize(name) {
+function pluralize2(name) {
   if (name.endsWith("y") && !/[aeiou]y$/i.test(name)) {
     return name.slice(0, -1) + "ies";
   }
@@ -67254,6 +68437,9 @@ async function createServer() {
         // Frontend Extension Tools
         scaffoldFrontendExtensionTool,
         analyzeExtensionPointsTool,
+        // Data Export Tools
+        scaffoldDataExportTool,
+        promptDataExportM2mTool,
         // Security & Code Quality Tools
         validateSecurityTool,
         analyzeCodeQualityTool,
@@ -67323,6 +68509,13 @@ async function createServer() {
         case "analyze_extension_points":
           result = await handleAnalyzeExtensionPoints(args ?? {}, config2);
           break;
+        // Data Export Tools
+        case "scaffold_data_export":
+          result = await handleScaffoldDataExport(args ?? {}, config2);
+          break;
+        case "prompt_data_export_m2m":
+          result = await handlePromptDataExportM2m(args ?? {}, config2);
+          break;
         // Security & Code Quality Tools
         case "validate_security":
           result = await handleValidateSecurity(args ?? {}, config2);
@@ -67451,6 +68644,8 @@ var init_server3 = __esm({
     init_scaffold_frontend_tests();
     init_validate_security();
     init_analyze_code_quality();
+    init_scaffold_data_export();
+    init_prompt_data_export_m2m();
     init_analyze_hierarchy_patterns();
     init_review_code();
     init_conventions();