@koalarx/nest 3.1.49 → 4.0.1

package/cli/constants/domain.js

@@ -0,0 +1,171 @@
+export const Template = {
+  DEFAULT: "default",
+  CRUD_SAMPLE: "crudSample"
+};
+export const AuthChoice = {
+  NONE: "none",
+  JWT: "jwt",
+  OAUTH2: "oauth2"
+};
+export const AuthStrategy = {
+  JWT: AuthChoice.JWT,
+  OAUTH2: AuthChoice.OAUTH2
+};
+export const ExtraFeature = {
+  CACHE: "cache",
+  HEALTH_CHECK: "health-check",
+  INTERNAL_CRON_JOBS: "internal-cron-jobs",
+  INTERNAL_EVENT_JOBS: "internal-event-jobs"
+};
+export var InstallModule;
+((InstallModule) => {
+  InstallModule["CORE"] = "core";
+  InstallModule["AUTH"] = "auth";
+  InstallModule["CACHE"] = "cache";
+  InstallModule["HEALTH"] = "health";
+  InstallModule["INTERNAL_CRON_JOBS"] = "internal-cron-jobs";
+  InstallModule["INTERNAL_EVENT_JOBS"] = "internal-event-jobs";
+})(InstallModule ||= {});
+export const AddArgKind = {
+  AUTH: "auth",
+  FEATURE: "feature"
+};
+export const AuthPromptChoice = {
+  SKIP: "skip"
+};
+export const CRUD_BUNDLED_FEATURES = [
+  ExtraFeature.CACHE,
+  ExtraFeature.INTERNAL_CRON_JOBS,
+  ExtraFeature.INTERNAL_EVENT_JOBS
+];
+export const FEATURE_INSTALL_ORDER = [
+  ExtraFeature.CACHE,
+  ExtraFeature.HEALTH_CHECK,
+  ExtraFeature.INTERNAL_CRON_JOBS,
+  ExtraFeature.INTERNAL_EVENT_JOBS
+];
+export const TEMPLATE_ALIASES = {
+  default: Template.DEFAULT,
+  padrao: Template.DEFAULT,
+  crud: Template.CRUD_SAMPLE,
+  example: Template.CRUD_SAMPLE,
+  sample: Template.CRUD_SAMPLE,
+  "crud-sample": Template.CRUD_SAMPLE,
+  crudsample: Template.CRUD_SAMPLE
+};
+export const FEATURE_ALIASES = {
+  cache: ExtraFeature.CACHE,
+  redis: ExtraFeature.CACHE,
+  health: ExtraFeature.HEALTH_CHECK,
+  "health-check": ExtraFeature.HEALTH_CHECK,
+  cron: ExtraFeature.INTERNAL_CRON_JOBS,
+  "internal-cron-jobs": ExtraFeature.INTERNAL_CRON_JOBS,
+  events: ExtraFeature.INTERNAL_EVENT_JOBS,
+  "internal-event-jobs": ExtraFeature.INTERNAL_EVENT_JOBS
+};
+export const FEATURE_LABELS = {
+  [ExtraFeature.CACHE]: "cache (Redis)",
+  [ExtraFeature.HEALTH_CHECK]: "health-check",
+  [ExtraFeature.INTERNAL_CRON_JOBS]: "cron jobs",
+  [ExtraFeature.INTERNAL_EVENT_JOBS]: "event jobs"
+};
+export const FEATURE_PROMPT_LABELS = {
+  [ExtraFeature.CACHE]: "Cache (Redis)",
+  [ExtraFeature.HEALTH_CHECK]: "Health check (GET /health)",
+  [ExtraFeature.INTERNAL_CRON_JOBS]: "Jobs internos (Cron)",
+  [ExtraFeature.INTERNAL_EVENT_JOBS]: "Jobs internos (Eventos)"
+};
+export const TEMPLATE_LABELS = {
+  [Template.DEFAULT]: "Padrão",
+  [Template.CRUD_SAMPLE]: "Exemplo de CRUD"
+};
+export const ProjectMarker = {
+  PERSON_MODULE: "PersonModule",
+  SECURITY_MODULE: "SecurityModule",
+  AUTH_MODULE: "AuthModule",
+  HEALTH_CHECK_MODULE: "HealthCheckModule",
+  CACHE_SERVICE_PROVIDER: "CacheServiceProvider",
+  OAUTH_AUTH_LINK_HANDLER: "OAuthAuthLinkHandler",
+  REDIS_INDICATOR: "RedisIndicator"
+};
+export const DDD_LAYER_FOLDERS = [
+  "src/application",
+  "src/domain",
+  "src/infra",
+  "src/host",
+  "src/core",
+  "src/test"
+];
+export const DEFAULT_PACKAGE_MANAGER = "bun";
+export function mapExtraFeatureToModule(feature) {
+  switch (feature) {
+    case ExtraFeature.CACHE:
+      return "cache" /* CACHE */;
+    case ExtraFeature.HEALTH_CHECK:
+      return "health" /* HEALTH */;
+    case ExtraFeature.INTERNAL_CRON_JOBS:
+      return "internal-cron-jobs" /* INTERNAL_CRON_JOBS */;
+    case ExtraFeature.INTERNAL_EVENT_JOBS:
+      return "internal-event-jobs" /* INTERNAL_EVENT_JOBS */;
+  }
+}
+export function isAuthChoice(value) {
+  return value === AuthChoice.NONE || value === AuthChoice.JWT || value === AuthChoice.OAUTH2;
+}
+export function isAuthStrategy(value) {
+  return value === AuthStrategy.JWT || value === AuthStrategy.OAUTH2;
+}
+export function parseAuthStrategies(value, template) {
+  const normalized = value.trim().toLowerCase();
+  if (normalized === AuthChoice.NONE || normalized === "") {
+    if (template === Template.CRUD_SAMPLE) {
+      throw new Error("Template CRUD exige autenticação. Use: --auth jwt, --auth oauth2 ou --auth jwt,oauth2.");
+    }
+    return [];
+  }
+  const strategies = normalized.split(",").map((item) => item.trim()).filter(Boolean).map((item) => {
+    if (isAuthStrategy(item)) {
+      return item;
+    }
+    throw new Error(`Autenticação desconhecida: "${item}". Use: none, jwt, oauth2 ou jwt,oauth2.`);
+  });
+  return Array.from(new Set(strategies));
+}
+export function formatAuthStrategies(strategies) {
+  if (strategies.length === 0) {
+    return AuthChoice.NONE;
+  }
+  return strategies.join(" + ");
+}
+export function resolveAuthStrategiesFromModule(authModuleSource) {
+  const strategies = [];
+  if (authModuleSource.includes("LoginController")) {
+    strategies.push(AuthStrategy.JWT);
+  }
+  if (authModuleSource.includes(ProjectMarker.OAUTH_AUTH_LINK_HANDLER)) {
+    strategies.push(AuthStrategy.OAUTH2);
+  }
+  return strategies;
+}
+export function resolveAuthStrategyFromModule(authModuleSource) {
+  return resolveAuthStrategiesFromModule(authModuleSource)[0] ?? AuthStrategy.JWT;
+}
+export function mergeAuthStrategies(current, incoming) {
+  return Array.from(new Set([...current, ...incoming]));
+}
+export function listMissingAuthStrategies(installed) {
+  const current = installed === false ? [] : installed;
+  return [AuthStrategy.JWT, AuthStrategy.OAUTH2].filter((strategy) => !current.includes(strategy));
+}
+export function mergeCrudSampleFeatures(features) {
+  return Array.from(new Set([...CRUD_BUNDLED_FEATURES, ...features]));
+}
+export function resolveNewProjectOptions(template, auth, features) {
+  if (template !== Template.CRUD_SAMPLE) {
+    return { auth, features };
+  }
+  return {
+    auth: auth.length === 0 ? [AuthStrategy.JWT] : auth,
+    features: mergeCrudSampleFeatures(features)
+  };
+}

package/cli/constants/package-manager.js

@@ -0,0 +1,5 @@
+export const PackageManagerRunner = {
+  bun: "bunx",
+  npm: "npx",
+  pnpm: "pnpx"
+};

package/cli/constants/version.js

@@ -0,0 +1,5 @@
+import { readFileSync } from "node:fs";
+import path from "node:path";
+import { getPackageRoot } from "../utils/get-package-root.js";
+const packageJson = JSON.parse(readFileSync(path.join(getPackageRoot(import.meta.url), "package.json"), "utf8"));
+export const CLI_VERSION = packageJson.version;

package/cli/index.js

@@ -0,0 +1,55 @@
+#!/usr/bin/env node
+
+import { CliCommand, CliFlag } from "./constants/cli-commands.js";
+import { printHelp } from "./commands/help.js";
+import { runAdd } from "./commands/add/index.js";
+import { runNew } from "./commands/new/index.js";
+import { runVersion } from "./commands/version.js";
+import { parseCliArgs } from "./utils/cli-options.js";
+const HELP_COMMANDS = new Set([
+  CliCommand.HELP,
+  CliFlag.HELP,
+  CliFlag.HELP_SHORT
+]);
+const VERSION_COMMANDS = new Set([
+  CliCommand.VERSION,
+  CliFlag.VERSION,
+  CliFlag.VERSION_SHORT
+]);
+const NEW_COMMANDS = new Set([
+  CliCommand.NEW,
+  CliFlag.NEW,
+  CliFlag.NEW_SHORT
+]);
+const ADD_COMMANDS = new Set([
+  CliCommand.ADD,
+  CliFlag.ADD,
+  CliFlag.ADD_SHORT
+]);
+async function main() {
+  const { command, commandArgs } = parseCliArgs(process.argv.slice(2));
+  if (command === undefined || HELP_COMMANDS.has(command)) {
+    printHelp();
+    return;
+  }
+  if (VERSION_COMMANDS.has(command)) {
+    runVersion();
+    return;
+  }
+  if (NEW_COMMANDS.has(command)) {
+    await runNew(commandArgs);
+    return;
+  }
+  if (ADD_COMMANDS.has(command)) {
+    await runAdd(commandArgs);
+    return;
+  }
+  console.error(`Comando desconhecido: ${command}
+`);
+  printHelp();
+  process.exit(1);
+}
+main().catch((error) => {
+  console.error(error);
+  process.exit(1);
+});

package/cli/utils/add-project-features.js

@@ -0,0 +1,170 @@
+import {
+  AddArgKind,
+  AuthStrategy,
+  ExtraFeature,
+  FEATURE_LABELS,
+  formatAuthStrategies,
+  mergeAuthStrategies,
+  Template
+} from "../constants/domain.js";
+import {
+  installModule,
+  Modules
+} from "./install-module.js";
+import {
+  detectProjectState
+} from "./detect-project-state.js";
+import { formatCode } from "./format-code.js";
+import { runCommand } from "./run-command.js";
+import { getPackageManager } from "./get-package-manager.js";
+import { resolveProjectPath } from "./resolve-project-path.js";
+import { CACHE_PACKAGES } from "../constants/core-packages.js";
+import {
+  restorePersonAuthExample,
+  restorePersonCacheFeatures,
+  restorePersonCronJobs,
+  restorePersonEventJobs,
+  upgradeCacheToRedis
+} from "./restore-person-features.js";
+import { normalizeAddArgs } from "./normalize-add-args.js";
+import { restoreRedisHealthCheck } from "./patch-health-module.js";
+import { patchAuthInstall } from "./patch-auth-install.js";
+async function ensureMemoryCache(projectName, template) {
+  const state = detectProjectState(projectName);
+  if (state.cache) {
+    return;
+  }
+  await installModule(Modules.CACHE, template, projectName, {
+    withRedis: false
+  });
+}
+async function installRedisCache(projectName, template, state) {
+  if (state.cache === "redis") {
+    return { installed: false, reason: "Cache Redis já está instalado." };
+  }
+  if (state.cache === "memory") {
+    await upgradeCacheToRedis(projectName);
+    const packageManager = getPackageManager(projectName);
+    await runCommand([packageManager, "add", ...CACHE_PACKAGES], resolveProjectPath(projectName));
+  } else {
+    await installModule(Modules.CACHE, template, projectName, {
+      withRedis: true
+    });
+  }
+  if (template === Template.CRUD_SAMPLE) {
+    await restorePersonCacheFeatures(projectName);
+  }
+  if (state.health) {
+    restoreRedisHealthCheck(projectName);
+  }
+  return { installed: true };
+}
+export async function addProjectFeatures(projectName = "", args) {
+  const results = [];
+  let state = detectProjectState(projectName);
+  const template = state.template;
+  const orderedArgs = normalizeAddArgs(args);
+  for (const arg of orderedArgs) {
+    if (arg.kind === AddArgKind.AUTH) {
+      const current = state.auth === false ? [] : state.auth;
+      const missing = arg.strategies.filter((strategy) => !current.includes(strategy));
+      if (missing.length === 0) {
+        results.push({
+          label: `auth (${formatAuthStrategies(arg.strategies)})`,
+          installed: false,
+          reason: `Autenticação ${formatAuthStrategies(current)} já está instalada.`
+        });
+        continue;
+      }
+      const next = mergeAuthStrategies(current, missing);
+      if (current.length === 0) {
+        await ensureMemoryCache(projectName, template);
+        await installModule(Modules.AUTH, template, projectName, {
+          authStrategies: next
+        });
+        if (template === Template.CRUD_SAMPLE) {
+          await restorePersonAuthExample(projectName);
+        }
+      } else {
+        await patchAuthInstall(projectName, next);
+      }
+      results.push({
+        label: `auth (${formatAuthStrategies(missing)})`,
+        installed: true
+      });
+      state = detectProjectState(projectName);
+      continue;
+    }
+    switch (arg.feature) {
+      case ExtraFeature.CACHE: {
+        const cacheResult = await installRedisCache(projectName, template, state);
+        results.push({
+          label: FEATURE_LABELS[ExtraFeature.CACHE],
+          installed: cacheResult.installed,
+          reason: cacheResult.reason
+        });
+        break;
+      }
+      case ExtraFeature.HEALTH_CHECK: {
+        if (state.health) {
+          results.push({
+            label: FEATURE_LABELS[ExtraFeature.HEALTH_CHECK],
+            installed: false,
+            reason: "Health check já está instalado."
+          });
+          break;
+        }
+        await installModule(Modules.HEALTH, template, projectName, {
+          withRedisIndicator: Boolean(state.cache)
+        });
+        results.push({
+          label: FEATURE_LABELS[ExtraFeature.HEALTH_CHECK],
+          installed: true
+        });
+        break;
+      }
+      case ExtraFeature.INTERNAL_CRON_JOBS: {
+        if (state.cronJobs) {
+          results.push({
+            label: FEATURE_LABELS[ExtraFeature.INTERNAL_CRON_JOBS],
+            installed: false,
+            reason: "Cron jobs já estão instalados."
+          });
+          break;
+        }
+        await ensureMemoryCache(projectName, template);
+        await installModule(Modules.INTERNAL_CRON_JOBS, template, projectName);
+        if (template === Template.CRUD_SAMPLE) {
+          await restorePersonCronJobs(projectName);
+        }
+        results.push({
+          label: FEATURE_LABELS[ExtraFeature.INTERNAL_CRON_JOBS],
+          installed: true
+        });
+        break;
+      }
+      case ExtraFeature.INTERNAL_EVENT_JOBS: {
+        if (state.eventJobs) {
+          results.push({
+            label: FEATURE_LABELS[ExtraFeature.INTERNAL_EVENT_JOBS],
+            installed: false,
+            reason: "Event jobs já estão instalados."
+          });
+          break;
+        }
+        await installModule(Modules.INTERNAL_EVENT_JOBS, template, projectName);
+        if (template === Template.CRUD_SAMPLE) {
+          await restorePersonEventJobs(projectName);
+        }
+        results.push({
+          label: FEATURE_LABELS[ExtraFeature.INTERNAL_EVENT_JOBS],
+          installed: true
+        });
+        break;
+      }
+    }
+    state = detectProjectState(projectName);
+  }
+  await formatCode(projectName);
+  return results;
+}

package/cli/utils/apply-optional-features.js

@@ -0,0 +1,48 @@
+import { AuthStrategy, ExtraFeature, Template } from "../constants/domain.js";
+import {
+  installModule,
+  mapExtraFeatureToModule,
+  Modules,
+  resolveProjectFeatures
+} from "./install-module.js";
+import { adjustCrudPersonModule } from "./patch-person-features.js";
+import { cleanDefaultTemplateWithoutAuth } from "./remove-sample-parts.js";
+import { formatCode } from "./format-code.js";
+export async function applyOptionalFeatures(options) {
+  const projectName = options.projectName ?? "";
+  const projectFeatures = resolveProjectFeatures(options.features, options.auth);
+  if (options.template === Template.CRUD_SAMPLE) {
+    adjustCrudPersonModule(projectName, {
+      cache: projectFeatures.cacheForCrud,
+      cronJobs: projectFeatures.cronJobs,
+      eventJobs: projectFeatures.eventJobs,
+      auth: options.auth.length > 0
+    });
+  }
+  if (projectFeatures.cache) {
+    await installModule(Modules.CACHE, options.template, projectName, {
+      withRedis: projectFeatures.cacheWithRedis,
+      skipPackages: options.skipPackages
+    });
+  }
+  if (options.auth.length > 0) {
+    await installModule(Modules.AUTH, options.template, projectName, {
+      authStrategies: options.auth,
+      skipPackages: options.skipPackages
+    });
+  }
+  for (const feature of options.features) {
+    if (feature === ExtraFeature.CACHE) {
+      continue;
+    }
+    await installModule(mapExtraFeatureToModule(feature), options.template, projectName, feature === ExtraFeature.HEALTH_CHECK ? {
+      withRedisIndicator: projectFeatures.cache,
+      skipPackages: options.skipPackages
+    } : { skipPackages: options.skipPackages });
+  }
+  if (options.template === Template.DEFAULT && options.auth.length === 0) {
+    await cleanDefaultTemplateWithoutAuth(projectName);
+  }
+  await formatCode(projectName);
+}
+export { addProjectFeatures } from "./add-project-features.js";

package/cli/utils/auth-strategy-validation.js

@@ -0,0 +1,179 @@
+import { existsSync, readdirSync, readFileSync } from "node:fs";
+import path from "node:path";
+import { AuthStrategy } from "../constants/domain.js";
+import {
+  appModuleMustContain,
+  appModuleMustNotContain,
+  authModuleMustContain,
+  authModuleMustNotContain,
+  cacheConstantsMustContain,
+  cacheConstantsMustNotContain,
+  defineDocumentationMustContain,
+  defineDocumentationMustNotContain,
+  envExampleMustContain,
+  envExampleMustNotContain,
+  envSourceMustContain,
+  envSourceMustNotContain,
+  forbiddenContentPatterns,
+  forbiddenPathsForProfile,
+  iauthMustContain,
+  iauthMustNotContain,
+  requiredPathsForProfile,
+  resolveAuthProfile,
+  securityModuleMustContain,
+  securityModuleMustNotContain
+} from "../constants/auth-strategy-checklist.js";
+import { resolveProjectPath } from "./resolve-project-path.js";
+const CONTENT_SCAN_SKIP = new Set([
+  "src/host/open-api/define-documentation.ts",
+  "src/test/host/is-public-open-api.spec.ts",
+  "src/test/core/auth.guard.spec.ts"
+]);
+function walkSourceFiles(directory, callback) {
+  if (!existsSync(directory)) {
+    return;
+  }
+  for (const entry of readdirSync(directory, { withFileTypes: true })) {
+    const absolutePath = path.join(directory, entry.name);
+    if (entry.isDirectory()) {
+      walkSourceFiles(absolutePath, (abs, rel) => {
+        callback(abs, path.join(entry.name, rel));
+      });
+      continue;
+    }
+    if (entry.isFile() && entry.name.endsWith(".ts")) {
+      callback(absolutePath, entry.name);
+    }
+  }
+}
+function isOAuthPathSegment(relativePath) {
+  const normalized = relativePath.replace(/\\/g, "/").toLowerCase();
+  return normalized.includes("/oauth2/") || normalized.includes("/oauth2.") || /(^|\/)oauth[^/]*\.ts$/.test(normalized) || /oauth2[^/]*\.ts$/.test(normalized);
+}
+function isJwtLoginPathSegment(relativePath) {
+  const normalized = relativePath.replace(/\\/g, "/").toLowerCase();
+  return normalized.includes("/auth/login") || normalized.includes("login.controller.ts") || normalized.includes("login.handler.spec.ts");
+}
+function readOptional(projectRoot, relativePath) {
+  const filePath = path.join(projectRoot, relativePath);
+  return existsSync(filePath) ? readFileSync(filePath, "utf8") : null;
+}
+function expectContains(violations, label, source, patterns) {
+  if (!source) {
+    if (patterns.length > 0) {
+      violations.push(`missing:${label}`);
+    }
+    return;
+  }
+  for (const pattern of patterns) {
+    if (!source.includes(pattern)) {
+      violations.push(`${label}: ausente "${pattern}"`);
+    }
+  }
+}
+function expectNotContains(violations, label, source, patterns) {
+  if (!source) {
+    return;
+  }
+  for (const pattern of patterns) {
+    if (source.includes(pattern)) {
+      violations.push(`${label}: inesperado "${pattern}"`);
+    }
+  }
+}
+export function listAuthStrategyViolations(projectName = "", selection) {
+  const profile = resolveAuthProfile(selection);
+  const projectRoot = resolveProjectPath(projectName);
+  const violations = [];
+  for (const relativePath of requiredPathsForProfile(profile)) {
+    if (!existsSync(path.join(projectRoot, relativePath))) {
+      violations.push(`path:obrigatório ausente ${relativePath}`);
+    }
+  }
+  for (const relativePath of forbiddenPathsForProfile(profile)) {
+    if (existsSync(path.join(projectRoot, relativePath))) {
+      violations.push(`path:proibido presente ${relativePath}`);
+    }
+  }
+  const srcDir = path.join(projectRoot, "src");
+  if (profile === "none") {
+    walkSourceFiles(srcDir, (_absolutePath, relativePath) => {
+      const normalized = relativePath.replace(/\\/g, "/");
+      if (isOAuthPathSegment(normalized) || isJwtLoginPathSegment(normalized)) {
+        violations.push(`path:src/${normalized}`);
+      }
+    });
+  }
+  if (profile === "jwt") {
+    walkSourceFiles(srcDir, (_absolutePath, relativePath) => {
+      const normalized = relativePath.replace(/\\/g, "/");
+      if (isOAuthPathSegment(normalized)) {
+        violations.push(`path:oauth2 inesperado src/${normalized}`);
+      }
+    });
+  }
+  if (profile === "oauth2") {
+    walkSourceFiles(srcDir, (_absolutePath, relativePath) => {
+      const normalized = relativePath.replace(/\\/g, "/");
+      if (isJwtLoginPathSegment(normalized)) {
+        violations.push(`path:login jwt inesperado src/${normalized}`);
+      }
+    });
+  }
+  const envExample = readOptional(projectRoot, ".env.example");
+  const envSource = readOptional(projectRoot, "src/core/env.ts");
+  const iauth = readOptional(projectRoot, "src/domain/auth/services/iauth.service.ts");
+  const authModule = readOptional(projectRoot, "src/host/controllers/auth/auth.module.ts");
+  const securityModule = readOptional(projectRoot, "src/host/security/security.module.ts");
+  const appModule = readOptional(projectRoot, "src/host/app.module.ts");
+  const cacheConstants = readOptional(projectRoot, "src/core/constants/cache.constants.ts");
+  const defineDocumentation = readOptional(projectRoot, "src/host/open-api/define-documentation.ts");
+  expectContains(violations, "env.example", envExample, envExampleMustContain(profile));
+  expectNotContains(violations, "env.example", envExample, envExampleMustNotContain(profile));
+  expectContains(violations, "env.ts", envSource, envSourceMustContain(profile));
+  expectNotContains(violations, "env.ts", envSource, envSourceMustNotContain(profile));
+  expectContains(violations, "iauth.service", iauth, iauthMustContain(profile));
+  expectNotContains(violations, "iauth.service", iauth, iauthMustNotContain(profile));
+  expectContains(violations, "auth.module", authModule, authModuleMustContain(profile));
+  expectNotContains(violations, "auth.module", authModule, authModuleMustNotContain(profile));
+  expectContains(violations, "security.module", securityModule, securityModuleMustContain(profile));
+  expectNotContains(violations, "security.module", securityModule, securityModuleMustNotContain(profile));
+  expectContains(violations, "app.module", appModule, appModuleMustContain(profile));
+  expectNotContains(violations, "app.module", appModule, appModuleMustNotContain(profile));
+  expectContains(violations, "cache.constants", cacheConstants, cacheConstantsMustContain(profile));
+  expectNotContains(violations, "cache.constants", cacheConstants, cacheConstantsMustNotContain(profile));
+  expectContains(violations, "define-documentation", defineDocumentation, defineDocumentationMustContain(profile));
+  expectNotContains(violations, "define-documentation", defineDocumentation, defineDocumentationMustNotContain(profile));
+  const forbiddenPatterns = forbiddenContentPatterns(profile);
+  if (forbiddenPatterns.length > 0) {
+    walkSourceFiles(srcDir, (absolutePath, relativePath) => {
+      const normalized = relativePath.replace(/\\/g, "/");
+      const srcRelative = `src/${normalized}`;
+      if (CONTENT_SCAN_SKIP.has(srcRelative)) {
+        return;
+      }
+      const source = readFileSync(absolutePath, "utf8");
+      for (const pattern of forbiddenPatterns) {
+        if (source.includes(pattern)) {
+          violations.push(`content:${srcRelative} contém "${pattern}"`);
+        }
+      }
+    });
+  }
+  return [...new Set(violations)].sort();
+}
+export function assertAuthStrategyProject(projectName = "", selection) {
+  const profile = resolveAuthProfile(selection);
+  const violations = listAuthStrategyViolations(projectName, selection);
+  if (violations.length > 0) {
+    throw new Error(`Checklist auth "${profile}" falhou:
+${violations.join(`
+`)}`);
+  }
+}
+export function assertNoOAuthArtifactsInProject(projectName = "") {
+  assertAuthStrategyProject(projectName, [AuthStrategy.JWT]);
+}
+export function listOAuthArtifactViolations(projectName = "") {
+  return listAuthStrategyViolations(projectName, [AuthStrategy.JWT]).filter((item) => !item.startsWith("path:obrigatório"));
+}

package/cli/utils/cancel.js

@@ -0,0 +1,8 @@
+import { cancel, isCancel } from "@clack/prompts";
+export function assertNotCancel(value) {
+  if (isCancel(value)) {
+    cancel("Operação cancelada.");
+    process.exit(0);
+  }
+  return value;
+}

package/cli/utils/cli-options.js

@@ -0,0 +1,27 @@
+let verbose = false;
+export function setCliVerbose(value) {
+  verbose = value;
+}
+export function isCliVerbose() {
+  return verbose;
+}
+export function resetCliVerbose() {
+  verbose = false;
+}
+export function parseCliArgs(argv) {
+  let enabled = false;
+  const rest = [];
+  for (const arg of argv) {
+    if (arg === "--verbose") {
+      enabled = true;
+      continue;
+    }
+    rest.push(arg);
+  }
+  setCliVerbose(enabled);
+  return {
+    command: rest[0],
+    commandArgs: rest.slice(1),
+    verbose: enabled
+  };
+}