npm - @forinda/kickjs-cli - Versions diffs - 2.3.2 → 3.0.0 - Mend

@forinda/kickjs-cli 2.3.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md +19 -0
package/dist/cli.mjs +849 -199
package/dist/index.d.mts +1 -0
package/dist/index.d.mts.map +1 -1
package/dist/index.mjs +133 -72
package/dist/index.mjs.map +1 -1
package/dist/{typegen-CClCYrkk.mjs → typegen-BL0O61s-.mjs} +2 -2
package/dist/{typegen-CClCYrkk.mjs.map → typegen-BL0O61s-.mjs.map} +1 -1
package/package.json +4 -2

package/dist/cli.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
- * @forinda/kickjs-cli v2.3.2
+ * @forinda/kickjs-cli v3.0.0
  *
  * Copyright (c) Felix Orinda
  *
@@ -12,9 +12,10 @@ import { Command } from "commander";
 import { cpSync, existsSync, mkdirSync, readFileSync, readdirSync, rmSync, writeFileSync } from "node:fs";
 import { basename, dirname, join, relative, resolve, sep } from "node:path";
 import { fileURLToPath, pathToFileURL } from "node:url";
-import { createInterface } from "node:readline";
-import { execSync, fork, spawn } from "node:child_process";
+import { execSync, fork, spawn, spawnSync } from "node:child_process";
 import { access, mkdir, readFile, readdir, rm, writeFile } from "node:fs/promises";
+import * as clack from "@clack/prompts";
+import pc from "picocolors";
 import pkg from "pluralize";
 import { arch, platform, release } from "node:os";
 //#region \0rolldown/runtime.js
@@ -52,8 +53,22 @@ async function fileExists(filePath) {
 }
 //#endregion
 //#region src/generators/templates/project-config.ts
+/** Map of optional package names to their npm package identifiers */
+const PACKAGE_DEPS = {
+	auth: "@forinda/kickjs-auth",
+	swagger: "@forinda/kickjs-swagger",
+	otel: "@forinda/kickjs-otel",
+	ws: "@forinda/kickjs-ws",
+	queue: "@forinda/kickjs-queue",
+	cron: "@forinda/kickjs-cron",
+	mailer: "@forinda/kickjs-mailer",
+	graphql: "@forinda/kickjs-graphql",
+	devtools: "@forinda/kickjs-devtools",
+	notifications: "@forinda/kickjs-notifications",
+	"multi-tenant": "@forinda/kickjs-multi-tenant"
+};
 /** Generate package.json with template-aware dependencies */
-function generatePackageJson(name, template, kickjsVersion) {
+function generatePackageJson(name, template, kickjsVersion, packages = []) {
 	const baseDeps = {
 		"@forinda/kickjs": kickjsVersion,
 		dotenv: "^17.3.1",
@@ -63,20 +78,15 @@ function generatePackageJson(name, template, kickjsVersion) {
 		pino: "^10.3.1",
 		"pino-pretty": "^13.1.3"
 	};
-	if (template !== "minimal") {
-		baseDeps["@forinda/kickjs-swagger"] = kickjsVersion;
-		baseDeps["@forinda/kickjs-devtools"] = kickjsVersion;
-	}
 	if (template === "graphql") {
 		baseDeps["@forinda/kickjs-graphql"] = kickjsVersion;
 		baseDeps["graphql"] = "^16.11.0";
 	}
-	if (template === "cqrs") {
-		baseDeps["@forinda/kickjs-queue"] = kickjsVersion;
-		baseDeps["@forinda/kickjs-ws"] = kickjsVersion;
-		baseDeps["@forinda/kickjs-otel"] = kickjsVersion;
+	for (const pkg of packages) {
+		const dep = PACKAGE_DEPS[pkg];
+		if (dep && !baseDeps[dep]) baseDeps[dep] = kickjsVersion;
 	}
-	if (template === "ddd") baseDeps["@forinda/kickjs-swagger"] = kickjsVersion;
+	if (packages.includes("graphql") && !baseDeps["graphql"]) baseDeps["graphql"] = "^16.11.0";
 	return JSON.stringify({
 		name,
 		version: kickjsVersion.replace("^", ""),
@@ -279,18 +289,32 @@ export default defineConfig({
 * In production, bootstrap() auto-starts the HTTP server when
 * `globalThis.__kickjs_httpServer` is not set.
 */
-function generateEntryFile(name, template, version) {
+function generateEntryFile(name, template, version, packages = []) {
 	switch (template) {
-		case "graphql": return `import 'reflect-metadata'
+		case "graphql": {
+			const gqlImports = [];
+			const gqlAdapters = [];
+			if (packages.includes("devtools")) {
+				gqlImports.push(`import { DevToolsAdapter } from '@forinda/kickjs-devtools'`);
+				gqlAdapters.push(`    new DevToolsAdapter(),`);
+			}
+			if (packages.includes("otel")) {
+				gqlImports.push(`import { OtelAdapter } from '@forinda/kickjs-otel'`);
+				gqlAdapters.push(`    new OtelAdapter({ serviceName: '${name}' }),`);
+			}
+			if (packages.includes("swagger")) {
+				gqlImports.push(`import { SwaggerAdapter } from '@forinda/kickjs-swagger'`);
+				gqlAdapters.push(`    new SwaggerAdapter({ info: { title: '${name}', version: '${version}' } }),`);
+			}
+			return `import 'reflect-metadata'
 // Side-effect import — registers the extended env schema with kickjs
 // **before** any controller / service / @Value gets resolved. Without
 // this line ConfigService.get('YOUR_KEY') returns undefined because the
 // cached schema would still be the base shape. See guide/configuration.
 import './config'
 import { bootstrap } from '@forinda/kickjs'
-import { DevToolsAdapter } from '@forinda/kickjs-devtools'
 import { GraphQLAdapter } from '@forinda/kickjs-graphql'
-import { modules } from './modules'
+${gqlImports.length ? gqlImports.join("\n") + "\n" : ""}import { modules } from './modules'
 // Import your resolvers here
 // import { UserResolver } from './resolvers/user.resolver'
@@ -299,8 +323,7 @@ import { modules } from './modules'
 export const app = await bootstrap({
   modules,
   adapters: [
-    new DevToolsAdapter(),
-    new GraphQLAdapter({
+${gqlAdapters.length ? gqlAdapters.join("\n") + "\n" : ""}    new GraphQLAdapter({
       resolvers: [/* UserResolver */],
       // Add custom type definitions here:
       // typeDefs: userTypeDefs,
@@ -308,51 +331,91 @@ export const app = await bootstrap({
   ],
 })
 `;
-		case "cqrs": return `import 'reflect-metadata'
+		}
+		case "cqrs": {
+			const cqrsImports = [];
+			const cqrsAdapters = [];
+			if (packages.includes("otel")) {
+				cqrsImports.push(`import { OtelAdapter } from '@forinda/kickjs-otel'`);
+				cqrsAdapters.push(`    new OtelAdapter({ serviceName: '${name}' }),`);
+			}
+			if (packages.includes("devtools")) {
+				cqrsImports.push(`import { DevToolsAdapter } from '@forinda/kickjs-devtools'`);
+				cqrsAdapters.push(`    new DevToolsAdapter(),`);
+			}
+			if (packages.includes("swagger")) {
+				cqrsImports.push(`import { SwaggerAdapter } from '@forinda/kickjs-swagger'`);
+				cqrsAdapters.push(`    new SwaggerAdapter({\n      info: { title: '${name}', version: '${version}' },\n    }),`);
+			}
+			if (packages.includes("graphql")) {
+				cqrsImports.push(`import { GraphQLAdapter } from '@forinda/kickjs-graphql'`);
+				cqrsAdapters.push(`    new GraphQLAdapter({ resolvers: [] }),`);
+			}
+			return `import 'reflect-metadata'
 // Side-effect import — registers the extended env schema with kickjs
 // **before** any controller / service / @Value gets resolved. Without
 // this line ConfigService.get('YOUR_KEY') returns undefined because the
 // cached schema would still be the base shape. See guide/configuration.
 import './config'
 import { bootstrap } from '@forinda/kickjs'
-import { DevToolsAdapter } from '@forinda/kickjs-devtools'
-import { SwaggerAdapter } from '@forinda/kickjs-swagger'
-import { OtelAdapter } from '@forinda/kickjs-otel'
 // import { WsAdapter } from '@forinda/kickjs-ws'
 // import { QueueAdapter, BullMQProvider } from '@forinda/kickjs-queue'
-import { modules } from './modules'
+${cqrsImports.length ? cqrsImports.join("\n") + "\n" : ""}import { modules } from './modules'
 // Export the app for the Vite plugin (dev mode)
 export const app = await bootstrap({
-  modules,
-  adapters: [
-    new OtelAdapter({ serviceName: '${name}' }),
-    new DevToolsAdapter(),
-    new SwaggerAdapter({
-      info: { title: '${name}', version: '${version}' },
-    }),
-    // Uncomment for WebSocket support:
-    // new WsAdapter(),
-    // Uncomment when Redis is available:
-    // new QueueAdapter({
-    //   provider: new BullMQProvider({ host: 'localhost', port: 6379 }),
-    // }),
-  ],
+  modules,${cqrsImports.length ? `\n  adapters: [\n${cqrsAdapters.join("\n")}\n    // Uncomment for WebSocket support:\n    // new WsAdapter(),\n    // Uncomment when Redis is available:\n    // new QueueAdapter({\n    //   provider: new BullMQProvider({ host: 'localhost', port: 6379 }),\n    // }),\n  ],` : `\n  adapters: [\n    // Uncomment for WebSocket support:\n    // new WsAdapter(),\n    // Uncomment when Redis is available:\n    // new QueueAdapter({\n    //   provider: new BullMQProvider({ host: 'localhost', port: 6379 }),\n    // }),\n  ],`}
 })
 `;
-		case "minimal": return `import 'reflect-metadata'
+		}
+		case "minimal": {
+			const imports = [];
+			const adapters = [];
+			if (packages.includes("swagger")) {
+				imports.push(`import { SwaggerAdapter } from '@forinda/kickjs-swagger'`);
+				adapters.push(`    new SwaggerAdapter({ info: { title: '${name}', version: '${version}' } }),`);
+			}
+			if (packages.includes("devtools")) {
+				imports.push(`import { DevToolsAdapter } from '@forinda/kickjs-devtools'`);
+				adapters.push(`    new DevToolsAdapter(),`);
+			}
+			if (packages.includes("otel")) {
+				imports.push(`import { OtelAdapter } from '@forinda/kickjs-otel'`);
+				adapters.push(`    new OtelAdapter({ serviceName: '${name}' }),`);
+			}
+			if (packages.includes("graphql")) {
+				imports.push(`import { GraphQLAdapter } from '@forinda/kickjs-graphql'`);
+				adapters.push(`    new GraphQLAdapter({ resolvers: [] }),`);
+			}
+			return `import 'reflect-metadata'
 // Side-effect import — registers the extended env schema with kickjs
 // **before** any controller / service / @Value gets resolved. Without
 // this line ConfigService.get('YOUR_KEY') returns undefined because the
 // cached schema would still be the base shape. See guide/configuration.
 import './config'
 import { bootstrap } from '@forinda/kickjs'
-import { modules } from './modules'
+${imports.length ? imports.join("\n") + "\n" : ""}import { modules } from './modules'
 // Export the app for the Vite plugin (dev mode)
-export const app = await bootstrap({ modules })
+export const app = await bootstrap({ modules${adapters.length ? `,\n  adapters: [\n${adapters.join("\n")}\n  ]` : ""} })
 `;
-		default: return `import 'reflect-metadata'
+		}
+		default: {
+			const restImports = [];
+			const restAdapters = [];
+			if (packages.includes("devtools")) {
+				restImports.push(`import { DevToolsAdapter } from '@forinda/kickjs-devtools'`);
+				restAdapters.push(`    new DevToolsAdapter(),`);
+			}
+			if (packages.includes("swagger")) {
+				restImports.push(`import { SwaggerAdapter } from '@forinda/kickjs-swagger'`);
+				restAdapters.push(`    new SwaggerAdapter({\n      info: { title: '${name}', version: '${version}' },\n    }),`);
+			}
+			if (packages.includes("otel")) {
+				restImports.push(`import { OtelAdapter } from '@forinda/kickjs-otel'`);
+				restAdapters.push(`    new OtelAdapter({ serviceName: '${name}' }),`);
+			}
+			return `import 'reflect-metadata'
 // Side-effect import — registers the extended env schema with kickjs
 // **before** any controller / service / @Value gets resolved. Without
 // this line ConfigService.get('YOUR_KEY') returns undefined because the
@@ -366,19 +429,11 @@ import {
   helmet,
   cors,
 } from '@forinda/kickjs'
-import { DevToolsAdapter } from '@forinda/kickjs-devtools'
-import { SwaggerAdapter } from '@forinda/kickjs-swagger'
-import { modules } from './modules'
+${restImports.length ? restImports.join("\n") + "\n" : ""}import { modules } from './modules'
 // Export the app for the Vite plugin (dev mode)
 export const app = await bootstrap({
-  modules,
-  adapters: [
-    new DevToolsAdapter(),
-    new SwaggerAdapter({
-      info: { title: '${name}', version: '${version}' },
-    }),
-  ],
+  modules,${restAdapters.length ? `\n  adapters: [\n${restAdapters.join("\n")}\n  ],` : ""}
   middleware: [
     helmet(),
     cors({ origin: '*' }),
@@ -388,6 +443,7 @@ export const app = await bootstrap({
   ],
 })
 `;
+		}
 	}
 }
 /** Generate src/modules/index.ts module registry */
@@ -1406,11 +1462,11 @@ const cliPkg = JSON.parse(readFileSync(join(__dirname$1, "..", "package.json"),
 const KICKJS_VERSION = `^${cliPkg.version}`;
 /** Scaffold a new KickJS project */
 async function initProject(options) {
-	const { name, directory, packageManager = "pnpm", template = "rest", defaultRepo = "inmemory" } = options;
+	const { name, directory, packageManager = "pnpm", template = "rest", defaultRepo = "inmemory", packages = [] } = options;
 	const dir = directory;
 	const log = (msg) => console.log(`  ${msg}`);
 	console.log(`\n  Creating KickJS project: ${name}\n`);
-	await writeFileSafe(join(dir, "package.json"), generatePackageJson(name, template, KICKJS_VERSION));
+	await writeFileSafe(join(dir, "package.json"), generatePackageJson(name, template, KICKJS_VERSION, packages));
 	await writeFileSafe(join(dir, "vite.config.ts"), generateViteConfig());
 	await writeFileSafe(join(dir, "tsconfig.json"), generateTsConfig());
 	await writeFileSafe(join(dir, ".prettierrc"), generatePrettierConfig());
@@ -1420,7 +1476,7 @@ async function initProject(options) {
 	await writeFileSafe(join(dir, ".env"), generateEnv());
 	await writeFileSafe(join(dir, ".env.example"), generateEnvExample());
 	await writeFileSafe(join(dir, "src/config/index.ts"), generateEnvFile());
-	await writeFileSafe(join(dir, "src/index.ts"), generateEntryFile(name, template, cliPkg.version));
+	await writeFileSafe(join(dir, "src/index.ts"), generateEntryFile(name, template, cliPkg.version, packages));
 	await writeFileSafe(join(dir, "src/modules/index.ts"), generateModulesIndex());
 	await writeFileSafe(join(dir, "src/modules/hello/hello.service.ts"), generateHelloService());
 	await writeFileSafe(join(dir, "src/modules/hello/hello.controller.ts"), generateHelloController());
@@ -1515,35 +1571,142 @@ async function initProject(options) {
 	log("");
 }
 //#endregion
-//#region src/commands/init.ts
-function ask(question, defaultValue) {
-	const rl = createInterface({
-		input: process.stdin,
-		output: process.stdout
-	});
-	const suffix = defaultValue ? ` (${defaultValue})` : "";
-	return new Promise((res) => {
-		rl.question(`  ${question}${suffix}: `, (answer) => {
-			rl.close();
-			res(answer.trim() || defaultValue || "");
-		});
-	});
+//#region src/utils/colors.ts
+const METHOD_COLOR_MAP = {
+	GET: pc.green,
+	POST: pc.cyan,
+	PUT: pc.yellow,
+	PATCH: pc.magenta,
+	DELETE: pc.red
+};
+/** Color an HTTP method string for terminal display */
+function httpMethodColor(method) {
+	return (METHOD_COLOR_MAP[method] ?? pc.dim)(method.padEnd(7));
+}
+/** Color a severity tag for terminal display (padded to 10 chars) */
+function severityColor(severity) {
+	const tag = `[${severity}]`.padEnd(10);
+	switch (severity) {
+		case "CRITICAL": return pc.red(tag);
+		case "WARNING": return pc.yellow(tag);
+		case "INFO": return pc.blue(pc.dim(tag));
+		default: return tag;
+	}
+}
+pc.green("✓"), pc.red("✖"), pc.yellow("⚠"), pc.blue("ℹ");
+/** Show branded intro banner */
+function intro(title) {
+	clack.intro(pc.bgCyan(pc.black(` ${title} `)));
+}
+/** Show closing message */
+function outro(message) {
+	clack.outro(message);
+}
+/** Handle cancellation — print message and exit */
+function handleCancel(value) {
+	if (clack.isCancel(value)) {
+		clack.cancel("Operation cancelled.");
+		process.exit(0);
+	}
+}
+/** Text input prompt */
+async function text(opts) {
+	const value = await clack.text(opts);
+	handleCancel(value);
+	return value;
 }
-async function choose(question, options, defaultIdx = 0) {
-	console.log(`  ${question}`);
-	for (let i = 0; i < options.length; i++) console.log(`   ${i === defaultIdx ? ">" : " "} ${i + 1}. ${options[i]}`);
-	const answer = await ask("Choose", String(defaultIdx + 1));
-	return options[parseInt(answer, 10) - 1] ?? options[defaultIdx];
+/** Single select prompt */
+async function select(opts) {
+	const value = await clack.select(opts);
+	handleCancel(value);
+	return value;
+}
+/** Multi-select prompt with checkboxes */
+async function multiSelect(opts) {
+	const value = await clack.multiselect(opts);
+	handleCancel(value);
+	return value;
+}
+/** Yes/no confirmation prompt */
+async function confirm(opts) {
+	const value = await clack.confirm(opts);
+	handleCancel(value);
+	return value;
 }
-async function confirm$1(question, defaultYes = true) {
-	const answer = await ask(`${question} (${defaultYes ? "Y/n" : "y/N"})`);
-	if (!answer) return defaultYes;
-	return answer.toLowerCase().startsWith("y");
+/** Create a spinner for progress indication */
+function spinner() {
+	return clack.spinner();
 }
+/** Log utilities for styled messages inside clack flow */
+const log = clack.log;
+//#endregion
+//#region src/commands/init.ts
+/** All optional packages available for selection */
+const OPTIONAL_PACKAGES = [
+	{
+		value: "auth",
+		label: "Auth",
+		hint: "JWT, OAuth, API keys"
+	},
+	{
+		value: "swagger",
+		label: "Swagger",
+		hint: "OpenAPI docs"
+	},
+	{
+		value: "otel",
+		label: "OpenTelemetry",
+		hint: "tracing & metrics"
+	},
+	{
+		value: "ws",
+		label: "WebSocket",
+		hint: "rooms, heartbeat"
+	},
+	{
+		value: "queue",
+		label: "Queue",
+		hint: "BullMQ/RabbitMQ/Kafka"
+	},
+	{
+		value: "cron",
+		label: "Cron",
+		hint: "scheduled jobs"
+	},
+	{
+		value: "mailer",
+		label: "Mailer",
+		hint: "SMTP, Resend, SES"
+	},
+	{
+		value: "graphql",
+		label: "GraphQL",
+		hint: "resolvers, GraphiQL"
+	},
+	{
+		value: "devtools",
+		label: "DevTools",
+		hint: "debug dashboard"
+	},
+	{
+		value: "notifications",
+		label: "Notifications",
+		hint: "email, Slack, Discord"
+	},
+	{
+		value: "multi-tenant",
+		label: "Multi-Tenant",
+		hint: "tenant resolution"
+	}
+];
 function registerInitCommand(program) {
-	program.command("new [name]").alias("init").description("Create a new KickJS project (use \".\" for current directory)").option("-d, --directory <dir>", "Target directory (defaults to project name)").option("--pm <manager>", "Package manager: pnpm | npm | yarn").option("--git", "Initialize git repository").option("--no-git", "Skip git initialization").option("--install", "Install dependencies after scaffolding").option("--no-install", "Skip dependency installation").option("-f, --force", "Remove existing files without prompting").option("-t, --template <type>", "Project template: rest | graphql | ddd | cqrs | minimal").option("-r, --repo <type>", "Default repository: prisma | drizzle | inmemory | custom").action(async (name, opts) => {
-		console.log();
-		if (!name) name = await ask("Project name", "my-api");
+	program.command("new [name]").alias("init").description("Create a new KickJS project (use \".\" for current directory)").option("-d, --directory <dir>", "Target directory (defaults to project name)").option("--pm <manager>", "Package manager: pnpm | npm | yarn").option("--git", "Initialize git repository").option("--no-git", "Skip git initialization").option("--install", "Install dependencies after scaffolding").option("--no-install", "Skip dependency installation").option("-f, --force", "Remove existing files without prompting").option("-t, --template <type>", "Project template: rest | graphql | ddd | cqrs | minimal").option("-r, --repo <type>", "Default repository: prisma | drizzle | inmemory | custom").option("--packages <packages>", "Comma-separated packages to include (e.g. auth,swagger,otel)").action(async (name, opts) => {
+		intro("KickJS — Create a new project");
+		if (!name) name = await text({
+			message: "Project name",
+			placeholder: "my-api",
+			defaultValue: "my-api"
+		});
 		let directory;
 		if (name === ".") {
 			directory = resolve(".");
@@ -1552,15 +1715,17 @@ function registerInitCommand(program) {
 		if (existsSync(directory)) {
 			const entries = readdirSync(directory);
 			if (entries.length > 0) {
-				if (opts.force) console.log(`  Clearing existing files in ${directory}...\n`);
+				if (opts.force) log.warn(`Clearing existing files in ${directory}`);
 				else {
-					console.log(`  Directory "${name}" is not empty:`);
+					log.warn(`Directory "${name}" is not empty:`);
 					const shown = entries.slice(0, 5);
-					for (const entry of shown) console.log(`    - ${entry}`);
-					if (entries.length > 5) console.log(`    ... and ${entries.length - 5} more`);
-					console.log();
-					if (!await confirm$1("Remove all existing files and proceed?", false)) {
-						console.log("  Aborted.\n");
+					for (const entry of shown) log.message(`  - ${entry}`);
+					if (entries.length > 5) log.message(`  ... and ${entries.length - 5} more`);
+					if (!await confirm({
+						message: pc.red("Remove all existing files and proceed?"),
+						initialValue: false
+					})) {
+						outro("Aborted.");
 						return;
 					}
 				}
@@ -1571,49 +1736,101 @@ function registerInitCommand(program) {
 			}
 		}
 		let template = opts.template;
-		if (!template) {
-			template = await choose("Project template:", [
-				"REST API (Express + Swagger)",
-				"GraphQL API (GraphQL + GraphiQL)",
-				"DDD (Domain-Driven Design modules)",
-				"CQRS (Commands, Queries, Events + WS/Queue)",
-				"Minimal (bare Express)"
-			], 0);
-			template = {
-				"REST API (Express + Swagger)": "rest",
-				"GraphQL API (GraphQL + GraphiQL)": "graphql",
-				"DDD (Domain-Driven Design modules)": "ddd",
-				"CQRS (Commands, Queries, Events + WS/Queue)": "cqrs",
-				"Minimal (bare Express)": "minimal"
-			}[template] ?? "rest";
-		}
+		if (!template) template = await select({
+			message: "Project template",
+			options: [
+				{
+					value: "rest",
+					label: "REST API",
+					hint: "Express + Swagger"
+				},
+				{
+					value: "graphql",
+					label: "GraphQL API",
+					hint: "GraphQL + GraphiQL"
+				},
+				{
+					value: "ddd",
+					label: "DDD",
+					hint: "Domain-Driven Design modules"
+				},
+				{
+					value: "cqrs",
+					label: "CQRS",
+					hint: "Commands, Queries, Events + WS/Queue"
+				},
+				{
+					value: "minimal",
+					label: "Minimal",
+					hint: "bare Express"
+				}
+			]
+		});
 		let packageManager = opts.pm;
-		if (!packageManager) packageManager = await choose("Package manager:", [
-			"pnpm",
-			"npm",
-			"yarn"
-		], 0);
+		if (!packageManager) packageManager = await select({
+			message: "Package manager",
+			options: [
+				{
+					value: "pnpm",
+					label: "pnpm"
+				},
+				{
+					value: "npm",
+					label: "npm"
+				},
+				{
+					value: "yarn",
+					label: "yarn"
+				}
+			]
+		});
 		let defaultRepo = opts.repo;
 		if (!defaultRepo) {
-			const repoChoice = await choose("Default repository/ORM:", [
-				"Prisma",
-				"Drizzle",
-				"In-Memory",
-				"Custom (specify later)"
-			], 0);
-			defaultRepo = {
-				Prisma: "prisma",
-				Drizzle: "drizzle",
-				"In-Memory": "inmemory",
-				"Custom (specify later)": "custom"
-			}[repoChoice] ?? "inmemory";
-			if (defaultRepo === "custom") defaultRepo = await ask("Custom repository name", "custom");
+			defaultRepo = await select({
+				message: "Default repository/ORM",
+				options: [
+					{
+						value: "prisma",
+						label: "Prisma"
+					},
+					{
+						value: "drizzle",
+						label: "Drizzle"
+					},
+					{
+						value: "inmemory",
+						label: "In-Memory"
+					},
+					{
+						value: "custom",
+						label: "Custom",
+						hint: "specify later"
+					}
+				]
+			});
+			if (defaultRepo === "custom") defaultRepo = await text({
+				message: "Custom repository name",
+				defaultValue: "custom"
+			});
 		}
+		let selectedPackages;
+		if (opts.packages) selectedPackages = opts.packages.split(",").map((p) => p.trim());
+		else selectedPackages = await multiSelect({
+			message: "Select packages to include",
+			options: [...OPTIONAL_PACKAGES],
+			required: false
+		});
 		let initGit;
-		if (opts.git === void 0) initGit = await confirm$1("Initialize git repository?", true);
+		if (opts.git === void 0) initGit = await confirm({
+			message: "Initialize git repository?",
+			initialValue: true
+		});
 		else initGit = opts.git;
 		let installDeps;
-		if (opts.install === void 0) installDeps = await confirm$1("Install dependencies?", true);
+		if (opts.install === void 0) installDeps = await confirm({
+			message: "Install dependencies?",
+			initialValue: true
+		});
 		else installDeps = opts.install;
 		await initProject({
 			name,
@@ -1622,8 +1839,10 @@ function registerInitCommand(program) {
 			initGit,
 			installDeps,
 			template,
-			defaultRepo
+			defaultRepo,
+			packages: selectedPackages
 		});
+		outro(`Done! Next steps: ${pc.cyan(`cd ${name} && ${packageManager} dev`)}`);
 	});
 }
 //#endregion
@@ -3446,19 +3665,6 @@ function resolveRepoType(config) {
 	if (typeof config === "string") return config;
 	return config.name;
 }
-/** Prompt the user for a single-line answer via stdin */
-function promptUser(question) {
-	const rl = createInterface({
-		input: process.stdin,
-		output: process.stdout
-	});
-	return new Promise((resolve) => {
-		rl.question(question, (answer) => {
-			rl.close();
-			resolve(answer.trim().toLowerCase());
-		});
-	});
-}
 /**
 * Generate a module — structure depends on the project pattern.
 *
@@ -3488,10 +3694,11 @@ async function generateModule(options) {
 			return;
 		}
 		if (!overwriteAll && await fileExists(fullPath)) {
-			const answer = await promptUser(`  File already exists: ${relativePath}\n  Overwrite? (y/n/a = yes/no/all) `);
-			if (answer === "a") overwriteAll = true;
-			else if (answer !== "y") {
-				console.log(`  Skipped: ${relativePath}`);
+			if (!await confirm({
+				message: `File exists: ${pc.dim(relativePath)}. Overwrite?`,
+				initialValue: false
+			})) {
+				log.warn(`Skipped: ${relativePath}`);
 				return;
 			}
 		}
@@ -4051,24 +4258,15 @@ export type ${pascal}DTO = z.infer<typeof ${camel}Schema>
 }
 //#endregion
 //#region src/generators/config.ts
-async function confirm(message) {
-	const rl = createInterface({
-		input: process.stdin,
-		output: process.stdout
-	});
-	return new Promise((resolve) => {
-		rl.question(`  ${message} (y/N) `, (answer) => {
-			rl.close();
-			resolve(answer.trim().toLowerCase() === "y");
-		});
-	});
-}
 async function generateConfig(options) {
 	const filePath = join(options.outDir, "kick.config.ts");
 	const modulesDir = options.modulesDir ?? "src/modules";
 	const defaultRepo = options.defaultRepo ?? "inmemory";
 	if (existsSync(filePath) && !options.force) {
-		if (!await confirm("kick.config.ts already exists. Overwrite?")) {
+		if (!await confirm({
+			message: "kick.config.ts already exists. Overwrite?",
+			initialValue: false
+		})) {
 			console.log("\n  Skipped — existing kick.config.ts preserved.");
 			return [];
 		}
@@ -4076,8 +4274,15 @@ async function generateConfig(options) {
 	await writeFileSafe(filePath, `import { defineConfig } from '@forinda/kickjs-cli'
 export default defineConfig({
-  modulesDir: '${modulesDir}',
-  defaultRepo: '${defaultRepo}',
+  modules: {
+    dir: '${modulesDir}',
+    repo: '${defaultRepo}',
+    pluralize: true,
+  },
+  typegen: {
+    schemaValidator: 'zod',
+  },
   commands: [
     {
@@ -4107,6 +4312,251 @@ export default defineConfig({
 	return [filePath];
 }
 //#endregion
+//#region src/generators/auth-scaffold.ts
+/**
+* Generate a complete auth module with registration, login, logout,
+* and password hashing. Uses PasswordService and the configured strategy.
+*/
+async function generateAuthScaffold(options = {}) {
+	const strategy = options.strategy ?? "jwt";
+	const outDir = options.outDir ?? "src/modules/auth";
+	const dtoDir = join(outDir, "dto");
+	const files = [];
+	const modulePath = join(outDir, "auth.module.ts");
+	await writeFileSafe(modulePath, `import { Module } from '@forinda/kickjs'
+import { AuthController } from './auth.controller'
+import { AuthService } from './auth.service'
+@Module({
+  controllers: [AuthController],
+  services: [AuthService],
+})
+export class AuthModule {}
+`);
+	files.push(modulePath);
+	const controllerPath = join(outDir, "auth.controller.ts");
+	await writeFileSafe(controllerPath, strategy === "jwt" ? jwtControllerTemplate() : sessionControllerTemplate());
+	files.push(controllerPath);
+	const servicePath = join(outDir, "auth.service.ts");
+	await writeFileSafe(servicePath, strategy === "jwt" ? jwtServiceTemplate() : sessionServiceTemplate());
+	files.push(servicePath);
+	const registerDtoPath = join(dtoDir, "register.dto.ts");
+	await writeFileSafe(registerDtoPath, `import { z } from 'zod'
+export const RegisterDto = z.object({
+  email: z.string().email(),
+  password: z.string().min(8),
+  name: z.string().min(1).optional(),
+})
+export type RegisterInput = z.infer<typeof RegisterDto>
+`);
+	files.push(registerDtoPath);
+	const loginDtoPath = join(dtoDir, "login.dto.ts");
+	await writeFileSafe(loginDtoPath, `import { z } from 'zod'
+export const LoginDto = z.object({
+  email: z.string().email(),
+  password: z.string().min(1),
+})
+export type LoginInput = z.infer<typeof LoginDto>
+`);
+	files.push(loginDtoPath);
+	const testPath = join(outDir, "auth.test.ts");
+	await writeFileSafe(testPath, `import { describe, it, expect } from 'vitest'
+describe('Auth Module', () => {
+  it.todo('POST /register — creates a new user')
+  it.todo('POST /login — returns token for valid credentials')
+  it.todo('POST /login — rejects invalid credentials')
+  it.todo('POST /logout — invalidates session/token')
+  it.todo('GET /me — returns authenticated user')
+})
+`);
+	files.push(testPath);
+	if (options.roleGuards !== false) {
+		const guardPath = join(outDir, "auth.guard.ts");
+		await writeFileSafe(guardPath, `import { Roles } from '@forinda/kickjs-auth'
+/**
+ * Role-based access guard.
+ * Usage: @Roles('admin') on a controller method.
+ *
+ * The AuthAdapter extracts the user's roles from the JWT/session
+ * and the framework checks them automatically.
+ */
+export const AdminOnly = Roles('admin')
+export const ManagerOnly = Roles('manager')
+`);
+		files.push(guardPath);
+	}
+	return files;
+}
+function jwtControllerTemplate() {
+	return `import { Controller, Post, Get } from '@forinda/kickjs'
+import { Authenticated, Public } from '@forinda/kickjs-auth'
+import type { RequestContext } from '@forinda/kickjs'
+import { Autowired } from '@forinda/kickjs'
+import { AuthService } from './auth.service'
+@Controller('/auth')
+@Authenticated()
+export class AuthController {
+  @Autowired() private authService!: AuthService
+  @Post('/register')
+  @Public()
+  async register(ctx: RequestContext) {
+    const result = await this.authService.register(ctx.body)
+    return ctx.created(result)
+  }
+  @Post('/login')
+  @Public()
+  async login(ctx: RequestContext) {
+    const result = await this.authService.login(ctx.body)
+    if (!result) return ctx.badRequest('Invalid credentials')
+    return ctx.json(result)
+  }
+  @Post('/logout')
+  async logout(ctx: RequestContext) {
+    return ctx.json({ message: 'Logged out' })
+  }
+  @Get('/me')
+  async me(ctx: RequestContext) {
+    return ctx.json({ user: ctx.user })
+  }
+}
+`;
+}
+function jwtServiceTemplate() {
+	return `import { Service, Autowired } from '@forinda/kickjs'
+import { PasswordService } from '@forinda/kickjs-auth'
+import type { RegisterInput } from './dto/register.dto'
+import type { LoginInput } from './dto/login.dto'
+// TODO: Replace with your User repository
+const users = new Map<string, { id: string; email: string; name?: string; passwordHash: string }>()
+@Service()
+export class AuthService {
+  @Autowired() private password!: PasswordService
+  async register(input: RegisterInput) {
+    const { email, password, name } = input
+    if (users.has(email)) {
+      throw new Error('User already exists')
+    }
+    const passwordHash = await this.password.hash(password)
+    const id = crypto.randomUUID()
+    users.set(email, { id, email, name, passwordHash })
+    return { id, email, name }
+  }
+  async login(input: LoginInput) {
+    const { email, password } = input
+    const user = users.get(email)
+    if (!user) return null
+    const valid = await this.password.verify(user.passwordHash, password)
+    if (!valid) return null
+    // TODO: Generate JWT token here
+    // const token = jwt.sign({ sub: user.id, email: user.email }, process.env.JWT_SECRET!)
+    return { user: { id: user.id, email: user.email, name: user.name } }
+  }
+}
+`;
+}
+function sessionControllerTemplate() {
+	return `import { Controller, Post, Get } from '@forinda/kickjs'
+import { Authenticated, Public } from '@forinda/kickjs-auth'
+import { sessionLogin, sessionLogout } from '@forinda/kickjs-auth'
+import type { RequestContext } from '@forinda/kickjs'
+import { Autowired } from '@forinda/kickjs'
+import { AuthService } from './auth.service'
+@Controller('/auth')
+@Authenticated()
+export class AuthController {
+  @Autowired() private authService!: AuthService
+  @Post('/register')
+  @Public()
+  async register(ctx: RequestContext) {
+    const result = await this.authService.register(ctx.body)
+    return ctx.created(result)
+  }
+  @Post('/login')
+  @Public()
+  async login(ctx: RequestContext) {
+    const user = await this.authService.login(ctx.body)
+    if (!user) return ctx.badRequest('Invalid credentials')
+    await sessionLogin(ctx.session, user)
+    return ctx.json({ message: 'Logged in', user })
+  }
+  @Post('/logout')
+  async logout(ctx: RequestContext) {
+    await sessionLogout(ctx.session)
+    return ctx.json({ message: 'Logged out' })
+  }
+  @Get('/me')
+  async me(ctx: RequestContext) {
+    return ctx.json({ user: ctx.user })
+  }
+}
+`;
+}
+function sessionServiceTemplate() {
+	return `import { Service, Autowired } from '@forinda/kickjs'
+import { PasswordService } from '@forinda/kickjs-auth'
+import type { RegisterInput } from './dto/register.dto'
+import type { LoginInput } from './dto/login.dto'
+// TODO: Replace with your User repository
+const users = new Map<string, { id: string; email: string; name?: string; passwordHash: string }>()
+@Service()
+export class AuthService {
+  @Autowired() private password!: PasswordService
+  async register(input: RegisterInput) {
+    const { email, password, name } = input
+    if (users.has(email)) {
+      throw new Error('User already exists')
+    }
+    const passwordHash = await this.password.hash(password)
+    const id = crypto.randomUUID()
+    users.set(email, { id, email, name, passwordHash })
+    return { id, email, name }
+  }
+  async login(input: LoginInput) {
+    const { email, password } = input
+    const user = users.get(email)
+    if (!user) return null
+    const valid = await this.password.verify(user.passwordHash, password)
+    if (!valid) return null
+    return { id: user.id, email: user.email, name: user.name }
+  }
+}
+`;
+}
+//#endregion
 //#region src/generators/resolver.ts
 async function generateResolver(options) {
 	const { name, outDir } = options;
@@ -6106,6 +6556,33 @@ function registerGenerateCommand(program) {
 		printGenerated(files, dryRun);
 		await runPostTypegen(dryRun);
 	});
+	gen.command("auth-scaffold").description("Generate a complete auth module (register, login, logout, password hashing)\n  Includes controller, service, DTOs, and test stubs.").option("-s, --strategy <type>", "Auth strategy: jwt | session").option("--role-guards", "Generate role-based guards (default: true)").option("--no-role-guards", "Skip role-based guard generation").option("-o, --out <dir>", "Output directory", "src/modules/auth").action(async (opts, cmd) => {
+		const dryRun = isDryRun(cmd);
+		setDryRun(dryRun);
+		let strategy = opts.strategy;
+		if (!strategy) strategy = await select({
+			message: "Auth strategy",
+			options: [{
+				value: "jwt",
+				label: "JWT",
+				hint: "stateless token-based auth"
+			}, {
+				value: "session",
+				label: "Session",
+				hint: "server-side session with cookies"
+			}]
+		});
+		let roleGuards = opts.roleGuards;
+		if (roleGuards === void 0) roleGuards = await confirm({
+			message: "Generate role-based guards?",
+			initialValue: true
+		});
+		printGenerated(await generateAuthScaffold({
+			strategy,
+			outDir: opts.out,
+			roleGuards
+		}), dryRun);
+	});
 	gen.command("config").description("Generate a kick.config.ts at the project root").option("--modules-dir <dir>", "Modules directory path", "src/modules").option("--repo <type>", "Default repository type: inmemory | drizzle | prisma", "inmemory").option("-f, --force", "Overwrite existing kick.config.ts without prompting").action(async (opts, cmd) => {
 		const dryRun = isDryRun(cmd);
 		setDryRun(dryRun);
@@ -6119,13 +6596,43 @@ function registerGenerateCommand(program) {
 }
 //#endregion
 //#region src/utils/shell.ts
-/** Run a shell command synchronously, printing output */
-function runShellCommand(command, cwd) {
+/**
+* Run a shell command synchronously, printing output.
+*
+* On Windows, `execSync` spawns via `cmd.exe` by default, which means
+* POSIX-style inline env prefixes like `FOO=bar node app.js` do NOT work.
+* Callers that need environment variables should pass them in the `env`
+* option instead of prepending them to the command string — see
+* `runNodeWithEnv` for the cross-platform helper that avoids a shell
+* entirely.
+*/
+function runShellCommand(command, cwd, env) {
 	execSync(command, {
 		cwd,
-		stdio: "inherit"
+		stdio: "inherit",
+		env: env ? {
+			...process.env,
+			...env
+		} : process.env
 	});
 }
+/**
+* Cross-platform way to launch a Node.js process with a set of
+* environment variables. Uses `spawnSync` with an argument array so no
+* shell is involved — the `VAR=value node ...` POSIX prefix syntax that
+* `runShellCommand` relied on breaks on cmd.exe and PowerShell.
+*/
+function runNodeWithEnv(entry, env, cwd) {
+	const result = spawnSync(process.execPath, [entry], {
+		cwd,
+		stdio: "inherit",
+		env: {
+			...process.env,
+			...env
+		}
+	});
+	if (result.status !== 0) process.exit(result.status ?? 1);
+}
 //#endregion
 //#region src/commands/run.ts
 /**
@@ -6160,7 +6667,7 @@ async function startDevServer(_entry, port) {
 		console.warn(`  kick typegen: skipped (${err?.message ?? err})`);
 	}
 	const { createRequire } = await import("node:module");
-	const { createServer } = await import(createRequire(resolve("package.json")).resolve("vite"));
+	const { createServer } = await import(pathToFileURL(createRequire(resolve("package.json")).resolve("vite")).href);
 	const server = await createServer({
 		configFile: resolve("vite.config.ts"),
 		server: { port: port ? parseInt(port, 10) : void 0 }
@@ -6210,7 +6717,7 @@ function registerRunCommands(program) {
 	program.command("build").description("Build for production via Vite").action(async () => {
 		console.log("\n  Building for production...\n");
 		const { createRequire } = await import("node:module");
-		const { build } = await import(createRequire(resolve("package.json")).resolve("vite"));
+		const { build } = await import(pathToFileURL(createRequire(resolve("package.json")).resolve("vite")).href);
 		await build({ configFile: resolve("vite.config.ts") });
 		const copyDirs = (await loadKickConfig(process.cwd()))?.copyDirs ?? [];
 		if (copyDirs.length > 0) {
@@ -6232,9 +6739,9 @@ function registerRunCommands(program) {
 		console.log("\n  Build complete.\n");
 	});
 	program.command("start").description("Start production server").option("-e, --entry <file>", "Entry file", "dist/index.js").option("-p, --port <port>", "Port number").action((opts) => {
-		const envVars = ["NODE_ENV=production"];
-		if (opts.port) envVars.push(`PORT=${opts.port}`);
-		runShellCommand(`${envVars.join(" ")} node ${opts.entry}`);
+		const env = { NODE_ENV: "production" };
+		if (opts.port) env.PORT = String(opts.port);
+		runNodeWithEnv(opts.entry, env);
 	});
 	program.command("dev:debug").description("Start dev server with Node.js inspector attached").option("-e, --entry <file>", "Entry file", "src/index.ts").option("-p, --port <port>", "Port number").option("--inspect-port <port>", "Inspector port", "9229").action(async (opts) => {
 		const inspectPort = opts.inspectPort ?? "9229";
@@ -6348,26 +6855,7 @@ function registerSingleCommand(program, def) {
 }
 //#endregion
 //#region src/commands/inspect.ts
-const esc = (code) => `\x1b[${code}m`;
-const reset = esc("0");
-const bold = (s) => `${esc("1")}${s}${reset}`;
-const dim = (s) => `${esc("2")}${s}${reset}`;
-const green = (s) => `${esc("32")}${s}${reset}`;
-const red = (s) => `${esc("31")}${s}${reset}`;
-const yellow = (s) => `${esc("33")}${s}${reset}`;
-const cyan = (s) => `${esc("36")}${s}${reset}`;
-const magenta = (s) => `${esc("35")}${s}${reset}`;
-const blue = (s) => `${esc("34")}${s}${reset}`;
-const METHOD_COLORS = {
-	GET: green,
-	POST: cyan,
-	PUT: yellow,
-	PATCH: magenta,
-	DELETE: red
-};
-function colorMethod(method) {
-	return (METHOD_COLORS[method] ?? dim)(method.padEnd(7));
-}
+const { bold, dim, green, red, yellow, cyan, blue } = pc;
 function formatUptime(seconds) {
 	const d = Math.floor(seconds / 86400);
 	const h = Math.floor(seconds % 86400 / 3600);
@@ -6434,7 +6922,7 @@ function printSummary(base, data) {
 		console.log(`  ${dim("METHOD")}  ${dim("PATH".padEnd(36))} ${dim("CONTROLLER")}`);
 		for (const r of routes.routes) {
 			const path = r.path.length > 36 ? r.path.slice(0, 33) + "..." : r.path.padEnd(36);
-			console.log(`  ${colorMethod(r.method)} ${path} ${blue(r.controller)}.${dim(r.handler)}`);
+			console.log(`  ${httpMethodColor(r.method)} ${path} ${blue(r.controller)}.${dim(r.handler)}`);
 		}
 	}
 	console.log(line);
@@ -7384,18 +7872,6 @@ function findBin(startDir, name) {
 }
 //#endregion
 //#region src/generators/remove-module.ts
-function promptConfirm(message) {
-	const rl = createInterface({
-		input: process.stdin,
-		output: process.stdout
-	});
-	return new Promise((resolve) => {
-		rl.question(`  ${message} (y/N) `, (answer) => {
-			rl.close();
-			resolve(answer.trim().toLowerCase() === "y");
-		});
-	});
-}
 /**
 * Remove a module — deletes its directory and unregisters it from the modules index.
 */
@@ -7411,7 +7887,10 @@ async function removeModule(options) {
 		return;
 	}
 	if (!force) {
-		if (!await promptConfirm(`Delete module '${plural}' at ${moduleDir}? This cannot be undone.`)) {
+		if (!await confirm({
+			message: pc.red(`Delete module '${plural}' at ${moduleDir}? This cannot be undone.`),
+			initialValue: false
+		})) {
 			console.log("\n  Cancelled.\n");
 			return;
 		}
@@ -7425,7 +7904,7 @@ async function removeModule(options) {
 	if (await fileExists(indexPath)) {
 		let content = await readFile(indexPath, "utf-8");
 		const originalContent = content;
-		const importPattern = new RegExp(`^import\\s*\\{\\s*${pascal}Module\\s*\\}\\s*from\\s*['\\./${plural}']+.*\\n?`, "gm");
+		const importPattern = new RegExp(`^import\\s*\\{\\s*${pascal}Module\\s*\\}\\s*from\\s*['"][^'"]*${plural}['"].*\\n?`, "gm");
 		content = content.replace(importPattern, "");
 		content = content.replace(new RegExp(`\\s*,?\\s*${pascal}Module\\s*,?`, "g"), (match) => {
 			const startsWithComma = match.trimStart().startsWith(",");
@@ -7516,6 +7995,176 @@ function registerTypegenCommand(program) {
 	});
 }
 //#endregion
+//#region src/commands/check.ts
+/** Recursively collect all .ts files under a directory */
+function collectTsFiles(dir) {
+	const files = [];
+	if (!existsSync(dir)) return files;
+	const entries = readdirSync(dir, { withFileTypes: true });
+	for (const entry of entries) {
+		const fullPath = join(dir, entry.name);
+		if (entry.isDirectory()) {
+			if ([
+				"node_modules",
+				"dist",
+				".kickjs",
+				".git"
+			].includes(entry.name)) continue;
+			files.push(...collectTsFiles(fullPath));
+		} else if (entry.isFile() && /\.tsx?$/.test(entry.name) && !entry.name.endsWith(".d.ts")) files.push(fullPath);
+	}
+	return files;
+}
+/** Read a file safely, returning empty string on failure */
+function safeRead(filepath) {
+	try {
+		return readFileSync(filepath, "utf-8");
+	} catch {
+		return "";
+	}
+}
+const WEAK_SECRETS = new Set([
+	"secret",
+	"changeme",
+	"password",
+	"test",
+	"default",
+	""
+]);
+function checkJwtSecret(cwd, sourceContents) {
+	const envContent = safeRead(join(cwd, ".env"));
+	if (envContent) {
+		const match = envContent.match(/^JWT_SECRET\s*=\s*['"]?([^'"\n]*)['"]?/m);
+		if (match) {
+			const value = match[1].trim();
+			if (WEAK_SECRETS.has(value.toLowerCase()) || value.length < 32) return {
+				severity: "CRITICAL",
+				message: "JWT_SECRET appears to be a default value or too short (< 32 chars) — change it"
+			};
+		}
+	}
+	for (const content of sourceContents) for (const pattern of [/JWT_SECRET['"]?\s*[:=]\s*['"]?(secret|changeme|password|test|default)['"]?/i, /secret\s*[:=]\s*['"]?(secret|changeme|password|test|default)['"]?/i]) if (pattern.test(content)) return {
+		severity: "CRITICAL",
+		message: "JWT_SECRET appears to be a default value in source code — use an environment variable"
+	};
+	return null;
+}
+function checkCorsOrigin(sourceContents) {
+	for (const content of sourceContents) if (/cors\s*\(/.test(content) && /origin\s*:\s*['"]\*['"]/.test(content)) return {
+		severity: "CRITICAL",
+		message: "CORS origin is '*' — restrict to your domains"
+	};
+	return null;
+}
+function checkRateLimiting(sourceContents) {
+	for (const content of sourceContents) if (/rateLimit/i.test(content) || /@RateLimit/i.test(content)) return null;
+	return {
+		severity: "WARNING",
+		message: "No rate limiting detected — add rateLimit() middleware or @RateLimit decorator"
+	};
+}
+function checkNodeEnv() {
+	if (process.env.NODE_ENV !== "production") return {
+		severity: "WARNING",
+		message: `NODE_ENV is '${process.env.NODE_ENV ?? "undefined"}', not 'production'`
+	};
+	return null;
+}
+function checkTokenStore(sourceContents) {
+	let hasTokenStore = false;
+	let usesMemoryStore = false;
+	for (const content of sourceContents) {
+		if (/tokenStore/i.test(content)) hasTokenStore = true;
+		if (/MemoryTokenStore/i.test(content)) usesMemoryStore = true;
+	}
+	if (usesMemoryStore) return {
+		severity: "WARNING",
+		message: "MemoryTokenStore detected — use a persistent store (Redis, DB) for production deployments"
+	};
+	if (!hasTokenStore) return {
+		severity: "WARNING",
+		message: "No token revocation store detected — consider adding one for auth token management"
+	};
+	return null;
+}
+function checkHelmet(sourceContents) {
+	for (const content of sourceContents) if (/helmet\s*\(/.test(content)) {
+		if (/security\s*\.\s*helmet\s*.*false/.test(content)) return {
+			severity: "WARNING",
+			message: "Helmet security headers are disabled — enable them for production"
+		};
+		return {
+			severity: "INFO",
+			message: "Helmet security headers active"
+		};
+	}
+	return {
+		severity: "WARNING",
+		message: "Helmet not detected — add helmet() middleware for security headers"
+	};
+}
+function checkAuthAdapter(sourceContents) {
+	for (const content of sourceContents) if (/AuthAdapter/i.test(content)) return {
+		severity: "INFO",
+		message: "AuthAdapter configured"
+	};
+	return {
+		severity: "INFO",
+		message: "No AuthAdapter detected — add one if your app requires authentication"
+	};
+}
+function runDeployChecks(cwd) {
+	const sourceContents = collectTsFiles(join(cwd, "src")).map((f) => safeRead(f));
+	const results = [];
+	const jwtResult = checkJwtSecret(cwd, sourceContents);
+	if (jwtResult) results.push(jwtResult);
+	const corsResult = checkCorsOrigin(sourceContents);
+	if (corsResult) results.push(corsResult);
+	const rateLimitResult = checkRateLimiting(sourceContents);
+	if (rateLimitResult) results.push(rateLimitResult);
+	const nodeEnvResult = checkNodeEnv();
+	if (nodeEnvResult) results.push(nodeEnvResult);
+	const tokenStoreResult = checkTokenStore(sourceContents);
+	if (tokenStoreResult) results.push(tokenStoreResult);
+	results.push(checkHelmet(sourceContents));
+	results.push(checkAuthAdapter(sourceContents));
+	return results;
+}
+function registerCheckCommand(program) {
+	program.command("check").description("Audit project for common issues").option("--deploy", "Run production readiness checks").action((opts) => {
+		if (!opts.deploy) {
+			console.log("\n  Usage: kick check --deploy\n\n  Available checks:\n    --deploy    Audit for production readiness (security, config, best practices)\n");
+			return;
+		}
+		const cwd = process.cwd();
+		intro("KickJS Deploy Check");
+		const s = spinner();
+		s.start("Scanning project...");
+		const results = runDeployChecks(cwd);
+		s.stop("Scan complete");
+		const order = {
+			CRITICAL: 0,
+			WARNING: 1,
+			INFO: 2
+		};
+		results.sort((a, b) => order[a.severity] - order[b.severity]);
+		for (const r of results) log.message(`${severityColor(r.severity)} ${r.message}`);
+		const critical = results.filter((r) => r.severity === "CRITICAL").length;
+		const warnings = results.filter((r) => r.severity === "WARNING").length;
+		const info = results.filter((r) => r.severity === "INFO").length;
+		const warnLabel = warnings === 1 ? "warning" : "warnings";
+		const summary = [
+			critical > 0 ? pc.red(`${critical} critical`) : `${critical} critical`,
+			warnings > 0 ? pc.yellow(`${warnings} ${warnLabel}`) : `${warnings} ${warnLabel}`,
+			`${info} info`
+		].join(", ");
+		if (critical > 0) {
+			outro(pc.red(`${summary} — fix critical issues before deploying`));
+			process.exit(1);
+		} else outro(pc.green(`${summary} — looking good!`));
+	});
+}
+//#endregion
 //#region src/cli.ts
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const pkg$1 = JSON.parse(readFileSync(join(__dirname, "..", "package.json"), "utf-8"));
@@ -7535,6 +8184,7 @@ async function main() {
 	registerTinkerCommand(program);
 	registerRemoveCommand(program);
 	registerTypegenCommand(program);
+	registerCheckCommand(program);
 	registerCustomCommands(program, config);
 	program.showHelpAfterError();
 	await program.parseAsync(process.argv);