npm - @lenne.tech/nest-server - Versions diffs - 11.22.0 → 11.22.1 - Mend

@lenne.tech/nest-server 11.22.0 → 11.22.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/.claude/rules/framework-compatibility.md +79 -0
package/CLAUDE.md +2 -0
package/FRAMEWORK-API.md +231 -0
package/dist/server/modules/file/file-info.model.d.ts +1 -5
package/dist/server/modules/user/user.model.d.ts +1 -5
package/dist/tsconfig.build.tsbuildinfo +1 -1
package/migration-guides/11.22.0-to-11.22.1.md +105 -0
package/package.json +18 -16

package/.claude/rules/framework-compatibility.md ADDED Viewed

@@ -0,0 +1,79 @@
+# Framework Compatibility for Claude Code
+This document defines the maintenance obligations that ensure Claude Code can effectively work with `@lenne.tech/nest-server` in consuming projects.
+## Architecture Overview
+The framework ships documentation alongside source code so that Claude Code can read it from `node_modules/`. Three layers work together:
+1. **npm package** ships `CLAUDE.md`, `FRAMEWORK-API.md`, `.claude/rules/`, `docs/`, `migration-guides/`
+2. **Consuming project** `CLAUDE.md` points Claude to read `node_modules/@lenne.tech/nest-server/`
+3. **Claude Code plugin** (`lt-dev`) detects nest-server and injects concrete source paths via hooks
+## Maintenance Obligations
+### When Adding/Changing Interfaces in `server-options.interface.ts`
+1. `FRAMEWORK-API.md` is auto-generated during `pnpm run build` via `scripts/generate-framework-api.ts`
+2. Verify the generated output includes the new interface and all fields
+3. Add JSDoc with `@default` tags for all config fields — these appear in the API reference
+### When Adding New Core Modules (`src/core/modules/`)
+1. Create `README.md` and `INTEGRATION-CHECKLIST.md` in the module directory
+2. The generator script automatically picks up new modules for the "Core Modules" table
+3. If the module has `forRoot()` config, add the interface to `server-options.interface.ts`
+4. Run `pnpm run build` to regenerate `FRAMEWORK-API.md`
+### When Changing CrudService Methods
+1. Add JSDoc to new methods — the generator extracts the first line as description
+2. Run `pnpm run build` to regenerate `FRAMEWORK-API.md`
+3. If the method signature pattern changes (standard/Force/Raw), update the "Variants" note
+### When Changing `CoreModule.forRoot()` Signatures
+1. Ensure JSDoc is complete on the new overload
+2. Run `pnpm run build` to regenerate `FRAMEWORK-API.md`
+3. If adding a new parameter, update the consuming project template (`nest-server-starter/CLAUDE.md`)
+### When Releasing New Versions
+1. Run `pnpm run build` — this regenerates `FRAMEWORK-API.md` with the new version number
+2. The file is included in the npm package via `package.json` `files` array
+3. Migration guides are separate (see `.claude/rules/migration-guides.md`)
+## Files Shipped with npm Package
+| File | Purpose | Auto-Updated |
+|------|---------|:------------:|
+| `CLAUDE.md` | Framework rules, architecture, debugging guide | Manual |
+| `FRAMEWORK-API.md` | Compact API reference (interfaces, methods) | Yes (`pnpm run build`) |
+| `.claude/rules/*.md` | 12 rule files covering all aspects | Manual |
+| `docs/REQUEST-LIFECYCLE.md` | Complete request lifecycle | Manual |
+| `migration-guides/*.md` | Version migration guides | Per release |
+## Generator Script
+`scripts/generate-framework-api.ts` extracts via ts-morph:
+- `CoreModule.forRoot()` overload signatures
+- All config interfaces (`IServerOptions`, `IBetterAuth`, `IMultiTenancy`, etc.)
+- `ServiceOptions` interface
+- `CrudService` public method signatures
+- Core module listing with documentation status
+Run manually: `npx tsx scripts/generate-framework-api.ts`
+## Cross-Repository Dependencies
+This framework compatibility strategy spans multiple repositories:
+| Repository | Role |
+|-----------|------|
+| `nest-server` | Ships documentation with npm package (this repo) |
+| `nest-server-starter` | `CLAUDE.md` points Claude to `node_modules/` source |
+| `nuxt-extensions` | Same pattern: `CLAUDE.md` shipped with npm package |
+| `nuxt-base-starter` | `CLAUDE.md` points Claude to nuxt-extensions source |
+| `claude-code/plugins/lt-dev` | Hooks detect frameworks, Skills reference source paths |
+The full strategy document is maintained in the claude-code plugin repository.

package/CLAUDE.md CHANGED Viewed

@@ -22,6 +22,7 @@ The following documents must be kept up to date when making changes that affect
 | `docs/REQUEST-LIFECYCLE.md` | Adding/changing decorators, interceptors, guards, pipes, middleware, plugins, services, modules, or the request/response flow |
 | `migration-guides/` | Releasing MINOR or MAJOR versions (see `.claude/rules/migration-guides.md`) |
 | `.claude/rules/configurable-features.md` | Adding new configurable features |
+| `FRAMEWORK-API.md` | Auto-regenerated by `pnpm run build` — verify after adding interfaces, CrudService methods, or core modules |
 **Rule:** When a code change adds, removes, or modifies a feature listed in `docs/REQUEST-LIFECYCLE.md` (Features Overview, diagrams, decorator reference, configuration, etc.), update the document in the same commit or PR.
@@ -164,6 +165,7 @@ Detailed documentation in `.claude/rules/`:
 | `migration-guides.md` | Process for creating version migration guides |
 | `configurable-features.md` | Configuration patterns: "Presence implies enabled" and "Boolean shorthand" (`true` / `{}`) |
 | `package-management.md` | Fixed package versions only - no `^`, `~`, or ranges |
+| `framework-compatibility.md` | Maintenance obligations for FRAMEWORK-API.md, shipped docs, cross-repo dependencies |
 ## In-Depth Documentation

package/FRAMEWORK-API.md ADDED Viewed

@@ -0,0 +1,231 @@
+# @lenne.tech/nest-server — Framework API Reference
+> Auto-generated from source code on 2026-04-04 (v11.22.1)
+> File: `FRAMEWORK-API.md` — compact, machine-readable API surface for Claude Code
+## CoreModule.forRoot()
+- `CoreModule.forRoot(options: Partial<IServerOptions>, overrides?: ICoreModuleOverrides)`: `DynamicModule`
+- ~~`CoreModule.forRoot(AuthService: any, AuthModule: any, options: Partial<IServerOptions>, overrides?: ICoreModuleOverrides)`: `DynamicModule`~~ *(deprecated)*
+## Configuration Interfaces
+### IServerOptions
+  - `appUrl?`: `string` — Base URL of the frontend/app application.
+  - `auth?`: `IAuth` — Authentication system configuration
+  - `automaticObjectIdFiltering?`: `boolean` — Automatically detect ObjectIds in string values in FilterQueries
+  - `baseUrl?`: `string` — Base URL of the API server.
+  - `betterAuth?`: `boolean | IBetterAuth` (default: `undefined (enabled with defaults)`) — Configuration for better-auth authentication framework.
+  - `brevo?`: `{ apiKey: string; exclude?: RegExp; sender: { email: string; name: string; }; }` — Configuration for Brevo
+  - `compression?`: `boolean | compression.CompressionOptions` — Whether to use the compression middleware package to enable gzip compression.
+  - `cookies?`: `boolean` — Whether to use cookies for authentication handling
+  - `cronJobs?`: `Record<string, string | false | 0 | CronJobConfigWithTimeZone<null, null> | C...` — Cron jobs configuration object with the name of the cron job function as key
+  - `email?`: `{ defaultSender?: { email?: string; name?: string; }; mailjet?: MailjetOption...` — SMTP and template configuration for sending emails
+  - `env?`: `string` — Environment
+  - `errorCode?`: `IErrorCode` — Configuration for the error code module
+  - `execAfterInit?`: `string` — Exec a command after server is initialized
+  - `filter?`: `{ maxLimit?: number; }` — Filter configuration and defaults
+  - `graphQl?`: `false | { driver?: ApolloDriverConfig; enableSubscriptionAuth?: boolean; maxC...` — Configuration of the GraphQL module
+  - `healthCheck?`: `{ configs?: { database?: { enabled?: boolean; key?: string; options?: Mongoos...` — Whether to activate health check endpoints
+  - `hostname?`: `string` — Hostname of the server
+  - `ignoreSelectionsForPopulate?`: `boolean` — Ignore selections in fieldSelection
+  - `jwt?`: `IJwt & JwtModuleOptions & { refresh?: IJwt & { renewal?: boolean; }; sameToke...` — Configuration of JavaScript Web Token (JWT) module
+  - `loadLocalConfig?`: `string | boolean` — Load local configuration
+  - `logExceptions?`: `boolean` — Log exceptions (for better debugging)
+  - `mongoose?`: `{ collation?: CollationOptions; modelDocumentation?: boolean; options?: Mongo...` — Configuration for Mongoose
+  - `multiTenancy?`: `IMultiTenancy` (default: `undefined (disabled)`) — Multi-tenancy configuration for tenant-based data isolation.
+  - `permissions?`: `boolean | IPermissions` (default: `undefined (disabled)`) — Permissions report module (development tool).
+  - `port?`: `number` — Port number of the server
+  - `security?`: `{ checkResponseInterceptor?: boolean | { checkObjectItself?: boolean; debug?:...` — Configuration for security pipes and interceptors
+  - `sha256?`: `boolean` — Whether to enable verification and automatic encryption for received passwords that are not in sha256 format
+  - `staticAssets?`: `{ options?: ServeStaticOptions; path?: string; }` — Configuration for useStaticAssets
+  - `systemSetup?`: `ISystemSetup` — System setup configuration for initial admin creation.
+  - `templates?`: `{ engine?: string; path?: string; }` — Templates
+  - `tus?`: `boolean | ITusConfig` — TUS resumable upload configuration.
+### IBetterAuth (type alias: IBetterAuthWithoutPasskey | IBetterAuthWithPasskey)
+When `passkey` is enabled, `trustedOrigins` is required (compile-time enforcement).
+  - `passkey?`: `IBetterAuthPasskeyDisabled` — Passkey/WebAuthn configuration (DISABLED or not configured).
+  - `trustedOrigins?`: `string[]` — Trusted origins for CORS configuration.
+### IAuth
+  - `legacyEndpoints?`: `IAuthLegacyEndpoints` — Configuration for legacy auth endpoints
+  - `preventUserEnumeration?`: `boolean` (default: `false (backward compatible - specific error messages)`) — Prevent user enumeration via unified error messages
+  - `rateLimit?`: `IAuthRateLimit` (default: `{ enabled: false }`) — Rate limiting configuration for Legacy Auth endpoints
+### IMultiTenancy
+  - `enabled?`: `boolean` (default: `true (when config object is present)`) — Explicitly disable multi-tenancy even when config is present.
+  - `excludeSchemas?`: `string[]` — Model names (NOT collection names) to exclude from tenant filtering.
+  - `headerName?`: `string` (default: `'x-tenant-id'`) — Header name for tenant selection.
+  - `membershipModel?`: `string` (default: `'TenantMember'`) — Mongoose model name for the membership collection.
+  - `adminBypass?`: `boolean` (default: `true`) — Whether system admins (RoleEnum.ADMIN) bypass the membership check.
+  - `roleHierarchy?`: `Record<string, number>` (default: `{ member: 1, manager: 2, owner: 3 }`) — Custom role hierarchy for tenant membership roles.
+  - `cacheTtlMs?`: `number` (default: `30000 (30 seconds)`) — TTL in milliseconds for the tenant guard's in-memory membership cache.
+### IErrorCode
+  - `additionalErrorRegistry?`: `Record<string, { code: string; message: string; translations: { [locale: stri...` — Additional error registry to merge with core LTNS_* errors
+  - `autoRegister?`: `boolean` (default: `true`) — Automatically register the ErrorCodeModule in CoreModule
+### IJwt
+  - `privateKey?`: `string` — Private key
+  - `publicKey?`: `string` — Public key
+  - `secret?`: `string` — Secret to encrypt the JWT
+  - `secretOrKeyProvider?`: `(request: Record<string, any>, rawJwtToken: string, done: (err: any, secret: ...` — JWT Provider
+  - `secretOrPrivateKey?`: `string` — Alias of secret (for backwards compatibility)
+  - `signInOptions?`: `JwtSignOptions` — SignIn Options like expiresIn
+### ICoreModuleOverrides
+  - `betterAuth?`: `{ controller?: Type<any>; resolver?: Type<any>; }` — Override BetterAuth controller and/or resolver.
+  - `errorCode?`: `{ controller?: Type<any>; service?: Type<any>; }` — Override ErrorCode controller and/or service.
+### IBetterAuthPasskeyConfig
+  - `authenticatorAttachment?`: `"cross-platform" | "platform"` (default: `undefined (both allowed)`) — Authenticator attachment preference.
+  - `challengeStorage?`: `"cookie" | "database"` (default: `'database'`) — Where to store WebAuthn challenges.
+  - `challengeTtlSeconds?`: `number` (default: `300 (5 minutes)`) — TTL in seconds for database-stored challenges.
+  - `enabled?`: `boolean` (default: `true (when config block is present)`) — Whether passkey authentication is enabled.
+  - `origin?`: `string` — Origin URL for WebAuthn.
+  - `residentKey?`: `"discouraged" | "preferred" | "required"` (default: `'preferred'`) — Resident key (discoverable credential) requirement.
+  - `rpId?`: `string` — Relying Party ID (usually the domain without protocol).
+  - `rpName?`: `string` — Relying Party Name (displayed to users)
+  - `userVerification?`: `"discouraged" | "preferred" | "required"` (default: `'preferred'`) — User verification requirement.
+  - `webAuthnChallengeCookie?`: `string` (default: `'better-auth-passkey'`) — Custom cookie name for WebAuthn challenge storage.
+### IBetterAuthTwoFactorConfig
+  - `appName?`: `string` (default: `'Nest Server'`) — App name shown in authenticator apps.
+  - `enabled?`: `boolean` (default: `true (enabled by default when BetterAuth is active)`) — Whether 2FA is enabled.
+### IBetterAuthJwtConfig
+  - `enabled?`: `boolean` (default: `true (enabled by default when BetterAuth is active)`) — Whether JWT plugin is enabled.
+  - `expiresIn?`: `string` (default: `'15m'`) — JWT expiration time
+### IBetterAuthEmailVerificationConfig
+  - `autoSignInAfterVerification?`: `boolean` (default: `true`) — Whether to automatically sign in the user after email verification.
+  - `brevoTemplateId?`: `number` (default: `undefined (uses SMTP/EJS templates)`) — Brevo template ID for verification emails.
+  - `callbackURL?`: `string` (default: `undefined (backend-handled verification)`) — Frontend callback URL for email verification.
+  - `enabled?`: `boolean` (default: `true (enabled by default when BetterAuth is active)`) — Whether email verification is enabled.
+  - `expiresIn?`: `number` (default: `86400 (24 hours)`) — Time in seconds until the verification link expires.
+  - `locale?`: `string` (default: `'en'`) — Locale for the verification email template.
+  - `resendCooldownSeconds?`: `number` (default: `60`) — Cooldown in seconds between resend requests for the same email address.
+  - `template?`: `string` (default: `'email-verification'`) — Custom template name for the verification email.
+### IBetterAuthRateLimit
+  - `enabled?`: `boolean` (default: `false`) — Whether rate limiting is enabled
+  - `max?`: `number` (default: `10`) — Maximum number of requests within the time window
+  - `maxEntries?`: `number` (default: `10000`) — Maximum number of entries in the in-memory rate limit store.
+  - `message?`: `string` — Custom message when rate limit is exceeded
+  - `skipEndpoints?`: `string[]` — Endpoints to skip rate limiting entirely
+  - `strictEndpoints?`: `string[]` — Endpoints to apply stricter rate limiting (e.g., sign-in, sign-up)
+  - `windowSeconds?`: `number` — Time window in seconds
+### IBetterAuthSignUpChecksConfig
+  - `enabled?`: `boolean` (default: `true (enabled by default when BetterAuth is active)`) — Whether sign-up checks are enabled.
+  - `requiredFields?`: `string[]` (default: `['termsAndPrivacyAccepted']`) — Fields that must be provided and truthy during sign-up.
+### ServiceOptions
+  - `checkRights?`: `boolean`
+  - `collation?`: `CollationOptions`
+  - `create?`: `boolean`
+  - `currentUser?`: `{ [key: string]: any; id: string; roles?: string[]; }`
+  - `fieldSelection?`: `FieldSelection`
+  - `force?`: `boolean`
+  - `inputType?`: `new (...params: any[]) => any`
+  - `outputType?`: `new (...params: any[]) => any`
+  - `populate?`: `string | PopulateOptions | (string | PopulateOptions)[]`
+  - `prepareInput?`: `PrepareInputOptions`
+  - `prepareOutput?`: `PrepareOutputOptions`
+  - `processFieldSelection?`: `{ dbModel?: Model<any>; ignoreSelections?: boolean; model?: new (...args: any...`
+  - `pubSub?`: `boolean`
+  - `raw?`: `boolean`
+  - `roles?`: `string | string[]`
+  - `select?`: `string | string[] | Record<string, number | boolean | object>`
+  - `setCreateOrUpdateUserId?`: `boolean`
+## CrudService Methods
+Base class for all services. Located at `src/core/common/services/crud.service.ts`.
+Generic: `CrudService<Model, CreateInput, UpdateInput>`
+- `async aggregate(pipeline: PipelineStage[], serviceOptions?: ServiceOptions & { aggregateOptions?: AggregateOptions; })`: `Promise<T>` — Aggregate
+- `async aggregateForce(pipeline: PipelineStage[], serviceOptions?: ServiceOptions)`: `Promise<T>` — Aggregate without checks or restrictions
+- `async aggregateRaw(pipeline: PipelineStage[], serviceOptions?: ServiceOptions)`: `Promise<T>` — Aggregate without checks, restrictions or preparations
+- `async create(input: PlainObject<CreateInput>, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Create item
+- `async createForce(input: PlainObject<CreateInput>, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Create item without checks or restrictions
+- `async createRaw(input: PlainObject<CreateInput>, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Create item without checks, restrictions or preparations
+- `distinct(property: string)`: `Promise<string[]>` — Get distinct values of a property
+- `async get(id: string, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Get item by ID
+- `async getForce(id: string, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Get item by ID without checks or restrictions
+- `async getRaw(id: string, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Get item by ID without checks, restrictions or preparations
+- `async find(filter?: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; s..., serviceOptions?: ServiceOptions)`: `Promise<Model[]>` — Get items via filter
+- `async findForce(filter?: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; s..., serviceOptions?: ServiceOptions)`: `Promise<Model[]>` — Get items via filter without checks or restrictions
+- `async findRaw(filter?: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; s..., serviceOptions?: ServiceOptions)`: `Promise<Model[]>` — Get items via filter without checks, restrictions or preparations
+- `async findAndCount(filter?: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; s..., serviceOptions?: ServiceOptions)`: `Promise<{ items: Model[]; pagination: PaginationInfo; totalCount: number; }>` — Get items and total count via filter
+- `async findAndCountForce(filter?: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; s..., serviceOptions?: ServiceOptions)`: `Promise<{ items: Model[]; pagination: PaginationInfo; totalCount: number; }>` — Get items and total count via filter without checks or restrictions
+- `async findAndCountRaw(filter?: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; s..., serviceOptions?: ServiceOptions)`: `Promise<{ items: Model[]; pagination: PaginationInfo; totalCount: number; }>` — Get items and total count via filter without checks, restrictions or preparations
+- `async findAndUpdate(filter: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; s..., update: PlainObject<UpdateInput>, serviceOptions?: ServiceOptions)`: `Promise<Model[]>` — Find and update
+- `async findAndUpdateForce(filter: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; s..., update: PlainObject<UpdateInput>, serviceOptions?: ServiceOptions)`: `Promise<Model[]>` — Find and update without checks or restrictions
+- `async findAndUpdateRaw(filter: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; s..., update: PlainObject<UpdateInput>, serviceOptions?: ServiceOptions)`: `Promise<Model[]>` — Find and update without checks, restrictions or preparations
+- `async findOne(filter?: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; }, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Find one item via filter
+- `async findOneForce(filter?: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; s..., serviceOptions?: ServiceOptions)`: `Promise<Model>` — Find one item via filter without checks or restrictions
+- `async findOneRaw(filter?: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; s..., serviceOptions?: ServiceOptions)`: `Promise<Model>` — Find one item via filter without checks, restrictions or preparations
+- `getModel()`: `MongooseModel<Document<Types.ObjectId, any, any, Record<string, any>, {}> & M...` — Get service model to process queries directly
+- `async read(input: string | FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryO..., serviceOptions?: ServiceOptions)`: `Promise<Model | Model[]>` — CRUD alias for get or find
+- `async readForce(input: string | FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryO..., serviceOptions?: ServiceOptions)`: `Promise<Model | Model[]>` — CRUD alias for getForce or findForce
+- `async readRaw(input: string | FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryO..., serviceOptions?: ServiceOptions)`: `Promise<Model | Model[]>` — CRUD alias for getRaw or findRaw
+- `async update(id: string, input: PlainObject<UpdateInput>, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Update item via ID
+- `async updateForce(id: string, input: PlainObject<UpdateInput>, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Update item via ID without checks or restrictions
+- `async updateRaw(id: string, input: PlainObject<UpdateInput>, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Update item via ID without checks, restrictions or preparations
+- `async delete(id: string, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Delete item via ID
+- `async deleteForce(id: string, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Delete item via ID without checks or restrictions
+- `async deleteRaw(id: string, serviceOptions?: ServiceOptions)`: `Promise<Model>` — Delete item via ID without checks, restrictions or preparations
+- `async processQueryOrDocument(queryOrDocument: Document<Types.ObjectId, any, any, Record<string, any>, {}> | Document<Types...., serviceOptions?: ServiceOptions)`: `Promise<T>` — Execute, populate and map Mongoose query or document(s) with serviceOptions
+**Variants:** Each method has three variants:
+- `method()` — Standard: applies `securityCheck()`, respects permissions
+- `methodForce()` — Bypasses `securityCheck()`, still applies input validation
+- `methodRaw()` — Direct database access, no security or validation
+## Core Modules
+| Module | Docs | Path |
+|--------|------|------|
+| `auth` | — | `src/core/modules/auth/` |
+| `better-auth` | README, CHECKLIST | `src/core/modules/better-auth/` |
+| `error-code` | CHECKLIST | `src/core/modules/error-code/` |
+| `file` | README | `src/core/modules/file/` |
+| `health-check` | — | `src/core/modules/health-check/` |
+| `migrate` | README | `src/core/modules/migrate/` |
+| `permissions` | README, CHECKLIST | `src/core/modules/permissions/` |
+| `system-setup` | README, CHECKLIST | `src/core/modules/system-setup/` |
+| `tenant` | README, CHECKLIST | `src/core/modules/tenant/` |
+| `tus` | README, CHECKLIST | `src/core/modules/tus/` |
+| `user` | — | `src/core/modules/user/` |
+## Key Source Files
+| File | Purpose |
+|------|---------|
+| `src/core.module.ts` | CoreModule.forRoot() — module registration |
+| `src/core/common/interfaces/server-options.interface.ts` | All config interfaces |
+| `src/core/common/interfaces/service-options.interface.ts` | ServiceOptions interface |
+| `src/core/common/services/crud.service.ts` | CrudService base class |
+| `src/core/common/services/config.service.ts` | ConfigService (global) |
+| `src/core/common/decorators/` | @Restricted, @Roles, @CurrentUser, @UnifiedField |
+| `src/core/common/interceptors/` | CheckResponse, CheckSecurity, ResponseModel |
+| `docs/REQUEST-LIFECYCLE.md` | Complete request lifecycle |
+| `.claude/rules/` | Detailed rules for architecture, security, testing |

package/dist/server/modules/file/file-info.model.d.ts CHANGED Viewed

@@ -1,11 +1,7 @@
 import { CoreFileInfo } from '../../../core/modules/file/core-file-info.model';
 export declare class FileInfo extends CoreFileInfo {
 }
-export declare const FileInfoSchema: import("mongoose").Schema<FileInfo, import("mongoose").Model<FileInfo, any, any, any, import("mongoose").Document<unknown, any, FileInfo, any, import("mongoose").DefaultSchemaOptions> & FileInfo & Required<{
-    _id: import("mongoose").Types.ObjectId;
-}> & {
-    __v: number;
-}, any, FileInfo>, {}, {}, {}, {}, import("mongoose").DefaultSchemaOptions, FileInfo, import("mongoose").Document<unknown, {}, FileInfo, {}, import("mongoose").DefaultSchemaOptions> & FileInfo & Required<{
+export declare const FileInfoSchema: import("mongoose").Schema<FileInfo, import("mongoose").Model<FileInfo, any, any, any, any, any, FileInfo>, {}, {}, {}, {}, import("mongoose").DefaultSchemaOptions, FileInfo, import("mongoose").Document<unknown, {}, FileInfo, {}, import("mongoose").DefaultSchemaOptions> & FileInfo & Required<{
     _id: import("mongoose").Types.ObjectId;
 }> & {
     __v: number;

package/dist/server/modules/user/user.model.d.ts CHANGED Viewed

@@ -14,11 +14,7 @@ export declare class User extends CoreUserModel implements PersistenceModel {
     map(input: any): this;
     securityCheck(user: User, force?: boolean): this;
 }
-export declare const UserSchema: Schema<User, import("mongoose").Model<User, any, any, any, Document<unknown, any, User, any, import("mongoose").DefaultSchemaOptions> & User & Required<{
-    _id: import("mongoose").Types.ObjectId;
-}> & {
-    __v: number;
-}, any, User>, {}, {}, {}, {}, import("mongoose").DefaultSchemaOptions, User, Document<unknown, {}, User, {}, import("mongoose").DefaultSchemaOptions> & User & Required<{
+export declare const UserSchema: Schema<User, import("mongoose").Model<User, any, any, any, any, any, User>, {}, {}, {}, {}, import("mongoose").DefaultSchemaOptions, User, Document<unknown, {}, User, {}, import("mongoose").DefaultSchemaOptions> & User & Required<{
     _id: import("mongoose").Types.ObjectId;
 }> & {
     __v: number;