@gzl10/nexus-backend 0.1.4

package/README.md

@@ -0,0 +1,80 @@
+# nexus-backend
+
+> **Warning**: This project is currently in testing/experimental phase. Use at your own risk.
+
+Backend as a Service (BaaS) with Express 5, Knex and CASL. Ready to use as an npm library.
+
+**Repository**: [https://gitlab.gzl10.com/oss/nexus-backend](https://gitlab.gzl10.com/oss/nexus-backend)
+
+## Installation
+
+```bash
+pnpm add nexus-backend
+```
+
+## Usage
+
+```typescript
+import { start, stop, nexusEvents } from 'nexus-backend'
+
+// Start server
+await start({
+  port: 3000,
+  jwt: { secret: 'your-secret-at-least-32-characters' },
+  database: { url: 'file:./data.db' }
+})
+
+// Listen to CRUD events
+nexusEvents.on('db.users.created', ({ data }) => {
+  console.log('User created:', data)
+})
+
+// Stop server
+await stop()
+```
+
+## Configuration
+
+| Option               | Description              | Default                 |
+| -------------------- | ------------------------ | ----------------------- |
+| `port`               | Server port              | `3000`                  |
+| `host`               | Server host              | `0.0.0.0`               |
+| `database.url`       | Database URL             | `file:./dev.db`         |
+| `jwt.secret`         | JWT secret (min 32 chars)| Required                |
+| `jwt.accessExpires`  | Access token expiration  | `15m`                   |
+| `jwt.refreshExpires` | Refresh token expiration | `7d`                    |
+| `cors.origin`        | Allowed CORS origin      | `http://localhost:3001` |
+
+### Supported Databases
+
+- **SQLite**: `file:./data.db`
+- **PostgreSQL**: `postgresql://user:pass@host:5432/db`
+- **MySQL**: `mysql://user:pass@host:3306/db`
+
+## API Endpoints
+
+- `POST /api/v1/auth/login` - Login
+- `POST /api/v1/auth/register` - Register
+- `POST /api/v1/auth/refresh` - Refresh token
+- `GET /api/v1/users` - List users
+- `GET /api/v1/posts` - List posts
+- `GET /api/health` - Health check
+
+## Development
+
+```bash
+pnpm dev          # Server with hot reload
+pnpm build        # Production build
+pnpm typecheck    # Type check
+pnpm lint         # Linting
+pnpm db:migrate   # Run migrations
+pnpm db:seed      # Initial seed
+```
+
+## Support
+
+<a href="https://www.buymeacoffee.com/gzl10g" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>
+
+## License
+
+MIT

package/dist/cli.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/cli.js

@@ -0,0 +1,30 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import { existsSync } from "fs";
+import { Command } from "commander";
+import { consola } from "consola";
+if (existsSync(".env")) {
+  process.loadEnvFile(".env");
+}
+var program = new Command();
+program.name("nexus").description("Nexus Backend CLI").version("0.1.0");
+program.command("ui").description("Open UI in browser").option("-p, --port <port>", "Nexus backend port").action(async (options) => {
+  const port = parseInt(options.port || process.env["PORT"] || "3000", 10);
+  const baseUrl = (process.env["BACKEND_URL"] || `http://localhost:${port}`).replace(/\/$/, "");
+  const url = `${baseUrl}/ui`;
+  try {
+    const res = await fetch(`${baseUrl}/health`);
+    if (!res.ok) throw new Error();
+  } catch {
+    consola.error(`Nexus no est\xE1 corriendo en ${baseUrl}`);
+    consola.info("Inicia el servidor primero con: pnpm dev");
+    process.exit(1);
+  }
+  const { exec } = await import("child_process");
+  const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+  exec(`${cmd} ${url}`);
+  consola.success(`Abriendo: ${url}`);
+});
+program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/cli.ts"],"sourcesContent":["#!/usr/bin/env node\nimport { existsSync } from 'fs'\nimport { Command } from 'commander'\nimport { consola } from 'consola'\n\n// Cargar .env si existe (Node 20+)\nif (existsSync('.env')) {\n  process.loadEnvFile('.env')\n}\n\nconst program = new Command()\n\nprogram\n  .name('nexus')\n  .description('Nexus Backend CLI')\n  .version('0.1.0')\n\nprogram\n  .command('ui')\n  .description('Open UI in browser')\n  .option('-p, --port <port>', 'Nexus backend port')\n  .action(async (options) => {\n    const port = parseInt(options.port || process.env['PORT'] || '3000', 10)\n    const baseUrl = (process.env['BACKEND_URL'] || `http://localhost:${port}`).replace(/\\/$/, '')\n    const url = `${baseUrl}/ui`\n\n    // Verificar que Nexus está corriendo\n    try {\n      const res = await fetch(`${baseUrl}/health`)\n      if (!res.ok) throw new Error()\n    } catch {\n      consola.error(`Nexus no está corriendo en ${baseUrl}`)\n      consola.info('Inicia el servidor primero con: pnpm dev')\n      process.exit(1)\n    }\n\n    // Abrir navegador\n    const { exec } = await import('child_process')\n    const cmd = process.platform === 'darwin' ? 'open'\n              : process.platform === 'win32' ? 'start'\n              : 'xdg-open'\n\n    exec(`${cmd} ${url}`)\n    consola.success(`Abriendo: ${url}`)\n  })\n\nprogram.parse()\n"],"mappings":";;;AACA,SAAS,kBAAkB;AAC3B,SAAS,eAAe;AACxB,SAAS,eAAe;AAGxB,IAAI,WAAW,MAAM,GAAG;AACtB,UAAQ,YAAY,MAAM;AAC5B;AAEA,IAAM,UAAU,IAAI,QAAQ;AAE5B,QACG,KAAK,OAAO,EACZ,YAAY,mBAAmB,EAC/B,QAAQ,OAAO;AAElB,QACG,QAAQ,IAAI,EACZ,YAAY,oBAAoB,EAChC,OAAO,qBAAqB,oBAAoB,EAChD,OAAO,OAAO,YAAY;AACzB,QAAM,OAAO,SAAS,QAAQ,QAAQ,QAAQ,IAAI,MAAM,KAAK,QAAQ,EAAE;AACvE,QAAM,WAAW,QAAQ,IAAI,aAAa,KAAK,oBAAoB,IAAI,IAAI,QAAQ,OAAO,EAAE;AAC5F,QAAM,MAAM,GAAG,OAAO;AAGtB,MAAI;AACF,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,SAAS;AAC3C,QAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM;AAAA,EAC/B,QAAQ;AACN,YAAQ,MAAM,iCAA8B,OAAO,EAAE;AACrD,YAAQ,KAAK,0CAA0C;AACvD,YAAQ,KAAK,CAAC;AAAA,EAChB;AAGA,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,eAAe;AAC7C,QAAM,MAAM,QAAQ,aAAa,WAAW,SAChC,QAAQ,aAAa,UAAU,UAC/B;AAEZ,OAAK,GAAG,GAAG,IAAI,GAAG,EAAE;AACpB,UAAQ,QAAQ,aAAa,GAAG,EAAE;AACpC,CAAC;AAEH,QAAQ,MAAM;","names":[]}

package/dist/index.d.ts

@@ -0,0 +1,561 @@
+import http from 'node:http';
+import * as express_serve_static_core from 'express-serve-static-core';
+import knex, { Knex } from 'knex';
+import * as _casl_ability from '@casl/ability';
+import { MongoAbility, RawRuleOf } from '@casl/ability';
+import { Router, RequestHandler, Request } from 'express';
+export { CookieOptions, NextFunction, Request, RequestHandler, Response, Router } from 'express';
+import { Logger } from 'pino';
+import { ZodSchema } from 'zod';
+import pkg from 'eventemitter2';
+
+interface SmtpConfig {
+    host: string;
+    port: number;
+    secure: boolean;
+    auth?: {
+        user: string;
+        pass: string;
+    };
+    from: string;
+}
+interface NexusConfig {
+    port?: number;
+    host?: string;
+    homePath?: string;
+    cors?: {
+        origin?: string | string[];
+    };
+    database?: {
+        url?: string;
+    };
+    jwt?: {
+        secret?: string;
+        accessExpires?: string;
+        refreshExpires?: string;
+    };
+    admin?: {
+        email?: string;
+        password?: string;
+    };
+    smtp?: Partial<SmtpConfig>;
+}
+interface ResolvedConfig {
+    nodeEnv: 'development' | 'production' | 'test';
+    port: number;
+    host: string;
+    homePath: string;
+    corsOrigin: string;
+    databaseUrl: string;
+    jwtSecret: string;
+    jwtAccessExpires: string;
+    jwtRefreshExpires: string;
+    adminEmail?: string;
+    adminPassword?: string;
+    smtp: SmtpConfig;
+}
+
+declare function start(config?: NexusConfig): Promise<http.Server>;
+declare function stop(): Promise<void>;
+declare function restart(config?: NexusConfig): Promise<http.Server>;
+declare function isRunning(): boolean;
+
+declare function createApp(): express_serve_static_core.Express;
+
+declare const db: knex.Knex<any, any[]>;
+declare function getDatabaseType(): 'sqlite' | 'postgresql' | 'mysql';
+declare function destroyDb(): Promise<void>;
+
+declare function getConfig(): ResolvedConfig;
+
+interface MailAction {
+    label: string;
+    url: string;
+}
+interface SendMailOptions {
+    to: string | string[];
+    subject: string;
+    title?: string;
+    message?: string;
+    actions?: MailAction[];
+    html?: string;
+    text?: string;
+    from?: string;
+    replyTo?: string;
+    logoUrl?: string;
+    attachments?: Array<{
+        filename: string;
+        content: Buffer | string;
+        contentType?: string;
+    }>;
+}
+interface SendMailResult {
+    messageId: string;
+    accepted: string[];
+    rejected: string[];
+}
+declare class MailService {
+    private transporter;
+    private defaultFrom;
+    private defaultLogoUrl;
+    private logger;
+    private template;
+    constructor(config: SmtpConfig, logger: Logger);
+    send(options: SendMailOptions): Promise<SendMailResult | null>;
+    private renderTemplate;
+    private processConditionalBlock;
+    verify(): Promise<boolean>;
+}
+
+declare class AppError extends Error {
+    readonly statusCode: number;
+    constructor(message: string, statusCode?: number);
+}
+declare class NotFoundError extends AppError {
+    constructor(resource?: string);
+}
+declare class UnauthorizedError extends AppError {
+    constructor(message?: string);
+}
+declare class ForbiddenError extends AppError {
+    constructor(message?: string);
+}
+declare class ConflictError extends AppError {
+    constructor(message?: string);
+}
+
+interface Role {
+    id: string;
+    name: string;
+    description: string | null;
+    is_system: boolean;
+    created_at: Date;
+    updated_at: Date;
+    created_by: string | null;
+    updated_by: string | null;
+}
+interface RolePermission {
+    id: string;
+    role_id: string;
+    action: string;
+    subject: string;
+    conditions: Record<string, unknown> | null;
+    fields: string[] | null;
+    inverted: boolean;
+    created_at: Date;
+    updated_at: Date;
+    created_by: string | null;
+    updated_by: string | null;
+}
+/** Role con permisos incluidos */
+interface RoleWithPermissions extends Role {
+    permissions: RolePermission[];
+}
+/** Role con conteo de usuarios */
+interface RoleWithCounts extends Role {
+    permissions_count: number;
+    users_count: number;
+}
+
+interface User {
+    id: string;
+    email: string;
+    password: string;
+    name: string;
+    role_id: string;
+    metadata: Record<string, unknown> | null;
+    created_at: Date;
+    updated_at: Date;
+    created_by: string | null;
+    updated_by: string | null;
+}
+/** User sin password para respuestas API */
+type UserWithoutPassword = Omit<User, 'password'>;
+/** User con rol incluido */
+interface UserWithRole extends UserWithoutPassword {
+    role: Role;
+}
+
+/**
+ * Registro de subjects CASL.
+ * Los módulos core definen sus subjects aquí.
+ * Los plugins pueden extender via declaration merging:
+ *
+ * @example
+ * ```typescript
+ * // my-plugin/src/types/abilities.d.ts
+ * declare module '@g10/nexus-backend' {
+ *   interface SubjectRegistry {
+ *     MyCustomEntity: true
+ *   }
+ * }
+ * ```
+ */
+interface SubjectRegistry {
+    UsrUser: true;
+    RolRole: true;
+    RolRolePermission: true;
+    all: true;
+}
+/** Subjects como strings (derivado del registro, extensible) */
+type SubjectStrings = keyof SubjectRegistry;
+type Actions = 'manage' | 'create' | 'read' | 'update' | 'delete';
+/** Subjects válidos: strings del registro + instancias de objetos */
+type Subjects = SubjectStrings | User | UserWithoutPassword | Role;
+type AppAbility = MongoAbility<[Actions, Subjects]>;
+
+declare const EventEmitter2: typeof pkg.EventEmitter2;
+interface DbEventPayload {
+    table: string;
+    action: 'created' | 'updated' | 'deleted';
+    data: unknown;
+    timestamp: Date;
+}
+interface NexusEvents {
+    'server.starting': {
+        port: number;
+        host: string;
+    };
+    'server.started': {
+        port: number;
+        host: string;
+    };
+    'server.stopping': undefined;
+    'server.stopped': undefined;
+    'server.restarting': undefined;
+    'db.connected': {
+        type: 'sqlite' | 'postgresql' | 'mysql';
+    };
+    'db.disconnected': undefined;
+    [key: `db.${string}.created`]: DbEventPayload;
+    [key: `db.${string}.updated`]: DbEventPayload;
+    [key: `db.${string}.deleted`]: DbEventPayload;
+    'auth.login': {
+        userId: string;
+        email: string;
+    };
+    'auth.logout': {
+        userId: string;
+    };
+    'auth.refresh': {
+        userId: string;
+    };
+    'auth.failed': {
+        email: string;
+        reason: string;
+    };
+}
+type NexusEventName = keyof NexusEvents;
+type NexusEventPayload<T extends NexusEventName> = NexusEvents[T];
+declare class TypedEventEmitter extends EventEmitter2 {
+    emitEvent<T extends NexusEventName>(event: T, ...args: NexusEvents[T] extends undefined ? [] : [NexusEvents[T]]): boolean;
+    onEvent<T extends NexusEventName>(event: T, listener: NexusEvents[T] extends undefined ? () => void : (payload: NexusEvents[T]) => void): this;
+    onceEvent<T extends NexusEventName>(event: T, listener: NexusEvents[T] extends undefined ? () => void : (payload: NexusEvents[T]) => void): this;
+    offEvent<T extends NexusEventName>(event: T, listener: NexusEvents[T] extends undefined ? () => void : (payload: NexusEvents[T]) => void): this;
+}
+declare const nexusEvents: TypedEventEmitter;
+
+/**
+ * Request autenticado con usuario y abilities CASL
+ * Los módulos usan este tipo en lugar de importar de ../../types/
+ */
+interface AuthRequest extends Request {
+    user: User;
+    ability: AppAbility;
+}
+
+/**
+ * Helpers para migraciones de base de datos
+ */
+interface MigrationHelpers {
+    /** Añade created_at y updated_at */
+    addTimestamps: (table: Knex.CreateTableBuilder, db: Knex) => void;
+    /** Añade created_by y updated_by si no existen */
+    addAuditFieldsIfMissing: (db: Knex, tableName: string) => Promise<void>;
+    /** Añade columna si no existe (idempotente). Retorna true si se añadió */
+    addColumnIfMissing: (db: Knex, tableName: string, columnName: string, columnBuilder: (table: Knex.AlterTableBuilder) => void) => Promise<boolean>;
+}
+/**
+ * Opciones para el middleware de validación Zod
+ */
+interface ValidateOptions {
+    body?: ZodSchema;
+    query?: ZodSchema;
+    params?: ZodSchema;
+}
+/**
+ * Middlewares disponibles en el contexto
+ * Incluye validate (genérico) y middlewares registrados por módulos
+ */
+interface ModuleMiddlewares {
+    /** Validación con Zod */
+    validate: (schemas: ValidateOptions) => RequestHandler;
+    /** Middlewares registrados dinámicamente por módulos */
+    [key: string]: RequestHandler | ((...args: any[]) => RequestHandler) | undefined;
+}
+/**
+ * Errores disponibles en el contexto
+ * Los módulos usan ctx.errors en lugar de importar directamente
+ */
+interface ModuleErrors {
+    AppError: typeof AppError;
+    NotFoundError: typeof NotFoundError;
+    UnauthorizedError: typeof UnauthorizedError;
+    ForbiddenError: typeof ForbiddenError;
+    ConflictError: typeof ConflictError;
+}
+/**
+ * Funciones de abilities CASL disponibles en el contexto
+ */
+interface ModuleAbilities {
+    /** Construye abilities desde permisos de BD */
+    defineAbilityFor: (user: User, permissions: RolePermission[]) => AppAbility;
+    /** Serializa abilities para enviar al frontend */
+    packRules: (ability: AppAbility) => RawRuleOf<AppAbility>[];
+    /** Wrapper para verificar permisos contra instancias */
+    subject: typeof _casl_ability.subject;
+    /** Error de CASL para throwUnlessCan */
+    ForbiddenError: typeof _casl_ability.ForbiddenError;
+}
+/**
+ * Contexto inyectado a los módulos
+ * Contiene todas las herramientas necesarias para operar
+ */
+interface ModuleContext {
+    /** Conexión a base de datos */
+    db: Knex;
+    /** Logger */
+    logger: Logger;
+    /** Generar ID único */
+    generateId: () => string;
+    /** Tipo de base de datos */
+    dbType: 'sqlite' | 'postgresql' | 'mysql';
+    /** Helpers para migraciones */
+    helpers: MigrationHelpers;
+    /** Crear un router Express */
+    createRouter: () => Router;
+    /** Middlewares disponibles (validate + registrados por módulos) */
+    middleware: ModuleMiddlewares;
+    /** Registrar middleware para uso de otros módulos */
+    registerMiddleware: (name: string, handler: RequestHandler) => void;
+    /** Configuración resuelta de la aplicación */
+    config: ResolvedConfig;
+    /** Errores para lanzar en módulos (evita imports directos) */
+    errors: ModuleErrors;
+    /** Funciones de abilities CASL (evita imports directos) */
+    abilities: ModuleAbilities;
+    /** Event emitter para comunicación entre módulos */
+    events: TypedEventEmitter;
+    /** Servicio de email SMTP */
+    mail: MailService;
+}
+/**
+ * Requisitos para activar un módulo
+ */
+interface ModuleRequirements {
+    /** Variables de entorno requeridas */
+    env?: string[];
+    /** Módulos que deben estar activos */
+    modules?: string[];
+}
+/**
+ * Tipo de campo para formularios dinámicos
+ */
+type FormFieldType = 'text' | 'email' | 'password' | 'number' | 'textarea' | 'markdown' | 'select' | 'checkbox' | 'date' | 'datetime';
+/**
+ * JSON Schema para validación de campos (subset serializable)
+ * @see https://json-schema.org/understanding-json-schema/
+ */
+interface FieldValidation {
+    /** Tipo JSON Schema */
+    type?: 'string' | 'number' | 'integer' | 'boolean';
+    /** Longitud mínima (strings) o valor mínimo (numbers) */
+    minLength?: number;
+    maxLength?: number;
+    minimum?: number;
+    maximum?: number;
+    /** Regex pattern para strings */
+    pattern?: string;
+    /** Formatos predefinidos: email, uri, date, date-time, uuid */
+    format?: 'email' | 'uri' | 'date' | 'date-time' | 'uuid';
+    /** Mensaje de error personalizado */
+    errorMessage?: string;
+}
+/**
+ * Configuración de un campo de formulario
+ */
+interface FormField {
+    /** Etiqueta del campo */
+    label: string;
+    /** Tipo de input */
+    type: FormFieldType;
+    /** Campo requerido (default: false) */
+    required?: boolean;
+    /** Placeholder del input */
+    placeholder?: string;
+    /** Solo mostrar en creación, no en edición (ej: password) */
+    createOnly?: boolean;
+    /** Campo deshabilitado */
+    disabled?: boolean;
+    /** Campo oculto */
+    hidden?: boolean;
+    /** Endpoint para cargar opciones (para type: 'select') */
+    optionsEndpoint?: string;
+    /** Campo a usar como value en opciones (default: 'id') */
+    optionValue?: string;
+    /** Campo a usar como label en opciones (default: 'name') */
+    optionLabel?: string;
+    /** Validación JSON Schema (serializable) */
+    validation?: FieldValidation;
+}
+/**
+ * Tipo de visualización de lista
+ */
+type ListType = 'table' | 'list' | 'grid' | 'masonry';
+/**
+ * Configuración de una entidad/tabla del módulo para UI CRUD
+ */
+interface ModuleEntity {
+    /** Nombre del subject CASL (debe coincidir con la tabla) */
+    name: string;
+    /** Nombre para mostrar en UI */
+    label: string;
+    /** Campos a mostrar en la tabla: { field: 'Label' } */
+    listFields: Record<string, string>;
+    /** Campos del formulario: { field: FormField } */
+    formFields?: Record<string, FormField>;
+    /** Campo usado como título/label en la UI */
+    labelField: string;
+    /** Prefijo de ruta si es diferente al del módulo */
+    routePrefix?: string;
+    /** Modo de edición: 'modal' (default) o 'page' para formularios grandes */
+    editMode?: 'modal' | 'page';
+    /** Tipo de visualización: 'table' (default), 'list', 'grid', 'masonry' */
+    listType?: ListType;
+}
+/**
+ * Manifest de un módulo Nexus
+ *
+ * Define la estructura y capacidades de un módulo para auto-discovery.
+ * Usado por el sistema de plugins y extensiones.
+ */
+interface ModuleManifest {
+    /** Identificador único del módulo (ej: 'users', 'posts') */
+    name: string;
+    /** Código único del módulo (ej: 'USR', 'PST') - para referencias cortas */
+    code: string;
+    /** Nombre para mostrar en UI */
+    label: string;
+    /** Icono del módulo (nombre de @vicons/ionicons5 o ruta a png/svg) */
+    icon?: string;
+    /** Descripción del módulo */
+    description?: string;
+    /** Versión del módulo (semver) */
+    version?: string;
+    /** Tipo de módulo: 'core' | 'plugin' | 'auth-plugin' | 'custom' */
+    type?: 'core' | 'plugin' | 'auth-plugin' | 'custom';
+    /** Categoría del módulo para agrupar en sidebar (vacío = raíz) */
+    category?: string;
+    /** Dependencias de otros módulos (para orden de migración/rutas) */
+    dependencies?: string[];
+    /** Requisitos para activar el módulo */
+    required?: ModuleRequirements;
+    /** Función de migración de base de datos */
+    migrate?: (ctx: ModuleContext) => Promise<void>;
+    /** Función de seed de datos iniciales */
+    seed?: (ctx: ModuleContext) => Promise<void>;
+    /** Inicialización del módulo (registrar middlewares, etc.) - se ejecuta antes de routes */
+    init?: (ctx: ModuleContext) => void;
+    /** Factory de rutas del módulo (recibe contexto) */
+    routes?: (ctx: ModuleContext) => Router;
+    /** Prefijo de rutas (default: /{name}) */
+    routePrefix?: string;
+    /** Subjects CASL que expone el módulo */
+    subjects?: string[];
+    /** Entidades/tablas del módulo con config CRUD para UI */
+    entities?: ModuleEntity[];
+}
+/**
+ * Manifest de un plugin Nexus
+ *
+ * Agrupa múltiples módulos relacionados en un solo paquete instalable.
+ * Los plugins se distribuyen como paquetes npm con peerDependency en @gzl10/nexus-backend.
+ */
+interface PluginManifest {
+    /** Nombre del plugin (normalmente el nombre del paquete npm) */
+    name: string;
+    /** Versión del plugin (semver) */
+    version: string;
+    /** Descripción del plugin */
+    description: string;
+    /** Módulos incluidos en el plugin */
+    modules: ModuleManifest[];
+}
+
+/**
+ * Ordenar módulos por dependencias (topological sort)
+ * Garantiza que un módulo se procese después de sus dependencias
+ */
+declare function getOrderedModules(): ModuleManifest[];
+/**
+ * Registrar módulo dinámicamente (para plugins)
+ */
+declare function registerModule(mod: ModuleManifest): void;
+/**
+ * Obtener todos los módulos registrados
+ */
+declare function getModules(): ModuleManifest[];
+/**
+ * Obtener módulo por nombre
+ */
+declare function getModule(name: string): ModuleManifest | undefined;
+/**
+ * Obtener todos los subjects registrados en módulos
+ * Incluye 'all' que siempre está disponible
+ */
+declare function getRegisteredSubjects(): string[];
+/**
+ * Validar que un subject existe en algún módulo registrado
+ */
+declare function isValidSubject(subject: string): boolean;
+
+interface PaginationParams {
+    page: number;
+    limit: number;
+}
+interface PaginatedResult<T> {
+    items: T[];
+    total: number;
+    page: number;
+    limit: number;
+    totalPages: number;
+    hasNext: boolean;
+}
+
+interface RefreshToken {
+    id: string;
+    token: string;
+    user_id: string;
+    expires_at: Date;
+    created_at: Date;
+}
+interface JwtPayload {
+    userId: string;
+    email: string;
+    roleId: string;
+}
+interface TokenPair {
+    accessToken: string;
+    refreshToken: string;
+}
+
+/**
+ * Construye abilities CASL desde permisos de BD.
+ * @param user - Usuario autenticado
+ * @param permissions - Permisos del rol del usuario (cargados desde BD)
+ */
+declare function defineAbilityFor(user: User, permissions: RolePermission[]): AppAbility;
+declare function packRules(ability: AppAbility): RawRuleOf<AppAbility>[];
+declare function unpackRules(rules: RawRuleOf<AppAbility>[]): AppAbility;
+
+export { type Actions, type AppAbility, type AuthRequest, type DbEventPayload, type JwtPayload, type MigrationHelpers, type ModuleAbilities, type ModuleContext, type ModuleEntity, type ModuleErrors, type ModuleManifest, type ModuleMiddlewares, type ModuleRequirements, type NexusConfig, type NexusEventName, type NexusEventPayload, type NexusEvents, type PaginatedResult, type PaginationParams, type PluginManifest, type RefreshToken, type ResolvedConfig, type Role, type RolePermission, type RoleWithCounts, type RoleWithPermissions, type SubjectRegistry, type SubjectStrings, type Subjects, type TokenPair, type User, type UserWithRole, type UserWithoutPassword, type ValidateOptions, createApp, db, defineAbilityFor, destroyDb, getConfig, getDatabaseType, getModule, getModules, getOrderedModules, getRegisteredSubjects, isRunning, isValidSubject, nexusEvents, packRules, registerModule, restart, start, stop, unpackRules };