@buildpad/cli 0.1.4

package/dist/outdated-JMAYAZ7W.js

@@ -0,0 +1,110 @@
+import {
+  getRegistry,
+  loadConfig
+} from "./chunk-J4KKVECI.js";
+
+// src/commands/outdated.ts
+import chalk from "chalk";
+import ora from "ora";
+async function getRegistry2() {
+  try {
+    return await getRegistry();
+  } catch (err) {
+    console.error(chalk.red("Failed to load registry:", err.message));
+    process.exit(1);
+  }
+}
+async function outdated(options) {
+  const { cwd, json = false } = options;
+  const config = await loadConfig(cwd);
+  if (!config) {
+    if (json) {
+      console.log(JSON.stringify({ error: "buildpad.json not found" }));
+    } else {
+      console.log(chalk.red('\n\u2717 buildpad.json not found. Run "npx buildpad init" first.\n'));
+    }
+    process.exit(1);
+  }
+  const spinner = json ? null : ora("Checking for updates...").start();
+  try {
+    const registry = await getRegistry2();
+    const result = {
+      outdated: [],
+      upToDate: [],
+      unknown: [],
+      registryVersion: registry.version,
+      installedRegistryVersion: config.registryVersion
+    };
+    for (const componentName of config.installedComponents) {
+      const versionInfo = config.componentVersions?.[componentName];
+      if (!versionInfo) {
+        result.unknown.push(componentName);
+      } else if (versionInfo.version !== registry.version) {
+        result.outdated.push({
+          name: componentName,
+          installedVersion: versionInfo.version,
+          latestVersion: registry.version,
+          installedAt: versionInfo.installedAt
+        });
+      } else {
+        result.upToDate.push(componentName);
+      }
+    }
+    for (const libName of config.installedLib) {
+      const versionInfo = config.componentVersions?.[`lib/${libName}`];
+      if (!versionInfo) {
+        result.unknown.push(`lib/${libName}`);
+      }
+    }
+    spinner?.stop();
+    if (json) {
+      console.log(JSON.stringify(result, null, 2));
+      return;
+    }
+    console.log(chalk.bold("\n\u{1F4E6} Component Update Status\n"));
+    console.log(chalk.dim(`Registry version: ${registry.version}`));
+    if (config.registryVersion) {
+      console.log(chalk.dim(`Installed at registry version: ${config.registryVersion}
+`));
+    } else {
+      console.log(chalk.dim(`Installed at registry version: unknown
+`));
+    }
+    if (result.outdated.length > 0) {
+      console.log(chalk.yellow(`
+\u26A0 ${result.outdated.length} component(s) have updates available:
+`));
+      for (const comp of result.outdated) {
+        const installedDate = new Date(comp.installedAt).toLocaleDateString();
+        console.log(chalk.yellow(`  ${comp.name}`));
+        console.log(chalk.dim(`    ${comp.installedVersion} \u2192 ${comp.latestVersion} (installed ${installedDate})`));
+      }
+      console.log(chalk.dim("\n  Update with:"));
+      console.log(chalk.cyan(`    npx buildpad add ${result.outdated.map((c) => c.name).join(" ")} --overwrite
+`));
+    }
+    if (result.unknown.length > 0) {
+      console.log(chalk.dim(`
+  ${result.unknown.length} component(s) without version info (installed before tracking):`));
+      result.unknown.forEach((name) => console.log(chalk.dim(`    - ${name}`)));
+      console.log(chalk.dim("\n  Reinstall with --overwrite to enable version tracking."));
+    }
+    if (result.outdated.length === 0 && result.unknown.length === 0) {
+      console.log(chalk.green("\u2713 All components are up to date!\n"));
+    }
+    console.log(chalk.dim(`
+Total: ${config.installedComponents.length} components, ${config.installedLib.length} lib modules`));
+    console.log(chalk.dim(`  Up to date: ${result.upToDate.length}`));
+    console.log(chalk.dim(`  Outdated: ${result.outdated.length}`));
+    console.log(chalk.dim(`  Unknown: ${result.unknown.length}
+`));
+  } catch (error) {
+    spinner?.fail("Failed to check for updates");
+    console.error(chalk.red(error));
+    process.exit(1);
+  }
+}
+export {
+  outdated
+};
+//# sourceMappingURL=outdated-JMAYAZ7W.js.map

package/dist/outdated-JMAYAZ7W.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/commands/outdated.ts"],"sourcesContent":["/**\n * Buildpad CLI - Outdated Command\n * \n * Checks for component updates by comparing installed versions\n * to the current registry version.\n */\n\nimport chalk from 'chalk';\nimport ora from 'ora';\nimport { loadConfig } from './init.js';\nimport {\n  getRegistry as fetchRegistry,\n  type Registry,\n} from '../resolver.js';\n\n/**\n * Load registry (local or remote via resolver)\n */\nasync function getRegistry(): Promise<Registry> {\n  try {\n    return await fetchRegistry();\n  } catch (err: any) {\n    console.error(chalk.red('Failed to load registry:', err.message));\n    process.exit(1);\n  }\n}\n\n/**\n * Main outdated command\n */\nexport async function outdated(options: {\n  cwd: string;\n  json?: boolean;\n}) {\n  const { cwd, json = false } = options;\n  \n  // Load config\n  const config = await loadConfig(cwd);\n  if (!config) {\n    if (json) {\n      console.log(JSON.stringify({ error: 'buildpad.json not found' }));\n    } else {\n      console.log(chalk.red('\\n✗ buildpad.json not found. Run \"npx buildpad init\" first.\\n'));\n    }\n    process.exit(1);\n  }\n  \n  const spinner = json ? null : ora('Checking for updates...').start();\n  \n  try {\n    const registry = await getRegistry();\n    const result: OutdatedResult = {\n      outdated: [],\n      upToDate: [],\n      unknown: [],\n      registryVersion: registry.version,\n      installedRegistryVersion: config.registryVersion,\n    };\n    \n    // Check each installed component\n    for (const componentName of config.installedComponents) {\n      const versionInfo = config.componentVersions?.[componentName];\n      \n      if (!versionInfo) {\n        // No version info - installed before version tracking\n        result.unknown.push(componentName);\n      } else if (versionInfo.version !== registry.version) {\n        // Outdated\n        result.outdated.push({\n          name: componentName,\n          installedVersion: versionInfo.version,\n          latestVersion: registry.version,\n          installedAt: versionInfo.installedAt,\n        });\n      } else {\n        // Up to date\n        result.upToDate.push(componentName);\n      }\n    }\n    \n    // Check lib modules too\n    for (const libName of config.installedLib) {\n      const versionInfo = config.componentVersions?.[`lib/${libName}`];\n      \n      if (!versionInfo) {\n        result.unknown.push(`lib/${libName}`);\n      }\n    }\n    \n    spinner?.stop();\n    \n    if (json) {\n      console.log(JSON.stringify(result, null, 2));\n      return;\n    }\n    \n    // Display results\n    console.log(chalk.bold('\\n📦 Component Update Status\\n'));\n    console.log(chalk.dim(`Registry version: ${registry.version}`));\n    if (config.registryVersion) {\n      console.log(chalk.dim(`Installed at registry version: ${config.registryVersion}\\n`));\n    } else {\n      console.log(chalk.dim(`Installed at registry version: unknown\\n`));\n    }\n    \n    if (result.outdated.length > 0) {\n      console.log(chalk.yellow(`\\n⚠ ${result.outdated.length} component(s) have updates available:\\n`));\n      \n      for (const comp of result.outdated) {\n        const installedDate = new Date(comp.installedAt).toLocaleDateString();\n        console.log(chalk.yellow(`  ${comp.name}`));\n        console.log(chalk.dim(`    ${comp.installedVersion} → ${comp.latestVersion} (installed ${installedDate})`));\n      }\n      \n      console.log(chalk.dim('\\n  Update with:'));\n      console.log(chalk.cyan(`    npx buildpad add ${result.outdated.map(c => c.name).join(' ')} --overwrite\\n`));\n    }\n    \n    if (result.unknown.length > 0) {\n      console.log(chalk.dim(`\\n  ${result.unknown.length} component(s) without version info (installed before tracking):`));\n      result.unknown.forEach(name => console.log(chalk.dim(`    - ${name}`)));\n      console.log(chalk.dim('\\n  Reinstall with --overwrite to enable version tracking.'));\n    }\n    \n    if (result.outdated.length === 0 && result.unknown.length === 0) {\n      console.log(chalk.green('✓ All components are up to date!\\n'));\n    }\n    \n    // Summary\n    console.log(chalk.dim(`\\nTotal: ${config.installedComponents.length} components, ${config.installedLib.length} lib modules`));\n    console.log(chalk.dim(`  Up to date: ${result.upToDate.length}`));\n    console.log(chalk.dim(`  Outdated: ${result.outdated.length}`));\n    console.log(chalk.dim(`  Unknown: ${result.unknown.length}\\n`));\n    \n  } catch (error) {\n    spinner?.fail('Failed to check for updates');\n    console.error(chalk.red(error));\n    process.exit(1);\n  }\n}\n"],"mappings":";;;;;;AAOA,OAAO,WAAW;AAClB,OAAO,SAAS;AAUhB,eAAeA,eAAiC;AAC9C,MAAI;AACF,WAAO,MAAM,YAAc;AAAA,EAC7B,SAAS,KAAU;AACjB,YAAQ,MAAM,MAAM,IAAI,4BAA4B,IAAI,OAAO,CAAC;AAChE,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF;AAKA,eAAsB,SAAS,SAG5B;AACD,QAAM,EAAE,KAAK,OAAO,MAAM,IAAI;AAG9B,QAAM,SAAS,MAAM,WAAW,GAAG;AACnC,MAAI,CAAC,QAAQ;AACX,QAAI,MAAM;AACR,cAAQ,IAAI,KAAK,UAAU,EAAE,OAAO,0BAA0B,CAAC,CAAC;AAAA,IAClE,OAAO;AACL,cAAQ,IAAI,MAAM,IAAI,oEAA+D,CAAC;AAAA,IACxF;AACA,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,QAAM,UAAU,OAAO,OAAO,IAAI,yBAAyB,EAAE,MAAM;AAEnE,MAAI;AACF,UAAM,WAAW,MAAMA,aAAY;AACnC,UAAM,SAAyB;AAAA,MAC7B,UAAU,CAAC;AAAA,MACX,UAAU,CAAC;AAAA,MACX,SAAS,CAAC;AAAA,MACV,iBAAiB,SAAS;AAAA,MAC1B,0BAA0B,OAAO;AAAA,IACnC;AAGA,eAAW,iBAAiB,OAAO,qBAAqB;AACtD,YAAM,cAAc,OAAO,oBAAoB,aAAa;AAE5D,UAAI,CAAC,aAAa;AAEhB,eAAO,QAAQ,KAAK,aAAa;AAAA,MACnC,WAAW,YAAY,YAAY,SAAS,SAAS;AAEnD,eAAO,SAAS,KAAK;AAAA,UACnB,MAAM;AAAA,UACN,kBAAkB,YAAY;AAAA,UAC9B,eAAe,SAAS;AAAA,UACxB,aAAa,YAAY;AAAA,QAC3B,CAAC;AAAA,MACH,OAAO;AAEL,eAAO,SAAS,KAAK,aAAa;AAAA,MACpC;AAAA,IACF;AAGA,eAAW,WAAW,OAAO,cAAc;AACzC,YAAM,cAAc,OAAO,oBAAoB,OAAO,OAAO,EAAE;AAE/D,UAAI,CAAC,aAAa;AAChB,eAAO,QAAQ,KAAK,OAAO,OAAO,EAAE;AAAA,MACtC;AAAA,IACF;AAEA,aAAS,KAAK;AAEd,QAAI,MAAM;AACR,cAAQ,IAAI,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAC3C;AAAA,IACF;AAGA,YAAQ,IAAI,MAAM,KAAK,uCAAgC,CAAC;AACxD,YAAQ,IAAI,MAAM,IAAI,qBAAqB,SAAS,OAAO,EAAE,CAAC;AAC9D,QAAI,OAAO,iBAAiB;AAC1B,cAAQ,IAAI,MAAM,IAAI,kCAAkC,OAAO,eAAe;AAAA,CAAI,CAAC;AAAA,IACrF,OAAO;AACL,cAAQ,IAAI,MAAM,IAAI;AAAA,CAA0C,CAAC;AAAA,IACnE;AAEA,QAAI,OAAO,SAAS,SAAS,GAAG;AAC9B,cAAQ,IAAI,MAAM,OAAO;AAAA,SAAO,OAAO,SAAS,MAAM;AAAA,CAAyC,CAAC;AAEhG,iBAAW,QAAQ,OAAO,UAAU;AAClC,cAAM,gBAAgB,IAAI,KAAK,KAAK,WAAW,EAAE,mBAAmB;AACpE,gBAAQ,IAAI,MAAM,OAAO,KAAK,KAAK,IAAI,EAAE,CAAC;AAC1C,gBAAQ,IAAI,MAAM,IAAI,OAAO,KAAK,gBAAgB,WAAM,KAAK,aAAa,eAAe,aAAa,GAAG,CAAC;AAAA,MAC5G;AAEA,cAAQ,IAAI,MAAM,IAAI,kBAAkB,CAAC;AACzC,cAAQ,IAAI,MAAM,KAAK,wBAAwB,OAAO,SAAS,IAAI,OAAK,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC;AAAA,CAAgB,CAAC;AAAA,IAC5G;AAEA,QAAI,OAAO,QAAQ,SAAS,GAAG;AAC7B,cAAQ,IAAI,MAAM,IAAI;AAAA,IAAO,OAAO,QAAQ,MAAM,iEAAiE,CAAC;AACpH,aAAO,QAAQ,QAAQ,UAAQ,QAAQ,IAAI,MAAM,IAAI,SAAS,IAAI,EAAE,CAAC,CAAC;AACtE,cAAQ,IAAI,MAAM,IAAI,4DAA4D,CAAC;AAAA,IACrF;AAEA,QAAI,OAAO,SAAS,WAAW,KAAK,OAAO,QAAQ,WAAW,GAAG;AAC/D,cAAQ,IAAI,MAAM,MAAM,yCAAoC,CAAC;AAAA,IAC/D;AAGA,YAAQ,IAAI,MAAM,IAAI;AAAA,SAAY,OAAO,oBAAoB,MAAM,gBAAgB,OAAO,aAAa,MAAM,cAAc,CAAC;AAC5H,YAAQ,IAAI,MAAM,IAAI,iBAAiB,OAAO,SAAS,MAAM,EAAE,CAAC;AAChE,YAAQ,IAAI,MAAM,IAAI,eAAe,OAAO,SAAS,MAAM,EAAE,CAAC;AAC9D,YAAQ,IAAI,MAAM,IAAI,cAAc,OAAO,QAAQ,MAAM;AAAA,CAAI,CAAC;AAAA,EAEhE,SAAS,OAAO;AACd,aAAS,KAAK,6BAA6B;AAC3C,YAAQ,MAAM,MAAM,IAAI,KAAK,CAAC;AAC9B,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF;","names":["getRegistry"]}

package/dist/templates/api/auth-callback-route.ts

@@ -0,0 +1,36 @@
+/**
+ * Auth Callback Route
+ * 
+ * Handles OAuth callback and email confirmation redirects.
+ * Exchanges the auth code for a session server-side.
+ * 
+ * @buildpad/origin: api-routes/auth-callback
+ * @buildpad/version: 1.0.0
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { createClient } from '@/lib/supabase/server';
+
+/**
+ * GET /api/auth/callback
+ * 
+ * Handles the OAuth redirect callback.
+ * Exchanges the code for a session and redirects to the app.
+ */
+export async function GET(request: NextRequest) {
+  const { searchParams, origin } = request.nextUrl;
+  const code = searchParams.get('code');
+  const next = searchParams.get('next') ?? '/';
+
+  if (code) {
+    const supabase = await createClient();
+    const { error } = await supabase.auth.exchangeCodeForSession(code);
+
+    if (!error) {
+      return NextResponse.redirect(`${origin}${next}`);
+    }
+  }
+
+  // Auth code exchange failed — redirect to login with error
+  return NextResponse.redirect(`${origin}/login?error=auth_callback_failed`);
+}

package/dist/templates/api/auth-headers.ts

@@ -0,0 +1,72 @@
+/**
+ * API Auth Headers Helper
+ * 
+ * Forwards authentication tokens from Supabase session to DaaS backend.
+ * This file is copied to your project by the Buildpad CLI.
+ * 
+ * @buildpad/origin: api-routes/auth-headers
+ * @buildpad/version: 1.0.0
+ */
+
+import { createClient } from '@/lib/supabase/server';
+
+/**
+ * Get authentication headers for DaaS API requests
+ * Extracts the access token from the current Supabase session
+ */
+export async function getAuthHeaders(): Promise<HeadersInit> {
+  const supabase = await createClient();
+  const { data: { session } } = await supabase.auth.getSession();
+  
+  const headers: HeadersInit = {
+    'Content-Type': 'application/json',
+  };
+  
+  if (session?.access_token) {
+    headers['Authorization'] = `Bearer ${session.access_token}`;
+  }
+  
+  return headers;
+}
+
+/**
+ * Get the DaaS backend URL from environment
+ */
+export function getDaasUrl(): string {
+  const url = process.env.NEXT_PUBLIC_MICROBUILD_DAAS_URL;
+  if (!url) {
+    throw new Error('NEXT_PUBLIC_MICROBUILD_DAAS_URL is not configured in .env.local');
+  }
+  return url;
+}
+
+/**
+ * Make an authenticated request to the DaaS backend
+ */
+export async function daasRequest<T = unknown>(
+  path: string,
+  options: RequestInit = {}
+): Promise<{ data: T | null; error: Error | null }> {
+  try {
+    const baseUrl = getDaasUrl();
+    const headers = await getAuthHeaders();
+    
+    const response = await fetch(`${baseUrl}${path}`, {
+      ...options,
+      headers: {
+        ...headers,
+        ...options.headers,
+      },
+    });
+    
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      throw new Error(errorData.errors?.[0]?.message || `Request failed: ${response.status}`);
+    }
+    
+    const data = await response.json();
+    return { data: data.data ?? data, error: null };
+  } catch (error) {
+    return { data: null, error: error as Error };
+  }
+}

package/dist/templates/api/auth-login-route.ts

@@ -0,0 +1,63 @@
+/**
+ * Auth Login API Route (Proxy)
+ * 
+ * Proxies login requests to the DaaS backend.
+ * This ensures no CORS issues because the browser only talks to the same-origin Next.js server.
+ * 
+ * Pattern: Browser → Next.js API Route → DaaS Backend → Supabase Auth
+ * 
+ * @buildpad/origin: api-routes/auth-login
+ * @buildpad/version: 1.0.0
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { createClient } from '@/lib/supabase/server';
+
+/**
+ * POST /api/auth/login
+ * 
+ * Authenticates user with email/password via Supabase Auth.
+ * The session cookie is set server-side, avoiding CORS issues.
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const { email, password } = await request.json();
+
+    if (!email || !password) {
+      return NextResponse.json(
+        { errors: [{ message: 'Email and password are required' }] },
+        { status: 400 }
+      );
+    }
+
+    const supabase = await createClient();
+
+    const { data, error } = await supabase.auth.signInWithPassword({
+      email,
+      password,
+    });
+
+    if (error) {
+      return NextResponse.json(
+        { errors: [{ message: error.message }] },
+        { status: 401 }
+      );
+    }
+
+    return NextResponse.json({
+      data: {
+        user: data.user,
+        session: {
+          access_token: data.session?.access_token,
+          expires_at: data.session?.expires_at,
+        },
+      },
+    });
+  } catch (error) {
+    console.error('Login error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Login failed' }] },
+      { status: 500 }
+    );
+  }
+}

package/dist/templates/api/auth-logout-route.ts

@@ -0,0 +1,41 @@
+/**
+ * Auth Logout API Route (Proxy)
+ * 
+ * Proxies logout requests through the Next.js server.
+ * Clears the Supabase session cookie server-side.
+ * 
+ * @buildpad/origin: api-routes/auth-logout
+ * @buildpad/version: 1.0.0
+ */
+
+import { NextResponse } from 'next/server';
+import { createClient } from '@/lib/supabase/server';
+
+/**
+ * POST /api/auth/logout
+ * 
+ * Signs out the current user and clears session cookies.
+ */
+export async function POST() {
+  try {
+    const supabase = await createClient();
+
+    const { error } = await supabase.auth.signOut();
+
+    if (error) {
+      console.error('Logout error:', error);
+      return NextResponse.json(
+        { errors: [{ message: error.message }] },
+        { status: 500 }
+      );
+    }
+
+    return NextResponse.json({ data: { message: 'Logged out successfully' } });
+  } catch (error) {
+    console.error('Unexpected logout error:', error);
+    return NextResponse.json(
+      { errors: [{ message: 'Failed to logout' }] },
+      { status: 500 }
+    );
+  }
+}

package/dist/templates/api/auth-user-route.ts

@@ -0,0 +1,71 @@
+/**
+ * Auth User API Route (Proxy)
+ * 
+ * Returns the currently authenticated user's information.
+ * Proxies through the Next.js server to avoid CORS issues.
+ * 
+ * @buildpad/origin: api-routes/auth-user
+ * @buildpad/version: 1.0.0
+ */
+
+import { NextResponse } from 'next/server';
+import { createClient } from '@/lib/supabase/server';
+import { getAuthHeaders, getDaasUrl } from '@/lib/api/auth-headers';
+
+/**
+ * GET /api/auth/user
+ * 
+ * Returns current user info. Tries DaaS backend first (for full user profile
+ * with roles/permissions), falls back to Supabase Auth user.
+ */
+export async function GET() {
+  try {
+    const supabase = await createClient();
+    const { data: { user }, error: authError } = await supabase.auth.getUser();
+
+    if (authError || !user) {
+      return NextResponse.json(
+        { errors: [{ message: 'Authentication required' }] },
+        { status: 401 }
+      );
+    }
+
+    // Try to get enhanced user profile from DaaS backend
+    try {
+      const headers = await getAuthHeaders();
+      const daasUrl = getDaasUrl();
+
+      const response = await fetch(`${daasUrl}/api/users/me`, {
+        headers,
+        cache: 'no-store',
+      });
+
+      if (response.ok) {
+        const data = await response.json();
+        return NextResponse.json({ data: data.data || data });
+      }
+    } catch {
+      // DaaS not available, fall back to Supabase user
+    }
+
+    // Fallback: return basic Supabase user info
+    return NextResponse.json({
+      data: {
+        id: user.id,
+        email: user.email,
+        first_name: user.user_metadata?.first_name || null,
+        last_name: user.user_metadata?.last_name || null,
+        avatar: user.user_metadata?.avatar || null,
+        status: 'active',
+        role: null,
+        admin_access: false,
+      },
+    });
+  } catch (error) {
+    console.error('Auth user error:', error);
+    return NextResponse.json(
+      { errors: [{ message: 'Failed to get user info' }] },
+      { status: 500 }
+    );
+  }
+}

package/dist/templates/api/collections-route.ts

@@ -0,0 +1,54 @@
+/**
+ * Collections API Route
+ *
+ * Proxies collection metadata requests to the DaaS backend.
+ * Required for ContentNavigation and useCollections hook.
+ *
+ * @buildpad/origin: api-routes/collections
+ * @buildpad/version: 1.0.0
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders, getDaasUrl } from '@/lib/api/auth-headers';
+
+/**
+ * GET /api/collections
+ * List all collections the current user has access to
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+
+    const searchParams = request.nextUrl.searchParams.toString();
+    const url = `${daasUrl}/api/collections${searchParams ? `?${searchParams}` : ''}`;
+
+    const response = await fetch(url, {
+      headers,
+      cache: 'no-store',
+    });
+
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({
+        errors: [{ message: 'Request failed' }],
+      }));
+      return NextResponse.json(error, { status: response.status });
+    }
+
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Collections API error:', error);
+    return NextResponse.json(
+      {
+        errors: [
+          {
+            message:
+              error instanceof Error ? error.message : 'Internal server error',
+          },
+        ],
+      },
+      { status: 500 }
+    );
+  }
+}

package/dist/templates/api/fields-route.ts

@@ -0,0 +1,44 @@
+/**
+ * Fields API Route
+ * 
+ * Proxies field schema requests to the DaaS backend.
+ * Required for CollectionForm, VForm, and dynamic field rendering.
+ * 
+ * @buildpad/origin: api-routes/fields
+ * @buildpad/version: 1.0.0
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders, getDaasUrl } from '@/lib/api/auth-headers';
+
+type RouteParams = { params: Promise<{ collection: string }> };
+
+export async function GET(
+  request: NextRequest,
+  { params }: RouteParams
+) {
+  try {
+    const { collection } = await params;
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    
+    const response = await fetch(`${daasUrl}/api/fields/${collection}`, {
+      headers,
+      cache: 'no-store',
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Request failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Fields API error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}

package/dist/templates/api/files-id-route.ts

@@ -0,0 +1,116 @@
+/**
+ * Single File API Route
+ * 
+ * Proxies single file operations to the DaaS backend.
+ * 
+ * @buildpad/origin: api-routes/files-id
+ * @buildpad/version: 1.0.0
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders, getDaasUrl } from '@/lib/api/auth-headers';
+
+type RouteParams = { params: Promise<{ id: string }> };
+
+/**
+ * GET /api/files/[id]
+ * Get file metadata by ID
+ */
+export async function GET(
+  request: NextRequest,
+  { params }: RouteParams
+) {
+  try {
+    const { id } = await params;
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    
+    const response = await fetch(`${daasUrl}/api/files/${id}`, {
+      headers,
+      cache: 'no-store',
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Request failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Files GET by ID error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * PATCH /api/files/[id]
+ * Update file metadata
+ */
+export async function PATCH(
+  request: NextRequest,
+  { params }: RouteParams
+) {
+  try {
+    const { id } = await params;
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    const body = await request.json();
+    
+    const response = await fetch(`${daasUrl}/api/files/${id}`, {
+      method: 'PATCH',
+      headers,
+      body: JSON.stringify(body),
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Request failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Files PATCH error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * DELETE /api/files/[id]
+ * Delete a file
+ */
+export async function DELETE(
+  request: NextRequest,
+  { params }: RouteParams
+) {
+  try {
+    const { id } = await params;
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    
+    const response = await fetch(`${daasUrl}/api/files/${id}`, {
+      method: 'DELETE',
+      headers,
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Request failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    return NextResponse.json({ data: null });
+  } catch (error) {
+    console.error('Files DELETE error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}