@codecanva/nest-auth 0.1.0 → 0.2.0

package/dist/cli/templates.js

@@ -0,0 +1,556 @@
+"use strict";
+// ---------------------------------------------------------------------------
+// File templates emitted by `nest-auth init`.
+//
+// Every template imports the runtime pieces from the installed package (whose
+// name is injected as `pkg`), so generated code always lines up with what the
+// consumer actually has in node_modules.
+// ---------------------------------------------------------------------------
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildPlan = buildPlan;
+const ENV = [
+    {
+        key: 'JWT_ACCESS_SECRET',
+        value: 'change-me-access-secret-min-32-chars-long-please',
+        comment: 'nest-auth: access-token signing secret (use a strong random value)',
+    },
+    {
+        key: 'JWT_REFRESH_SECRET',
+        value: 'change-me-refresh-secret-min-32-chars-long-different',
+        comment: 'nest-auth: refresh-token signing secret (different from access)',
+    },
+    {
+        key: 'TOKEN_HASH_PEPPER',
+        value: 'change-me-pepper',
+        comment: 'nest-auth: extra pepper mixed into stored refresh-token hashes',
+    },
+];
+// --- Shared ----------------------------------------------------------------
+function authController(pkg) {
+    return `import { Body, Controller, Get, HttpCode, Post } from '@nestjs/common';
+import {
+  AuthService,
+  AuthUser,
+  CurrentUser,
+  LoginDto,
+  Public,
+  RefreshTokenDto,
+} from '${pkg}';
+
+// AuthError domain errors (e.g. InvalidCredentialsError) are mapped to the
+// right HTTP status by the global AuthExceptionFilter that AuthModule
+// registers — so these handlers can return the service calls directly.
+@Controller('auth')
+export class AuthController {
+  constructor(private readonly auth: AuthService) {}
+
+  @Public()
+  @Post('login')
+  @HttpCode(200)
+  login(@Body() dto: LoginDto) {
+    return this.auth.login(dto.email, dto.password);
+  }
+
+  @Public()
+  @Post('refresh')
+  @HttpCode(200)
+  refresh(@Body() dto: RefreshTokenDto) {
+    return this.auth.refresh(dto.refreshToken);
+  }
+
+  @Post('logout')
+  @HttpCode(204)
+  logout(@Body() dto: RefreshTokenDto) {
+    return this.auth.logout(dto.refreshToken);
+  }
+
+  @Get('me')
+  me(@CurrentUser() user: AuthUser) {
+    return user;
+  }
+}
+`;
+}
+// --- Mongoose persistence --------------------------------------------------
+function mongoosePlan(pkg) {
+    const files = [
+        {
+            rel: 'user/schemas/user.schema.ts',
+            content: `import { Prop, Schema, SchemaFactory } from '@nestjs/mongoose';
+import { HydratedDocument } from 'mongoose';
+
+export type UserDocument = HydratedDocument<User>;
+
+@Schema({ timestamps: true })
+export class User {
+  @Prop({ required: true, unique: true, lowercase: true, trim: true, index: true })
+  email: string;
+
+  @Prop({ required: true })
+  passwordHash: string;
+
+  @Prop({ type: [String], default: [] })
+  roles: string[];
+}
+
+export const UserSchema = SchemaFactory.createForClass(User);
+`,
+        },
+        {
+            rel: 'user/dto/create-user.dto.ts',
+            content: `import { IsEmail, IsString, MinLength } from 'class-validator';
+
+export class CreateUserDto {
+  @IsEmail()
+  email: string;
+
+  @IsString()
+  @MinLength(8)
+  password: string;
+}
+`,
+        },
+        {
+            rel: 'user/user.service.ts',
+            content: `import { ConflictException, Injectable } from '@nestjs/common';
+import { InjectModel } from '@nestjs/mongoose';
+import { Model } from 'mongoose';
+import * as bcrypt from 'bcrypt';
+import { CreateUserDto } from './dto/create-user.dto';
+import { User, UserDocument } from './schemas/user.schema';
+
+const BCRYPT_ROUNDS = 12;
+
+@Injectable()
+export class UserService {
+  constructor(
+    @InjectModel(User.name) private readonly userModel: Model<UserDocument>,
+  ) {}
+
+  async create(dto: CreateUserDto): Promise<UserDocument> {
+    const existing = await this.userModel
+      .findOne({ email: dto.email.toLowerCase() })
+      .lean();
+    if (existing) throw new ConflictException('Email already registered');
+    const passwordHash = await bcrypt.hash(dto.password, BCRYPT_ROUNDS);
+    return this.userModel.create({ email: dto.email, passwordHash });
+  }
+
+  findByEmail(email: string): Promise<UserDocument | null> {
+    return this.userModel.findOne({ email: email.toLowerCase() }).exec();
+  }
+
+  findById(id: string): Promise<UserDocument | null> {
+    return this.userModel.findById(id).exec();
+  }
+}
+`,
+        },
+        {
+            rel: 'user/user.validator.ts',
+            content: `import { Injectable } from '@nestjs/common';
+import { AuthUser, UserValidator } from '${pkg}';
+import * as bcrypt from 'bcrypt';
+import { UserService } from './user.service';
+import { UserDocument } from './schemas/user.schema';
+
+@Injectable()
+export class MyUserValidator implements UserValidator {
+  constructor(private readonly users: UserService) {}
+
+  async validateCredentials(
+    email: string,
+    password: string,
+  ): Promise<AuthUser | null> {
+    const user = await this.users.findByEmail(email);
+    if (!user) return null;
+    const ok = await bcrypt.compare(password, user.passwordHash);
+    if (!ok) return null;
+    return this.toAuthUser(user);
+  }
+
+  async findById(userId: string | number): Promise<AuthUser | null> {
+    const user = await this.users.findById(String(userId));
+    return user ? this.toAuthUser(user) : null;
+  }
+
+  private toAuthUser(user: UserDocument): AuthUser {
+    return { id: user._id.toString(), email: user.email, roles: user.roles };
+  }
+}
+`,
+        },
+        {
+            rel: 'user/user.controller.ts',
+            content: `import { Body, Controller, Post } from '@nestjs/common';
+import { Public } from '${pkg}';
+import { UserService } from './user.service';
+import { CreateUserDto } from './dto/create-user.dto';
+
+@Controller('user')
+export class UserController {
+  constructor(private readonly userService: UserService) {}
+
+  @Public()
+  @Post('register')
+  async register(@Body() dto: CreateUserDto) {
+    const user = await this.userService.create(dto);
+    return { id: user._id.toString(), email: user.email, roles: user.roles };
+  }
+}
+`,
+        },
+        {
+            rel: 'user/user.module.ts',
+            content: `import { Module } from '@nestjs/common';
+import { MongooseModule } from '@nestjs/mongoose';
+import { UserService } from './user.service';
+import { UserController } from './user.controller';
+import { MyUserValidator } from './user.validator';
+import { User, UserSchema } from './schemas/user.schema';
+
+@Module({
+  imports: [
+    MongooseModule.forFeature([{ name: User.name, schema: UserSchema }]),
+  ],
+  controllers: [UserController],
+  providers: [UserService, MyUserValidator],
+  exports: [UserService, MyUserValidator],
+})
+export class UserModule {}
+`,
+        },
+        {
+            rel: 'auth/schemas/refresh-token.schema.ts',
+            content: `import { Prop, Schema, SchemaFactory } from '@nestjs/mongoose';
+import { HydratedDocument } from 'mongoose';
+
+export type RefreshTokenDocument = HydratedDocument<RefreshToken>;
+
+@Schema({
+  collection: 'refresh_tokens',
+  timestamps: { createdAt: true, updatedAt: false },
+})
+export class RefreshToken {
+  @Prop({ type: String, required: true })
+  _id: string;
+
+  @Prop({ type: String, required: true, index: true })
+  userId: string;
+
+  @Prop({ type: String, required: true, index: true })
+  tokenHash: string;
+
+  @Prop({ type: Object })
+  metadata?: Record<string, unknown>;
+
+  @Prop({ type: Date, required: true, index: { expires: 0 } })
+  expiresAt: Date;
+
+  @Prop({ type: Date, default: null })
+  revokedAt: Date | null;
+}
+
+export const RefreshTokenSchema = SchemaFactory.createForClass(RefreshToken);
+`,
+        },
+        {
+            rel: 'auth/refresh-token.store.ts',
+            content: `import { Injectable } from '@nestjs/common';
+import { InjectModel } from '@nestjs/mongoose';
+import { Model } from 'mongoose';
+import {
+  CreateRefreshTokenInput,
+  RefreshTokenStore,
+  StoredRefreshToken,
+} from '${pkg}';
+import {
+  RefreshToken,
+  RefreshTokenDocument,
+} from './schemas/refresh-token.schema';
+
+@Injectable()
+export class MyRefreshTokenStore implements RefreshTokenStore {
+  constructor(
+    @InjectModel(RefreshToken.name)
+    private readonly model: Model<RefreshTokenDocument>,
+  ) {}
+
+  async create(input: CreateRefreshTokenInput): Promise<StoredRefreshToken> {
+    const doc = await this.model.create({
+      _id: input.id,
+      userId: String(input.userId),
+      tokenHash: input.tokenHash,
+      expiresAt: input.expiresAt,
+      metadata: input.metadata,
+      revokedAt: null,
+    });
+    return this.toStored(doc.toObject());
+  }
+
+  async findById(id: string): Promise<StoredRefreshToken | null> {
+    const doc = await this.model.findById(id).lean();
+    return doc ? this.toStored(doc) : null;
+  }
+
+  // Atomic: only revoke + return the row if it was unrevoked AND the hash matches.
+  async consume(
+    id: string,
+    expectedHash: string,
+  ): Promise<StoredRefreshToken | null> {
+    const doc = await this.model
+      .findOneAndUpdate(
+        { _id: id, tokenHash: expectedHash, revokedAt: null },
+        { $set: { revokedAt: new Date() } },
+        { new: false, lean: true },
+      )
+      .exec();
+    return doc ? this.toStored(doc) : null;
+  }
+
+  async revokeById(id: string): Promise<void> {
+    await this.model
+      .updateOne({ _id: id, revokedAt: null }, { $set: { revokedAt: new Date() } })
+      .exec();
+  }
+
+  async revokeAllForUser(userId: string | number): Promise<void> {
+    await this.model
+      .updateMany(
+        { userId: String(userId), revokedAt: null },
+        { $set: { revokedAt: new Date() } },
+      )
+      .exec();
+  }
+
+  private toStored(doc: any): StoredRefreshToken {
+    return {
+      id: String(doc._id),
+      userId: doc.userId,
+      tokenHash: doc.tokenHash,
+      metadata: doc.metadata,
+      expiresAt: doc.expiresAt,
+      revokedAt: doc.revokedAt ?? null,
+      createdAt: doc.createdAt,
+    };
+  }
+}
+`,
+        },
+        {
+            rel: 'auth/auth-persistence.module.ts',
+            content: `import { Module } from '@nestjs/common';
+import { MongooseModule } from '@nestjs/mongoose';
+import { MyRefreshTokenStore } from './refresh-token.store';
+import {
+  RefreshToken,
+  RefreshTokenSchema,
+} from './schemas/refresh-token.schema';
+
+@Module({
+  imports: [
+    MongooseModule.forFeature([
+      { name: RefreshToken.name, schema: RefreshTokenSchema },
+    ]),
+  ],
+  providers: [MyRefreshTokenStore],
+  exports: [MyRefreshTokenStore],
+})
+export class AuthPersistenceModule {}
+`,
+        },
+        { rel: 'auth/auth.controller.ts', content: authController(pkg) },
+        {
+            rel: 'auth/auth-integration.module.ts',
+            content: `import { Module } from '@nestjs/common';
+import { APP_GUARD } from '@nestjs/core';
+import { AuthModule, JwtAuthGuard } from '${pkg}';
+import { UserModule } from '../user/user.module';
+import { MyUserValidator } from '../user/user.validator';
+import { AuthPersistenceModule } from './auth-persistence.module';
+import { MyRefreshTokenStore } from './refresh-token.store';
+import { AuthController } from './auth.controller';
+
+// Single drop-in module: import this in your AppModule and you're wired.
+// Requires a Mongoose connection (MongooseModule.forRoot) at the app root.
+@Module({
+  imports: [
+    UserModule,
+    AuthPersistenceModule,
+    AuthModule.forRootAsync({
+      imports: [UserModule, AuthPersistenceModule],
+      useFactory: () => ({
+        accessSecret: process.env.JWT_ACCESS_SECRET ?? 'dev-access-secret-change-me',
+        refreshSecret: process.env.JWT_REFRESH_SECRET ?? 'dev-refresh-secret-change-me',
+        accessTtl: '15m',
+        refreshTtl: '30d',
+        tokenHashPepper: process.env.TOKEN_HASH_PEPPER,
+        issuer: 'nest-auth',
+      }),
+      store: { useExisting: MyRefreshTokenStore },
+      validator: { useExisting: MyUserValidator },
+    }),
+  ],
+  controllers: [AuthController],
+  // APP_GUARD provided here applies globally: every route requires a valid
+  // access token unless decorated with @Public().
+  providers: [{ provide: APP_GUARD, useClass: JwtAuthGuard }],
+})
+export class AuthIntegrationModule {}
+`,
+        },
+    ];
+    return {
+        files,
+        env: ENV,
+        integrationModule: 'AuthIntegrationModule',
+        integrationImportPath: './auth/auth-integration.module',
+    };
+}
+// --- In-memory (quick start / trial) ---------------------------------------
+function memoryPlan(pkg) {
+    const files = [
+        {
+            rel: 'auth/in-memory-user.validator.ts',
+            content: `import { Injectable } from '@nestjs/common';
+import { AuthUser, UserValidator } from '${pkg}';
+
+// PLACEHOLDER for quick trials only — replace with your real user lookup
+// (Mongoose/TypeORM/Prisma) and bcrypt password comparison before shipping.
+interface DemoUser extends AuthUser {
+  password: string;
+}
+
+@Injectable()
+export class InMemoryUserValidator implements UserValidator {
+  private readonly users: DemoUser[] = [
+    { id: 1, email: 'demo@example.com', password: 'password123', roles: ['user'] },
+  ];
+
+  async validateCredentials(
+    email: string,
+    password: string,
+  ): Promise<AuthUser | null> {
+    const user = this.users.find((u) => u.email === email);
+    if (!user || user.password !== password) return null;
+    const { password: _omit, ...safe } = user;
+    return safe;
+  }
+
+  async findById(userId: string | number): Promise<AuthUser | null> {
+    const user = this.users.find((u) => u.id === userId);
+    if (!user) return null;
+    const { password: _omit, ...safe } = user;
+    return safe;
+  }
+}
+`,
+        },
+        {
+            rel: 'auth/in-memory-refresh-token.store.ts',
+            content: `import { Injectable } from '@nestjs/common';
+import {
+  CreateRefreshTokenInput,
+  RefreshTokenStore,
+  StoredRefreshToken,
+} from '${pkg}';
+
+// PLACEHOLDER for quick trials only — sessions live in memory and are lost on
+// restart. Swap for a persistent store before shipping.
+@Injectable()
+export class InMemoryRefreshTokenStore implements RefreshTokenStore {
+  private readonly rows = new Map<string, StoredRefreshToken>();
+
+  async create(input: CreateRefreshTokenInput): Promise<StoredRefreshToken> {
+    const row: StoredRefreshToken = {
+      id: input.id,
+      userId: input.userId,
+      tokenHash: input.tokenHash,
+      expiresAt: input.expiresAt,
+      metadata: input.metadata,
+      revokedAt: null,
+      createdAt: new Date(),
+    };
+    this.rows.set(row.id, row);
+    return row;
+  }
+
+  async findById(id: string): Promise<StoredRefreshToken | null> {
+    return this.rows.get(id) ?? null;
+  }
+
+  async consume(
+    id: string,
+    expectedHash: string,
+  ): Promise<StoredRefreshToken | null> {
+    const row = this.rows.get(id);
+    if (!row || row.revokedAt) return null;
+    if (row.tokenHash !== expectedHash) return null;
+    const consumed: StoredRefreshToken = { ...row, revokedAt: new Date() };
+    this.rows.set(id, consumed);
+    return consumed;
+  }
+
+  async revokeById(id: string): Promise<void> {
+    const row = this.rows.get(id);
+    if (!row || row.revokedAt) return;
+    this.rows.set(id, { ...row, revokedAt: new Date() });
+  }
+
+  async revokeAllForUser(userId: string | number): Promise<void> {
+    const now = new Date();
+    for (const [id, row] of this.rows) {
+      if (row.userId === userId && !row.revokedAt) {
+        this.rows.set(id, { ...row, revokedAt: now });
+      }
+    }
+  }
+}
+`,
+        },
+        { rel: 'auth/auth.controller.ts', content: authController(pkg) },
+        {
+            rel: 'auth/auth-integration.module.ts',
+            content: `import { Module } from '@nestjs/common';
+import { APP_GUARD } from '@nestjs/core';
+import { AuthModule, JwtAuthGuard } from '${pkg}';
+import { InMemoryUserValidator } from './in-memory-user.validator';
+import { InMemoryRefreshTokenStore } from './in-memory-refresh-token.store';
+import { AuthController } from './auth.controller';
+
+// Single drop-in module: import this in your AppModule and you're wired.
+// Uses in-memory store + validator — great for trying things out, NOT for prod.
+@Module({
+  imports: [
+    AuthModule.forRootAsync({
+      useFactory: () => ({
+        accessSecret: process.env.JWT_ACCESS_SECRET ?? 'dev-access-secret-change-me',
+        refreshSecret: process.env.JWT_REFRESH_SECRET ?? 'dev-refresh-secret-change-me',
+        accessTtl: '15m',
+        refreshTtl: '30d',
+        tokenHashPepper: process.env.TOKEN_HASH_PEPPER,
+      }),
+      store: { useClass: InMemoryRefreshTokenStore },
+      validator: { useClass: InMemoryUserValidator },
+    }),
+  ],
+  controllers: [AuthController],
+  // APP_GUARD provided here applies globally: every route requires a valid
+  // access token unless decorated with @Public().
+  providers: [{ provide: APP_GUARD, useClass: JwtAuthGuard }],
+})
+export class AuthIntegrationModule {}
+`,
+        },
+    ];
+    return {
+        files,
+        env: ENV,
+        integrationModule: 'AuthIntegrationModule',
+        integrationImportPath: './auth/auth-integration.module',
+    };
+}
+function buildPlan(pkg, store) {
+    return store === 'memory' ? memoryPlan(pkg) : mongoosePlan(pkg);
+}
+//# sourceMappingURL=templates.js.map

package/dist/cli/templates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../src/lib/cli/templates.ts"],"names":[],"mappings":";AAAA,8EAA8E;AAC9E,8CAA8C;AAC9C,EAAE;AACF,8EAA8E;AAC9E,8EAA8E;AAC9E,yCAAyC;AACzC,8EAA8E;;AAgkB9E,8BAEC;AAziBD,MAAM,GAAG,GAAe;IACtB;QACE,GAAG,EAAE,mBAAmB;QACxB,KAAK,EAAE,kDAAkD;QACzD,OAAO,EAAE,oEAAoE;KAC9E;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,KAAK,EAAE,sDAAsD;QAC7D,OAAO,EAAE,iEAAiE;KAC3E;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,KAAK,EAAE,kBAAkB;QACzB,OAAO,EAAE,gEAAgE;KAC1E;CACF,CAAC;AAEF,8EAA8E;AAE9E,SAAS,cAAc,CAAC,GAAW;IACjC,OAAO;;;;;;;;UAQC,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkCZ,CAAC;AACF,CAAC;AAED,8EAA8E;AAE9E,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,KAAK,GAAoB;QAC7B;YACE,GAAG,EAAE,6BAA6B;YAClC,OAAO,EAAE;;;;;;;;;;;;;;;;;;CAkBd;SACI;QACD;YACE,GAAG,EAAE,6BAA6B;YAClC,OAAO,EAAE;;;;;;;;;;CAUd;SACI;QACD;YACE,GAAG,EAAE,sBAAsB;YAC3B,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgCd;SACI;QACD;YACE,GAAG,EAAE,wBAAwB;YAC7B,OAAO,EAAE;2CAC4B,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6B7C;SACI;QACD;YACE,GAAG,EAAE,yBAAyB;YAC9B,OAAO,EAAE;0BACW,GAAG;;;;;;;;;;;;;;;CAe5B;SACI;QACD;YACE,GAAG,EAAE,qBAAqB;YAC1B,OAAO,EAAE;;;;;;;;;;;;;;;;CAgBd;SACI;QACD;YACE,GAAG,EAAE,sCAAsC;YAC3C,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8Bd;SACI;QACD;YACE,GAAG,EAAE,6BAA6B;YAClC,OAAO,EAAE;;;;;;;UAOL,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwEZ;SACI;QACD;YACE,GAAG,EAAE,iCAAiC;YACtC,OAAO,EAAE;;;;;;;;;;;;;;;;;;CAkBd;SACI;QACD,EAAE,GAAG,EAAE,yBAAyB,EAAE,OAAO,EAAE,cAAc,CAAC,GAAG,CAAC,EAAE;QAChE;YACE,GAAG,EAAE,iCAAiC;YACtC,OAAO,EAAE;;4CAE6B,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiC9C;SACI;KACF,CAAC;IAEF,OAAO;QACL,KAAK;QACL,GAAG,EAAE,GAAG;QACR,iBAAiB,EAAE,uBAAuB;QAC1C,qBAAqB,EAAE,gCAAgC;KACxD,CAAC;AACJ,CAAC;AAED,8EAA8E;AAE9E,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,KAAK,GAAoB;QAC7B;YACE,GAAG,EAAE,kCAAkC;YACvC,OAAO,EAAE;2CAC4B,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+B7C;SACI;QACD;YACE,GAAG,EAAE,uCAAuC;YAC5C,OAAO,EAAE;;;;;UAKL,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqDZ;SACI;QACD,EAAE,GAAG,EAAE,yBAAyB,EAAE,OAAO,EAAE,cAAc,CAAC,GAAG,CAAC,EAAE;QAChE;YACE,GAAG,EAAE,iCAAiC;YACtC,OAAO,EAAE;;4CAE6B,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2B9C;SACI;KACF,CAAC;IAEF,OAAO;QACL,KAAK;QACL,GAAG,EAAE,GAAG;QACR,iBAAiB,EAAE,uBAAuB;QAC1C,qBAAqB,EAAE,gCAAgC;KACxD,CAAC;AACJ,CAAC;AAED,SAAgB,SAAS,CAAC,GAAW,EAAE,KAAgB;IACrD,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;AAClE,CAAC"}

package/dist/cli/utils.d.ts

@@ -0,0 +1,55 @@
+import type { EnvEntry } from './templates';
+export declare const c: {
+    bold: (s: string) => string;
+    dim: (s: string) => string;
+    green: (s: string) => string;
+    yellow: (s: string) => string;
+    red: (s: string) => string;
+    cyan: (s: string) => string;
+};
+export declare const log: {
+    info: (m: string) => void;
+    step: (m: string) => void;
+    ok: (m: string) => void;
+    skip: (m: string) => void;
+    warn: (m: string) => void;
+    err: (m: string) => void;
+};
+export declare function readText(path: string): string;
+export interface WriteOpts {
+    force?: boolean;
+    dryRun?: boolean;
+}
+export type WriteResult = 'written' | 'skipped' | 'would-write';
+/** Write a file, creating parent dirs. Won't clobber an existing file unless `force`. */
+export declare function writeFileSafe(path: string, content: string, opts: WriteOpts): WriteResult;
+/** Copy `path` to `path.bak` (or `.bak.1`, `.bak.2`, …) before mutating it. */
+export declare function backup(path: string, dryRun?: boolean): string | null;
+/** Append any missing keys to an env file. Returns the keys actually added. */
+export declare function mergeEnvFile(path: string, entries: EnvEntry[], dryRun?: boolean): string[];
+export interface ProjectInfo {
+    root: string;
+    srcDir: string;
+    appModulePath: string | null;
+    mainPath: string | null;
+    pkgJson: Record<string, any>;
+}
+export declare function loadProject(root: string): ProjectInfo | null;
+export declare function isNestProject(p: ProjectInfo): boolean;
+export type PkgManager = 'npm' | 'yarn' | 'pnpm';
+export declare function detectPackageManager(root: string): PkgManager;
+export declare function installCommand(pm: PkgManager, deps: string[], dev: boolean): {
+    cmd: string;
+    args: string[];
+};
+export declare function runInstall(root: string, pm: PkgManager, deps: string[], devDeps: string[]): boolean;
+export type PatchResult = 'patched' | 'already' | 'manual';
+/**
+ * Add the integration module to AppModule: an import statement plus an entry at
+ * the head of the `@Module({ imports: [ ... ] })` array. Backs up first.
+ */
+export declare function patchAppModule(path: string, moduleName: string, importPath: string, dryRun?: boolean): PatchResult;
+/** Ensure main.ts installs a global ValidationPipe. Backs up first. */
+export declare function patchMain(path: string, dryRun?: boolean): PatchResult;
+export declare function resolveDir(input: string | undefined): string;
+//# sourceMappingURL=utils.d.ts.map

package/dist/cli/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/lib/cli/utils.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAQ5C,eAAO,MAAM,CAAC;cACF,MAAM;aACP,MAAM;eACJ,MAAM;gBACL,MAAM;aACT,MAAM;cACL,MAAM;CACjB,CAAC;AAEF,eAAO,MAAM,GAAG;cACJ,MAAM;cACN,MAAM;YACR,MAAM;cACJ,MAAM;cACN,MAAM;aACP,MAAM;CAChB,CAAC;AAIF,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE7C;AAED,MAAM,WAAW,SAAS;IACxB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,SAAS,GAAG,aAAa,CAAC;AAEhE,yFAAyF;AACzF,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,SAAS,GACd,WAAW,CAOb;AAED,+EAA+E;AAC/E,wBAAgB,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAOpE;AAID,+EAA+E;AAC/E,wBAAgB,YAAY,CAC1B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,QAAQ,EAAE,EACnB,MAAM,CAAC,EAAE,OAAO,GACf,MAAM,EAAE,CAqBV;AAID,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC9B;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAgB5D;AAED,wBAAgB,aAAa,CAAC,CAAC,EAAE,WAAW,GAAG,OAAO,CAGrD;AASD,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;AAEjD,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,CAI7D;AAED,wBAAgB,cAAc,CAC5B,EAAE,EAAE,UAAU,EACd,IAAI,EAAE,MAAM,EAAE,EACd,GAAG,EAAE,OAAO,GACX;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,EAAE,CAAA;CAAE,CAIjC;AAED,wBAAgB,UAAU,CACxB,IAAI,EAAE,MAAM,EACZ,EAAE,EAAE,UAAU,EACd,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,EAAE,MAAM,EAAE,GAChB,OAAO,CAoBT;AAmBD,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE3D;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE,OAAO,GACf,WAAW,CA+Bb;AAED,uEAAuE;AACvE,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,WAAW,CA4BrE;AAID,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,CAE5D"}