@dewtech/dare-cli 3.0.0 → 3.2.0

package/templates/stacks/php-laravel/openapi.json.hbs

@@ -0,0 +1,43 @@
+{
+  "openapi": "3.0.3",
+  "info": {
+    "title": "{{projectName}}",
+    "version": "0.1.0",
+    "description": "DARE-shaped Laravel API. Regenerated by `php artisan l5-swagger:generate`."
+  },
+  "paths": {
+    "/api/auth/login": {
+      "post": {
+        "summary": "Exchange email+password for Sanctum token",
+        "responses": {
+          "200": { "description": "Token issued" },
+          "401": { "description": "Invalid credentials" }
+        }
+      }
+    },
+    "/api/auth/me": {
+      "get": {
+        "summary": "Current user",
+        "security": [{ "bearer": [] }],
+        "responses": { "200": { "description": "User" }, "401": { "description": "Unauthorized" } }
+      }
+    },
+    "/api/users": {
+      "get": {
+        "summary": "List users",
+        "security": [{ "bearer": [] }],
+        "responses": { "200": { "description": "Page of users" } }
+      },
+      "post": {
+        "summary": "Create user (admin)",
+        "security": [{ "bearer": [] }],
+        "responses": { "201": { "description": "Created" }, "403": { "description": "Forbidden" } }
+      }
+    }
+  },
+  "components": {
+    "securitySchemes": {
+      "bearer": { "type": "http", "scheme": "bearer" }
+    }
+  }
+}

package/templates/stacks/php-laravel/phpstan.neon

@@ -0,0 +1,9 @@
+includes:
+  - vendor/larastan/larastan/extension.neon
+
+parameters:
+  paths:
+    - app/
+  level: 6
+  excludePaths:
+    - app/Console/Commands/Stubs/

package/templates/stacks/php-laravel/routes/api.php

@@ -0,0 +1,13 @@
+<?php
+
+use App\Http\Controllers\Api\AuthController;
+use App\Http\Controllers\Api\UsersController;
+use Illuminate\Support\Facades\Route;
+
+Route::post('/auth/login', [AuthController::class, 'login']);
+
+Route::middleware('auth:sanctum')->group(function () {
+    Route::get('/auth/me', [AuthController::class, 'me']);
+    Route::get('/users', [UsersController::class, 'index']);
+    Route::post('/users', [UsersController::class, 'store']);
+});

package/templates/stacks/php-laravel/routes/channels.php

@@ -0,0 +1,7 @@
+<?php
+
+use Illuminate\Support\Facades\Broadcast;
+
+Broadcast::channel('App.Models.User.{id}', function ($user, $id) {
+    return (int) $user->id === (int) $id;
+});

package/templates/stacks/php-laravel/tests/Feature/AuthTest.php

@@ -0,0 +1,35 @@
+<?php
+
+use App\Models\User;
+
+it('rejects login with bad email', function () {
+    $res = $this->postJson('/api/auth/login', [
+        'email' => 'not-an-email',
+        'password' => 'Str0ngPass',
+    ]);
+    $res->assertStatus(422);
+});
+
+it('rejects login with short password', function () {
+    $res = $this->postJson('/api/auth/login', [
+        'email' => 'user@example.test',
+        'password' => 'short',
+    ]);
+    $res->assertStatus(422);
+});
+
+it('issues a token on valid credentials', function () {
+    $user = User::query()->create([
+        'email' => 'login@example.test',
+        'password' => bcrypt('Str0ngPass'),
+        'role' => 'USER',
+    ]);
+
+    $res = $this->postJson('/api/auth/login', [
+        'email' => $user->email,
+        'password' => 'Str0ngPass',
+    ]);
+
+    $res->assertOk();
+    $res->assertJsonStructure(['accessToken', 'tokenType']);
+});

package/templates/stacks/php-laravel/tests/Feature/UsersTest.php

@@ -0,0 +1,30 @@
+<?php
+
+use App\Models\User;
+use Laravel\Sanctum\Sanctum;
+
+it('lists users when authenticated', function () {
+    Sanctum::actingAs(User::query()->create([
+        'email' => 'admin@example.test',
+        'password' => bcrypt('Str0ngPass'),
+        'role' => 'ADMIN',
+    ]));
+
+    $res = $this->getJson('/api/users');
+    $res->assertOk();
+    $res->assertJsonStructure(['items', 'total', 'page']);
+});
+
+it('rejects non-admin from creating users', function () {
+    Sanctum::actingAs(User::query()->create([
+        'email' => 'user@example.test',
+        'password' => bcrypt('Str0ngPass'),
+        'role' => 'USER',
+    ]));
+
+    $res = $this->postJson('/api/users', [
+        'email' => 'new@example.test',
+        'password' => 'Str0ngPass1',
+    ]);
+    $res->assertStatus(403);
+});

package/templates/stacks/php-laravel/tests/Pest.php

@@ -0,0 +1,5 @@
+<?php
+
+use Tests\TestCase;
+
+uses(TestCase::class)->in('Feature');

package/templates/stacks/python-fastapi/.dare/skills.yml

@@ -0,0 +1,11 @@
+version: 1
+skills:
+  - id: skill-fastapi-api
+    source: skill-fastapi-api
+    description: FastAPI Layered Design + Pydantic v2 + SQLAlchemy 2.0 + Alembic
+  - id: dare-ax
+    source: dare-ax
+    description: Agent eXperience invariants (llms.txt, OpenAPI, --json, rate limit)
+  - id: dare-layered-design
+    source: dare-layered-design
+    description: Router → Service → Repository → Model 4-layer architecture

package/templates/stacks/python-fastapi/.env.example

@@ -0,0 +1,21 @@
+# Application
+APP_PORT=8000
+LOG_LEVEL=info
+
+# Database
+DATABASE_URL=postgresql+psycopg://user:pass@localhost:5432/myapi
+
+# JWT auth
+JWT_SECRET=replace-me-in-prod
+JWT_ALGORITHM=HS256
+JWT_EXPIRES_MIN=15
+
+# Password hashing
+BCRYPT_ROUNDS=12
+
+# Rate limit
+RATE_LIMIT_PER_MIN=60
+
+# LLM provider (optional)
+# LLM_PROVIDER=dummy
+# OPENAI_API_KEY=

package/templates/stacks/python-fastapi/.github/workflows/dare-ci.yml

@@ -0,0 +1,43 @@
+name: DARE CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  audit:
+    name: Audit dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - run: pip install pip-audit
+      - run: pip-audit --strict --requirement <(pip install -e ".[dev]" --dry-run --quiet --report -)
+        shell: bash
+        continue-on-error: false
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - run: pip install ruff
+      - run: ruff check .
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - run: pip install -e ".[dev]"
+      - run: pytest

package/templates/stacks/python-fastapi/README.md.j2

@@ -0,0 +1,35 @@
+# {{ projectName }}
+
+DARE-shaped FastAPI API. Layered Design (Router → Service → Repository → Model).
+
+## Setup
+
+```bash
+cp .env.example .env
+docker compose up -d postgres
+python -m venv .venv
+source .venv/bin/activate    # or .venv\Scripts\activate on Windows
+pip install -e ".[dev]"
+alembic upgrade head
+uvicorn app.main:app --reload
+```
+
+## Endpoints
+
+- `POST /auth/login` — exchange email/password for JWT
+- `GET /auth/me` — current user (Bearer JWT)
+- `GET /users` — list users (paginated)
+- `POST /users` — create user (admin only)
+- `GET /openapi.json` — OpenAPI 3.1 surface
+- `GET /docs` — Swagger UI
+
+## Commands
+
+- `uvicorn app.main:app --reload` — dev server (port 8000)
+- `pytest` — run tests
+- `ruff check .` — lint
+- `pip-audit` — dependency audit
+
+## DARE Method
+
+See `.dare/skills.yml` for installed skills, `llms.txt` for agent context.

package/templates/stacks/python-fastapi/alembic/env.py

@@ -0,0 +1,46 @@
+"""Alembic env — reads DATABASE_URL from settings, uses our Base metadata."""
+from logging.config import fileConfig
+
+from alembic import context
+from sqlalchemy import engine_from_config, pool
+
+from app.core.config import settings
+from app.db.session import Base
+from app.models import User  # noqa: F401  ensure metadata is populated
+
+config = context.config
+config.set_main_option("sqlalchemy.url", settings.database_url)
+
+if config.config_file_name is not None:
+    fileConfig(config.config_file_name)
+
+target_metadata = Base.metadata
+
+
+def run_migrations_offline() -> None:
+    context.configure(
+        url=config.get_main_option("sqlalchemy.url"),
+        target_metadata=target_metadata,
+        literal_binds=True,
+        dialect_opts={"paramstyle": "named"},
+    )
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+def run_migrations_online() -> None:
+    connectable = engine_from_config(
+        config.get_section(config.config_ini_section, {}),
+        prefix="sqlalchemy.",
+        poolclass=pool.NullPool,
+    )
+    with connectable.connect() as connection:
+        context.configure(connection=connection, target_metadata=target_metadata)
+        with context.begin_transaction():
+            context.run_migrations()
+
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()

package/templates/stacks/python-fastapi/alembic/script.py.mako

@@ -0,0 +1,26 @@
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision | comma,n}
+Create Date: ${create_date}
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+${imports if imports else ""}
+
+# revision identifiers, used by Alembic.
+revision: str = ${repr(up_revision)}
+down_revision: Union[str, None] = ${repr(down_revision)}
+branch_labels: Union[str, Sequence[str], None] = ${repr(branch_labels)}
+depends_on: Union[str, Sequence[str], None] = ${repr(depends_on)}
+
+
+def upgrade() -> None:
+    ${upgrades if upgrades else "pass"}
+
+
+def downgrade() -> None:
+    ${downgrades if downgrades else "pass"}

package/templates/stacks/python-fastapi/alembic/versions/0001_create_users.py.j2

@@ -0,0 +1,37 @@
+"""create users table
+
+Revision ID: 0001_create_users
+Revises:
+Create Date: 2026-06-01 00:00:00
+"""
+import sqlalchemy as sa
+from alembic import op
+from sqlalchemy.dialects import postgresql
+
+revision = "0001_create_users"
+down_revision = None
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        "users",
+        sa.Column("id", postgresql.UUID(as_uuid=True), primary_key=True),
+        sa.Column("email", sa.String(length=254), nullable=False),
+        sa.Column("password", sa.String(length=255), nullable=False),
+        sa.Column("role", sa.String(length=16), nullable=False, server_default="USER"),
+        sa.Column(
+            "created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False
+        ),
+        sa.Column(
+            "updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False
+        ),
+        sa.UniqueConstraint("email", name="uq_users_email"),
+    )
+    op.create_index("ix_users_email", "users", ["email"])
+
+
+def downgrade() -> None:
+    op.drop_index("ix_users_email", "users")
+    op.drop_table("users")

package/templates/stacks/python-fastapi/alembic.ini.j2

@@ -0,0 +1,39 @@
+[alembic]
+script_location = alembic
+prepend_sys_path = .
+version_path_separator = os
+sqlalchemy.url =
+
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S

package/templates/stacks/python-fastapi/app/core/config.py

@@ -0,0 +1,24 @@
+"""App settings — Pydantic Settings reads from .env / environment."""
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+
+class Settings(BaseSettings):
+    model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8", extra="ignore")
+
+    app_port: int = 8000
+    log_level: str = "info"
+
+    database_url: str = "postgresql+psycopg://user:pass@localhost:5432/dbname"
+
+    jwt_secret: str = "replace-me-in-prod"
+    jwt_algorithm: str = "HS256"
+    jwt_expires_min: int = 15
+
+    bcrypt_rounds: int = 12
+
+    rate_limit_per_min: int = 60
+
+    cors_origins: list[str] = ["http://localhost:3000"]
+
+
+settings = Settings()

package/templates/stacks/python-fastapi/app/core/security.py

@@ -0,0 +1,34 @@
+"""JWT + password hashing helpers."""
+from datetime import datetime, timedelta, timezone
+from typing import Any
+
+from jose import JWTError, jwt
+from passlib.context import CryptContext
+
+from app.core.config import settings
+
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto", bcrypt__rounds=settings.bcrypt_rounds)
+
+
+def hash_password(plain: str) -> str:
+    return pwd_context.hash(plain)
+
+
+def verify_password(plain: str, hashed: str) -> bool:
+    return pwd_context.verify(plain, hashed)
+
+
+def create_access_token(sub: str, claims: dict[str, Any] | None = None) -> tuple[str, int]:
+    expires = datetime.now(timezone.utc) + timedelta(minutes=settings.jwt_expires_min)
+    payload: dict[str, Any] = {"sub": sub, "exp": expires}
+    if claims:
+        payload.update(claims)
+    token = jwt.encode(payload, settings.jwt_secret, algorithm=settings.jwt_algorithm)
+    return token, settings.jwt_expires_min * 60
+
+
+def decode_access_token(token: str) -> dict[str, Any] | None:
+    try:
+        return jwt.decode(token, settings.jwt_secret, algorithms=[settings.jwt_algorithm])
+    except JWTError:
+        return None

package/templates/stacks/python-fastapi/app/db/session.py

@@ -0,0 +1,22 @@
+"""SQLAlchemy engine + session + declarative Base."""
+from collections.abc import Generator
+
+from sqlalchemy import create_engine
+from sqlalchemy.orm import DeclarativeBase, Session, sessionmaker
+
+from app.core.config import settings
+
+engine = create_engine(settings.database_url, pool_pre_ping=True)
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+
+class Base(DeclarativeBase):
+    """Declarative base for all ORM models."""
+
+
+def get_db() -> Generator[Session, None, None]:
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()

package/templates/stacks/python-fastapi/app/main.py.j2

@@ -0,0 +1,36 @@
+"""FastAPI app entrypoint."""
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+from slowapi import Limiter, _rate_limit_exceeded_handler
+from slowapi.errors import RateLimitExceeded
+from slowapi.util import get_remote_address
+
+from app.core.config import settings
+from app.routers import auth, users
+
+limiter = Limiter(key_func=get_remote_address, default_limits=[f"{settings.rate_limit_per_min}/minute"])
+
+app = FastAPI(
+    title="{{ projectName }}",
+    version="0.1.0",
+    description="DARE-shaped FastAPI API",
+)
+
+app.state.limiter = limiter
+app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=settings.cors_origins,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+app.include_router(auth.router, prefix="/auth", tags=["auth"])
+app.include_router(users.router, prefix="/users", tags=["users"])
+
+
+@app.get("/healthz", include_in_schema=False)
+def healthz() -> dict[str, str]:
+    return {"status": "ok"}

package/templates/stacks/python-fastapi/app/models/__init__.py

@@ -0,0 +1,3 @@
+from app.models.user import User
+
+__all__ = ["User"]

package/templates/stacks/python-fastapi/app/models/user.py

@@ -0,0 +1,30 @@
+"""User ORM model."""
+import uuid
+from datetime import datetime
+from enum import Enum
+
+from sqlalchemy import DateTime, Index, String, func
+from sqlalchemy.dialects.postgresql import UUID
+from sqlalchemy.orm import Mapped, mapped_column
+
+from app.db.session import Base
+
+
+class Role(str, Enum):
+    USER = "USER"
+    ADMIN = "ADMIN"
+
+
+class User(Base):
+    __tablename__ = "users"
+
+    id: Mapped[uuid.UUID] = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    email: Mapped[str] = mapped_column(String(254), unique=True, nullable=False)
+    password: Mapped[str] = mapped_column(String(255), nullable=False)
+    role: Mapped[str] = mapped_column(String(16), nullable=False, default=Role.USER.value)
+    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now())
+    updated_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), server_default=func.now(), onupdate=func.now()
+    )
+
+    __table_args__ = (Index("ix_users_email", "email"),)

package/templates/stacks/python-fastapi/app/repositories/user_repository.py

@@ -0,0 +1,34 @@
+"""User repository — encapsulates SQLAlchemy queries."""
+from sqlalchemy import func, select
+from sqlalchemy.orm import Session
+
+from app.models.user import User
+
+
+class UserRepository:
+    def __init__(self, db: Session) -> None:
+        self.db = db
+
+    def find_by_email(self, email: str) -> User | None:
+        return self.db.execute(select(User).where(User.email == email)).scalar_one_or_none()
+
+    def page(self, page: int, limit: int) -> tuple[list[User], int]:
+        page = max(1, page)
+        limit = min(100, max(1, limit))
+        offset = (page - 1) * limit
+        items = list(
+            self.db.execute(
+                select(User).order_by(User.created_at.desc()).offset(offset).limit(limit)
+            )
+            .scalars()
+            .all()
+        )
+        total = self.db.execute(select(func.count()).select_from(User)).scalar_one()
+        return items, total
+
+    def create(self, *, email: str, password: str, role: str) -> User:
+        user = User(email=email, password=password, role=role)
+        self.db.add(user)
+        self.db.commit()
+        self.db.refresh(user)
+        return user

package/templates/stacks/python-fastapi/app/routers/auth.py

@@ -0,0 +1,37 @@
+"""Auth router: POST /auth/login, GET /auth/me."""
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from sqlalchemy.orm import Session
+
+from app.core.security import decode_access_token
+from app.db.session import get_db
+from app.repositories.user_repository import UserRepository
+from app.schemas.user import LoginIn, LoginOut, UserOut
+from app.services.auth_service import AuthService, InvalidCredentials
+
+router = APIRouter()
+bearer = HTTPBearer(auto_error=True)
+
+
+@router.post("/login", response_model=LoginOut)
+def login(dto: LoginIn, db: Session = Depends(get_db)) -> LoginOut:
+    service = AuthService(UserRepository(db))
+    try:
+        return service.login(dto)
+    except InvalidCredentials as exc:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid credentials") from exc
+
+
+@router.get("/me", response_model=UserOut)
+def me(
+    creds: HTTPAuthorizationCredentials = Depends(bearer),
+    db: Session = Depends(get_db),
+) -> UserOut:
+    payload = decode_access_token(creds.credentials)
+    if not payload or "sub" not in payload:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid token")
+    repo = UserRepository(db)
+    user = repo.find_by_email(payload.get("email", ""))
+    if user is None:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "User not found")
+    return UserOut.model_validate(user)