@autobe/agent 0.22.0 → 0.23.0

package/lib/{agent/src/orchestrate → orchestrate}/interface/orchestrateInterfaceOperations.js

@@ -51,18 +51,17 @@ const __typia_transform__llmApplicationFinalize = __importStar(require("typia/li
 const utils_1 = require("@autobe/utils");
 const tstl_1 = require("tstl");
 const typia_1 = __importDefault(require("typia"));
-const Escaper_1 = require("typia/lib/utils/Escaper");
 const NamingConvention_1 = require("typia/lib/utils/NamingConvention");
 const uuid_1 = require("uuid");
 const assertSchemaModel_1 = require("../../context/assertSchemaModel");
 const divideArray_1 = require("../../utils/divideArray");
-const emplaceMap_1 = require("../../utils/emplaceMap");
 const executeCachedBatch_1 = require("../../utils/executeCachedBatch");
 const transformInterfaceOperationHistories_1 = require("./histories/transformInterfaceOperationHistories");
 const orchestrateInterfaceOperationsReview_1 = require("./orchestrateInterfaceOperationsReview");
 const OpenApiEndpointComparator_1 = require("./utils/OpenApiEndpointComparator");
+const OperationValidator_1 = require("./utils/OperationValidator");
 function orchestrateInterfaceOperations(ctx_1, endpoints_1) {
-    return __awaiter(this, arguments, void 0, function* (ctx, endpoints, capacity = 8) {
+    return __awaiter(this, arguments, void 0, function* (ctx, endpoints, capacity = 4 /* AutoBeConfigConstant.INTERFACE_CAPACITY */) {
         const matrix = (0, divideArray_1.divideArray)({
             array: endpoints,
             capacity,
@@ -155,7 +154,7 @@ function process(ctx, endpoints, progress, promptCacheKey) {
 function createController(props) {
     (0, assertSchemaModel_1.assertSchemaModel)(props.model);
     const validate = (next) => {
-        const result = (() => { const _io0 = input => Array.isArray(input.operations) && input.operations.every(elem => "object" === typeof elem && null !== elem && _io1(elem)); const _io1 = input => Array.isArray(input.authorizationRoles) && input.authorizationRoles.every(elem => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) && 1 <= elem.length)) && ("string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name)) && "string" === typeof input.specification && "string" === typeof input.summary && "string" === typeof input.description && ("string" === typeof input.path && RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path)) && (Array.isArray(input.parameters) && input.parameters.every(elem => "object" === typeof elem && null !== elem && _io2(elem))) && (null === input.requestBody || "object" === typeof input.requestBody && null !== input.requestBody && _io6(input.requestBody)) && (null === input.responseBody || "object" === typeof input.responseBody && null !== input.responseBody && _io7(input.responseBody)) && ("get" === input.method || "post" === input.method || "put" === input.method || "delete" === input.method || "patch" === input.method); const _io2 = input => "string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) && "string" === typeof input.description && ("object" === typeof input.schema && null !== input.schema && _iu0(input.schema)); const _io3 = input => (undefined === input.minimum || "number" === typeof input.minimum && (Math.floor(input.minimum) === input.minimum && -9223372036854776000 <= input.minimum && input.minimum <= 9223372036854776000)) && (undefined === input.maximum || "number" === typeof input.maximum && (Math.floor(input.maximum) === input.maximum && -9223372036854776000 <= input.maximum && input.maximum <= 9223372036854776000)) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && (Math.floor(input.multipleOf) === input.multipleOf && 0 <= input.multipleOf && input.multipleOf <= 18446744073709552000 && 0 < input.multipleOf)) && "integer" === input.type; const _io4 = input => (undefined === input.minimum || "number" === typeof input.minimum) && (undefined === input.maximum || "number" === typeof input.maximum) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && 0 < input.multipleOf) && "number" === input.type; const _io5 = input => (undefined === input.format || "string" === typeof input.format) && (undefined === input.pattern || "string" === typeof input.pattern) && (undefined === input.contentMediaType || "string" === typeof input.contentMediaType) && (undefined === input.minLength || "number" === typeof input.minLength && (Math.floor(input.minLength) === input.minLength && 0 <= input.minLength && input.minLength <= 18446744073709552000)) && (undefined === input.maxLength || "number" === typeof input.maxLength && (Math.floor(input.maxLength) === input.maxLength && 0 <= input.maxLength && input.maxLength <= 18446744073709552000)) && "string" === input.type; const _io6 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _io7 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _iu0 = input => (() => {
+        const result = (() => { const _io0 = input => Array.isArray(input.operations) && input.operations.every(elem => "object" === typeof elem && null !== elem && _io1(elem)); const _io1 = input => "string" === typeof input.specification && "string" === typeof input.description && "string" === typeof input.summary && (Array.isArray(input.parameters) && input.parameters.every(elem => "object" === typeof elem && null !== elem && _io2(elem))) && (null === input.requestBody || "object" === typeof input.requestBody && null !== input.requestBody && _io6(input.requestBody)) && (null === input.responseBody || "object" === typeof input.responseBody && null !== input.responseBody && _io7(input.responseBody)) && ("string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name)) && (Array.isArray(input.authorizationRoles) && input.authorizationRoles.every(elem => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) && 1 <= elem.length))) && ("string" === typeof input.path && RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path)) && ("get" === input.method || "post" === input.method || "put" === input.method || "delete" === input.method || "patch" === input.method); const _io2 = input => "string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) && "string" === typeof input.description && ("object" === typeof input.schema && null !== input.schema && _iu0(input.schema)); const _io3 = input => (undefined === input.minimum || "number" === typeof input.minimum && (Math.floor(input.minimum) === input.minimum && -9223372036854776000 <= input.minimum && input.minimum <= 9223372036854776000)) && (undefined === input.maximum || "number" === typeof input.maximum && (Math.floor(input.maximum) === input.maximum && -9223372036854776000 <= input.maximum && input.maximum <= 9223372036854776000)) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && (Math.floor(input.multipleOf) === input.multipleOf && 0 <= input.multipleOf && input.multipleOf <= 18446744073709552000 && 0 < input.multipleOf)) && "integer" === input.type; const _io4 = input => (undefined === input.minimum || "number" === typeof input.minimum) && (undefined === input.maximum || "number" === typeof input.maximum) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && 0 < input.multipleOf) && "number" === input.type; const _io5 = input => (undefined === input.format || "string" === typeof input.format) && (undefined === input.pattern || "string" === typeof input.pattern) && (undefined === input.contentMediaType || "string" === typeof input.contentMediaType) && (undefined === input.minLength || "number" === typeof input.minLength && (Math.floor(input.minLength) === input.minLength && 0 <= input.minLength && input.minLength <= 18446744073709552000)) && (undefined === input.maxLength || "number" === typeof input.maxLength && (Math.floor(input.maxLength) === input.maxLength && 0 <= input.maxLength && input.maxLength <= 18446744073709552000)) && "string" === input.type; const _io6 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _io7 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _iu0 = input => (() => {
             if ("number" === input.type)
                 return _io4(input);
             else if ("integer" === input.type)
@@ -180,64 +179,28 @@ function createController(props) {
                 path: _path + ".operations",
                 expected: "Array<IAutoBeInterfaceOperationApplication.IOperation>",
                 value: input.operations
-            })].every(flag => flag); const _vo1 = (input, _path, _exceptionable = true) => [(Array.isArray(input.authorizationRoles) || _report(_exceptionable, {
-                path: _path + ".authorizationRoles",
-                expected: "Array<string & CamelPattern & MinLength<1>>",
-                value: input.authorizationRoles
-            })) && input.authorizationRoles.map((elem, _index5) => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) || _report(_exceptionable, {
-                path: _path + ".authorizationRoles[" + _index5 + "]",
-                expected: "string & CamelPattern",
-                value: elem
-            })) && (1 <= elem.length || _report(_exceptionable, {
-                path: _path + ".authorizationRoles[" + _index5 + "]",
-                expected: "string & MinLength<1>",
-                value: elem
-            })) || _report(_exceptionable, {
-                path: _path + ".authorizationRoles[" + _index5 + "]",
-                expected: "(string & CamelPattern & MinLength<1>)",
-                value: elem
-            })).every(flag => flag) || _report(_exceptionable, {
-                path: _path + ".authorizationRoles",
-                expected: "Array<string & CamelPattern & MinLength<1>>",
-                value: input.authorizationRoles
-            }), "string" === typeof input.name && (RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) || _report(_exceptionable, {
-                path: _path + ".name",
-                expected: "string & CamelPattern",
-                value: input.name
-            })) || _report(_exceptionable, {
-                path: _path + ".name",
-                expected: "(string & CamelPattern)",
-                value: input.name
-            }), "string" === typeof input.specification || _report(_exceptionable, {
+            })].every(flag => flag); const _vo1 = (input, _path, _exceptionable = true) => ["string" === typeof input.specification || _report(_exceptionable, {
                 path: _path + ".specification",
                 expected: "string",
                 value: input.specification
-            }), "string" === typeof input.summary || _report(_exceptionable, {
-                path: _path + ".summary",
-                expected: "string",
-                value: input.summary
             }), "string" === typeof input.description || _report(_exceptionable, {
                 path: _path + ".description",
                 expected: "string",
                 value: input.description
-            }), "string" === typeof input.path && (RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path) || _report(_exceptionable, {
-                path: _path + ".path",
-                expected: "string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">",
-                value: input.path
-            })) || _report(_exceptionable, {
-                path: _path + ".path",
-                expected: "(string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">)",
-                value: input.path
+            }), "string" === typeof input.summary || _report(_exceptionable, {
+                path: _path + ".summary",
+                expected: "string",
+                value: input.summary
             }), (Array.isArray(input.parameters) || _report(_exceptionable, {
                 path: _path + ".parameters",
                 expected: "Array<AutoBeOpenApi.IParameter>",
                 value: input.parameters
-            })) && input.parameters.map((elem, _index6) => ("object" === typeof elem && null !== elem || _report(_exceptionable, {
-                path: _path + ".parameters[" + _index6 + "]",
+            })) && input.parameters.map((elem, _index5) => ("object" === typeof elem && null !== elem || _report(_exceptionable, {
+                path: _path + ".parameters[" + _index5 + "]",
                 expected: "AutoBeOpenApi.IParameter",
                 value: elem
-            })) && _vo2(elem, _path + ".parameters[" + _index6 + "]", true && _exceptionable) || _report(_exceptionable, {
-                path: _path + ".parameters[" + _index6 + "]",
+            })) && _vo2(elem, _path + ".parameters[" + _index5 + "]", true && _exceptionable) || _report(_exceptionable, {
+                path: _path + ".parameters[" + _index5 + "]",
                 expected: "AutoBeOpenApi.IParameter",
                 value: elem
             })).every(flag => flag) || _report(_exceptionable, {
@@ -260,6 +223,42 @@ function createController(props) {
                 path: _path + ".responseBody",
                 expected: "(AutoBeOpenApi.IResponseBody | null)",
                 value: input.responseBody
+            }), "string" === typeof input.name && (RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) || _report(_exceptionable, {
+                path: _path + ".name",
+                expected: "string & CamelPattern",
+                value: input.name
+            })) || _report(_exceptionable, {
+                path: _path + ".name",
+                expected: "(string & CamelPattern)",
+                value: input.name
+            }), (Array.isArray(input.authorizationRoles) || _report(_exceptionable, {
+                path: _path + ".authorizationRoles",
+                expected: "Array<string & CamelPattern & MinLength<1>>",
+                value: input.authorizationRoles
+            })) && input.authorizationRoles.map((elem, _index6) => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) || _report(_exceptionable, {
+                path: _path + ".authorizationRoles[" + _index6 + "]",
+                expected: "string & CamelPattern",
+                value: elem
+            })) && (1 <= elem.length || _report(_exceptionable, {
+                path: _path + ".authorizationRoles[" + _index6 + "]",
+                expected: "string & MinLength<1>",
+                value: elem
+            })) || _report(_exceptionable, {
+                path: _path + ".authorizationRoles[" + _index6 + "]",
+                expected: "(string & CamelPattern & MinLength<1>)",
+                value: elem
+            })).every(flag => flag) || _report(_exceptionable, {
+                path: _path + ".authorizationRoles",
+                expected: "Array<string & CamelPattern & MinLength<1>>",
+                value: input.authorizationRoles
+            }), "string" === typeof input.path && (RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path) || _report(_exceptionable, {
+                path: _path + ".path",
+                expected: "string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">",
+                value: input.path
+            })) || _report(_exceptionable, {
+                path: _path + ".path",
+                expected: "(string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">)",
+                value: input.path
             }), "get" === input.method || "post" === input.method || "put" === input.method || "delete" === input.method || "patch" === input.method || _report(_exceptionable, {
                 path: _path + ".method",
                 expected: "(\"delete\" | \"get\" | \"patch\" | \"post\" | \"put\")",
@@ -445,30 +444,12 @@ function createController(props) {
             return result;
         const operations = result.data.operations;
         const errors = [];
+        OperationValidator_1.OperationValidator.validate({
+            path: "$input.operations",
+            errors,
+            operations,
+        });
         operations.forEach((op, i) => {
-            // get method has request body
-            if (op.method === "get" && op.requestBody !== null)
-                errors.push({
-                    path: `$input.operations[${i}].requestBody`,
-                    expected: "GET method should not have request body. Change method, or re-design the operation.",
-                    value: op.requestBody,
-                });
-            // operation name
-            if (Escaper_1.Escaper.variable(op.name) === false)
-                errors.push({
-                    path: `$input.operations[${i}].name`,
-                    expected: "<valid_variable_name>",
-                    value: op.name,
-                    description: utils_1.StringUtil.trim `
-            The operation name will be converted to the API controller method
-            (function) name, so the operation.name must be a valid JavaScript 
-            variable/function name.
-
-            However, what you've configured value ${JSON.stringify(op.name)}
-            is not a valid JavaScript variable/function name. Please change
-            it to a valid variable/function name.
-          `,
-                });
             // validate roles
             if (props.roles.length === 0)
                 op.authorizationRoles = [];
@@ -490,68 +471,6 @@ function createController(props) {
                     });
                 });
         });
-        // validate duplicated endpoints
-        const endpoints = new tstl_1.HashMap(utils_1.AutoBeEndpointComparator.hashCode, utils_1.AutoBeEndpointComparator.equals);
-        operations.forEach((op, i) => {
-            const key = {
-                path: op.path,
-                method: op.method,
-            };
-            const it = endpoints.find(key);
-            if (it.equals(endpoints.end()) === false) {
-                const indexes = it.second;
-                errors.push({
-                    path: `$input.operations[${i}].{"path"|"method"}`,
-                    expected: "Unique endpoint (path and method)",
-                    value: key,
-                    description: utils_1.StringUtil.trim `
-            Duplicated endpoint detected (method: ${op.method}, path: ${op.path}).
-
-            The duplicated endpoints of others are located in below accessors.
-            Check them, and consider which operation endpoint would be proper to modify.
-            
-            ${indexes
-                        .map((idx) => `- $input.operations.[${idx}].{"path"|"method"}`)
-                        .join("\n")}
-          `,
-                });
-                indexes.push(i);
-            }
-            else
-                endpoints.emplace(key, [i]);
-        });
-        // validate duplicated method names
-        const accessors = new Map();
-        operations.forEach((op, i) => {
-            const key = op.path
-                .split("/")
-                .filter((e) => e[0] !== "{" && e.at(-1) !== "}")
-                .filter((e) => e.length !== 0)
-                .join(".") + `.${op.name}`;
-            const indexes = (0, emplaceMap_1.emplaceMap)(accessors, key, () => []);
-            if (indexes.length !== 0) {
-                errors.push({
-                    path: `$input.operations[${i}].name`,
-                    expected: "Unique name in the same accessor scope.",
-                    value: op.name,
-                    description: utils_1.StringUtil.trim `
-            Duplicated operation accessor detected (name: ${op.name}, accessor: ${key}).
-
-            The operation name must be unique within the parent accessor.
-            In other worlds, the operation accessor determined by the name
-            must be unique in the OpenAPI document.
-
-            Here is the list of elements of duplicated operation names.
-            Check them, and consider which operation name would be proper to modify.
-
-            ${indexes
-                        .map((idx) => `- ${operations[idx].name} (accessor: ${key})`)
-                        .join("\n")}
-          `,
-                });
-            }
-            indexes.push(i);
-        });
         if (errors.length !== 0)
             return {
                 success: false,
@@ -605,32 +524,16 @@ const collection = {
                                 description: "Operation of the Restful API.\n\nThis interface defines a single API endpoint with its HTTP {@link method},\n{@link path}, {@link parameters path parameters},\n{@link requestBody request body}, and {@link responseBody} structure. It\ncorresponds to an individual operation in the paths section of an OpenAPI\ndocument.\n\nEach operation requires a detailed explanation of its purpose through the\nreason and description fields, making it clear why the API was designed and\nhow it should be used.\n\nDO: Use object types for all request bodies and responses. DO: Reference\nnamed types defined in the components section. DO: Use `application/json`\nas the content-type. DO: Use `string & tags.Format<\"uri\">` in the schema\nfor file upload/download operations instead of binary data formats.\n\nIn OpenAPI, this might represent:\n\n```json\n{\n  \"/shoppings/customers/orders\": {\n    \"post\": {\n      \"description\": \"Create a new order application from shopping cart...\",\n      \"parameters\": [...],\n      \"requestBody\": {...},\n      \"responses\": {...}\n    }\n  }\n}\n```",
                                 type: "object",
                                 properties: {
-                                    authorizationRoles: {
-                                        description: "Authorization roles required to access this API operation.\n\nThis field specifies which user roles are allowed to access this\nendpoint. Multiple roles can be specified to allow different types of\nusers to access the same endpoint.\n\n## \u26A0\uFE0F CRITICAL: Role Multiplication Effect\n\n**EACH ROLE IN THIS ARRAY GENERATES A SEPARATE ENDPOINT**\n\n- If you specify `[\"admin\", \"moderator\", \"member\"]`, this creates 3\n  separate endpoints\n- Total generated endpoints = operations \u00D7 average roles.length\n- Example: 100 operations with 3 roles each = 300 actual endpoints\n\n## \uD83D\uDD34 AVOID OVER-GENERATION\n\n**DO NOT create role-specific endpoints when a public endpoint would\nsuffice:**\n\n- \u274C BAD: Separate GET endpoints for admin, member, moderator to view the\n  same public data\n- \u2705 GOOD: Single public endpoint `[]` with role-based filtering in business\n  logic\n\n**DO NOT enumerate all possible roles when the Prisma schema uses a\nsingle User table:**\n\n- If Prisma has a User table with role/permission fields, you likely only\n  need `[\"user\"]`\n- Avoid listing `[\"admin\", \"seller\", \"buyer\", \"moderator\", ...]`\n  unnecessarily\n- The actual role checking happens in business logic, not at the endpoint\n  level\n\n## Naming Convention\n\nDO: Use camelCase for all role names.\n\n## Important Guidelines\n\n- Set to empty array `[]` for public endpoints that require no\n  authentication\n- Set to array with role strings for role-restricted endpoints\n- **MINIMIZE the number of roles per endpoint to prevent explosion**\n- Consider if the endpoint can be public with role-based filtering instead\n- The role names match exactly with the user type/role defined in the\n  database\n- This will be used by the Realize Agent to generate appropriate decorator\n  and authorization logic in the provider functions\n- The controller will apply the corresponding authentication decorator\n  based on these roles\n\n## Examples\n\n- `[]` - Public endpoint, no authentication required (PREFERRED for read\n  operations)\n- `[\"user\"]` - Any authenticated user can access (PREFERRED for\n  user-specific operations)\n- `[\"admin\"]` - Only admin users can access (USE SPARINGLY)\n- `[\"admin\", \"moderator\"]` - Both admin and moderator users can access\n  (AVOID if possible)\n- `[\"seller\"]` - Only seller users can access (ONLY if Seller is a separate\n  table)\n\n## Best Practices\n\n1. **Start with public `[]` for all read operations** unless sensitive data\n   is involved\n2. **Use single role `[\"user\"]` for authenticated operations** and handle\n   permissions in business logic\n3. **Only use multiple roles when absolutely necessary** for different\n   business logic paths\n4. **Remember: Fewer roles = Fewer endpoints = Better performance and\n   maintainability**\n\nNote: The actual authentication/authorization implementation will be\nhandled by decorators at the controller level, and the provider function\nwill receive the authenticated user object with the appropriate type.",
-                                        type: "array",
-                                        items: {
-                                            description: "@minLength 1\n@pattern ^[a-z][a-zA-Z0-9]*$",
-                                            type: "string"
-                                        }
-                                    },
-                                    name: {
-                                        description: "Functional name of the API endpoint.\n\nThis is a semantic identifier that represents the primary function or\npurpose of the API endpoint. It serves as a canonical name that can be\nused for code generation, SDK method names, and internal references.\n\n## Reserved Word Restrictions\n\nCRITICAL: The name MUST NOT be a TypeScript/JavaScript reserved word, as\nit will be used as a class method name in generated code. Avoid names\nlike:\n\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\nInstead, use alternative names for these operations:\n\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n\n## Standard Endpoint Names\n\nUse these conventional names based on the endpoint's primary function:\n\n- **`index`**: List/search operations that return multiple entities\n\n  - Typically used with PATCH method for complex queries\n  - Example: `PATCH /users` \u2192 `name: \"index\"`\n- **`at`**: Retrieve a specific entity by identifier\n\n  - Typically used with GET method on single resource\n  - Example: `GET /users/{userId}` \u2192 `name: \"at\"`\n- **`create`**: Create a new entity\n\n  - Typically used with POST method\n  - Example: `POST /users` \u2192 `name: \"create\"`\n- **`update`**: Update an existing entity\n\n  - Typically used with PUT method\n  - Example: `PUT /users/{userId}` \u2192 `name: \"update\"`\n- **`erase`**: Delete/remove an entity (NOT `delete` - reserved word!)\n\n  - Typically used with DELETE method\n  - Example: `DELETE /users/{userId}` \u2192 `name: \"erase\"`\n\n## Custom Endpoint Names\n\nFor specialized operations beyond basic CRUD, use descriptive verbs:\n\n- **`activate`**: Enable or turn on a feature/entity\n- **`deactivate`**: Disable or turn off a feature/entity\n- **`approve`**: Approve a request or entity\n- **`reject`**: Reject a request or entity\n- **`publish`**: Make content publicly available\n- **`archive`**: Move to archived state\n- **`restore`**: Restore from archived/deleted state\n- **`duplicate`**: Create a copy of an entity\n- **`transfer`**: Move ownership or change assignment\n- **`validate`**: Validate data or state\n- **`process`**: Execute a business process or workflow\n- **`export`**: Generate downloadable data\n- **`import`**: Process uploaded data\n\n## Naming Guidelines\n\n- MUST use camelCase naming convention\n- Use singular verb forms\n- Be concise but descriptive\n- Avoid abbreviations unless widely understood\n- Ensure the name clearly represents the endpoint's primary action\n- For nested resources, focus on the action rather than hierarchy\n- NEVER use JavaScript/TypeScript reserved words\n\nValid Examples:\n\n- `index`, `create`, `update`, `erase` (single word)\n- `updatePassword`, `cancelOrder`, `publishArticle` (camelCase)\n- `validateEmail`, `generateReport`, `exportData` (camelCase)\n\nInvalid Examples:\n\n- `update_password` (snake_case not allowed)\n- `UpdatePassword` (PascalCase not allowed)\n- `update-password` (kebab-case not allowed)\n\nPath to Name Examples:\n\n- `GET /shopping/orders/{orderId}/items` \u2192 `name: \"index\"` (lists items)\n- `POST /shopping/orders/{orderId}/cancel` \u2192 `name: \"cancel\"`\n- `PUT /users/{userId}/password` \u2192 `name: \"updatePassword\"`\n\n## Uniqueness Rule\n\nThe `name` must be unique within the API's accessor namespace. The\naccessor is formed by combining the path segments (excluding parameters)\nwith the operation name.\n\nAccessor formation:\n\n1. Extract non-parameter segments from the path (remove `{...}` parts)\n2. Join segments with dots\n3. Append the operation name\n\nExamples:\n\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at` \u2192 Accessor:\n  `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index` \u2192 Accessor:\n  `users.posts.index`\n- Path: `/auth/login`, Name: `signIn` \u2192 Accessor: `auth.login.signIn`\n\nEach accessor must be globally unique across the entire API. This ensures\noperations can be uniquely identified in generated SDKs and prevents\nnaming conflicts.\n\n\n@pattern ^[a-z][a-zA-Z0-9]*$",
-                                        type: "string"
-                                    },
                                     specification: {
                                         description: "Specification of the API operation.\n\nBefore defining the API operation interface, please describe what you're\nplanning to write in this `specification` field.\n\nThe specification must be fully detailed and clear, so that anyone can\nunderstand the purpose and functionality of the API operation and its\nrelated components (e.g., {@link path}, {@link parameters},\n{@link requestBody}).\n\nIMPORTANT: The specification MUST identify which Prisma DB table this\noperation is associated with, helping ensure complete coverage of all\ndatabase entities.",
                                         type: "string"
                                     },
-                                    summary: {
-                                        description: "Short summary of the API operation.\n\nThis should be a concise description of the API operation, typically one\nsentence long. It should provide a quick overview of what the API does\nwithout going into too much detail.\n\nThis summary will be used in the OpenAPI documentation to give users a\nquick understanding of the API operation's purpose.\n\nIMPORTANT: The summary should clearly indicate which Prisma DB table this\noperation relates to, helping to ensure all tables have API coverage.\n\n**CRITICAL WARNING about soft delete keywords**: DO NOT use terms like\n\"soft delete\", \"soft-delete\", or similar variations in this summary\nUNLESS the operation actually implements soft deletion. These keywords\ntrigger validation logic that expects a corresponding soft_delete_column\nto be specified. Only use these terms when you intend to implement soft\ndeletion (marking records as deleted without removing them from the\ndatabase).\n\n> MUST be written in English. Never use other languages",
-                                        type: "string"
-                                    },
                                     description: {
                                         description: "Detailed description about the API operation.\n\nIMPORTANT: This field MUST be extensively detailed and MUST reference the\ndescription comments from the related Prisma DB schema tables and\ncolumns. The description should be organized into MULTIPLE PARAGRAPHS\nseparated by line breaks to improve readability and comprehension.\n\nFor example, include separate paragraphs for:\n\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together with this one\n- Expected behavior and error handling\n\nWhen writing the description, be sure to incorporate the corresponding DB\nschema's description comments, matching the level of detail and style of\nthose comments. This ensures consistency between the API documentation\nand database structure.\n\nIf there's a dependency to other APIs, please describe the dependency API\noperation in this field with detailed reason. For example, if this API\noperation needs a pre-execution of other API operation, it must be\nexplicitly described.\n\n- `GET /shoppings/customers/sales` must be pre-executed to get entire list\n  of summarized sales. Detailed sale information would be obtained by\n  specifying the sale ID in the path parameter.\n\n**CRITICAL WARNING about soft delete keywords**: DO NOT use terms like\n\"soft delete\", \"soft-delete\", or similar variations in this description\nUNLESS the operation actually implements soft deletion. These keywords\ntrigger validation logic that expects a corresponding soft_delete_column\nto be specified. Only use these terms when you intend to implement soft\ndeletion (marking records as deleted without removing them from the\ndatabase).\n\nExample of problematic description: \u274C \"This would normally be a\nsoft-delete, but we intentionally perform permanent deletion here\" - This\ntriggers soft delete validation despite being a hard delete operation.\n\n> MUST be written in English. Never use other languages.",
                                         type: "string"
                                     },
-                                    path: {
-                                        description: "HTTP path of the API operation.\n\nThe URL path for accessing this API operation, using path parameters\nenclosed in curly braces (e.g., `/shoppings/customers/sales/{saleId}`).\n\nIt must be corresponded to the {@link parameters path parameters}.\n\nThe path structure should clearly indicate which database entity this\noperation is manipulating, helping to ensure all entities have\nappropriate API coverage.\n\nPath validation rules:\n\n- Must start with a forward slash (/)\n- Can contain only: letters (a-z, A-Z), numbers (0-9), forward slashes (/),\n  curly braces for parameters ({paramName}), hyphens (-), and underscores\n  (_)\n- Parameters must be enclosed in curly braces: {paramName}\n- Resource names should be in camelCase\n- No quotes, spaces, or invalid special characters allowed\n- No domain or role-based prefixes\n\nValid examples:\n\n- \"/users\"\n- \"/users/{userId}\"\n- \"/articles/{articleId}/comments\"\n- \"/attachmentFiles\"\n- \"/orders/{orderId}/items/{itemId}\"\n\nInvalid examples:\n\n- \"'/users'\" (contains quotes)\n- \"/user profile\" (contains space)\n- \"/users/[userId]\" (wrong bracket format)\n- \"/admin/users\" (role prefix)\n- \"/api/v1/users\" (API prefix)\n\n\n@pattern ^\\/[a-zA-Z0-9\\/_{}.-]*$",
+                                    summary: {
+                                        description: "Short summary of the API operation.\n\nThis should be a concise description of the API operation, typically one\nsentence long. It should provide a quick overview of what the API does\nwithout going into too much detail.\n\nThis summary will be used in the OpenAPI documentation to give users a\nquick understanding of the API operation's purpose.\n\nIMPORTANT: The summary should clearly indicate which Prisma DB table this\noperation relates to, helping to ensure all tables have API coverage.\n\n**CRITICAL WARNING about soft delete keywords**: DO NOT use terms like\n\"soft delete\", \"soft-delete\", or similar variations in this summary\nUNLESS the operation actually implements soft deletion. These keywords\ntrigger validation logic that expects a corresponding soft_delete_column\nto be specified. Only use these terms when you intend to implement soft\ndeletion (marking records as deleted without removing them from the\ndatabase).\n\n> MUST be written in English. Never use other languages",
                                         type: "string"
                                     },
                                     parameters: {
@@ -662,6 +565,22 @@ const collection = {
                                             }
                                         ]
                                     },
+                                    name: {
+                                        description: "Functional name of the API endpoint.\n\nThis is a semantic identifier that represents the primary function or\npurpose of the API endpoint. It serves as a canonical name that can be\nused for code generation, SDK method names, and internal references.\n\n## Reserved Word Restrictions\n\nCRITICAL: The name MUST NOT be a TypeScript/JavaScript reserved word, as\nit will be used as a class method name in generated code. Avoid names\nlike:\n\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\nInstead, use alternative names for these operations:\n\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n\n## Standard Endpoint Names\n\nUse these conventional names based on the endpoint's primary function:\n\n- **`index`**: List/search operations that return multiple entities\n\n  - Typically used with PATCH method for complex queries\n  - Example: `PATCH /users` \u2192 `name: \"index\"`\n- **`at`**: Retrieve a specific entity by identifier\n\n  - Typically used with GET method on single resource\n  - Example: `GET /users/{userId}` \u2192 `name: \"at\"`\n- **`create`**: Create a new entity\n\n  - Typically used with POST method\n  - Example: `POST /users` \u2192 `name: \"create\"`\n- **`update`**: Update an existing entity\n\n  - Typically used with PUT method\n  - Example: `PUT /users/{userId}` \u2192 `name: \"update\"`\n- **`erase`**: Delete/remove an entity (NOT `delete` - reserved word!)\n\n  - Typically used with DELETE method\n  - Example: `DELETE /users/{userId}` \u2192 `name: \"erase\"`\n\n## Custom Endpoint Names\n\nFor specialized operations beyond basic CRUD, use descriptive verbs:\n\n- **`activate`**: Enable or turn on a feature/entity\n- **`deactivate`**: Disable or turn off a feature/entity\n- **`approve`**: Approve a request or entity\n- **`reject`**: Reject a request or entity\n- **`publish`**: Make content publicly available\n- **`archive`**: Move to archived state\n- **`restore`**: Restore from archived/deleted state\n- **`duplicate`**: Create a copy of an entity\n- **`transfer`**: Move ownership or change assignment\n- **`validate`**: Validate data or state\n- **`process`**: Execute a business process or workflow\n- **`export`**: Generate downloadable data\n- **`import`**: Process uploaded data\n\n## Naming Guidelines\n\n- MUST use camelCase naming convention\n- Use singular verb forms\n- Be concise but descriptive\n- Avoid abbreviations unless widely understood\n- Ensure the name clearly represents the endpoint's primary action\n- For nested resources, focus on the action rather than hierarchy\n- NEVER use JavaScript/TypeScript reserved words\n\nValid Examples:\n\n- `index`, `create`, `update`, `erase` (single word)\n- `updatePassword`, `cancelOrder`, `publishArticle` (camelCase)\n- `validateEmail`, `generateReport`, `exportData` (camelCase)\n\nInvalid Examples:\n\n- `update_password` (snake_case not allowed)\n- `UpdatePassword` (PascalCase not allowed)\n- `update-password` (kebab-case not allowed)\n\nPath to Name Examples:\n\n- `GET /shopping/orders/{orderId}/items` \u2192 `name: \"index\"` (lists items)\n- `POST /shopping/orders/{orderId}/cancel` \u2192 `name: \"cancel\"`\n- `PUT /users/{userId}/password` \u2192 `name: \"updatePassword\"`\n\n## Uniqueness Rule\n\nThe `name` must be unique within the API's accessor namespace. The\naccessor is formed by combining the path segments (excluding parameters)\nwith the operation name.\n\nAccessor formation:\n\n1. Extract non-parameter segments from the path (remove `{...}` parts)\n2. Join segments with dots\n3. Append the operation name\n\nExamples:\n\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at` \u2192 Accessor:\n  `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index` \u2192 Accessor:\n  `users.posts.index`\n- Path: `/auth/login`, Name: `signIn` \u2192 Accessor: `auth.login.signIn`\n\nEach accessor must be globally unique across the entire API. This ensures\noperations can be uniquely identified in generated SDKs and prevents\nnaming conflicts.\n\n\n@pattern ^[a-z][a-zA-Z0-9]*$",
+                                        type: "string"
+                                    },
+                                    authorizationRoles: {
+                                        description: "Authorization roles required to access this API operation.\n\nThis field specifies which user roles are allowed to access this\nendpoint. Multiple roles can be specified to allow different types of\nusers to access the same endpoint.\n\n## \u26A0\uFE0F CRITICAL: Role Multiplication Effect\n\n**EACH ROLE IN THIS ARRAY GENERATES A SEPARATE ENDPOINT**\n\n- If you specify `[\"admin\", \"moderator\", \"member\"]`, this creates 3\n  separate endpoints\n- Total generated endpoints = operations \u00D7 average roles.length\n- Example: 100 operations with 3 roles each = 300 actual endpoints\n\n## \uD83D\uDD34 AVOID OVER-GENERATION\n\n**DO NOT create role-specific endpoints when a public endpoint would\nsuffice:**\n\n- \u274C BAD: Separate GET endpoints for admin, member, moderator to view the\n  same public data\n- \u2705 GOOD: Single public endpoint `[]` with role-based filtering in business\n  logic\n\n**DO NOT enumerate all possible roles when the Prisma schema uses a\nsingle User table:**\n\n- If Prisma has a User table with role/permission fields, you likely only\n  need `[\"user\"]`\n- Avoid listing `[\"admin\", \"seller\", \"buyer\", \"moderator\", ...]`\n  unnecessarily\n- The actual role checking happens in business logic, not at the endpoint\n  level\n\n## Naming Convention\n\nDO: Use camelCase for all role names.\n\n## Important Guidelines\n\n- Set to empty array `[]` for public endpoints that require no\n  authentication\n- Set to array with role strings for role-restricted endpoints\n- **MINIMIZE the number of roles per endpoint to prevent explosion**\n- Consider if the endpoint can be public with role-based filtering instead\n- The role names match exactly with the user type/role defined in the\n  database\n- This will be used by the Realize Agent to generate appropriate decorator\n  and authorization logic in the provider functions\n- The controller will apply the corresponding authentication decorator\n  based on these roles\n\n## Examples\n\n- `[]` - Public endpoint, no authentication required (PREFERRED for read\n  operations)\n- `[\"user\"]` - Any authenticated user can access (PREFERRED for\n  user-specific operations)\n- `[\"admin\"]` - Only admin users can access (USE SPARINGLY)\n- `[\"admin\", \"moderator\"]` - Both admin and moderator users can access\n  (AVOID if possible)\n- `[\"seller\"]` - Only seller users can access (ONLY if Seller is a separate\n  table)\n\n## Best Practices\n\n1. **Start with public `[]` for all read operations** unless sensitive data\n   is involved\n2. **Use single role `[\"user\"]` for authenticated operations** and handle\n   permissions in business logic\n3. **Only use multiple roles when absolutely necessary** for different\n   business logic paths\n4. **Remember: Fewer roles = Fewer endpoints = Better performance and\n   maintainability**\n\nNote: The actual authentication/authorization implementation will be\nhandled by decorators at the controller level, and the provider function\nwill receive the authenticated user object with the appropriate type.",
+                                        type: "array",
+                                        items: {
+                                            description: "@minLength 1\n@pattern ^[a-z][a-zA-Z0-9]*$",
+                                            type: "string"
+                                        }
+                                    },
+                                    path: {
+                                        description: "HTTP path of the API operation.\n\nThe URL path for accessing this API operation, using path parameters\nenclosed in curly braces (e.g., `/shoppings/customers/sales/{saleId}`).\n\nIt must be corresponded to the {@link parameters path parameters}.\n\nThe path structure should clearly indicate which database entity this\noperation is manipulating, helping to ensure all entities have\nappropriate API coverage.\n\nPath validation rules:\n\n- Must start with a forward slash (/)\n- Can contain only: letters (a-z, A-Z), numbers (0-9), forward slashes (/),\n  curly braces for parameters ({paramName}), hyphens (-), and underscores\n  (_)\n- Parameters must be enclosed in curly braces: {paramName}\n- Resource names should be in camelCase\n- No quotes, spaces, or invalid special characters allowed\n- No domain or role-based prefixes\n\nValid examples:\n\n- \"/users\"\n- \"/users/{userId}\"\n- \"/articles/{articleId}/comments\"\n- \"/attachmentFiles\"\n- \"/orders/{orderId}/items/{itemId}\"\n\nInvalid examples:\n\n- \"'/users'\" (contains quotes)\n- \"/user profile\" (contains space)\n- \"/users/[userId]\" (wrong bracket format)\n- \"/admin/users\" (role prefix)\n- \"/api/v1/users\" (API prefix)\n\n\n@pattern ^\\/[a-zA-Z0-9\\/_{}.-]*$",
+                                        type: "string"
+                                    },
                                     method: {
                                         description: "HTTP method of the API operation.\n\n**IMPORTANT**: Methods must be written in lowercase only (e.g., \"get\",\nnot \"GET\").\n\nNote that, if the API operation has {@link requestBody}, method must not\nbe `get`.\n\nAlso, even though the API operation has been designed to only get\ninformation, but it needs complicated request information, it must be\ndefined as `patch` method with {@link requestBody} data specification.\n\n- `get`: get information\n- `patch`: get information with complicated request data\n  ({@link requestBody})\n- `post`: create new record\n- `put`: update existing record\n- `delete`: remove record",
                                         type: "string",
@@ -675,15 +594,15 @@ const collection = {
                                     }
                                 },
                                 required: [
-                                    "authorizationRoles",
-                                    "name",
                                     "specification",
-                                    "summary",
                                     "description",
-                                    "path",
+                                    "summary",
                                     "parameters",
                                     "requestBody",
                                     "responseBody",
+                                    "name",
+                                    "authorizationRoles",
+                                    "path",
                                     "method"
                                 ]
                             },
@@ -875,7 +794,7 @@ const collection = {
                         }
                     },
                     description: "Generate detailed API operations from path/method combinations.\n\nThis function creates complete API operations following REST principles and\nquality standards. Each generated operation includes specification, path,\nmethod, detailed multi-paragraph description, concise summary, parameters,\nand appropriate request/response bodies.\n\nThe function processes as many operations as possible in a single call,\nwith progress tracking to ensure iterative completion of all required\nendpoints.",
-                    validate: (() => { const _io0 = input => Array.isArray(input.operations) && input.operations.every(elem => "object" === typeof elem && null !== elem && _io1(elem)); const _io1 = input => Array.isArray(input.authorizationRoles) && input.authorizationRoles.every(elem => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) && 1 <= elem.length)) && ("string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name)) && "string" === typeof input.specification && "string" === typeof input.summary && "string" === typeof input.description && ("string" === typeof input.path && RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path)) && (Array.isArray(input.parameters) && input.parameters.every(elem => "object" === typeof elem && null !== elem && _io2(elem))) && (null === input.requestBody || "object" === typeof input.requestBody && null !== input.requestBody && _io6(input.requestBody)) && (null === input.responseBody || "object" === typeof input.responseBody && null !== input.responseBody && _io7(input.responseBody)) && ("get" === input.method || "post" === input.method || "put" === input.method || "delete" === input.method || "patch" === input.method); const _io2 = input => "string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) && "string" === typeof input.description && ("object" === typeof input.schema && null !== input.schema && _iu0(input.schema)); const _io3 = input => (undefined === input.minimum || "number" === typeof input.minimum && (Math.floor(input.minimum) === input.minimum && -9223372036854776000 <= input.minimum && input.minimum <= 9223372036854776000)) && (undefined === input.maximum || "number" === typeof input.maximum && (Math.floor(input.maximum) === input.maximum && -9223372036854776000 <= input.maximum && input.maximum <= 9223372036854776000)) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && (Math.floor(input.multipleOf) === input.multipleOf && 0 <= input.multipleOf && input.multipleOf <= 18446744073709552000 && 0 < input.multipleOf)) && "integer" === input.type; const _io4 = input => (undefined === input.minimum || "number" === typeof input.minimum) && (undefined === input.maximum || "number" === typeof input.maximum) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && 0 < input.multipleOf) && "number" === input.type; const _io5 = input => (undefined === input.format || "string" === typeof input.format) && (undefined === input.pattern || "string" === typeof input.pattern) && (undefined === input.contentMediaType || "string" === typeof input.contentMediaType) && (undefined === input.minLength || "number" === typeof input.minLength && (Math.floor(input.minLength) === input.minLength && 0 <= input.minLength && input.minLength <= 18446744073709552000)) && (undefined === input.maxLength || "number" === typeof input.maxLength && (Math.floor(input.maxLength) === input.maxLength && 0 <= input.maxLength && input.maxLength <= 18446744073709552000)) && "string" === input.type; const _io6 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _io7 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _iu0 = input => (() => {
+                    validate: (() => { const _io0 = input => Array.isArray(input.operations) && input.operations.every(elem => "object" === typeof elem && null !== elem && _io1(elem)); const _io1 = input => "string" === typeof input.specification && "string" === typeof input.description && "string" === typeof input.summary && (Array.isArray(input.parameters) && input.parameters.every(elem => "object" === typeof elem && null !== elem && _io2(elem))) && (null === input.requestBody || "object" === typeof input.requestBody && null !== input.requestBody && _io6(input.requestBody)) && (null === input.responseBody || "object" === typeof input.responseBody && null !== input.responseBody && _io7(input.responseBody)) && ("string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name)) && (Array.isArray(input.authorizationRoles) && input.authorizationRoles.every(elem => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) && 1 <= elem.length))) && ("string" === typeof input.path && RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path)) && ("get" === input.method || "post" === input.method || "put" === input.method || "delete" === input.method || "patch" === input.method); const _io2 = input => "string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) && "string" === typeof input.description && ("object" === typeof input.schema && null !== input.schema && _iu0(input.schema)); const _io3 = input => (undefined === input.minimum || "number" === typeof input.minimum && (Math.floor(input.minimum) === input.minimum && -9223372036854776000 <= input.minimum && input.minimum <= 9223372036854776000)) && (undefined === input.maximum || "number" === typeof input.maximum && (Math.floor(input.maximum) === input.maximum && -9223372036854776000 <= input.maximum && input.maximum <= 9223372036854776000)) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && (Math.floor(input.multipleOf) === input.multipleOf && 0 <= input.multipleOf && input.multipleOf <= 18446744073709552000 && 0 < input.multipleOf)) && "integer" === input.type; const _io4 = input => (undefined === input.minimum || "number" === typeof input.minimum) && (undefined === input.maximum || "number" === typeof input.maximum) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && 0 < input.multipleOf) && "number" === input.type; const _io5 = input => (undefined === input.format || "string" === typeof input.format) && (undefined === input.pattern || "string" === typeof input.pattern) && (undefined === input.contentMediaType || "string" === typeof input.contentMediaType) && (undefined === input.minLength || "number" === typeof input.minLength && (Math.floor(input.minLength) === input.minLength && 0 <= input.minLength && input.minLength <= 18446744073709552000)) && (undefined === input.maxLength || "number" === typeof input.maxLength && (Math.floor(input.maxLength) === input.maxLength && 0 <= input.maxLength && input.maxLength <= 18446744073709552000)) && "string" === input.type; const _io6 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _io7 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _iu0 = input => (() => {
                         if ("number" === input.type)
                             return _io4(input);
                         else if ("integer" === input.type)
@@ -900,64 +819,28 @@ const collection = {
                             path: _path + ".operations",
                             expected: "Array<IAutoBeInterfaceOperationApplication.IOperation>",
                             value: input.operations
-                        })].every(flag => flag); const _vo1 = (input, _path, _exceptionable = true) => [(Array.isArray(input.authorizationRoles) || _report(_exceptionable, {
-                            path: _path + ".authorizationRoles",
-                            expected: "Array<string & CamelPattern & MinLength<1>>",
-                            value: input.authorizationRoles
-                        })) && input.authorizationRoles.map((elem, _index5) => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) || _report(_exceptionable, {
-                            path: _path + ".authorizationRoles[" + _index5 + "]",
-                            expected: "string & CamelPattern",
-                            value: elem
-                        })) && (1 <= elem.length || _report(_exceptionable, {
-                            path: _path + ".authorizationRoles[" + _index5 + "]",
-                            expected: "string & MinLength<1>",
-                            value: elem
-                        })) || _report(_exceptionable, {
-                            path: _path + ".authorizationRoles[" + _index5 + "]",
-                            expected: "(string & CamelPattern & MinLength<1>)",
-                            value: elem
-                        })).every(flag => flag) || _report(_exceptionable, {
-                            path: _path + ".authorizationRoles",
-                            expected: "Array<string & CamelPattern & MinLength<1>>",
-                            value: input.authorizationRoles
-                        }), "string" === typeof input.name && (RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) || _report(_exceptionable, {
-                            path: _path + ".name",
-                            expected: "string & CamelPattern",
-                            value: input.name
-                        })) || _report(_exceptionable, {
-                            path: _path + ".name",
-                            expected: "(string & CamelPattern)",
-                            value: input.name
-                        }), "string" === typeof input.specification || _report(_exceptionable, {
+                        })].every(flag => flag); const _vo1 = (input, _path, _exceptionable = true) => ["string" === typeof input.specification || _report(_exceptionable, {
                             path: _path + ".specification",
                             expected: "string",
                             value: input.specification
-                        }), "string" === typeof input.summary || _report(_exceptionable, {
-                            path: _path + ".summary",
-                            expected: "string",
-                            value: input.summary
                         }), "string" === typeof input.description || _report(_exceptionable, {
                             path: _path + ".description",
                             expected: "string",
                             value: input.description
-                        }), "string" === typeof input.path && (RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path) || _report(_exceptionable, {
-                            path: _path + ".path",
-                            expected: "string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">",
-                            value: input.path
-                        })) || _report(_exceptionable, {
-                            path: _path + ".path",
-                            expected: "(string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">)",
-                            value: input.path
+                        }), "string" === typeof input.summary || _report(_exceptionable, {
+                            path: _path + ".summary",
+                            expected: "string",
+                            value: input.summary
                         }), (Array.isArray(input.parameters) || _report(_exceptionable, {
                             path: _path + ".parameters",
                             expected: "Array<AutoBeOpenApi.IParameter>",
                             value: input.parameters
-                        })) && input.parameters.map((elem, _index6) => ("object" === typeof elem && null !== elem || _report(_exceptionable, {
-                            path: _path + ".parameters[" + _index6 + "]",
+                        })) && input.parameters.map((elem, _index5) => ("object" === typeof elem && null !== elem || _report(_exceptionable, {
+                            path: _path + ".parameters[" + _index5 + "]",
                             expected: "AutoBeOpenApi.IParameter",
                             value: elem
-                        })) && _vo2(elem, _path + ".parameters[" + _index6 + "]", true && _exceptionable) || _report(_exceptionable, {
-                            path: _path + ".parameters[" + _index6 + "]",
+                        })) && _vo2(elem, _path + ".parameters[" + _index5 + "]", true && _exceptionable) || _report(_exceptionable, {
+                            path: _path + ".parameters[" + _index5 + "]",
                             expected: "AutoBeOpenApi.IParameter",
                             value: elem
                         })).every(flag => flag) || _report(_exceptionable, {
@@ -980,6 +863,42 @@ const collection = {
                             path: _path + ".responseBody",
                             expected: "(AutoBeOpenApi.IResponseBody | null)",
                             value: input.responseBody
+                        }), "string" === typeof input.name && (RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) || _report(_exceptionable, {
+                            path: _path + ".name",
+                            expected: "string & CamelPattern",
+                            value: input.name
+                        })) || _report(_exceptionable, {
+                            path: _path + ".name",
+                            expected: "(string & CamelPattern)",
+                            value: input.name
+                        }), (Array.isArray(input.authorizationRoles) || _report(_exceptionable, {
+                            path: _path + ".authorizationRoles",
+                            expected: "Array<string & CamelPattern & MinLength<1>>",
+                            value: input.authorizationRoles
+                        })) && input.authorizationRoles.map((elem, _index6) => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) || _report(_exceptionable, {
+                            path: _path + ".authorizationRoles[" + _index6 + "]",
+                            expected: "string & CamelPattern",
+                            value: elem
+                        })) && (1 <= elem.length || _report(_exceptionable, {
+                            path: _path + ".authorizationRoles[" + _index6 + "]",
+                            expected: "string & MinLength<1>",
+                            value: elem
+                        })) || _report(_exceptionable, {
+                            path: _path + ".authorizationRoles[" + _index6 + "]",
+                            expected: "(string & CamelPattern & MinLength<1>)",
+                            value: elem
+                        })).every(flag => flag) || _report(_exceptionable, {
+                            path: _path + ".authorizationRoles",
+                            expected: "Array<string & CamelPattern & MinLength<1>>",
+                            value: input.authorizationRoles
+                        }), "string" === typeof input.path && (RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path) || _report(_exceptionable, {
+                            path: _path + ".path",
+                            expected: "string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">",
+                            value: input.path
+                        })) || _report(_exceptionable, {
+                            path: _path + ".path",
+                            expected: "(string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">)",
+                            value: input.path
                         }), "get" === input.method || "post" === input.method || "put" === input.method || "delete" === input.method || "patch" === input.method || _report(_exceptionable, {
                             path: _path + ".method",
                             expected: "(\"delete\" | \"get\" | \"patch\" | \"post\" | \"put\")",
@@ -1202,36 +1121,17 @@ const collection = {
                                 description: "Operation of the Restful API.\n\nThis interface defines a single API endpoint with its HTTP {@link method},\n{@link path}, {@link parameters path parameters},\n{@link requestBody request body}, and {@link responseBody} structure. It\ncorresponds to an individual operation in the paths section of an OpenAPI\ndocument.\n\nEach operation requires a detailed explanation of its purpose through the\nreason and description fields, making it clear why the API was designed and\nhow it should be used.\n\nDO: Use object types for all request bodies and responses. DO: Reference\nnamed types defined in the components section. DO: Use `application/json`\nas the content-type. DO: Use `string & tags.Format<\"uri\">` in the schema\nfor file upload/download operations instead of binary data formats.\n\nIn OpenAPI, this might represent:\n\n```json\n{\n  \"/shoppings/customers/orders\": {\n    \"post\": {\n      \"description\": \"Create a new order application from shopping cart...\",\n      \"parameters\": [...],\n      \"requestBody\": {...},\n      \"responses\": {...}\n    }\n  }\n}\n```",
                                 type: "object",
                                 properties: {
-                                    authorizationRoles: {
-                                        description: "Authorization roles required to access this API operation.\n\nThis field specifies which user roles are allowed to access this\nendpoint. Multiple roles can be specified to allow different types of\nusers to access the same endpoint.\n\n## \u26A0\uFE0F CRITICAL: Role Multiplication Effect\n\n**EACH ROLE IN THIS ARRAY GENERATES A SEPARATE ENDPOINT**\n\n- If you specify `[\"admin\", \"moderator\", \"member\"]`, this creates 3\n  separate endpoints\n- Total generated endpoints = operations \u00D7 average roles.length\n- Example: 100 operations with 3 roles each = 300 actual endpoints\n\n## \uD83D\uDD34 AVOID OVER-GENERATION\n\n**DO NOT create role-specific endpoints when a public endpoint would\nsuffice:**\n\n- \u274C BAD: Separate GET endpoints for admin, member, moderator to view the\n  same public data\n- \u2705 GOOD: Single public endpoint `[]` with role-based filtering in business\n  logic\n\n**DO NOT enumerate all possible roles when the Prisma schema uses a\nsingle User table:**\n\n- If Prisma has a User table with role/permission fields, you likely only\n  need `[\"user\"]`\n- Avoid listing `[\"admin\", \"seller\", \"buyer\", \"moderator\", ...]`\n  unnecessarily\n- The actual role checking happens in business logic, not at the endpoint\n  level\n\n## Naming Convention\n\nDO: Use camelCase for all role names.\n\n## Important Guidelines\n\n- Set to empty array `[]` for public endpoints that require no\n  authentication\n- Set to array with role strings for role-restricted endpoints\n- **MINIMIZE the number of roles per endpoint to prevent explosion**\n- Consider if the endpoint can be public with role-based filtering instead\n- The role names match exactly with the user type/role defined in the\n  database\n- This will be used by the Realize Agent to generate appropriate decorator\n  and authorization logic in the provider functions\n- The controller will apply the corresponding authentication decorator\n  based on these roles\n\n## Examples\n\n- `[]` - Public endpoint, no authentication required (PREFERRED for read\n  operations)\n- `[\"user\"]` - Any authenticated user can access (PREFERRED for\n  user-specific operations)\n- `[\"admin\"]` - Only admin users can access (USE SPARINGLY)\n- `[\"admin\", \"moderator\"]` - Both admin and moderator users can access\n  (AVOID if possible)\n- `[\"seller\"]` - Only seller users can access (ONLY if Seller is a separate\n  table)\n\n## Best Practices\n\n1. **Start with public `[]` for all read operations** unless sensitive data\n   is involved\n2. **Use single role `[\"user\"]` for authenticated operations** and handle\n   permissions in business logic\n3. **Only use multiple roles when absolutely necessary** for different\n   business logic paths\n4. **Remember: Fewer roles = Fewer endpoints = Better performance and\n   maintainability**\n\nNote: The actual authentication/authorization implementation will be\nhandled by decorators at the controller level, and the provider function\nwill receive the authenticated user object with the appropriate type.",
-                                        type: "array",
-                                        items: {
-                                            type: "string",
-                                            pattern: "^[a-z][a-zA-Z0-9]*$",
-                                            minLength: 1
-                                        }
-                                    },
-                                    name: {
-                                        description: "Functional name of the API endpoint.\n\nThis is a semantic identifier that represents the primary function or\npurpose of the API endpoint. It serves as a canonical name that can be\nused for code generation, SDK method names, and internal references.\n\n## Reserved Word Restrictions\n\nCRITICAL: The name MUST NOT be a TypeScript/JavaScript reserved word, as\nit will be used as a class method name in generated code. Avoid names\nlike:\n\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\nInstead, use alternative names for these operations:\n\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n\n## Standard Endpoint Names\n\nUse these conventional names based on the endpoint's primary function:\n\n- **`index`**: List/search operations that return multiple entities\n\n  - Typically used with PATCH method for complex queries\n  - Example: `PATCH /users` \u2192 `name: \"index\"`\n- **`at`**: Retrieve a specific entity by identifier\n\n  - Typically used with GET method on single resource\n  - Example: `GET /users/{userId}` \u2192 `name: \"at\"`\n- **`create`**: Create a new entity\n\n  - Typically used with POST method\n  - Example: `POST /users` \u2192 `name: \"create\"`\n- **`update`**: Update an existing entity\n\n  - Typically used with PUT method\n  - Example: `PUT /users/{userId}` \u2192 `name: \"update\"`\n- **`erase`**: Delete/remove an entity (NOT `delete` - reserved word!)\n\n  - Typically used with DELETE method\n  - Example: `DELETE /users/{userId}` \u2192 `name: \"erase\"`\n\n## Custom Endpoint Names\n\nFor specialized operations beyond basic CRUD, use descriptive verbs:\n\n- **`activate`**: Enable or turn on a feature/entity\n- **`deactivate`**: Disable or turn off a feature/entity\n- **`approve`**: Approve a request or entity\n- **`reject`**: Reject a request or entity\n- **`publish`**: Make content publicly available\n- **`archive`**: Move to archived state\n- **`restore`**: Restore from archived/deleted state\n- **`duplicate`**: Create a copy of an entity\n- **`transfer`**: Move ownership or change assignment\n- **`validate`**: Validate data or state\n- **`process`**: Execute a business process or workflow\n- **`export`**: Generate downloadable data\n- **`import`**: Process uploaded data\n\n## Naming Guidelines\n\n- MUST use camelCase naming convention\n- Use singular verb forms\n- Be concise but descriptive\n- Avoid abbreviations unless widely understood\n- Ensure the name clearly represents the endpoint's primary action\n- For nested resources, focus on the action rather than hierarchy\n- NEVER use JavaScript/TypeScript reserved words\n\nValid Examples:\n\n- `index`, `create`, `update`, `erase` (single word)\n- `updatePassword`, `cancelOrder`, `publishArticle` (camelCase)\n- `validateEmail`, `generateReport`, `exportData` (camelCase)\n\nInvalid Examples:\n\n- `update_password` (snake_case not allowed)\n- `UpdatePassword` (PascalCase not allowed)\n- `update-password` (kebab-case not allowed)\n\nPath to Name Examples:\n\n- `GET /shopping/orders/{orderId}/items` \u2192 `name: \"index\"` (lists items)\n- `POST /shopping/orders/{orderId}/cancel` \u2192 `name: \"cancel\"`\n- `PUT /users/{userId}/password` \u2192 `name: \"updatePassword\"`\n\n## Uniqueness Rule\n\nThe `name` must be unique within the API's accessor namespace. The\naccessor is formed by combining the path segments (excluding parameters)\nwith the operation name.\n\nAccessor formation:\n\n1. Extract non-parameter segments from the path (remove `{...}` parts)\n2. Join segments with dots\n3. Append the operation name\n\nExamples:\n\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at` \u2192 Accessor:\n  `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index` \u2192 Accessor:\n  `users.posts.index`\n- Path: `/auth/login`, Name: `signIn` \u2192 Accessor: `auth.login.signIn`\n\nEach accessor must be globally unique across the entire API. This ensures\noperations can be uniquely identified in generated SDKs and prevents\nnaming conflicts.",
-                                        type: "string",
-                                        pattern: "^[a-z][a-zA-Z0-9]*$"
-                                    },
                                     specification: {
                                         description: "Specification of the API operation.\n\nBefore defining the API operation interface, please describe what you're\nplanning to write in this `specification` field.\n\nThe specification must be fully detailed and clear, so that anyone can\nunderstand the purpose and functionality of the API operation and its\nrelated components (e.g., {@link path}, {@link parameters},\n{@link requestBody}).\n\nIMPORTANT: The specification MUST identify which Prisma DB table this\noperation is associated with, helping ensure complete coverage of all\ndatabase entities.",
                                         type: "string"
                                     },
-                                    summary: {
-                                        description: "Short summary of the API operation.\n\nThis should be a concise description of the API operation, typically one\nsentence long. It should provide a quick overview of what the API does\nwithout going into too much detail.\n\nThis summary will be used in the OpenAPI documentation to give users a\nquick understanding of the API operation's purpose.\n\nIMPORTANT: The summary should clearly indicate which Prisma DB table this\noperation relates to, helping to ensure all tables have API coverage.\n\n**CRITICAL WARNING about soft delete keywords**: DO NOT use terms like\n\"soft delete\", \"soft-delete\", or similar variations in this summary\nUNLESS the operation actually implements soft deletion. These keywords\ntrigger validation logic that expects a corresponding soft_delete_column\nto be specified. Only use these terms when you intend to implement soft\ndeletion (marking records as deleted without removing them from the\ndatabase).\n\n> MUST be written in English. Never use other languages",
-                                        type: "string"
-                                    },
                                     description: {
                                         description: "Detailed description about the API operation.\n\nIMPORTANT: This field MUST be extensively detailed and MUST reference the\ndescription comments from the related Prisma DB schema tables and\ncolumns. The description should be organized into MULTIPLE PARAGRAPHS\nseparated by line breaks to improve readability and comprehension.\n\nFor example, include separate paragraphs for:\n\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together with this one\n- Expected behavior and error handling\n\nWhen writing the description, be sure to incorporate the corresponding DB\nschema's description comments, matching the level of detail and style of\nthose comments. This ensures consistency between the API documentation\nand database structure.\n\nIf there's a dependency to other APIs, please describe the dependency API\noperation in this field with detailed reason. For example, if this API\noperation needs a pre-execution of other API operation, it must be\nexplicitly described.\n\n- `GET /shoppings/customers/sales` must be pre-executed to get entire list\n  of summarized sales. Detailed sale information would be obtained by\n  specifying the sale ID in the path parameter.\n\n**CRITICAL WARNING about soft delete keywords**: DO NOT use terms like\n\"soft delete\", \"soft-delete\", or similar variations in this description\nUNLESS the operation actually implements soft deletion. These keywords\ntrigger validation logic that expects a corresponding soft_delete_column\nto be specified. Only use these terms when you intend to implement soft\ndeletion (marking records as deleted without removing them from the\ndatabase).\n\nExample of problematic description: \u274C \"This would normally be a\nsoft-delete, but we intentionally perform permanent deletion here\" - This\ntriggers soft delete validation despite being a hard delete operation.\n\n> MUST be written in English. Never use other languages.",
                                         type: "string"
                                     },
-                                    path: {
-                                        description: "HTTP path of the API operation.\n\nThe URL path for accessing this API operation, using path parameters\nenclosed in curly braces (e.g., `/shoppings/customers/sales/{saleId}`).\n\nIt must be corresponded to the {@link parameters path parameters}.\n\nThe path structure should clearly indicate which database entity this\noperation is manipulating, helping to ensure all entities have\nappropriate API coverage.\n\nPath validation rules:\n\n- Must start with a forward slash (/)\n- Can contain only: letters (a-z, A-Z), numbers (0-9), forward slashes (/),\n  curly braces for parameters ({paramName}), hyphens (-), and underscores\n  (_)\n- Parameters must be enclosed in curly braces: {paramName}\n- Resource names should be in camelCase\n- No quotes, spaces, or invalid special characters allowed\n- No domain or role-based prefixes\n\nValid examples:\n\n- \"/users\"\n- \"/users/{userId}\"\n- \"/articles/{articleId}/comments\"\n- \"/attachmentFiles\"\n- \"/orders/{orderId}/items/{itemId}\"\n\nInvalid examples:\n\n- \"'/users'\" (contains quotes)\n- \"/user profile\" (contains space)\n- \"/users/[userId]\" (wrong bracket format)\n- \"/admin/users\" (role prefix)\n- \"/api/v1/users\" (API prefix)",
-                                        type: "string",
-                                        pattern: "^\\/[a-zA-Z0-9\\/_{}.-]*$"
+                                    summary: {
+                                        description: "Short summary of the API operation.\n\nThis should be a concise description of the API operation, typically one\nsentence long. It should provide a quick overview of what the API does\nwithout going into too much detail.\n\nThis summary will be used in the OpenAPI documentation to give users a\nquick understanding of the API operation's purpose.\n\nIMPORTANT: The summary should clearly indicate which Prisma DB table this\noperation relates to, helping to ensure all tables have API coverage.\n\n**CRITICAL WARNING about soft delete keywords**: DO NOT use terms like\n\"soft delete\", \"soft-delete\", or similar variations in this summary\nUNLESS the operation actually implements soft deletion. These keywords\ntrigger validation logic that expects a corresponding soft_delete_column\nto be specified. Only use these terms when you intend to implement soft\ndeletion (marking records as deleted without removing them from the\ndatabase).\n\n> MUST be written in English. Never use other languages",
+                                        type: "string"
                                     },
                                     parameters: {
                                         description: "List of path parameters.\n\nNote that, the {@link AutoBeOpenApi.IParameter.name identifier name} of\npath parameter must be corresponded to the\n{@link path API operation path}.\n\nFor example, if there's an API operation which has {@link path} of\n`/shoppings/customers/sales/{saleId}/questions/${questionId}/comments/${commentId}`,\nits list of {@link AutoBeOpenApi.IParameter.name path parameters} must be\nlike:\n\n- `saleId`\n- `questionId`\n- `commentId`",
@@ -1262,6 +1162,25 @@ const collection = {
                                             }
                                         ]
                                     },
+                                    name: {
+                                        description: "Functional name of the API endpoint.\n\nThis is a semantic identifier that represents the primary function or\npurpose of the API endpoint. It serves as a canonical name that can be\nused for code generation, SDK method names, and internal references.\n\n## Reserved Word Restrictions\n\nCRITICAL: The name MUST NOT be a TypeScript/JavaScript reserved word, as\nit will be used as a class method name in generated code. Avoid names\nlike:\n\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\nInstead, use alternative names for these operations:\n\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n\n## Standard Endpoint Names\n\nUse these conventional names based on the endpoint's primary function:\n\n- **`index`**: List/search operations that return multiple entities\n\n  - Typically used with PATCH method for complex queries\n  - Example: `PATCH /users` \u2192 `name: \"index\"`\n- **`at`**: Retrieve a specific entity by identifier\n\n  - Typically used with GET method on single resource\n  - Example: `GET /users/{userId}` \u2192 `name: \"at\"`\n- **`create`**: Create a new entity\n\n  - Typically used with POST method\n  - Example: `POST /users` \u2192 `name: \"create\"`\n- **`update`**: Update an existing entity\n\n  - Typically used with PUT method\n  - Example: `PUT /users/{userId}` \u2192 `name: \"update\"`\n- **`erase`**: Delete/remove an entity (NOT `delete` - reserved word!)\n\n  - Typically used with DELETE method\n  - Example: `DELETE /users/{userId}` \u2192 `name: \"erase\"`\n\n## Custom Endpoint Names\n\nFor specialized operations beyond basic CRUD, use descriptive verbs:\n\n- **`activate`**: Enable or turn on a feature/entity\n- **`deactivate`**: Disable or turn off a feature/entity\n- **`approve`**: Approve a request or entity\n- **`reject`**: Reject a request or entity\n- **`publish`**: Make content publicly available\n- **`archive`**: Move to archived state\n- **`restore`**: Restore from archived/deleted state\n- **`duplicate`**: Create a copy of an entity\n- **`transfer`**: Move ownership or change assignment\n- **`validate`**: Validate data or state\n- **`process`**: Execute a business process or workflow\n- **`export`**: Generate downloadable data\n- **`import`**: Process uploaded data\n\n## Naming Guidelines\n\n- MUST use camelCase naming convention\n- Use singular verb forms\n- Be concise but descriptive\n- Avoid abbreviations unless widely understood\n- Ensure the name clearly represents the endpoint's primary action\n- For nested resources, focus on the action rather than hierarchy\n- NEVER use JavaScript/TypeScript reserved words\n\nValid Examples:\n\n- `index`, `create`, `update`, `erase` (single word)\n- `updatePassword`, `cancelOrder`, `publishArticle` (camelCase)\n- `validateEmail`, `generateReport`, `exportData` (camelCase)\n\nInvalid Examples:\n\n- `update_password` (snake_case not allowed)\n- `UpdatePassword` (PascalCase not allowed)\n- `update-password` (kebab-case not allowed)\n\nPath to Name Examples:\n\n- `GET /shopping/orders/{orderId}/items` \u2192 `name: \"index\"` (lists items)\n- `POST /shopping/orders/{orderId}/cancel` \u2192 `name: \"cancel\"`\n- `PUT /users/{userId}/password` \u2192 `name: \"updatePassword\"`\n\n## Uniqueness Rule\n\nThe `name` must be unique within the API's accessor namespace. The\naccessor is formed by combining the path segments (excluding parameters)\nwith the operation name.\n\nAccessor formation:\n\n1. Extract non-parameter segments from the path (remove `{...}` parts)\n2. Join segments with dots\n3. Append the operation name\n\nExamples:\n\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at` \u2192 Accessor:\n  `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index` \u2192 Accessor:\n  `users.posts.index`\n- Path: `/auth/login`, Name: `signIn` \u2192 Accessor: `auth.login.signIn`\n\nEach accessor must be globally unique across the entire API. This ensures\noperations can be uniquely identified in generated SDKs and prevents\nnaming conflicts.",
+                                        type: "string",
+                                        pattern: "^[a-z][a-zA-Z0-9]*$"
+                                    },
+                                    authorizationRoles: {
+                                        description: "Authorization roles required to access this API operation.\n\nThis field specifies which user roles are allowed to access this\nendpoint. Multiple roles can be specified to allow different types of\nusers to access the same endpoint.\n\n## \u26A0\uFE0F CRITICAL: Role Multiplication Effect\n\n**EACH ROLE IN THIS ARRAY GENERATES A SEPARATE ENDPOINT**\n\n- If you specify `[\"admin\", \"moderator\", \"member\"]`, this creates 3\n  separate endpoints\n- Total generated endpoints = operations \u00D7 average roles.length\n- Example: 100 operations with 3 roles each = 300 actual endpoints\n\n## \uD83D\uDD34 AVOID OVER-GENERATION\n\n**DO NOT create role-specific endpoints when a public endpoint would\nsuffice:**\n\n- \u274C BAD: Separate GET endpoints for admin, member, moderator to view the\n  same public data\n- \u2705 GOOD: Single public endpoint `[]` with role-based filtering in business\n  logic\n\n**DO NOT enumerate all possible roles when the Prisma schema uses a\nsingle User table:**\n\n- If Prisma has a User table with role/permission fields, you likely only\n  need `[\"user\"]`\n- Avoid listing `[\"admin\", \"seller\", \"buyer\", \"moderator\", ...]`\n  unnecessarily\n- The actual role checking happens in business logic, not at the endpoint\n  level\n\n## Naming Convention\n\nDO: Use camelCase for all role names.\n\n## Important Guidelines\n\n- Set to empty array `[]` for public endpoints that require no\n  authentication\n- Set to array with role strings for role-restricted endpoints\n- **MINIMIZE the number of roles per endpoint to prevent explosion**\n- Consider if the endpoint can be public with role-based filtering instead\n- The role names match exactly with the user type/role defined in the\n  database\n- This will be used by the Realize Agent to generate appropriate decorator\n  and authorization logic in the provider functions\n- The controller will apply the corresponding authentication decorator\n  based on these roles\n\n## Examples\n\n- `[]` - Public endpoint, no authentication required (PREFERRED for read\n  operations)\n- `[\"user\"]` - Any authenticated user can access (PREFERRED for\n  user-specific operations)\n- `[\"admin\"]` - Only admin users can access (USE SPARINGLY)\n- `[\"admin\", \"moderator\"]` - Both admin and moderator users can access\n  (AVOID if possible)\n- `[\"seller\"]` - Only seller users can access (ONLY if Seller is a separate\n  table)\n\n## Best Practices\n\n1. **Start with public `[]` for all read operations** unless sensitive data\n   is involved\n2. **Use single role `[\"user\"]` for authenticated operations** and handle\n   permissions in business logic\n3. **Only use multiple roles when absolutely necessary** for different\n   business logic paths\n4. **Remember: Fewer roles = Fewer endpoints = Better performance and\n   maintainability**\n\nNote: The actual authentication/authorization implementation will be\nhandled by decorators at the controller level, and the provider function\nwill receive the authenticated user object with the appropriate type.",
+                                        type: "array",
+                                        items: {
+                                            type: "string",
+                                            pattern: "^[a-z][a-zA-Z0-9]*$",
+                                            minLength: 1
+                                        }
+                                    },
+                                    path: {
+                                        description: "HTTP path of the API operation.\n\nThe URL path for accessing this API operation, using path parameters\nenclosed in curly braces (e.g., `/shoppings/customers/sales/{saleId}`).\n\nIt must be corresponded to the {@link parameters path parameters}.\n\nThe path structure should clearly indicate which database entity this\noperation is manipulating, helping to ensure all entities have\nappropriate API coverage.\n\nPath validation rules:\n\n- Must start with a forward slash (/)\n- Can contain only: letters (a-z, A-Z), numbers (0-9), forward slashes (/),\n  curly braces for parameters ({paramName}), hyphens (-), and underscores\n  (_)\n- Parameters must be enclosed in curly braces: {paramName}\n- Resource names should be in camelCase\n- No quotes, spaces, or invalid special characters allowed\n- No domain or role-based prefixes\n\nValid examples:\n\n- \"/users\"\n- \"/users/{userId}\"\n- \"/articles/{articleId}/comments\"\n- \"/attachmentFiles\"\n- \"/orders/{orderId}/items/{itemId}\"\n\nInvalid examples:\n\n- \"'/users'\" (contains quotes)\n- \"/user profile\" (contains space)\n- \"/users/[userId]\" (wrong bracket format)\n- \"/admin/users\" (role prefix)\n- \"/api/v1/users\" (API prefix)",
+                                        type: "string",
+                                        pattern: "^\\/[a-zA-Z0-9\\/_{}.-]*$"
+                                    },
                                     method: {
                                         description: "HTTP method of the API operation.\n\n**IMPORTANT**: Methods must be written in lowercase only (e.g., \"get\",\nnot \"GET\").\n\nNote that, if the API operation has {@link requestBody}, method must not\nbe `get`.\n\nAlso, even though the API operation has been designed to only get\ninformation, but it needs complicated request information, it must be\ndefined as `patch` method with {@link requestBody} data specification.\n\n- `get`: get information\n- `patch`: get information with complicated request data\n  ({@link requestBody})\n- `post`: create new record\n- `put`: update existing record\n- `delete`: remove record",
                                         oneOf: [
@@ -1284,15 +1203,15 @@ const collection = {
                                     }
                                 },
                                 required: [
-                                    "authorizationRoles",
-                                    "name",
                                     "specification",
-                                    "summary",
                                     "description",
-                                    "path",
+                                    "summary",
                                     "parameters",
                                     "requestBody",
                                     "responseBody",
+                                    "name",
+                                    "authorizationRoles",
+                                    "path",
                                     "method"
                                 ]
                             },
@@ -1480,7 +1399,7 @@ const collection = {
                         }
                     },
                     description: "Generate detailed API operations from path/method combinations.\n\nThis function creates complete API operations following REST principles and\nquality standards. Each generated operation includes specification, path,\nmethod, detailed multi-paragraph description, concise summary, parameters,\nand appropriate request/response bodies.\n\nThe function processes as many operations as possible in a single call,\nwith progress tracking to ensure iterative completion of all required\nendpoints.",
-                    validate: (() => { const _io0 = input => Array.isArray(input.operations) && input.operations.every(elem => "object" === typeof elem && null !== elem && _io1(elem)); const _io1 = input => Array.isArray(input.authorizationRoles) && input.authorizationRoles.every(elem => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) && 1 <= elem.length)) && ("string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name)) && "string" === typeof input.specification && "string" === typeof input.summary && "string" === typeof input.description && ("string" === typeof input.path && RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path)) && (Array.isArray(input.parameters) && input.parameters.every(elem => "object" === typeof elem && null !== elem && _io2(elem))) && (null === input.requestBody || "object" === typeof input.requestBody && null !== input.requestBody && _io6(input.requestBody)) && (null === input.responseBody || "object" === typeof input.responseBody && null !== input.responseBody && _io7(input.responseBody)) && ("get" === input.method || "post" === input.method || "put" === input.method || "delete" === input.method || "patch" === input.method); const _io2 = input => "string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) && "string" === typeof input.description && ("object" === typeof input.schema && null !== input.schema && _iu0(input.schema)); const _io3 = input => (undefined === input.minimum || "number" === typeof input.minimum && (Math.floor(input.minimum) === input.minimum && -9223372036854776000 <= input.minimum && input.minimum <= 9223372036854776000)) && (undefined === input.maximum || "number" === typeof input.maximum && (Math.floor(input.maximum) === input.maximum && -9223372036854776000 <= input.maximum && input.maximum <= 9223372036854776000)) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && (Math.floor(input.multipleOf) === input.multipleOf && 0 <= input.multipleOf && input.multipleOf <= 18446744073709552000 && 0 < input.multipleOf)) && "integer" === input.type; const _io4 = input => (undefined === input.minimum || "number" === typeof input.minimum) && (undefined === input.maximum || "number" === typeof input.maximum) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && 0 < input.multipleOf) && "number" === input.type; const _io5 = input => (undefined === input.format || "string" === typeof input.format) && (undefined === input.pattern || "string" === typeof input.pattern) && (undefined === input.contentMediaType || "string" === typeof input.contentMediaType) && (undefined === input.minLength || "number" === typeof input.minLength && (Math.floor(input.minLength) === input.minLength && 0 <= input.minLength && input.minLength <= 18446744073709552000)) && (undefined === input.maxLength || "number" === typeof input.maxLength && (Math.floor(input.maxLength) === input.maxLength && 0 <= input.maxLength && input.maxLength <= 18446744073709552000)) && "string" === input.type; const _io6 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _io7 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _iu0 = input => (() => {
+                    validate: (() => { const _io0 = input => Array.isArray(input.operations) && input.operations.every(elem => "object" === typeof elem && null !== elem && _io1(elem)); const _io1 = input => "string" === typeof input.specification && "string" === typeof input.description && "string" === typeof input.summary && (Array.isArray(input.parameters) && input.parameters.every(elem => "object" === typeof elem && null !== elem && _io2(elem))) && (null === input.requestBody || "object" === typeof input.requestBody && null !== input.requestBody && _io6(input.requestBody)) && (null === input.responseBody || "object" === typeof input.responseBody && null !== input.responseBody && _io7(input.responseBody)) && ("string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name)) && (Array.isArray(input.authorizationRoles) && input.authorizationRoles.every(elem => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) && 1 <= elem.length))) && ("string" === typeof input.path && RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path)) && ("get" === input.method || "post" === input.method || "put" === input.method || "delete" === input.method || "patch" === input.method); const _io2 = input => "string" === typeof input.name && RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) && "string" === typeof input.description && ("object" === typeof input.schema && null !== input.schema && _iu0(input.schema)); const _io3 = input => (undefined === input.minimum || "number" === typeof input.minimum && (Math.floor(input.minimum) === input.minimum && -9223372036854776000 <= input.minimum && input.minimum <= 9223372036854776000)) && (undefined === input.maximum || "number" === typeof input.maximum && (Math.floor(input.maximum) === input.maximum && -9223372036854776000 <= input.maximum && input.maximum <= 9223372036854776000)) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && (Math.floor(input.multipleOf) === input.multipleOf && 0 <= input.multipleOf && input.multipleOf <= 18446744073709552000 && 0 < input.multipleOf)) && "integer" === input.type; const _io4 = input => (undefined === input.minimum || "number" === typeof input.minimum) && (undefined === input.maximum || "number" === typeof input.maximum) && (undefined === input.exclusiveMinimum || "number" === typeof input.exclusiveMinimum) && (undefined === input.exclusiveMaximum || "number" === typeof input.exclusiveMaximum) && (undefined === input.multipleOf || "number" === typeof input.multipleOf && 0 < input.multipleOf) && "number" === input.type; const _io5 = input => (undefined === input.format || "string" === typeof input.format) && (undefined === input.pattern || "string" === typeof input.pattern) && (undefined === input.contentMediaType || "string" === typeof input.contentMediaType) && (undefined === input.minLength || "number" === typeof input.minLength && (Math.floor(input.minLength) === input.minLength && 0 <= input.minLength && input.minLength <= 18446744073709552000)) && (undefined === input.maxLength || "number" === typeof input.maxLength && (Math.floor(input.maxLength) === input.maxLength && 0 <= input.maxLength && input.maxLength <= 18446744073709552000)) && "string" === input.type; const _io6 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _io7 = input => "string" === typeof input.description && "string" === typeof input.typeName; const _iu0 = input => (() => {
                         if ("number" === input.type)
                             return _io4(input);
                         else if ("integer" === input.type)
@@ -1505,64 +1424,28 @@ const collection = {
                             path: _path + ".operations",
                             expected: "Array<IAutoBeInterfaceOperationApplication.IOperation>",
                             value: input.operations
-                        })].every(flag => flag); const _vo1 = (input, _path, _exceptionable = true) => [(Array.isArray(input.authorizationRoles) || _report(_exceptionable, {
-                            path: _path + ".authorizationRoles",
-                            expected: "Array<string & CamelPattern & MinLength<1>>",
-                            value: input.authorizationRoles
-                        })) && input.authorizationRoles.map((elem, _index5) => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) || _report(_exceptionable, {
-                            path: _path + ".authorizationRoles[" + _index5 + "]",
-                            expected: "string & CamelPattern",
-                            value: elem
-                        })) && (1 <= elem.length || _report(_exceptionable, {
-                            path: _path + ".authorizationRoles[" + _index5 + "]",
-                            expected: "string & MinLength<1>",
-                            value: elem
-                        })) || _report(_exceptionable, {
-                            path: _path + ".authorizationRoles[" + _index5 + "]",
-                            expected: "(string & CamelPattern & MinLength<1>)",
-                            value: elem
-                        })).every(flag => flag) || _report(_exceptionable, {
-                            path: _path + ".authorizationRoles",
-                            expected: "Array<string & CamelPattern & MinLength<1>>",
-                            value: input.authorizationRoles
-                        }), "string" === typeof input.name && (RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) || _report(_exceptionable, {
-                            path: _path + ".name",
-                            expected: "string & CamelPattern",
-                            value: input.name
-                        })) || _report(_exceptionable, {
-                            path: _path + ".name",
-                            expected: "(string & CamelPattern)",
-                            value: input.name
-                        }), "string" === typeof input.specification || _report(_exceptionable, {
+                        })].every(flag => flag); const _vo1 = (input, _path, _exceptionable = true) => ["string" === typeof input.specification || _report(_exceptionable, {
                             path: _path + ".specification",
                             expected: "string",
                             value: input.specification
-                        }), "string" === typeof input.summary || _report(_exceptionable, {
-                            path: _path + ".summary",
-                            expected: "string",
-                            value: input.summary
                         }), "string" === typeof input.description || _report(_exceptionable, {
                             path: _path + ".description",
                             expected: "string",
                             value: input.description
-                        }), "string" === typeof input.path && (RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path) || _report(_exceptionable, {
-                            path: _path + ".path",
-                            expected: "string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">",
-                            value: input.path
-                        })) || _report(_exceptionable, {
-                            path: _path + ".path",
-                            expected: "(string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">)",
-                            value: input.path
+                        }), "string" === typeof input.summary || _report(_exceptionable, {
+                            path: _path + ".summary",
+                            expected: "string",
+                            value: input.summary
                         }), (Array.isArray(input.parameters) || _report(_exceptionable, {
                             path: _path + ".parameters",
                             expected: "Array<AutoBeOpenApi.IParameter>",
                             value: input.parameters
-                        })) && input.parameters.map((elem, _index6) => ("object" === typeof elem && null !== elem || _report(_exceptionable, {
-                            path: _path + ".parameters[" + _index6 + "]",
+                        })) && input.parameters.map((elem, _index5) => ("object" === typeof elem && null !== elem || _report(_exceptionable, {
+                            path: _path + ".parameters[" + _index5 + "]",
                             expected: "AutoBeOpenApi.IParameter",
                             value: elem
-                        })) && _vo2(elem, _path + ".parameters[" + _index6 + "]", true && _exceptionable) || _report(_exceptionable, {
-                            path: _path + ".parameters[" + _index6 + "]",
+                        })) && _vo2(elem, _path + ".parameters[" + _index5 + "]", true && _exceptionable) || _report(_exceptionable, {
+                            path: _path + ".parameters[" + _index5 + "]",
                             expected: "AutoBeOpenApi.IParameter",
                             value: elem
                         })).every(flag => flag) || _report(_exceptionable, {
@@ -1585,6 +1468,42 @@ const collection = {
                             path: _path + ".responseBody",
                             expected: "(AutoBeOpenApi.IResponseBody | null)",
                             value: input.responseBody
+                        }), "string" === typeof input.name && (RegExp("^[a-z][a-zA-Z0-9]*$").test(input.name) || _report(_exceptionable, {
+                            path: _path + ".name",
+                            expected: "string & CamelPattern",
+                            value: input.name
+                        })) || _report(_exceptionable, {
+                            path: _path + ".name",
+                            expected: "(string & CamelPattern)",
+                            value: input.name
+                        }), (Array.isArray(input.authorizationRoles) || _report(_exceptionable, {
+                            path: _path + ".authorizationRoles",
+                            expected: "Array<string & CamelPattern & MinLength<1>>",
+                            value: input.authorizationRoles
+                        })) && input.authorizationRoles.map((elem, _index6) => "string" === typeof elem && (RegExp("^[a-z][a-zA-Z0-9]*$").test(elem) || _report(_exceptionable, {
+                            path: _path + ".authorizationRoles[" + _index6 + "]",
+                            expected: "string & CamelPattern",
+                            value: elem
+                        })) && (1 <= elem.length || _report(_exceptionable, {
+                            path: _path + ".authorizationRoles[" + _index6 + "]",
+                            expected: "string & MinLength<1>",
+                            value: elem
+                        })) || _report(_exceptionable, {
+                            path: _path + ".authorizationRoles[" + _index6 + "]",
+                            expected: "(string & CamelPattern & MinLength<1>)",
+                            value: elem
+                        })).every(flag => flag) || _report(_exceptionable, {
+                            path: _path + ".authorizationRoles",
+                            expected: "Array<string & CamelPattern & MinLength<1>>",
+                            value: input.authorizationRoles
+                        }), "string" === typeof input.path && (RegExp("^\\/[a-zA-Z0-9\\/_{}.-]*$").test(input.path) || _report(_exceptionable, {
+                            path: _path + ".path",
+                            expected: "string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">",
+                            value: input.path
+                        })) || _report(_exceptionable, {
+                            path: _path + ".path",
+                            expected: "(string & Pattern<\"^\\\\/[a-zA-Z0-9\\\\/_{}.-]*$\">)",
+                            value: input.path
                         }), "get" === input.method || "post" === input.method || "put" === input.method || "delete" === input.method || "patch" === input.method || _report(_exceptionable, {
                             path: _path + ".method",
                             expected: "(\"delete\" | \"get\" | \"patch\" | \"post\" | \"put\")",