@devtrack-solution/codesdd 1.2.3 → 1.2.4

package/dist/core/sdd/api-profile-recipes.js

@@ -0,0 +1,484 @@
+import { CODESDD_API_SHARED_BASELINE_QUALITY_GATES, CODESDD_API_SHARED_BASELINE_REQUIREMENTS, } from './api-foundation-baseline.js';
+export const CODESDD_API_PROFILE_RECIPE_CONTRACT = {
+    id: 'codesdd-api-profile-recipes',
+    version: 1,
+    foundation_reference: 'devtrack-foundation-api',
+};
+export const CODESDD_MINIMAL_REST_PROFILE_QUALITY_GATES = [
+    'minimal-rest-recipe-required',
+    'minimal-rest-openapi-docs-required',
+    'minimal-rest-env-example-required',
+    'minimal-rest-package-scripts-required',
+    'minimal-rest-dto-usecase-boundary-required',
+    'minimal-rest-structured-errors-required',
+    'minimal-rest-health-root-wiring-required',
+    'minimal-rest-route-usecase-tests-required',
+];
+export const CODESDD_MINIMAL_REST_PROFILE_VALIDATION_COMMANDS = [
+    'pnpm run build',
+    'pnpm run lint',
+    'pnpm test',
+    'pnpm run test:e2e',
+];
+export const CODESDD_REST_AUTH_RBAC_PROFILE_QUALITY_GATES = [
+    'rest-auth-rbac-recipe-required',
+    'rest-auth-rbac-auth-plan-required',
+    'rest-auth-rbac-jwt-strategy-required',
+    'rest-auth-rbac-route-guards-required',
+    'rest-auth-rbac-permission-decorator-required',
+    'rest-auth-rbac-current-user-boundary-required',
+    'rest-auth-rbac-protected-openapi-docs-required',
+    'rest-auth-rbac-allow-deny-tests-required',
+];
+export const CODESDD_REST_AUTH_RBAC_PROFILE_VALIDATION_COMMANDS = [
+    'pnpm run build',
+    'pnpm run lint',
+    'pnpm test',
+    'pnpm run test:e2e',
+];
+export const CODESDD_REST_CRUD_TYPEORM_PROFILE_QUALITY_GATES = [
+    'rest-crud-typeorm-recipe-required',
+    'rest-crud-typeorm-bo-pattern-required',
+    'rest-crud-typeorm-application-repository-port-required',
+    'rest-crud-typeorm-usecase-transaction-boundary-required',
+    'rest-crud-typeorm-infrastructure-orm-required',
+    'rest-crud-typeorm-migration-required',
+    'rest-crud-typeorm-pagination-filtering-required',
+    'rest-crud-typeorm-uniqueness-required',
+    'rest-crud-typeorm-crud-tests-required',
+    'rest-crud-typeorm-no-prisma-required',
+];
+export const CODESDD_REST_CRUD_TYPEORM_PROFILE_VALIDATION_COMMANDS = [
+    'pnpm run build',
+    'pnpm run lint',
+    'pnpm test',
+    'pnpm run test:e2e',
+    'pnpm run migration:show',
+];
+export const CODESDD_EVENTED_API_PROFILE_QUALITY_GATES = [
+    'evented-api-recipe-required',
+    'evented-api-event-contract-required',
+    'evented-api-application-handler-required',
+    'evented-api-event-publisher-port-required',
+    'evented-api-outbox-or-queue-required',
+    'evented-api-idempotency-required',
+    'evented-api-retry-error-policy-required',
+    'evented-api-event-docs-required',
+    'evented-api-event-tests-required',
+];
+export const CODESDD_EVENTED_API_PROFILE_VALIDATION_COMMANDS = [
+    'pnpm run build',
+    'pnpm run lint',
+    'pnpm test',
+    'pnpm run test:e2e',
+];
+export const CODESDD_AI_AGENT_API_PROFILE_QUALITY_GATES = [
+    'ai-agent-api-recipe-required',
+    'ai-agent-api-endpoint-contract-required',
+    'ai-agent-api-tool-boundary-required',
+    'ai-agent-api-provider-config-redaction-required',
+    'ai-agent-api-prompt-safety-required',
+    'ai-agent-api-audit-trail-required',
+    'ai-agent-api-deterministic-tests-required',
+    'ai-agent-api-no-live-credentials-required',
+];
+export const CODESDD_AI_AGENT_API_PROFILE_VALIDATION_COMMANDS = [
+    'pnpm run build',
+    'pnpm run lint',
+    'pnpm test',
+    'pnpm run test:e2e',
+];
+const CODESDD_AI_AGENT_API_FORBIDDEN_CONTENT_PATTERNS = [
+    {
+        id: 'raw-provider-api-key-env',
+        pattern: /\b[A-Z0-9_]*(?:API_KEY|TOKEN|SECRET)\s*=\s*(?:sk-|sk_ant_|sk-ant-|AIza|xai-|pat_)[^\s]+/i,
+    },
+    {
+        id: 'live-provider-call-enabled',
+        pattern: /\bLIVE_PROVIDER_CALL\s*=\s*true\b/i,
+    },
+    {
+        id: 'unsafe-secret-env-non-null',
+        pattern: /process\.env\.[A-Z0-9_]*(?:API_KEY|TOKEN|SECRET)!/,
+    },
+];
+export const CODESDD_API_MANDATORY_PACKAGE_SCRIPT_MARKERS = [
+    '"build"',
+    '"start"',
+    '"start:dev"',
+    '"start:prod"',
+    '"lint"',
+    '"test"',
+    '"test:cov"',
+    '"test:e2e"',
+    '"cleanup"',
+    '"cleanup:install"',
+    'node scripts/kill-port.js',
+    'npm run',
+    'npm install',
+];
+export const CODESDD_API_MANDATORY_CLEANUP_SCRIPT_MARKERS = [
+    'node_modules',
+    'dist',
+    'build',
+    'coverage',
+    '.cache',
+    '.turbo',
+    '.nest',
+    'package-lock.json',
+    'pnpm-lock.yaml',
+    'yarn.lock',
+    'bun.lock',
+    'tsbuildinfo',
+];
+export const CODESDD_API_MANDATORY_KILL_PORT_SCRIPT_MARKERS = [
+    'process.argv[2]',
+    'process.env.PORT',
+    'process.env.APP_PORT',
+    'lsof -ti',
+    'netstat -ano',
+    'kill -9',
+    'taskkill',
+];
+export const CODESDD_MINIMAL_REST_PROFILE_RECIPE = {
+    id: 'minimal-rest-profile-recipe',
+    version: 1,
+    profile_id: 'minimal-rest',
+    title: 'Minimal REST profile recipe',
+    foundation_reference: 'devtrack-foundation-api',
+    inherits_shared_baseline: true,
+    required_baseline_requirements: CODESDD_API_SHARED_BASELINE_REQUIREMENTS,
+    required_artifacts: [
+        artifact('package.json', 'root', 'package-metadata', 'manifest', 'scripts', 'Operational scripts for cleanup, port-safe start/start:dev, npm/pnpm-compatible install, build, lint, unit, coverage, and e2e validation.', CODESDD_API_MANDATORY_PACKAGE_SCRIPT_MARKERS),
+        ...mandatoryRuntimeScriptArtifacts(),
+        artifact('.env.example', 'config', 'configuration', 'manifest', 'environment', 'Safe placeholder environment contract with no raw secrets.', ['PORT=', 'SWAGGER_SERVER_LOCAL=']),
+        artifact('src/main.ts', 'root', 'source', 'implementation', 'documentation', 'Nest bootstrap with validation pipe and Swagger/OpenAPI /docs wiring.', ['ValidationPipe', 'DocumentBuilder', 'SwaggerModule.createDocument', 'SwaggerModule.setup']),
+        artifact('src/presentation/rest/rest.module.ts', 'presentation', 'source', 'module', 'root-wiring', 'Root REST module that wires minimal controllers without leaking infrastructure concerns.', ['@Module', 'HealthController']),
+        artifact('src/presentation/rest/health/health.controller.ts', 'presentation', 'source', 'controller', 'health', 'Health/readiness REST controller documented in OpenAPI.', ['@Controller', '@Get', 'ApiOperation']),
+        artifact('src/application/business/health/ports/in/read-health.use-case.port.ts', 'application', 'source', 'interface', 'use-case', 'Input port for the minimal health route.', ['ReadHealthUseCasePort']),
+        artifact('src/application/business/health/use-cases/read-health.use-case.ts', 'application', 'source', 'use-case', 'use-case', 'Use case backing the minimal health route.', ['ReadHealthUseCase']),
+        artifact('src/application/business/auth/ports/in/register.use-case.port.ts', 'application', 'source', 'interface', 'use-case', 'Baseline input port proving user-facing routes delegate to application boundaries.', ['RegisterUseCasePort']),
+        artifact('src/application/business/auth/use-cases/register.use-case.ts', 'application', 'source', 'use-case', 'use-case', 'Baseline use case for the documented sample route.', ['RegisterUseCase']),
+        artifact('src/presentation/rest/auth/controllers/register.controller.ts', 'presentation', 'source', 'controller', 'documentation', 'Swagger-documented controller delegating to an application input port.', ['@Controller', 'ApiOperation']),
+        artifact('src/presentation/rest/auth/dtos/register-input.dto.ts', 'presentation', 'source', 'dto', 'dto', 'Request DTO with validation and Swagger metadata.', ['ApiProperty', 'Is']),
+        artifact('src/presentation/dtos/api-error-response.dto.ts', 'presentation', 'source', 'dto', 'structured-errors', 'Structured error response DTO that avoids leaking internal details.', ['ApiProperty']),
+        artifact('tests/app.e2e-spec.ts', 'tests', 'test', 'test', 'tests', 'Baseline route/use-case smoke evidence.', ['request', 'expect']),
+        artifact('tests/health.e2e-spec.ts', 'tests', 'test', 'test', 'tests', 'Health route and use-case evidence for the minimal profile overlay.', ['/health', 'expect']),
+    ],
+    required_quality_gates: [
+        ...CODESDD_API_SHARED_BASELINE_QUALITY_GATES,
+        ...CODESDD_MINIMAL_REST_PROFILE_QUALITY_GATES,
+    ],
+    required_validation_commands: CODESDD_MINIMAL_REST_PROFILE_VALIDATION_COMMANDS,
+};
+export const CODESDD_REST_AUTH_RBAC_PROFILE_RECIPE = {
+    id: 'rest-auth-rbac-profile-recipe',
+    version: 1,
+    profile_id: 'rest-auth-rbac',
+    title: 'REST Auth RBAC profile recipe',
+    foundation_reference: 'devtrack-foundation-api',
+    inherits_shared_baseline: true,
+    required_baseline_requirements: CODESDD_API_SHARED_BASELINE_REQUIREMENTS,
+    required_artifacts: [
+        artifact('package.json', 'root', 'package-metadata', 'manifest', 'scripts', 'Operational scripts for cleanup, port-safe start/start:dev, npm/pnpm-compatible install, build, lint, unit, coverage, and e2e validation.', CODESDD_API_MANDATORY_PACKAGE_SCRIPT_MARKERS),
+        ...mandatoryRuntimeScriptArtifacts(),
+        artifact('.env.example', 'config', 'configuration', 'manifest', 'auth-configuration', 'Safe auth/runtime placeholders for JWT and Swagger server configuration.', ['JWT_SECRET=', 'JWT_EXPIRES_IN=', 'SWAGGER_SERVER_LOCAL=']),
+        artifact('src/main.ts', 'root', 'source', 'implementation', 'documentation', 'Nest bootstrap with validation pipe, Swagger/OpenAPI /docs wiring, and bearer auth documentation.', ['ValidationPipe', 'DocumentBuilder', 'SwaggerModule.setup', 'addBearerAuth']),
+        artifact('src/presentation/rest/auth/auth.module.ts', 'presentation', 'source', 'module', 'root-wiring', 'REST auth module wiring controllers, guards, and guard tokens.', ['@Module', 'JwtAuthGuard', 'PermissionGuard']),
+        artifact('src/presentation/rest/auth/controllers/login.controller.ts', 'presentation', 'source', 'controller', 'auth-controller', 'Swagger-documented login route that delegates to an application input port.', ['@Controller', 'LoginUseCasePortSymbol', 'ApiOperation']),
+        artifact('src/presentation/rest/auth/controllers/create-role.controller.ts', 'presentation', 'source', 'controller', 'rbac-policy', 'Protected RBAC write route documented with bearer auth, permission metadata, and current-user request boundary.', ['ApiBearerAuth', 'UseGuards', 'Permission("rbac.roles.write")', 'AuthenticatedRequestType']),
+        artifact('src/presentation/rest/auth/controllers/list-roles.controller.ts', 'presentation', 'source', 'controller', 'rbac-policy', 'Protected RBAC read route documented with bearer auth, permission metadata, and current-user request boundary.', ['ApiBearerAuth', 'UseGuards', 'Permission("rbac.roles.read")', 'AuthenticatedRequestType']),
+        artifact('src/presentation/rest/auth/dtos/auth-session-output.dto.ts', 'presentation', 'source', 'dto', 'auth-session', 'Auth session output DTO documenting JWT token and permission-bearing payload shape.', ['ApiProperty', 'accessToken', 'permissions']),
+        artifact('src/presentation/rest/auth/guards/jwt-auth.guard.ts', 'presentation', 'source', 'implementation', 'guard', 'JWT bearer guard for protected REST routes.', ['AuthGuard("jwt")', 'CanActivate', 'JwtAuthGuard']),
+        artifact('src/presentation/rest/auth/guards/permission.guard.ts', 'presentation', 'source', 'implementation', 'guard', 'Permission guard that reads route metadata without embedding business policy in controllers.', ['Reflector', 'PERMISSION_METADATA_KEY', 'canActivate']),
+        artifact('src/presentation/rest/auth/decorators/permission.decorator.ts', 'presentation', 'source', 'policy', 'decorator', 'Permission decorator used to record route-level RBAC metadata.', ['SetMetadata', 'PERMISSION_METADATA_KEY', 'required-permission']),
+        artifact('src/application/business/auth/ports/in/authenticated-user.type.ts', 'application', 'source', 'type', 'current-user', 'Application-layer authenticated-user request boundary consumed by protected controllers.', ['AuthenticatedUserType', 'AuthenticatedRequestType', 'user']),
+        artifact('src/application/business/auth/ports/in/login.use-case.port.ts', 'application', 'source', 'interface', 'use-case', 'Application input port for login/authentication.', ['LoginUseCasePort', 'execute']),
+        artifact('src/application/business/auth/use-cases/login.use-case.ts', 'application', 'source', 'use-case', 'use-case', 'Login use case that coordinates password verification and JWT generation through ports.', ['LoginUseCase', 'PasswordHashServicePort', 'JwtPort']),
+        artifact('src/application/business/auth/ports/out/access-control.service.port.ts', 'application', 'source', 'interface', 'rbac-policy', 'Application output port for permission checks owned outside the presentation guard.', ['AccessControlServicePort', 'ensurePermission']),
+        artifact('src/application/business/auth/services/access-control.service.ts', 'application', 'source', 'service', 'rbac-policy', 'Application service enforcing permission allow/deny behavior.', ['AccessControlService', 'ensurePermission', 'UnauthorizedException']),
+        artifact('src/infrastructure/adapters/auth/jwt.strategy.ts', 'infrastructure', 'source', 'adapter', 'auth-strategy', 'Infrastructure JWT strategy that isolates bearer token extraction and validation details.', ['PassportStrategy', 'ExtractJwt.fromAuthHeaderAsBearerToken', 'secretOrKey']),
+        artifact('tests/auth-rbac.e2e-spec.ts', 'tests', 'test', 'test', 'auth-tests', 'Allow/deny evidence for protected routes and permission-bearing JWT requests.', ['expect(401)', 'Authorization', 'rbac.roles']),
+    ],
+    required_quality_gates: [
+        ...CODESDD_API_SHARED_BASELINE_QUALITY_GATES,
+        ...CODESDD_REST_AUTH_RBAC_PROFILE_QUALITY_GATES,
+    ],
+    required_validation_commands: CODESDD_REST_AUTH_RBAC_PROFILE_VALIDATION_COMMANDS,
+};
+export const CODESDD_REST_CRUD_TYPEORM_PROFILE_RECIPE = {
+    id: 'rest-crud-typeorm-profile-recipe',
+    version: 1,
+    profile_id: 'rest-crud-typeorm',
+    title: 'REST CRUD TypeORM profile recipe',
+    foundation_reference: 'devtrack-foundation-api',
+    inherits_shared_baseline: true,
+    required_baseline_requirements: CODESDD_API_SHARED_BASELINE_REQUIREMENTS,
+    required_artifacts: [
+        artifact('package.json', 'root', 'package-metadata', 'manifest', 'scripts', 'Package scripts and dependencies for cleanup, port-safe runtime bootstrap, TypeORM CRUD validation, and migration inspection.', [...CODESDD_API_MANDATORY_PACKAGE_SCRIPT_MARKERS, '"migration:run"', '"migration:revert"', '"migration:show"', '"typeorm"', '"@nestjs/typeorm"']),
+        ...mandatoryRuntimeScriptArtifacts(),
+        artifact('.env.example', 'config', 'configuration', 'manifest', 'persistence-configuration', 'Safe database and TypeORM placeholders required by persistent CRUD profiles.', ['DB_HOST=', 'DB_NAME=', 'TYPEORM_SYNCHRONIZE=']),
+        artifact('src/domain/categories/business-objects/category.bo.ts', 'domain', 'source', 'business-object', 'business-object', 'BO-pattern category aggregate for new CRUD contexts.', ['CategoryBusinessObject', 'validate', 'name']),
+        artifact('src/domain/categories/types/category.type.ts', 'domain', 'source', 'type', 'domain-type', 'Domain type contract for the category BO.', ['CategoryType', 'id', 'name']),
+        artifact('src/application/business/categories/ports/out/category-repository.port.ts', 'application', 'source', 'repository-port', 'repository-port', 'Application-owned repository output port for BO-pattern persistence.', ['CategoryRepositoryPort', 'findById', 'findByName', 'findPage', 'save']),
+        artifact('src/application/business/categories/ports/in/create-category.use-case.port.ts', 'application', 'source', 'interface', 'use-case', 'Input port for category creation.', ['CreateCategoryUseCasePort', 'execute']),
+        artifact('src/application/business/categories/use-cases/create-category.use-case.ts', 'application', 'source', 'use-case', 'use-case', 'Create use case coordinating BO validation, uniqueness, transaction boundary, and repository port persistence.', ['CreateCategoryUseCase', 'CategoryRepositoryPort', 'findByName', 'transaction']),
+        artifact('src/application/business/categories/ports/in/list-categories.use-case.port.ts', 'application', 'source', 'interface', 'pagination-filtering', 'Input port for paginated category listing.', ['ListCategoriesUseCasePort', 'page', 'limit']),
+        artifact('src/application/business/categories/use-cases/list-categories.use-case.ts', 'application', 'source', 'use-case', 'pagination-filtering', 'List use case coordinating pagination and filtering through the repository port.', ['ListCategoriesUseCase', 'findPage', 'filter']),
+        artifact('src/infrastructure/adapters/orm/entities/category.orm-entity.ts', 'infrastructure', 'source', 'entity', 'orm-entity', 'TypeORM entity kept in infrastructure ORM boundary.', ['@Entity', '@Column', '@Index']),
+        artifact('src/infrastructure/adapters/orm/repositories/category.typeorm-repository.ts', 'infrastructure', 'source', 'adapter', 'orm-repository', 'Concrete TypeORM repository implementing the application repository port.', ['InjectRepository', 'Repository<CategoryOrmEntity>', 'CategoryRepositoryPort']),
+        artifact('src/infrastructure/adapters/orm/mappers/category.mapper.ts', 'infrastructure', 'source', 'mapper', 'orm-mapper', 'Mapper isolating TypeORM entity shape from the domain BO.', ['CategoryMapper', 'toDomain', 'toOrm']),
+        artifact('src/infrastructure/adapters/orm/typeorm.module.ts', 'infrastructure', 'source', 'module', 'orm-module', 'Foundation TypeORM root module with forRootAsync and shared entity registration.', ['TypeOrmRootModule', 'TypeOrmModule.forRootAsync', 'typeOrmConfig']),
+        artifact('src/infrastructure/adapters/orm/categories-orm.module.ts', 'infrastructure', 'source', 'module', 'orm-module', 'Context ORM module exporting the category repository port provider.', ['@Global', 'TypeOrmModule.forFeature', 'CategoryRepositoryPortSymbol']),
+        artifact('src/infrastructure/adapters/orm/migrations/0000000000000-create-categories.migration.ts', 'infrastructure', 'migration', 'implementation', 'migration', 'Migration artifact for persistent category schema creation and rollback.', ['MigrationInterface', 'createTable', 'categories']),
+        artifact('src/presentation/rest/categories/categories.module.ts', 'presentation', 'source', 'module', 'root-wiring', 'REST categories module wiring CRUD controllers without owning business logic.', ['@Module', 'CreateCategoryController', 'ListCategoriesController']),
+        artifact('src/presentation/rest/categories/controllers/create-category.controller.ts', 'presentation', 'source', 'controller', 'crud-controller', 'Swagger-documented create route delegating to an application input port.', ['@Controller', '@Post', 'ApiOperation', 'CreateCategoryUseCasePortSymbol']),
+        artifact('src/presentation/rest/categories/controllers/list-categories.controller.ts', 'presentation', 'source', 'controller', 'pagination-filtering', 'Swagger-documented list route with pagination and filtering inputs.', ['@Controller', '@Get', 'ApiQuery', 'ListCategoriesUseCasePortSymbol']),
+        artifact('src/presentation/rest/categories/dtos/create-category-input.dto.ts', 'presentation', 'source', 'dto', 'dto', 'Create DTO with validation and Swagger metadata.', ['ApiProperty', 'IsString', 'MaxLength']),
+        artifact('src/presentation/rest/categories/dtos/category-output.dto.ts', 'presentation', 'source', 'dto', 'dto', 'Output DTO documenting category response shape.', ['ApiProperty', 'id', 'name']),
+        artifact('tests/categories-crud.e2e-spec.ts', 'tests', 'test', 'test', 'crud-tests', 'CRUD integration evidence for create/list, uniqueness, pagination, filtering, and persistence boundaries.', ['POST /categories', 'GET /categories', 'expect(409)', 'page=1']),
+    ],
+    required_quality_gates: [
+        ...CODESDD_API_SHARED_BASELINE_QUALITY_GATES,
+        ...CODESDD_REST_CRUD_TYPEORM_PROFILE_QUALITY_GATES,
+    ],
+    required_validation_commands: CODESDD_REST_CRUD_TYPEORM_PROFILE_VALIDATION_COMMANDS,
+    forbidden_artifact_patterns: [
+        'prisma/**',
+        '**/*.prisma',
+        'src/domain/categories/entities/**',
+        'src/domain/categories/repository-ports/**',
+        'typeorm-artifacts-outside-src/infrastructure/adapters/orm/**',
+    ],
+    forbidden_content_markers: ['PrismaClient', '@prisma/client', 'prisma.'],
+};
+export const CODESDD_EVENTED_API_PROFILE_RECIPE = {
+    id: 'evented-api-profile-recipe',
+    version: 1,
+    profile_id: 'evented-api',
+    title: 'Evented API profile recipe',
+    foundation_reference: 'devtrack-foundation-api',
+    inherits_shared_baseline: true,
+    required_baseline_requirements: CODESDD_API_SHARED_BASELINE_REQUIREMENTS,
+    required_artifacts: [
+        artifact('package.json', 'root', 'package-metadata', 'manifest', 'scripts', 'Package scripts, cleanup, port-safe bootstrap, and queue dependencies for evented API validation.', [...CODESDD_API_MANDATORY_PACKAGE_SCRIPT_MARKERS, '"@nestjs/bullmq"', '"bullmq"']),
+        ...mandatoryRuntimeScriptArtifacts(),
+        artifact('.env.example', 'config', 'configuration', 'manifest', 'event-configuration', 'Safe queue, retry, and idempotency placeholders required by evented API profiles.', ['EVENT_QUEUE_NAME=', 'EVENT_RETRY_ATTEMPTS=', 'EVENT_IDEMPOTENCY_TTL_SECONDS=']),
+        artifact('src/application/business/categories/events/category-created.event.ts', 'application', 'source', 'type', 'event-contract', 'Application event contract for category creation in a BO-pattern context.', ['CategoryCreatedEvent', 'eventId', 'categoryId', 'occurredAt']),
+        artifact('src/application/business/categories/ports/out/category-event-publisher.port.ts', 'application', 'source', 'interface', 'event-publisher-port', 'Application output port for publishing category events without leaking queue implementation details.', ['CategoryEventPublisherPort', 'publishCategoryCreated', 'idempotencyKey']),
+        artifact('src/application/business/categories/ports/out/event-idempotency-store.port.ts', 'application', 'source', 'interface', 'idempotency', 'Application output port for event deduplication and processed-event tracking.', ['EventIdempotencyStorePort', 'hasProcessed', 'markProcessed']),
+        artifact('src/application/business/categories/handlers/category-created.handler.ts', 'application', 'source', 'handler', 'event-handler', 'Application handler coordinating idempotency and event publication.', ['CategoryCreatedHandler', 'CategoryCreatedEvent', 'EventIdempotencyStorePort', 'publishCategoryCreated']),
+        artifact('src/application/business/categories/use-cases/create-category.use-case.ts', 'application', 'source', 'use-case', 'event-handler', 'Application use case that records the category creation event after business validation.', ['CreateCategoryUseCase', 'CategoryCreatedEvent', 'CategoryCreatedHandler']),
+        artifact('src/infrastructure/adapters/queue/category-event-publisher.adapter.ts', 'infrastructure', 'source', 'adapter', 'outbox-queue', 'Queue publisher adapter with idempotency key propagation and retry policy.', ['CategoryEventPublisherAdapter', 'Queue', 'idempotencyKey', 'retry']),
+        artifact('src/infrastructure/adapters/queue/category-events.consumer.ts', 'infrastructure', 'source', 'handler', 'event-consumer', 'Queue consumer adapter that delegates processing to the application handler and records dead-letter behavior.', ['Processor', 'Process', 'CategoryCreatedHandler', 'deadLetter']),
+        artifact('src/infrastructure/adapters/queue/event-idempotency-store.adapter.ts', 'infrastructure', 'source', 'adapter', 'idempotency', 'Infrastructure adapter for event deduplication with TTL-based processed-event records.', ['EventIdempotencyStoreAdapter', 'hasProcessed', 'markProcessed', 'ttl']),
+        artifact('docs/events/category-created.md', 'docs', 'documentation', 'documentation', 'event-docs', 'Event contract documentation with payload, idempotency, retry, and error policy.', ['category.created', 'payload', 'idempotencyKey', 'retry']),
+        artifact('tests/categories-events.e2e-spec.ts', 'tests', 'test', 'test', 'event-tests', 'Event integration evidence for publication, idempotency, retry, and handler dispatch.', ['category.created', 'idempotency', 'retry', 'expect']),
+    ],
+    required_quality_gates: [
+        ...CODESDD_API_SHARED_BASELINE_QUALITY_GATES,
+        ...CODESDD_EVENTED_API_PROFILE_QUALITY_GATES,
+    ],
+    required_validation_commands: CODESDD_EVENTED_API_PROFILE_VALIDATION_COMMANDS,
+};
+export const CODESDD_AI_AGENT_API_PROFILE_RECIPE = {
+    id: 'ai-agent-api-profile-recipe',
+    version: 1,
+    profile_id: 'ai-agent-api',
+    title: 'AI Agent API profile recipe',
+    foundation_reference: 'devtrack-foundation-api',
+    inherits_shared_baseline: true,
+    required_baseline_requirements: CODESDD_API_SHARED_BASELINE_REQUIREMENTS,
+    required_artifacts: [
+        artifact('package.json', 'root', 'package-metadata', 'manifest', 'scripts', 'Package scripts for cleanup, port-safe bootstrap, and deterministic agent API validation without live provider calls.', CODESDD_API_MANDATORY_PACKAGE_SCRIPT_MARKERS),
+        ...mandatoryRuntimeScriptArtifacts(),
+        artifact('.env.example', 'config', 'configuration', 'manifest', 'agent-configuration', 'Safe AI provider placeholders that document redaction-sensitive values without raw secrets.', ['AI_PROVIDER=', 'AI_MODEL=', 'AI_API_KEY=', 'AI_AUDIT_ENABLED=']),
+        artifact('src/presentation/rest/agents/agents.module.ts', 'presentation', 'source', 'module', 'root-wiring', 'REST agents module wiring controllers and use-case ports without provider leakage.', ['@Module', 'AgentRunsController', 'RunAgentUseCasePortSymbol']),
+        artifact('src/presentation/rest/agents/controllers/agent-runs.controller.ts', 'presentation', 'source', 'controller', 'agent-controller', 'Swagger-documented agent run endpoint delegating to an application input port.', ['@Controller', '@Post', 'ApiOperation', 'RunAgentUseCasePortSymbol']),
+        artifact('src/presentation/rest/agents/dtos/run-agent-input.dto.ts', 'presentation', 'source', 'dto', 'agent-dto', 'Agent run request DTO with prompt and tool allowlist validation metadata.', ['ApiProperty', 'IsString', 'prompt', 'allowedTools']),
+        artifact('src/presentation/rest/agents/dtos/agent-run-output.dto.ts', 'presentation', 'source', 'dto', 'agent-dto', 'Agent run response DTO documenting output and audit correlation.', ['ApiProperty', 'runId', 'output', 'auditId']),
+        artifact('src/application/intelligence/agents/ports/in/run-agent.use-case.port.ts', 'application', 'source', 'interface', 'agent-use-case', 'Application intelligence input port for agent run requests.', ['RunAgentUseCasePort', 'execute']),
+        artifact('src/application/intelligence/agents/use-cases/run-agent.use-case.ts', 'application', 'source', 'use-case', 'agent-use-case', 'Application intelligence use case coordinating provider, tool boundary, prompt safety, redaction, and audit ports.', ['RunAgentUseCase', 'LlmProviderPort', 'AgentToolRegistryPort', 'PromptSafetyPolicyPort', 'redact']),
+        artifact('src/application/intelligence/agents/ports/out/llm-provider.port.ts', 'application', 'source', 'interface', 'agent-provider-port', 'Application intelligence provider output port isolating LLM completion calls.', ['LlmProviderPort', 'complete', 'model']),
+        artifact('src/application/intelligence/agents/ports/out/agent-tool-registry.port.ts', 'application', 'source', 'interface', 'agent-tool-port', 'Application intelligence output port constraining tool/action execution to an allowlist.', ['AgentToolRegistryPort', 'executeTool', 'allowedTools']),
+        artifact('src/application/intelligence/agents/ports/out/agent-audit.port.ts', 'application', 'source', 'interface', 'agent-audit', 'Application intelligence audit output port for redacted prompts, tool calls, and safety outcomes.', ['AgentAuditPort', 'recordToolCall', 'redactedInput']),
+        artifact('src/application/intelligence/agents/services/prompt-safety.service.ts', 'application', 'source', 'service', 'agent-safety', 'Prompt and tool safety service that rejects blocked content before provider invocation.', ['PromptSafetyPolicy', 'validatePrompt', 'blockedPatterns']),
+        artifact('src/application/intelligence/agents/services/redaction.service.ts', 'application', 'source', 'service', 'agent-redaction', 'Application intelligence redaction service for secrets, tokens, provider keys, and audit-safe payloads.', ['RedactionService', 'redact', 'secret', 'token']),
+        artifact('src/infrastructure/adapters/llm/llm-provider.adapter.ts', 'infrastructure', 'source', 'adapter', 'agent-provider-adapter', 'LLM provider adapter that reads provider config and emits redacted diagnostics.', ['LlmProviderAdapter', 'LlmProviderPort', 'AI_API_KEY', 'redact']),
+        artifact('src/infrastructure/adapters/audit/agent-audit.adapter.ts', 'infrastructure', 'source', 'adapter', 'agent-audit', 'Audit adapter for agent runs, tool calls, redacted inputs, and safety results.', ['AgentAuditAdapter', 'AgentAuditPort', 'recordToolCall', 'redacted']),
+        artifact('docs/agents/ai-agent-api.md', 'docs', 'documentation', 'documentation', 'agent-docs', 'Agent API documentation covering endpoint contract, tool boundary, redaction, audit, and deterministic test policy.', ['tool boundary', 'redaction', 'audit trail', 'deterministic tests']),
+        artifact('tests/agents.e2e-spec.ts', 'tests', 'test', 'test', 'agent-tests', 'Agent run evidence using deterministic provider seams and no live credentials.', ['POST /agents/runs', 'deterministic', 'no live credentials', 'expect']),
+        artifact('tests/agents-safety.spec.ts', 'tests', 'test', 'test', 'agent-tests', 'Prompt safety, tool boundary, and redaction unit evidence.', ['PromptSafetyPolicy', 'RedactionService', 'blocked', 'redact']),
+    ],
+    required_quality_gates: [
+        ...CODESDD_API_SHARED_BASELINE_QUALITY_GATES,
+        ...CODESDD_AI_AGENT_API_PROFILE_QUALITY_GATES,
+    ],
+    required_validation_commands: CODESDD_AI_AGENT_API_PROFILE_VALIDATION_COMMANDS,
+    forbidden_content_markers: [
+        'AI_API_KEY=sk-',
+        'OPENAI_API_KEY=sk-',
+        'ANTHROPIC_API_KEY=sk-',
+        'LIVE_PROVIDER_CALL=true',
+    ],
+};
+export function validateMinimalRestProfileRecipe(input) {
+    return validateProfileRecipe(input, CODESDD_MINIMAL_REST_PROFILE_RECIPE, {
+        profileMismatch: 'MINIMAL_REST_PROFILE_MISMATCH',
+        artifactMissing: 'MINIMAL_REST_ARTIFACT_MISSING',
+        contentMarkerMissing: 'MINIMAL_REST_CONTENT_MARKER_MISSING',
+        qualityGateMissing: 'MINIMAL_REST_QUALITY_GATE_MISSING',
+        validationCommandMissing: 'MINIMAL_REST_VALIDATION_COMMAND_MISSING',
+    });
+}
+export function validateRestAuthRbacProfileRecipe(input) {
+    return validateProfileRecipe(input, CODESDD_REST_AUTH_RBAC_PROFILE_RECIPE, {
+        profileMismatch: 'REST_AUTH_RBAC_PROFILE_MISMATCH',
+        artifactMissing: 'REST_AUTH_RBAC_ARTIFACT_MISSING',
+        contentMarkerMissing: 'REST_AUTH_RBAC_CONTENT_MARKER_MISSING',
+        qualityGateMissing: 'REST_AUTH_RBAC_QUALITY_GATE_MISSING',
+        validationCommandMissing: 'REST_AUTH_RBAC_VALIDATION_COMMAND_MISSING',
+    });
+}
+export function validateRestCrudTypeormProfileRecipe(input) {
+    return validateProfileRecipe(input, CODESDD_REST_CRUD_TYPEORM_PROFILE_RECIPE, {
+        profileMismatch: 'REST_CRUD_TYPEORM_PROFILE_MISMATCH',
+        artifactMissing: 'REST_CRUD_TYPEORM_ARTIFACT_MISSING',
+        contentMarkerMissing: 'REST_CRUD_TYPEORM_CONTENT_MARKER_MISSING',
+        qualityGateMissing: 'REST_CRUD_TYPEORM_QUALITY_GATE_MISSING',
+        validationCommandMissing: 'REST_CRUD_TYPEORM_VALIDATION_COMMAND_MISSING',
+    });
+}
+export function validateEventedApiProfileRecipe(input) {
+    return validateProfileRecipe(input, CODESDD_EVENTED_API_PROFILE_RECIPE, {
+        profileMismatch: 'EVENTED_API_PROFILE_MISMATCH',
+        artifactMissing: 'EVENTED_API_ARTIFACT_MISSING',
+        contentMarkerMissing: 'EVENTED_API_CONTENT_MARKER_MISSING',
+        qualityGateMissing: 'EVENTED_API_QUALITY_GATE_MISSING',
+        validationCommandMissing: 'EVENTED_API_VALIDATION_COMMAND_MISSING',
+    });
+}
+export function validateAiAgentApiProfileRecipe(input) {
+    return validateProfileRecipe(input, CODESDD_AI_AGENT_API_PROFILE_RECIPE, {
+        profileMismatch: 'AI_AGENT_API_PROFILE_MISMATCH',
+        artifactMissing: 'AI_AGENT_API_ARTIFACT_MISSING',
+        contentMarkerMissing: 'AI_AGENT_API_CONTENT_MARKER_MISSING',
+        qualityGateMissing: 'AI_AGENT_API_QUALITY_GATE_MISSING',
+        validationCommandMissing: 'AI_AGENT_API_VALIDATION_COMMAND_MISSING',
+    });
+}
+function validateProfileRecipe(input, recipe, failureCodes) {
+    const artifactPaths = new Set(input.artifactPaths.map((value) => value.trim()));
+    const qualityGates = new Set(input.qualityGates.map((value) => value.trim()));
+    const validationCommands = new Set(input.validationCommands.map((value) => value.trim()));
+    const missingArtifacts = recipe.required_artifacts
+        .map((artifactDefinition) => artifactDefinition.path)
+        .filter((path) => !artifactPaths.has(path));
+    const missingContentMarkers = input.artifactContents
+        ? recipe.required_artifacts.flatMap((artifactDefinition) => {
+            const content = input.artifactContents?.[artifactDefinition.path] ?? '';
+            return artifactDefinition.content_markers
+                .filter((marker) => !content.includes(marker))
+                .map((marker) => `${artifactDefinition.path}::${marker}`);
+        })
+        : [];
+    const missingQualityGates = recipe.required_quality_gates.filter((gate) => !qualityGates.has(gate));
+    const missingValidationCommands = recipe.required_validation_commands.filter((command) => !validationCommands.has(command));
+    const forbiddenArtifacts = recipe.profile_id === 'rest-crud-typeorm' ? findForbiddenRestCrudTypeormArtifacts([...artifactPaths]) : [];
+    const forbiddenContentMarkers = recipe.profile_id === 'rest-crud-typeorm'
+        ? findForbiddenRestCrudTypeormContentMarkers(input.artifactContents)
+        : recipe.profile_id === 'ai-agent-api'
+            ? findForbiddenAiAgentApiContentMarkers(input.artifactContents)
+            : [];
+    const findings = [];
+    if (input.profileId !== recipe.profile_id) {
+        findings.push({
+            code: failureCodes.profileMismatch,
+            severity: 'error',
+            message: `${recipe.profile_id} recipe validator received profile ${input.profileId}.`,
+            expected: recipe.profile_id,
+        });
+    }
+    findings.push(...missingArtifacts.map((path) => finding(failureCodes.artifactMissing, `Required ${recipe.profile_id} artifact is missing.`, path)), ...missingContentMarkers.map((marker) => finding(failureCodes.contentMarkerMissing, `Required ${recipe.profile_id} content marker is missing.`, marker)), ...missingQualityGates.map((gate) => finding(failureCodes.qualityGateMissing, `Required ${recipe.profile_id} quality gate is missing.`, gate)), ...missingValidationCommands.map((command) => finding(failureCodes.validationCommandMissing, `Required ${recipe.profile_id} validation command is missing.`, command)), ...forbiddenArtifacts.map((path) => finding('REST_CRUD_TYPEORM_FORBIDDEN_ARTIFACT', 'Forbidden rest-crud-typeorm artifact violates TypeORM-only or Foundation boundary policy.', path)), ...forbiddenContentMarkers.map((marker) => recipe.profile_id === 'ai-agent-api'
+        ? finding('AI_AGENT_API_FORBIDDEN_CONTENT_MARKER', 'Forbidden ai-agent-api content marker violates no-live-credential policy.', marker)
+        : finding('REST_CRUD_TYPEORM_FORBIDDEN_CONTENT_MARKER', 'Forbidden rest-crud-typeorm content marker violates TypeORM-only policy.', marker)));
+    return {
+        profile_id: input.profileId,
+        recipe_id: recipe.id,
+        status: findings.length === 0 ? 'passed' : 'failed',
+        missing_artifacts: missingArtifacts,
+        missing_content_markers: missingContentMarkers,
+        missing_quality_gates: missingQualityGates,
+        missing_validation_commands: missingValidationCommands,
+        forbidden_artifacts: forbiddenArtifacts,
+        forbidden_content_markers: forbiddenContentMarkers,
+        findings,
+    };
+}
+function findForbiddenRestCrudTypeormArtifacts(artifactPaths) {
+    return artifactPaths.filter((path) => {
+        const normalized = path.trim();
+        const lower = normalized.toLowerCase();
+        if (lower.includes('prisma') || lower.endsWith('.prisma')) {
+            return true;
+        }
+        if (lower.startsWith('src/domain/categories/entities/') ||
+            lower.startsWith('src/domain/categories/repository-ports/')) {
+            return true;
+        }
+        const isOrmTechnicalArtifact = lower.includes('typeorm') ||
+            lower.includes('orm-entity') ||
+            lower.includes('/migrations/') ||
+            lower.includes('/mappers/');
+        return isOrmTechnicalArtifact && !lower.startsWith('src/infrastructure/adapters/orm/');
+    });
+}
+function findForbiddenRestCrudTypeormContentMarkers(artifactContents) {
+    if (!artifactContents) {
+        return [];
+    }
+    const forbiddenMarkers = CODESDD_REST_CRUD_TYPEORM_PROFILE_RECIPE.forbidden_content_markers ?? [];
+    return Object.entries(artifactContents).flatMap(([path, content]) => forbiddenMarkers
+        .filter((marker) => content.includes(marker))
+        .map((marker) => `${path}::${marker}`));
+}
+function findForbiddenAiAgentApiContentMarkers(artifactContents) {
+    if (!artifactContents) {
+        return [];
+    }
+    const forbiddenMarkers = CODESDD_AI_AGENT_API_PROFILE_RECIPE.forbidden_content_markers ?? [];
+    return Object.entries(artifactContents).flatMap(([path, content]) => [
+        ...forbiddenMarkers
+            .filter((marker) => content.includes(marker))
+            .map((marker) => `${path}::${marker}`),
+        ...CODESDD_AI_AGENT_API_FORBIDDEN_CONTENT_PATTERNS
+            .filter(({ pattern }) => pattern.test(content))
+            .map(({ id }) => `${path}::${id}`),
+    ]);
+}
+function mandatoryRuntimeScriptArtifacts() {
+    return [
+        artifact('scripts/cleanup.sh', 'root', 'source', 'implementation', 'scripts', 'Destructive cleanup script removing dependency installs, build outputs, caches, lockfiles, and TypeScript compilation residue before reinstall or clean validation.', CODESDD_API_MANDATORY_CLEANUP_SCRIPT_MARKERS),
+        artifact('scripts/kill-port.js', 'root', 'source', 'implementation', 'scripts', 'Cross-platform port preflight used by start and start:dev before Nest bootstrap continues.', CODESDD_API_MANDATORY_KILL_PORT_SCRIPT_MARKERS),
+    ];
+}
+function artifact(path, layer, artifactKind, role, category, reason, contentMarkers) {
+    return {
+        path,
+        layer,
+        artifact_kind: artifactKind,
+        role,
+        category,
+        reason,
+        content_markers: contentMarkers,
+    };
+}
+function finding(code, message, expected) {
+    return {
+        code,
+        severity: 'error',
+        message,
+        expected,
+    };
+}
+//# sourceMappingURL=api-profile-recipes.js.map