@ironbackend/core 1.0.0

package/dist/security/index.js

@@ -0,0 +1,243 @@
+"use strict";
+/**
+ * IronBackend Security & Reliability Playbooks
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.securityPlaybook = exports.authStrategies = void 0;
+exports.getAuthStrategy = getAuthStrategy;
+exports.formatSecurityForPrompt = formatSecurityForPrompt;
+// ============================================================================
+// Authentication Strategies
+// ============================================================================
+exports.authStrategies = [
+    {
+        strategy: 'JWT',
+        useWhen: [
+            'Stateless APIs',
+            'Microservices architecture',
+            'Mobile/SPA clients',
+            'Need to embed claims in token'
+        ],
+        implementation: [
+            'Short-lived access tokens (15-30 minutes)',
+            'Longer-lived refresh tokens (7-30 days)',
+            'Store refresh tokens securely (httpOnly cookie or secure storage)',
+            'Include essential claims only (user ID, roles)',
+            'Use RS256 for production, HS256 for development',
+            'Implement token revocation via blacklist or short expiry'
+        ]
+    },
+    {
+        strategy: 'SESSION',
+        useWhen: [
+            'Traditional web applications',
+            'Server-side rendering',
+            'Need immediate session invalidation',
+            'Simpler security model preferred'
+        ],
+        implementation: [
+            'Store sessions in Redis or similar (not in-memory)',
+            'Use secure, httpOnly, sameSite cookies',
+            'Regenerate session ID on login',
+            'Set appropriate session timeout',
+            'Implement CSRF protection'
+        ]
+    },
+    {
+        strategy: 'API_KEY',
+        useWhen: [
+            'Service-to-service communication',
+            'Third-party integrations',
+            'Public API access',
+            'Simple authentication sufficient'
+        ],
+        implementation: [
+            'Hash API keys before storage',
+            'Implement key rotation mechanism',
+            'Scope keys to specific permissions',
+            'Rate limit per key',
+            'Log all key usage for audit'
+        ]
+    },
+    {
+        strategy: 'OAUTH2',
+        useWhen: [
+            'Third-party login (Google, GitHub, etc.)',
+            'Delegated access to resources',
+            'Enterprise SSO integration',
+            'Need to access third-party APIs on behalf of user'
+        ],
+        implementation: [
+            'Use Authorization Code flow for web apps',
+            'Use PKCE for mobile/SPA apps',
+            'Validate tokens with provider',
+            'Store provider tokens securely',
+            'Handle token refresh automatically'
+        ]
+    },
+    {
+        strategy: 'MTLS',
+        useWhen: [
+            'Internal service mesh',
+            'Zero-trust architecture',
+            'High-security environments',
+            'Need mutual authentication'
+        ],
+        implementation: [
+            'Use organization PKI',
+            'Automate certificate rotation',
+            'Implement certificate revocation',
+            'Monitor certificate expiry'
+        ]
+    }
+];
+// ============================================================================
+// Security Playbook
+// ============================================================================
+exports.securityPlaybook = {
+    authentication: exports.authStrategies,
+    authorization: {
+        rbac: {
+            description: 'Role-Based Access Control. Assign roles to users, roles have permissions.',
+            checkPattern: 'user.roles.some(role => requiredRoles.includes(role))',
+            goodFor: [
+                'Static, well-defined permission structures',
+                'Simple user hierarchies (admin, user, guest)',
+                'Quick to implement and audit'
+            ]
+        },
+        abac: {
+            description: 'Attribute-Based Access Control. Policies based on attributes of user, resource, action, and environment.',
+            checkPattern: 'policy.evaluate({ user, resource, action, context })',
+            goodFor: [
+                'Dynamic, fine-grained access control',
+                'Complex permission requirements',
+                'Context-aware decisions (time, location, etc.)'
+            ]
+        },
+        decisionMatrix: {
+            'Simplicity': { rbac: '✅ Simple', abac: '❌ Complex' },
+            'Flexibility': { rbac: '❌ Limited', abac: '✅ High' },
+            'Performance': { rbac: '✅ Fast', abac: '⚠️ Depends on policy' },
+            'Auditability': { rbac: '✅ Easy', abac: '⚠️ Policy-dependent' }
+        }
+    },
+    rateLimiting: {
+        windowType: 'Sliding window (more accurate than fixed window)',
+        defaultLimit: '100 requests/minute per authenticated user',
+        anonymousLimit: '20 requests/minute per IP',
+        headers: [
+            'X-RateLimit-Limit: Maximum requests allowed',
+            'X-RateLimit-Remaining: Requests remaining in window',
+            'X-RateLimit-Reset: Unix timestamp when limit resets'
+        ],
+        responseCode: 429
+    },
+    idempotency: {
+        headerName: 'Idempotency-Key',
+        keyFormat: 'UUID v4, client-generated',
+        storageDuration: '24 hours',
+        implementation: [
+            '1. Check if Idempotency-Key exists in store',
+            '2. If exists: return stored response',
+            '3. If not: process request, store response with key',
+            '4. Cleanup keys older than 24 hours (background job)',
+            '5. Handle concurrent requests with same key (locking)'
+        ]
+    },
+    retryStrategy: {
+        baseDelay: '100ms',
+        multiplier: 2,
+        maxRetries: 3,
+        maxDelay: '10s',
+        jitter: '±10%',
+        retryOn: [408, 429, 500, 502, 503, 504],
+        doNotRetryOn: [400, 401, 403, 404, 409, 422]
+    },
+    circuitBreaker: {
+        states: [
+            'CLOSED: Normal operation, requests pass through',
+            'OPEN: Failing, requests immediately rejected with fallback',
+            'HALF_OPEN: Testing, limited requests allowed to probe'
+        ],
+        failureThreshold: 5,
+        successThreshold: 3,
+        timeout: '30s',
+        monitoringWindow: '60s'
+    },
+    auditLogging: {
+        requiredEvents: [
+            'AUTH_LOGIN_SUCCESS',
+            'AUTH_LOGIN_FAILURE',
+            'AUTH_LOGOUT',
+            'AUTH_TOKEN_REFRESH',
+            'AUTHZ_ACCESS_GRANTED',
+            'AUTHZ_ACCESS_DENIED',
+            'DATA_CREATE',
+            'DATA_UPDATE',
+            'DATA_DELETE',
+            'ADMIN_CONFIG_CHANGE',
+            'ADMIN_USER_MANAGEMENT',
+            'SECURITY_RATE_LIMIT_HIT',
+            'SECURITY_BLOCKED_REQUEST'
+        ],
+        logFormat: {
+            'timestamp': 'ISO8601 format',
+            'eventType': 'Event type from requiredEvents',
+            'actorId': 'User or service ID',
+            'actorType': 'USER, SERVICE, SYSTEM',
+            'resourceType': 'Type of resource affected',
+            'resourceId': 'ID of resource affected',
+            'action': 'CREATE, READ, UPDATE, DELETE',
+            'outcome': 'SUCCESS, FAILURE',
+            'metadata': 'Additional context',
+            'ipAddress': 'Client IP',
+            'userAgent': 'Client user agent',
+            'correlationId': 'Request correlation ID'
+        }
+    },
+    failurePhilosophy: [
+        'FAIL FAST: Validate early, reject invalid requests immediately at boundaries',
+        'FAIL GRACEFULLY: Always return meaningful errors, never crash or hang',
+        'FAIL ISOLATED: One component failure should not cascade to others',
+        'FAIL OBSERVABLE: Every failure must be logged with full context',
+        'FAIL RECOVERABLE: Design for retry, implement compensation for failures'
+    ]
+};
+/**
+ * Get authentication strategy by type
+ */
+function getAuthStrategy(strategy) {
+    return exports.authStrategies.find(auth => auth.strategy === strategy);
+}
+/**
+ * Format security playbook section for prompt
+ */
+function formatSecurityForPrompt() {
+    return `
+## Authentication
+${exports.authStrategies.map(auth => `
+### ${auth.strategy}
+Use when: ${auth.useWhen.join(', ')}
+Implementation:
+${auth.implementation.map(impl => `- ${impl}`).join('\n')}
+`).join('\n')}
+
+## Rate Limiting
+- Window: ${exports.securityPlaybook.rateLimiting.windowType}
+- Default: ${exports.securityPlaybook.rateLimiting.defaultLimit}
+- Anonymous: ${exports.securityPlaybook.rateLimiting.anonymousLimit}
+- Response: HTTP ${exports.securityPlaybook.rateLimiting.responseCode} with Retry-After header
+
+## Retry Strategy
+- Base delay: ${exports.securityPlaybook.retryStrategy.baseDelay}
+- Multiplier: ${exports.securityPlaybook.retryStrategy.multiplier}x
+- Max retries: ${exports.securityPlaybook.retryStrategy.maxRetries}
+- Retry on: ${exports.securityPlaybook.retryStrategy.retryOn.join(', ')}
+- Do NOT retry: ${exports.securityPlaybook.retryStrategy.doNotRetryOn.join(', ')}
+
+## Failure Philosophy
+${exports.securityPlaybook.failurePhilosophy.map(p => `- ${p}`).join('\n')}
+`;
+}
+//# sourceMappingURL=index.js.map

package/dist/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAwNH,0CAEC;AAKD,0DA0BC;AArPD,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAElE,QAAA,cAAc,GAAiB;IACxC;QACI,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE;YACL,gBAAgB;YAChB,4BAA4B;YAC5B,oBAAoB;YACpB,+BAA+B;SAClC;QACD,cAAc,EAAE;YACZ,2CAA2C;YAC3C,yCAAyC;YACzC,mEAAmE;YACnE,gDAAgD;YAChD,iDAAiD;YACjD,0DAA0D;SAC7D;KACJ;IACD;QACI,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE;YACL,8BAA8B;YAC9B,uBAAuB;YACvB,qCAAqC;YACrC,kCAAkC;SACrC;QACD,cAAc,EAAE;YACZ,oDAAoD;YACpD,wCAAwC;YACxC,gCAAgC;YAChC,iCAAiC;YACjC,2BAA2B;SAC9B;KACJ;IACD;QACI,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE;YACL,kCAAkC;YAClC,0BAA0B;YAC1B,mBAAmB;YACnB,kCAAkC;SACrC;QACD,cAAc,EAAE;YACZ,8BAA8B;YAC9B,kCAAkC;YAClC,oCAAoC;YACpC,oBAAoB;YACpB,6BAA6B;SAChC;KACJ;IACD;QACI,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACL,0CAA0C;YAC1C,+BAA+B;YAC/B,4BAA4B;YAC5B,mDAAmD;SACtD;QACD,cAAc,EAAE;YACZ,0CAA0C;YAC1C,8BAA8B;YAC9B,+BAA+B;YAC/B,gCAAgC;YAChC,oCAAoC;SACvC;KACJ;IACD;QACI,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE;YACL,uBAAuB;YACvB,yBAAyB;YACzB,4BAA4B;YAC5B,4BAA4B;SAC/B;QACD,cAAc,EAAE;YACZ,sBAAsB;YACtB,+BAA+B;YAC/B,kCAAkC;YAClC,4BAA4B;SAC/B;KACJ;CACJ,CAAC;AAEF,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAElE,QAAA,gBAAgB,GAAqB;IAC9C,cAAc,EAAE,sBAAc;IAE9B,aAAa,EAAE;QACX,IAAI,EAAE;YACF,WAAW,EAAE,2EAA2E;YACxF,YAAY,EAAE,uDAAuD;YACrE,OAAO,EAAE;gBACL,4CAA4C;gBAC5C,8CAA8C;gBAC9C,8BAA8B;aACjC;SACJ;QACD,IAAI,EAAE;YACF,WAAW,EAAE,0GAA0G;YACvH,YAAY,EAAE,sDAAsD;YACpE,OAAO,EAAE;gBACL,sCAAsC;gBACtC,iCAAiC;gBACjC,gDAAgD;aACnD;SACJ;QACD,cAAc,EAAE;YACZ,YAAY,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE;YACrD,aAAa,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,EAAE;YACpD,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,sBAAsB,EAAE;YAC/D,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,qBAAqB,EAAE;SAClE;KACJ;IAED,YAAY,EAAE;QACV,UAAU,EAAE,kDAAkD;QAC9D,YAAY,EAAE,4CAA4C;QAC1D,cAAc,EAAE,2BAA2B;QAC3C,OAAO,EAAE;YACL,6CAA6C;YAC7C,qDAAqD;YACrD,qDAAqD;SACxD;QACD,YAAY,EAAE,GAAG;KACpB;IAED,WAAW,EAAE;QACT,UAAU,EAAE,iBAAiB;QAC7B,SAAS,EAAE,2BAA2B;QACtC,eAAe,EAAE,UAAU;QAC3B,cAAc,EAAE;YACZ,6CAA6C;YAC7C,sCAAsC;YACtC,qDAAqD;YACrD,sDAAsD;YACtD,uDAAuD;SAC1D;KACJ;IAED,aAAa,EAAE;QACX,SAAS,EAAE,OAAO;QAClB,UAAU,EAAE,CAAC;QACb,UAAU,EAAE,CAAC;QACb,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;QACvC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;KAC/C;IAED,cAAc,EAAE;QACZ,MAAM,EAAE;YACJ,iDAAiD;YACjD,4DAA4D;YAC5D,uDAAuD;SAC1D;QACD,gBAAgB,EAAE,CAAC;QACnB,gBAAgB,EAAE,CAAC;QACnB,OAAO,EAAE,KAAK;QACd,gBAAgB,EAAE,KAAK;KAC1B;IAED,YAAY,EAAE;QACV,cAAc,EAAE;YACZ,oBAAoB;YACpB,oBAAoB;YACpB,aAAa;YACb,oBAAoB;YACpB,sBAAsB;YACtB,qBAAqB;YACrB,aAAa;YACb,aAAa;YACb,aAAa;YACb,qBAAqB;YACrB,uBAAuB;YACvB,yBAAyB;YACzB,0BAA0B;SAC7B;QACD,SAAS,EAAE;YACP,WAAW,EAAE,gBAAgB;YAC7B,WAAW,EAAE,gCAAgC;YAC7C,SAAS,EAAE,oBAAoB;YAC/B,WAAW,EAAE,uBAAuB;YACpC,cAAc,EAAE,2BAA2B;YAC3C,YAAY,EAAE,yBAAyB;YACvC,QAAQ,EAAE,8BAA8B;YACxC,SAAS,EAAE,kBAAkB;YAC7B,UAAU,EAAE,oBAAoB;YAChC,WAAW,EAAE,WAAW;YACxB,WAAW,EAAE,mBAAmB;YAChC,eAAe,EAAE,wBAAwB;SAC5C;KACJ;IAED,iBAAiB,EAAE;QACf,8EAA8E;QAC9E,uEAAuE;QACvE,mEAAmE;QACnE,iEAAiE;QACjE,yEAAyE;KAC5E;CACJ,CAAC;AAEF;;GAEG;AACH,SAAgB,eAAe,CAAC,QAAgB;IAC5C,OAAO,sBAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,SAAgB,uBAAuB;IACnC,OAAO;;EAET,sBAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;MACvB,IAAI,CAAC,QAAQ;YACP,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;;EAEjC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;CACxD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;YAGD,wBAAgB,CAAC,YAAY,CAAC,UAAU;aACvC,wBAAgB,CAAC,YAAY,CAAC,YAAY;eACxC,wBAAgB,CAAC,YAAY,CAAC,cAAc;mBACxC,wBAAgB,CAAC,YAAY,CAAC,YAAY;;;gBAG7C,wBAAgB,CAAC,aAAa,CAAC,SAAS;gBACxC,wBAAgB,CAAC,aAAa,CAAC,UAAU;iBACxC,wBAAgB,CAAC,aAAa,CAAC,UAAU;cAC5C,wBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;kBAC7C,wBAAgB,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;;;EAGtE,wBAAgB,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;CACjE,CAAC;AACF,CAAC"}

package/dist/stacks/index.d.ts

@@ -0,0 +1,38 @@
+/**
+ * IronBackend Tech Stack Presets
+ * Pre-configured technology stack definitions
+ */
+import type { TechStack } from '../types.js';
+/**
+ * Node.js + NestJS + PostgreSQL Stack
+ */
+export declare const nodeNestjs: TechStack;
+/**
+ * Java + Spring Boot Stack
+ */
+export declare const javaSpring: TechStack;
+/**
+ * .NET + ASP.NET Core Stack
+ */
+export declare const dotnetAspnetcore: TechStack;
+/**
+ * Python + FastAPI Stack
+ */
+export declare const pythonFastapi: TechStack;
+/**
+ * All available stacks
+ */
+export declare const stacks: Record<string, TechStack>;
+/**
+ * Get a stack by ID
+ */
+export declare function getStack(id: string): TechStack | undefined;
+/**
+ * Get all stack IDs
+ */
+export declare function getStackIds(): string[];
+/**
+ * Find stacks by language
+ */
+export declare function findStacksByLanguage(language: string): TechStack[];
+//# sourceMappingURL=index.d.ts.map

package/dist/stacks/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/stacks/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAE7C;;GAEG;AACH,eAAO,MAAM,UAAU,EAAE,SAiCxB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,UAAU,EAAE,SAmCxB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,gBAAgB,EAAE,SAmC9B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE,SAmC3B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAK5C,CAAC;AAEF;;GAEG;AACH,wBAAgB,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,CAE1D;AAED;;GAEG;AACH,wBAAgB,WAAW,IAAI,MAAM,EAAE,CAEtC;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAAE,CAKlE"}

package/dist/stacks/index.js

@@ -0,0 +1,193 @@
+"use strict";
+/**
+ * IronBackend Tech Stack Presets
+ * Pre-configured technology stack definitions
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.stacks = exports.pythonFastapi = exports.dotnetAspnetcore = exports.javaSpring = exports.nodeNestjs = void 0;
+exports.getStack = getStack;
+exports.getStackIds = getStackIds;
+exports.findStacksByLanguage = findStacksByLanguage;
+/**
+ * Node.js + NestJS + PostgreSQL Stack
+ */
+exports.nodeNestjs = {
+    id: 'node-nestjs',
+    name: 'Node.js + NestJS + PostgreSQL',
+    language: 'TypeScript',
+    languageVersion: '5.3+',
+    framework: 'NestJS',
+    frameworkVersion: '10.x',
+    database: {
+        type: 'PostgreSQL',
+        orm: 'Prisma',
+        driver: 'pg'
+    },
+    messaging: {
+        type: 'Queue',
+        provider: 'BullMQ (Redis-backed)'
+    },
+    authentication: 'Passport.js + JWT',
+    logging: 'Pino (structured JSON)',
+    testing: {
+        unit: 'Jest',
+        integration: 'Supertest',
+        e2e: 'Jest + Supertest',
+        coverageTarget: 80
+    },
+    deployment: ['Docker', 'Kubernetes'],
+    conventions: [
+        'Use NestJS modules for feature boundaries',
+        'DTOs with class-validator decorators',
+        'Repositories as providers, not raw Prisma in services',
+        'Custom exceptions extending HttpException',
+        'Guards for authentication, interceptors for logging',
+        'ConfigService for environment variables'
+    ]
+};
+/**
+ * Java + Spring Boot Stack
+ */
+exports.javaSpring = {
+    id: 'java-spring',
+    name: 'Java + Spring Boot',
+    language: 'Java',
+    languageVersion: '21 (LTS)',
+    framework: 'Spring Boot',
+    frameworkVersion: '3.x',
+    database: {
+        type: 'PostgreSQL',
+        orm: 'Spring Data JPA',
+        driver: 'HikariCP'
+    },
+    messaging: {
+        type: 'AMQP/Kafka',
+        provider: 'Spring AMQP (RabbitMQ) or Spring Kafka'
+    },
+    authentication: 'Spring Security + OAuth2',
+    logging: 'SLF4J + Logback',
+    testing: {
+        unit: 'JUnit 5',
+        integration: 'Testcontainers',
+        e2e: 'Spring MockMvc',
+        coverageTarget: 80
+    },
+    deployment: ['Docker', 'Kubernetes'],
+    conventions: [
+        'Use records for DTOs (Java 16+)',
+        'Repositories extend JpaRepository',
+        'Services annotated with @Service',
+        'Controllers use @RestController',
+        'Validation via @Valid and jakarta.validation',
+        'Configuration properties with @ConfigurationProperties',
+        'Use Optional for nullable returns',
+        'Prefer constructor injection over field injection'
+    ]
+};
+/**
+ * .NET + ASP.NET Core Stack
+ */
+exports.dotnetAspnetcore = {
+    id: 'dotnet-aspnetcore',
+    name: '.NET + ASP.NET Core',
+    language: 'C#',
+    languageVersion: '12 / .NET 8',
+    framework: 'ASP.NET Core',
+    frameworkVersion: '8.0',
+    database: {
+        type: 'PostgreSQL',
+        orm: 'Entity Framework Core',
+        driver: 'Npgsql'
+    },
+    messaging: {
+        type: 'Queue',
+        provider: 'MassTransit (RabbitMQ or Azure Service Bus)'
+    },
+    authentication: 'ASP.NET Identity + JWT Bearer',
+    logging: 'Serilog',
+    testing: {
+        unit: 'xUnit',
+        integration: 'WebApplicationFactory',
+        e2e: 'xUnit + WireMock',
+        coverageTarget: 80
+    },
+    deployment: ['Docker', 'Kubernetes', 'Azure App Service'],
+    conventions: [
+        'Use Minimal APIs or Controllers based on complexity',
+        'Record types for DTOs',
+        'Repository pattern with EF Core',
+        'MediatR for CQRS when needed',
+        'FluentValidation for input validation',
+        'Options pattern for configuration',
+        'Dependency injection via built-in container',
+        'Use nullable reference types'
+    ]
+};
+/**
+ * Python + FastAPI Stack
+ */
+exports.pythonFastapi = {
+    id: 'python-fastapi',
+    name: 'Python + FastAPI',
+    language: 'Python',
+    languageVersion: '3.11+',
+    framework: 'FastAPI',
+    frameworkVersion: '0.100+',
+    database: {
+        type: 'PostgreSQL',
+        orm: 'SQLAlchemy 2.0',
+        driver: 'asyncpg'
+    },
+    messaging: {
+        type: 'Queue',
+        provider: 'Celery (Redis) or arq'
+    },
+    authentication: 'FastAPI Security + python-jose',
+    logging: 'structlog',
+    testing: {
+        unit: 'pytest',
+        integration: 'pytest + httpx',
+        e2e: 'pytest-asyncio',
+        coverageTarget: 80
+    },
+    deployment: ['Docker', 'Kubernetes'],
+    conventions: [
+        'Pydantic models for request/response schemas',
+        'Async endpoints by default',
+        'Dependency injection via FastAPI Depends',
+        'SQLAlchemy models separate from Pydantic schemas',
+        'Use dataclasses for domain entities',
+        'Type hints everywhere',
+        'Alembic for database migrations',
+        'Virtual environments with poetry or uv'
+    ]
+};
+/**
+ * All available stacks
+ */
+exports.stacks = {
+    'node-nestjs': exports.nodeNestjs,
+    'java-spring': exports.javaSpring,
+    'dotnet-aspnetcore': exports.dotnetAspnetcore,
+    'python-fastapi': exports.pythonFastapi,
+};
+/**
+ * Get a stack by ID
+ */
+function getStack(id) {
+    return exports.stacks[id];
+}
+/**
+ * Get all stack IDs
+ */
+function getStackIds() {
+    return Object.keys(exports.stacks);
+}
+/**
+ * Find stacks by language
+ */
+function findStacksByLanguage(language) {
+    const normalizedLang = language.toLowerCase();
+    return Object.values(exports.stacks).filter(stack => stack.language.toLowerCase().includes(normalizedLang));
+}
+//# sourceMappingURL=index.js.map

package/dist/stacks/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/stacks/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AA+KH,4BAEC;AAKD,kCAEC;AAKD,oDAKC;AA9LD;;GAEG;AACU,QAAA,UAAU,GAAc;IACjC,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,+BAA+B;IACrC,QAAQ,EAAE,YAAY;IACtB,eAAe,EAAE,MAAM;IACvB,SAAS,EAAE,QAAQ;IACnB,gBAAgB,EAAE,MAAM;IACxB,QAAQ,EAAE;QACN,IAAI,EAAE,YAAY;QAClB,GAAG,EAAE,QAAQ;QACb,MAAM,EAAE,IAAI;KACf;IACD,SAAS,EAAE;QACP,IAAI,EAAE,OAAO;QACb,QAAQ,EAAE,uBAAuB;KACpC;IACD,cAAc,EAAE,mBAAmB;IACnC,OAAO,EAAE,wBAAwB;IACjC,OAAO,EAAE;QACL,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,WAAW;QACxB,GAAG,EAAE,kBAAkB;QACvB,cAAc,EAAE,EAAE;KACrB;IACD,UAAU,EAAE,CAAC,QAAQ,EAAE,YAAY,CAAC;IACpC,WAAW,EAAE;QACT,2CAA2C;QAC3C,sCAAsC;QACtC,uDAAuD;QACvD,2CAA2C;QAC3C,qDAAqD;QACrD,yCAAyC;KAC5C;CACJ,CAAC;AAEF;;GAEG;AACU,QAAA,UAAU,GAAc;IACjC,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,oBAAoB;IAC1B,QAAQ,EAAE,MAAM;IAChB,eAAe,EAAE,UAAU;IAC3B,SAAS,EAAE,aAAa;IACxB,gBAAgB,EAAE,KAAK;IACvB,QAAQ,EAAE;QACN,IAAI,EAAE,YAAY;QAClB,GAAG,EAAE,iBAAiB;QACtB,MAAM,EAAE,UAAU;KACrB;IACD,SAAS,EAAE;QACP,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,wCAAwC;KACrD;IACD,cAAc,EAAE,0BAA0B;IAC1C,OAAO,EAAE,iBAAiB;IAC1B,OAAO,EAAE;QACL,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,gBAAgB;QAC7B,GAAG,EAAE,gBAAgB;QACrB,cAAc,EAAE,EAAE;KACrB;IACD,UAAU,EAAE,CAAC,QAAQ,EAAE,YAAY,CAAC;IACpC,WAAW,EAAE;QACT,iCAAiC;QACjC,mCAAmC;QACnC,kCAAkC;QAClC,iCAAiC;QACjC,8CAA8C;QAC9C,wDAAwD;QACxD,mCAAmC;QACnC,mDAAmD;KACtD;CACJ,CAAC;AAEF;;GAEG;AACU,QAAA,gBAAgB,GAAc;IACvC,EAAE,EAAE,mBAAmB;IACvB,IAAI,EAAE,qBAAqB;IAC3B,QAAQ,EAAE,IAAI;IACd,eAAe,EAAE,aAAa;IAC9B,SAAS,EAAE,cAAc;IACzB,gBAAgB,EAAE,KAAK;IACvB,QAAQ,EAAE;QACN,IAAI,EAAE,YAAY;QAClB,GAAG,EAAE,uBAAuB;QAC5B,MAAM,EAAE,QAAQ;KACnB;IACD,SAAS,EAAE;QACP,IAAI,EAAE,OAAO;QACb,QAAQ,EAAE,6CAA6C;KAC1D;IACD,cAAc,EAAE,+BAA+B;IAC/C,OAAO,EAAE,SAAS;IAClB,OAAO,EAAE;QACL,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,uBAAuB;QACpC,GAAG,EAAE,kBAAkB;QACvB,cAAc,EAAE,EAAE;KACrB;IACD,UAAU,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,mBAAmB,CAAC;IACzD,WAAW,EAAE;QACT,qDAAqD;QACrD,uBAAuB;QACvB,iCAAiC;QACjC,8BAA8B;QAC9B,uCAAuC;QACvC,mCAAmC;QACnC,6CAA6C;QAC7C,8BAA8B;KACjC;CACJ,CAAC;AAEF;;GAEG;AACU,QAAA,aAAa,GAAc;IACpC,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,kBAAkB;IACxB,QAAQ,EAAE,QAAQ;IAClB,eAAe,EAAE,OAAO;IACxB,SAAS,EAAE,SAAS;IACpB,gBAAgB,EAAE,QAAQ;IAC1B,QAAQ,EAAE;QACN,IAAI,EAAE,YAAY;QAClB,GAAG,EAAE,gBAAgB;QACrB,MAAM,EAAE,SAAS;KACpB;IACD,SAAS,EAAE;QACP,IAAI,EAAE,OAAO;QACb,QAAQ,EAAE,uBAAuB;KACpC;IACD,cAAc,EAAE,gCAAgC;IAChD,OAAO,EAAE,WAAW;IACpB,OAAO,EAAE;QACL,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,gBAAgB;QAC7B,GAAG,EAAE,gBAAgB;QACrB,cAAc,EAAE,EAAE;KACrB;IACD,UAAU,EAAE,CAAC,QAAQ,EAAE,YAAY,CAAC;IACpC,WAAW,EAAE;QACT,8CAA8C;QAC9C,4BAA4B;QAC5B,0CAA0C;QAC1C,kDAAkD;QAClD,qCAAqC;QACrC,uBAAuB;QACvB,iCAAiC;QACjC,wCAAwC;KAC3C;CACJ,CAAC;AAEF;;GAEG;AACU,QAAA,MAAM,GAA8B;IAC7C,aAAa,EAAE,kBAAU;IACzB,aAAa,EAAE,kBAAU;IACzB,mBAAmB,EAAE,wBAAgB;IACrC,gBAAgB,EAAE,qBAAa;CAClC,CAAC;AAEF;;GAEG;AACH,SAAgB,QAAQ,CAAC,EAAU;IAC/B,OAAO,cAAM,CAAC,EAAE,CAAC,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW;IACvB,OAAO,MAAM,CAAC,IAAI,CAAC,cAAM,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAAC,QAAgB;IACjD,MAAM,cAAc,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAC9C,OAAO,MAAM,CAAC,MAAM,CAAC,cAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACxC,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CACxD,CAAC;AACN,CAAC"}

package/dist/styles/clean-monolith.d.ts

@@ -0,0 +1,7 @@
+import type { ArchitectureStyle } from '../types.js';
+/**
+ * Clean Monolith Architecture Style
+ * Single deployable unit with clean internal boundaries
+ */
+export declare const cleanMonolith: ArchitectureStyle;
+//# sourceMappingURL=clean-monolith.d.ts.map

package/dist/styles/clean-monolith.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"clean-monolith.d.ts","sourceRoot":"","sources":["../../src/styles/clean-monolith.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD;;;GAGG;AACH,eAAO,MAAM,aAAa,EAAE,iBAyH3B,CAAC"}

package/dist/styles/clean-monolith.js

@@ -0,0 +1,124 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cleanMonolith = void 0;
+/**
+ * Clean Monolith Architecture Style
+ * Single deployable unit with clean internal boundaries
+ */
+exports.cleanMonolith = {
+    id: 'clean-monolith',
+    name: 'Clean Monolith',
+    description: 'Single deployable unit with clean internal boundaries. Domain logic isolated from infrastructure. Well-suited for small to medium teams that value deployment simplicity.',
+    whenToUse: [
+        'Team size < 15 developers',
+        'Single database is sufficient',
+        'Deployment simplicity is priority',
+        'Startup or early-stage product',
+        'Unclear domain boundaries initially',
+        'Rapid iteration required'
+    ],
+    whenNotToUse: [
+        'Multiple teams need independent deployments',
+        'Different scaling requirements per component',
+        'Regulatory isolation required',
+        'Polyglot persistence needed',
+        'Team exceeds 15-20 developers'
+    ],
+    corePrinciples: [
+        'Layered architecture: Controller → Service → Repository → Domain',
+        'Domain logic must not depend on frameworks',
+        'Dependency injection for all external resources',
+        'Single source of truth for business rules',
+        'Clear separation between I/O and pure logic',
+        'Infrastructure concerns at the edges only'
+    ],
+    folderStructure: {
+        name: 'src',
+        type: 'folder',
+        children: [
+            {
+                name: 'api',
+                type: 'folder',
+                description: 'HTTP controllers, middleware, routes',
+                children: [
+                    { name: 'controllers', type: 'folder', description: 'HTTP request handlers' },
+                    { name: 'middleware', type: 'folder', description: 'Request/response interceptors' },
+                    { name: 'routes', type: 'folder', description: 'Route definitions' }
+                ]
+            },
+            {
+                name: 'application',
+                type: 'folder',
+                description: 'Use cases, DTOs, application services',
+                children: [
+                    { name: 'services', type: 'folder', description: 'Application services orchestrating domain' },
+                    { name: 'dto', type: 'folder', description: 'Data transfer objects' },
+                    { name: 'mappers', type: 'folder', description: 'Entity ↔ DTO mappers' }
+                ]
+            },
+            {
+                name: 'domain',
+                type: 'folder',
+                description: 'Entities, value objects, domain services',
+                children: [
+                    { name: 'entities', type: 'folder', description: 'Domain entities with identity' },
+                    { name: 'value-objects', type: 'folder', description: 'Immutable domain concepts' },
+                    { name: 'services', type: 'folder', description: 'Domain services for cross-entity logic' },
+                    { name: 'interfaces', type: 'folder', description: 'Repository and gateway interfaces' }
+                ]
+            },
+            {
+                name: 'infrastructure',
+                type: 'folder',
+                description: 'Database, external APIs, messaging',
+                children: [
+                    { name: 'database', type: 'folder', description: 'Repository implementations, migrations' },
+                    { name: 'external', type: 'folder', description: 'External API clients' },
+                    { name: 'config', type: 'folder', description: 'Configuration loading' }
+                ]
+            },
+            {
+                name: 'shared',
+                type: 'folder',
+                description: 'Cross-cutting concerns',
+                children: [
+                    { name: 'errors', type: 'folder', description: 'Custom error types' },
+                    { name: 'utils', type: 'folder', description: 'Utility functions' },
+                    { name: 'types', type: 'folder', description: 'Shared type definitions' }
+                ]
+            }
+        ]
+    },
+    commonPitfalls: [
+        'Mixing domain logic in controllers - controllers should only handle HTTP concerns',
+        'Direct database access from application layer - always go through repositories',
+        'Circular dependencies between layers - dependencies flow inward only',
+        'Framework-specific code in domain layer - domain must be framework-agnostic',
+        'Anemic domain model - entities should have behavior, not just data',
+        'Fat services that do everything - keep services focused on orchestration'
+    ],
+    aiInstructions: `When generating code for Clean Monolith architecture:
+
+STRUCTURE:
+- Controllers handle HTTP only, delegate to application services
+- Application services orchestrate domain logic, never access DB directly
+- Repositories implement domain interfaces defined in domain layer
+- Domain entities have no framework annotations or decorators
+
+DEPENDENCIES:
+- api → application → domain ← infrastructure
+- Never import from infrastructure in domain
+- All external dependencies injected via interfaces
+
+PATTERNS:
+- Use constructor injection for all dependencies
+- Return domain entities from repositories, not database records
+- Map to DTOs only at API boundaries
+- Validate input at controller level, invariants in domain
+
+TESTING:
+- Unit test domain logic in isolation
+- Mock repositories for application service tests
+- Integration test API endpoints with real database`
+};
+//# sourceMappingURL=clean-monolith.js.map

package/dist/styles/clean-monolith.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"clean-monolith.js","sourceRoot":"","sources":["../../src/styles/clean-monolith.ts"],"names":[],"mappings":";;;AAEA;;;GAGG;AACU,QAAA,aAAa,GAAsB;IAC5C,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,2KAA2K;IAExL,SAAS,EAAE;QACP,2BAA2B;QAC3B,+BAA+B;QAC/B,mCAAmC;QACnC,gCAAgC;QAChC,qCAAqC;QACrC,0BAA0B;KAC7B;IAED,YAAY,EAAE;QACV,6CAA6C;QAC7C,8CAA8C;QAC9C,+BAA+B;QAC/B,6BAA6B;QAC7B,+BAA+B;KAClC;IAED,cAAc,EAAE;QACZ,kEAAkE;QAClE,4CAA4C;QAC5C,iDAAiD;QACjD,2CAA2C;QAC3C,6CAA6C;QAC7C,2CAA2C;KAC9C;IAED,eAAe,EAAE;QACb,IAAI,EAAE,KAAK;QACX,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE;YACN;gBACI,IAAI,EAAE,KAAK;gBACX,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE;oBACN,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;oBAC7E,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,+BAA+B,EAAE;oBACpF,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;iBACvE;aACJ;YACD;gBACI,IAAI,EAAE,aAAa;gBACnB,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE;oBACN,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2CAA2C,EAAE;oBAC9F,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;oBACrE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;iBAC3E;aACJ;YACD;gBACI,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE;oBACN,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,+BAA+B,EAAE;oBAClF,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACnF,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wCAAwC,EAAE;oBAC3F,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mCAAmC,EAAE;iBAC3F;aACJ;YACD;gBACI,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE;oBACN,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wCAAwC,EAAE;oBAC3F,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;oBACzE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;iBAC3E;aACJ;YACD;gBACI,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,wBAAwB;gBACrC,QAAQ,EAAE;oBACN,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,oBAAoB,EAAE;oBACrE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;oBACnE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yBAAyB,EAAE;iBAC5E;aACJ;SACJ;KACJ;IAED,cAAc,EAAE;QACZ,mFAAmF;QACnF,gFAAgF;QAChF,sEAAsE;QACtE,6EAA6E;QAC7E,oEAAoE;QACpE,0EAA0E;KAC7E;IAED,cAAc,EAAE;;;;;;;;;;;;;;;;;;;;;;oDAsBgC;CACnD,CAAC"}

package/dist/styles/event-driven.d.ts

@@ -0,0 +1,12 @@
+import type { ArchitectureStyle } from '../types.js';
+/**
+ * Event-Driven Backend Architecture
+ * Components communicate through events, asynchronously
+ */
+export declare const eventDriven: ArchitectureStyle;
+/**
+ * CQRS Architecture Style
+ * Separate models for reading and writing data
+ */
+export declare const cqrs: ArchitectureStyle;
+//# sourceMappingURL=event-driven.d.ts.map

package/dist/styles/event-driven.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"event-driven.d.ts","sourceRoot":"","sources":["../../src/styles/event-driven.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,iBAwHzB,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,IAAI,EAAE,iBA6HlB,CAAC"}