@rapidd/core 2.1.2 → 2.1.4

package/.env.example

@@ -40,10 +40,10 @@ DB_USER_PASSWORD_FIELD=
 # Auto-detected from unique string fields; comma-separated (default: email)
 DB_USER_IDENTIFIER_FIELDS=
 # Comma-separated: bearer, basic, cookie, header (default: bearer)
-AUTH_METHODS=bearer
-# Cookie name for cookie auth method (default: token)
+AUTH_STRATEGIES=bearer
+# Cookie name for cookie auth strategy (default: token)
 AUTH_COOKIE_NAME=token
-# Header name for header auth method (default: X-Auth-Token)
+# Header name for header auth strategy (default: X-Auth-Token)
 AUTH_CUSTOM_HEADER=X-Auth-Token
 
 # ── API Settings ───────────────────────────────────────
@@ -68,3 +68,9 @@ RLS_ENABLED=
 # Namespace prefix for SQL session variables (default: app)
 RLS_NAMESPACE=app
 # Configure RLS variables in src/config/rls.ts
+
+# ── Logging ───────────────────────────────────────────
+# essential (default), fine, or finest
+LOG_LEVEL=essential
+# Directory for log files (default: logs/). Empty string disables file logging.
+LOG_DIR=logs

package/README.md

@@ -31,18 +31,14 @@ Rapidd generates a fully-featured REST API from your database schema — then ge
 
 ```bash
 mkdir my-api && cd my-api
-npx rapidd create-project # scaffold project files
-npm install
+npx @rapidd/core create-project && npm install
 ```
 
-```env
-DATABASE_URL="postgresql://user:pass@localhost:5432/mydb"
-```
+Set `DATABASE_URL` in `.env`, then add your schema in `prisma/schema.prisma`(or create from DB via `npx prisma db pull`):
 
 ```bash
-npx prisma db pull        # introspect existing database
-npx rapidd build          # generate models, routes & ACL scaffold
-npm run dev               # http://localhost:3000
+npx rapidd build            # generate models, routes & ACL scaffold
+npm run dev                 # http://localhost:3000
 ```
 
 Every table gets full CRUD endpoints. Auth is enabled automatically when a user table is detected. Every auto-detected value — auth fields, password hashing, JWT secrets, session store — is overridable via env vars. See [`.env.example`](.env.example) for the full list.
@@ -51,25 +47,22 @@ Every table gets full CRUD endpoints. Auth is enabled automatically when a user
 
 ---
 
-## Features
-
-| Feature | PostgreSQL | MySQL/MariaDB |
-|---------|:----------:|:-------------:|
-| CRUD API generation | ✓ | ✓ |
-| Query filtering (20+ operators) | ✓ | ✓ |
-| Relations & deep includes | ✓ | ✓ |
-| Field selection | ✓ | ✓ |
-| JWT authentication (4 methods) | ✓ | ✓ |
-| Per-model ACL | ✓ | ✓ |
-| Row-Level Security (database-enforced) | ✓ | — |
-| Rate limiting (Redis + memory fallback) | ✓ | ✓ |
-| File uploads with MIME validation | ✓ | ✓ |
-| SMTP mailer with EJS templates | ✓ | ✓ |
-| Config-driven HTTP client | ✓ | ✓ |
-| i18n (10 languages) | ✓ | ✓ |
-| Security headers (HSTS, CSP, etc.) | ✓ | ✓ |
-
-> **MySQL note:** ACL provides application-level access control for all databases. RLS adds database-enforced row filtering as a second layer (PostgreSQL-only). For MySQL, ACL is your primary access control mechanism and covers most use cases. See the **[Access Control wiki](https://github.com/MertDalbudak/rapidd/wiki/Access-Control-(ACL))** for details.
+## How It Compares
+
+| | Rapidd | Hasura | PostgREST | Supabase | Strapi |
+|---|:---:|:---:|:---:|:---:|:---:|
+| Full source code ownership | ✓ | — | — | — | ✓ |
+| Schema-first (no UI) | ✓ | ✓ | ✓ | ✓ | — |
+| REST API | ✓ | partial | ✓ | ✓ | ✓ |
+| Multi-database | ✓ | ✓ | — | — | ✓ |
+| Built-in auth | ✓ | — | — | ✓ | ✓ |
+| Per-model ACL | ✓ | ✓ | — | — | ✓ |
+| Row-level security | ✓* | ✓ | ✓ | ✓ | — |
+| Before/after middleware | ✓ | — | — | — | ✓ |
+| Custom routes alongside generated | ✓ | — | — | ✓ | ✓ |
+| No vendor dependency | ✓ | ✓ | ✓ | — | ✓ |
+
+<sub>* PostgreSQL only. All other features support PostgreSQL and MySQL/MariaDB.</sub>
 
 ---
 
@@ -101,24 +94,24 @@ POST /auth/refresh        { "refreshToken": "..." }
 GET  /auth/me             Authorization: Bearer <token>
 ```
 
-Four methods — **bearer** (default), **basic**, **cookie**, and **custom header** — configurable globally via `AUTH_METHODS` env var or per endpoint prefix in `config/app.json`:
+Four strategies — **bearer** (default), **basic**, **cookie**, and **custom header** — configurable globally via `AUTH_STRATEGIES` env var or per endpoint prefix in `config/app.json`:
 
 ```json
 {
-    "endpointAuthMethod": {
+    "endpointAuthStrategy": {
         "/api/v1": ["basic", "bearer"],
         "/api/v2": "bearer"
     }
 }
 ```
 
-Set `null` for the global default, a string for a single method, or an array for multiple. Route-level config takes highest priority, then prefix match, then global default.
+Set `null` for the global default, a string for a single strategy, or an array for multiple. Route-level config takes highest priority, then prefix match, then global default.
 
 Multi-identifier login lets users authenticate with any unique field (email, username, phone) in a single endpoint.
 
 **Production:** `JWT_SECRET` and `JWT_REFRESH_SECRET` must be set explicitly. The server refuses to start without them to prevent session invalidation on restart.
 
-> **[Authentication wiki](https://github.com/MertDalbudak/rapidd/wiki/Authentication)** — session stores, route protection, per-endpoint method overrides
+> **[Authentication wiki](https://github.com/MertDalbudak/rapidd/wiki/Authentication)** — session stores, route protection, per-endpoint strategy overrides
 
 ---
 
@@ -235,11 +228,9 @@ docker build -t my-api . && docker run -p 3000:3000 --env-file .env my-api
 | [`@rapidd/core`](https://www.npmjs.com/package/@rapidd/core) | Framework runtime, project scaffolding, and unified `npx rapidd` CLI |
 | [`@rapidd/build`](https://www.npmjs.com/package/@rapidd/build) | Code generation — models, routes, and ACL from your Prisma schema |
 
-All commands go through `npx rapidd`:
-
 ```bash
-npx rapidd create-project   # scaffold a new project (@rapidd/core)
-npx rapidd build             # generate from schema  (@rapidd/build)
+npx @rapidd/core create-project   # scaffold a new project
+npx rapidd build                   # generate from schema (after npm install)
 ```
 
 ---

package/bin/cli.js

@@ -87,6 +87,19 @@ function createProject() {
         }
     }
 
+    // Read versions from this package's own package.json so they never drift
+    const corePkg = JSON.parse(fs.readFileSync(path.join(packageRoot, 'package.json'), 'utf-8'));
+    const coreDeps = corePkg.dependencies || {};
+    const coreDevDeps = corePkg.devDependencies || {};
+
+    function pick(source, keys) {
+        const result = {};
+        for (const key of keys) {
+            if (source[key]) result[key] = source[key];
+        }
+        return result;
+    }
+
     // Generate a fresh package.json for the new project
     const pkg = {
         name: projectName,
@@ -97,41 +110,19 @@ function createProject() {
             dev: 'tsx watch main.ts',
             build: 'tsc',
         },
-        engines: { node: '>=24.0.0' },
-        dependencies: {
-            '@fastify/cookie': '^11.0.2',
-            '@fastify/cors': '^11.0.0',
-            '@fastify/formbody': '^8.0.2',
-            '@fastify/multipart': '^9.4.0',
-            '@fastify/static': '^9.0.0',
-            '@prisma/adapter-mariadb': '^7.0.1',
-            '@prisma/adapter-pg': '^7.0.1',
-            '@prisma/client': '^7.0.1',
-            '@prisma/internals': '^7.0.1',
-            'bcrypt': '^6.0.0',
-            'dotenv': '^17.3.1',
-            'ejs': '^4.0.1',
-            'fastify': '^5.2.1',
-            'fastify-plugin': '^5.0.1',
-            'ioredis': '^5.6.1',
-            'jsonwebtoken': '^9.0.2',
-            'luxon': '^3.7.2',
-            'nodemailer': '^8.0.1',
-            'pg': '^8.16.3',
-        },
-        devDependencies: {
-            '@rapidd/build': '^2.1.3',
-            '@types/bcrypt': '^6.0.0',
-            '@types/ejs': '^3.1.5',
-            '@types/jsonwebtoken': '^9.0.8',
-            '@types/luxon': '^3.7.1',
-            '@types/node': '^22.12.0',
-            '@types/nodemailer': '^7.0.9',
-            '@types/pg': '^8.11.11',
-            'prisma': '^7.0.2',
-            'tsx': '^4.19.2',
-            'typescript': '^5.7.3',
-        },
+        engines: corePkg.engines || { node: '>=24.0.0' },
+        dependencies: pick(coreDeps, [
+            '@fastify/cookie', '@fastify/cors', '@fastify/formbody', '@fastify/multipart', '@fastify/static',
+            '@prisma/adapter-mariadb', '@prisma/adapter-pg', '@prisma/client', '@prisma/internals',
+            'bcrypt', 'dotenv', 'ejs', 'fastify', 'fastify-plugin',
+            'ioredis', 'jsonwebtoken', 'luxon', 'nodemailer', 'pg',
+        ]),
+        devDependencies: pick(coreDevDeps, [
+            '@rapidd/build',
+            '@types/bcrypt', '@types/ejs', '@types/jsonwebtoken', '@types/luxon',
+            '@types/node', '@types/nodemailer', '@types/pg',
+            'prisma', 'tsx', 'typescript',
+        ]),
     };
 
     fs.writeFileSync(

package/config/app.json

@@ -151,7 +151,7 @@
             "name": "Support Team"
         }
     },
-    "endpointAuthMethod": {
+    "endpointAuthStrategy": {
         "/api/v1": null
     },
     "languages": [

package/dockerfile

@@ -25,7 +25,7 @@ COPY prisma ./prisma
 RUN npx prisma generate --generator client
 
 # Stage 3: Runtime
-FROM node:24-alpine
+FROM node:current-alpine
 
 WORKDIR /app
 
@@ -50,8 +50,16 @@ COPY --chown=rapidd:nodejs public ./public
 
 RUN apk update && apk upgrade --no-cache && rm -rf /var/cache/apk/*
 
+RUN mkdir -p /app/uploads /app/temp/uploads /app/logs && \
+    chown -R rapidd:nodejs /app/uploads /app/temp /app/logs
+
+VOLUME ["/app/uploads", "/app/logs"]
+
 USER rapidd
 
 EXPOSE 3000
 
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+    CMD node -e "fetch('http://localhost:3000/').then(r => process.exit(r.status === 404 ? 0 : 1)).catch(() => process.exit(1))"
+
 ENTRYPOINT ["node", "dist/main.js"]

package/locales/ar_SA.json

@@ -175,5 +175,23 @@
     "token_missing_email": "الرمز لا يحتوي على معلومات البريد الإلكتروني",
     "oauth_config_missing": "يجب تكوين معرف التطبيق والسر الخاص بـ {provider} في متغيرات البيئة",
     "token_app_mismatch": "الرمز لا ينتمي إلى هذا التطبيق",
-    "oauth_email_permission_missing": "مستخدم {provider} لم يمنح إذن البريد الإلكتروني"
+    "oauth_email_permission_missing": "مستخدم {provider} لم يمنح إذن البريد الإلكتروني",
+    "internal_server_error": "حدث خطأ ما",
+    "duplicate_entry": "إدخال مكرر لـ {model}. السجل ذو {field}: '{value}' موجود بالفعل",
+    "authentication_not_available": "المصادقة غير متاحة",
+    "authentication_required": "المصادقة مطلوبة",
+    "user_and_password_required": "المستخدم وكلمة المرور مطلوبان",
+    "auth_not_configured": "المصادقة غير مهيأة",
+    "email_and_password_required": "البريد الإلكتروني وكلمة المرور مطلوبان",
+    "email_already_exists": "البريد الإلكتروني موجود بالفعل",
+    "user_registered": "تم تسجيل المستخدم بنجاح",
+    "invalid_composite_key": "مفتاح مركب غير صالح: متوقع {expected} حقول، تم استلام {received}",
+    "invalid_composite_key_format": "تنسيق مفتاح مركب غير صالح. متوقع كائن أو سلسلة نصية مفصولة بعلامة التلدة",
+    "no_permission_to_create": "لا توجد صلاحية لإنشاء {model}",
+    "no_permission_to_update": "لا توجد صلاحية لتحديث السجل",
+    "no_permission_to_delete": "لا توجد صلاحية لحذف السجل",
+    "field_not_nullable": "الحقل '{field}' لا يمكن أن يكون فارغاً",
+    "relation_not_included": "العلاقة '{relation}' مُشار إليها في الحقول لكنها غير مُضمّنة. {hint}",
+    "max_nesting_depth_exceeded": "تم تجاوز أقصى عمق تداخل وهو {depth}",
+    "no_file_uploaded": "لم يتم رفع أي ملف"
 }

package/locales/de_DE.json

@@ -175,5 +175,23 @@
     "token_missing_email": "Token enthält keine E-Mail-Informationen",
     "oauth_config_missing": "{provider} App-ID und Secret müssen in Umgebungsvariablen konfiguriert werden",
     "token_app_mismatch": "Token gehört nicht zu dieser Anwendung",
-    "oauth_email_permission_missing": "{provider}-Benutzer hat keine E-Mail-Berechtigung erteilt"
+    "oauth_email_permission_missing": "{provider}-Benutzer hat keine E-Mail-Berechtigung erteilt",
+    "internal_server_error": "Etwas ist schiefgelaufen",
+    "duplicate_entry": "Doppelter Eintrag für {model}. Datensatz mit {field}: '{value}' existiert bereits",
+    "authentication_not_available": "Authentifizierung ist nicht verfügbar",
+    "authentication_required": "Authentifizierung erforderlich",
+    "user_and_password_required": "Benutzer und Passwort sind erforderlich",
+    "auth_not_configured": "Authentifizierung ist nicht konfiguriert",
+    "email_and_password_required": "E-Mail und Passwort sind erforderlich",
+    "email_already_exists": "E-Mail existiert bereits",
+    "user_registered": "Benutzer erfolgreich registriert",
+    "invalid_composite_key": "Ungültiger zusammengesetzter Schlüssel: {expected} Felder erwartet, {received} erhalten",
+    "invalid_composite_key_format": "Ungültiges Format für zusammengesetzten Schlüssel. Erwartet wird ein Objekt oder ein durch Tilde getrennter String",
+    "no_permission_to_create": "Keine Berechtigung zum Erstellen von {model}",
+    "no_permission_to_update": "Keine Berechtigung zum Aktualisieren des Datensatzes",
+    "no_permission_to_delete": "Keine Berechtigung zum Löschen des Datensatzes",
+    "field_not_nullable": "Feld '{field}' darf nicht null sein",
+    "relation_not_included": "Relation '{relation}' wird in Feldern referenziert, aber nicht eingeschlossen. {hint}",
+    "max_nesting_depth_exceeded": "Maximale Verschachtelungstiefe von {depth} überschritten",
+    "no_file_uploaded": "Keine Datei hochgeladen"
 }

package/locales/en_US.json

@@ -176,5 +176,23 @@
     "token_missing_email": "Token does not contain email information",
     "oauth_config_missing": "{provider} App ID and Secret must be configured in environment variables",
     "token_app_mismatch": "Token does not belong to this application",
-    "oauth_email_permission_missing": "{provider} user does not have email permission granted"
+    "oauth_email_permission_missing": "{provider} user does not have email permission granted",
+    "internal_server_error": "Something went wrong",
+    "duplicate_entry": "Duplicate entry for {model}. Record with {field}: '{value}' already exists",
+    "authentication_not_available": "Authentication is not available",
+    "authentication_required": "Authentication required",
+    "user_and_password_required": "User and password are required",
+    "auth_not_configured": "Authentication is not configured",
+    "email_and_password_required": "Email and password are required",
+    "email_already_exists": "Email already exists",
+    "user_registered": "User registered successfully",
+    "invalid_composite_key": "Invalid composite key: expected {expected} fields, received {received}",
+    "invalid_composite_key_format": "Invalid composite key format. Expected an object or tilde-separated string",
+    "no_permission_to_create": "No permission to create {model}",
+    "no_permission_to_update": "No permission to update record",
+    "no_permission_to_delete": "No permission to delete record",
+    "field_not_nullable": "Field '{field}' cannot be null",
+    "relation_not_included": "Relation '{relation}' is referenced in fields but not included. {hint}",
+    "max_nesting_depth_exceeded": "Maximum nesting depth of {depth} exceeded",
+    "no_file_uploaded": "No file uploaded"
 }

package/locales/es_ES.json

@@ -175,5 +175,23 @@
     "token_missing_email": "El token no contiene información de correo electrónico",
     "oauth_config_missing": "El ID de aplicación y el secreto de {provider} deben configurarse en las variables de entorno",
     "token_app_mismatch": "El token no pertenece a esta aplicación",
-    "oauth_email_permission_missing": "El usuario de {provider} no ha otorgado permiso de correo electrónico"
+    "oauth_email_permission_missing": "El usuario de {provider} no ha otorgado permiso de correo electrónico",
+    "internal_server_error": "Algo salió mal",
+    "duplicate_entry": "Entrada duplicada para {model}. El registro con {field}: '{value}' ya existe",
+    "authentication_not_available": "La autenticación no está disponible",
+    "authentication_required": "Autenticación requerida",
+    "user_and_password_required": "Usuario y contraseña son requeridos",
+    "auth_not_configured": "La autenticación no está configurada",
+    "email_and_password_required": "Correo electrónico y contraseña son requeridos",
+    "email_already_exists": "El correo electrónico ya existe",
+    "user_registered": "Usuario registrado exitosamente",
+    "invalid_composite_key": "Clave compuesta inválida: se esperaban {expected} campos, se recibieron {received}",
+    "invalid_composite_key_format": "Formato de clave compuesta inválido. Se espera un objeto o una cadena separada por tildes",
+    "no_permission_to_create": "Sin permiso para crear {model}",
+    "no_permission_to_update": "Sin permiso para actualizar el registro",
+    "no_permission_to_delete": "Sin permiso para eliminar el registro",
+    "field_not_nullable": "El campo '{field}' no puede ser nulo",
+    "relation_not_included": "La relación '{relation}' está referenciada en los campos pero no incluida. {hint}",
+    "max_nesting_depth_exceeded": "Se excedió la profundidad máxima de anidación de {depth}",
+    "no_file_uploaded": "No se cargó ningún archivo"
 }

package/locales/fr_FR.json

@@ -175,5 +175,23 @@
     "token_missing_email": "Le jeton ne contient pas d'informations d'e-mail",
     "oauth_config_missing": "L'ID d'application et le secret de {provider} doivent être configurés dans les variables d'environnement",
     "token_app_mismatch": "Le jeton n'appartient pas à cette application",
-    "oauth_email_permission_missing": "L'utilisateur {provider} n'a pas accordé la permission d'accès à l'e-mail"
+    "oauth_email_permission_missing": "L'utilisateur {provider} n'a pas accordé la permission d'accès à l'e-mail",
+    "internal_server_error": "Une erreur est survenue",
+    "duplicate_entry": "Entrée en double pour {model}. L'enregistrement avec {field} : '{value}' existe déjà",
+    "authentication_not_available": "L'authentification n'est pas disponible",
+    "authentication_required": "Authentification requise",
+    "user_and_password_required": "Utilisateur et mot de passe sont requis",
+    "auth_not_configured": "L'authentification n'est pas configurée",
+    "email_and_password_required": "E-mail et mot de passe sont requis",
+    "email_already_exists": "L'e-mail existe déjà",
+    "user_registered": "Utilisateur enregistré avec succès",
+    "invalid_composite_key": "Clé composite invalide : {expected} champs attendus, {received} reçus",
+    "invalid_composite_key_format": "Format de clé composite invalide. Un objet ou une chaîne séparée par des tildes est attendu",
+    "no_permission_to_create": "Pas de permission pour créer {model}",
+    "no_permission_to_update": "Pas de permission pour mettre à jour l'enregistrement",
+    "no_permission_to_delete": "Pas de permission pour supprimer l'enregistrement",
+    "field_not_nullable": "Le champ '{field}' ne peut pas être nul",
+    "relation_not_included": "La relation '{relation}' est référencée dans les champs mais non incluse. {hint}",
+    "max_nesting_depth_exceeded": "Profondeur d'imbrication maximale de {depth} dépassée",
+    "no_file_uploaded": "Aucun fichier téléchargé"
 }

package/locales/it_IT.json

@@ -175,5 +175,23 @@
     "token_missing_email": "Il token non contiene informazioni e-mail",
     "oauth_config_missing": "L'ID applicazione e il segreto di {provider} devono essere configurati nelle variabili d'ambiente",
     "token_app_mismatch": "Il token non appartiene a questa applicazione",
-    "oauth_email_permission_missing": "L'utente {provider} non ha concesso il permesso e-mail"
+    "oauth_email_permission_missing": "L'utente {provider} non ha concesso il permesso e-mail",
+    "internal_server_error": "Qualcosa è andato storto",
+    "duplicate_entry": "Voce duplicata per {model}. Il record con {field}: '{value}' esiste già",
+    "authentication_not_available": "L'autenticazione non è disponibile",
+    "authentication_required": "Autenticazione richiesta",
+    "user_and_password_required": "Utente e password sono obbligatori",
+    "auth_not_configured": "L'autenticazione non è configurata",
+    "email_and_password_required": "E-mail e password sono obbligatori",
+    "email_already_exists": "L'e-mail esiste già",
+    "user_registered": "Utente registrato con successo",
+    "invalid_composite_key": "Chiave composita non valida: previsti {expected} campi, ricevuti {received}",
+    "invalid_composite_key_format": "Formato chiave composita non valido. Previsto un oggetto o una stringa separata da tilde",
+    "no_permission_to_create": "Nessun permesso per creare {model}",
+    "no_permission_to_update": "Nessun permesso per aggiornare il record",
+    "no_permission_to_delete": "Nessun permesso per eliminare il record",
+    "field_not_nullable": "Il campo '{field}' non può essere nullo",
+    "relation_not_included": "La relazione '{relation}' è referenziata nei campi ma non inclusa. {hint}",
+    "max_nesting_depth_exceeded": "Profondità massima di annidamento di {depth} superata",
+    "no_file_uploaded": "Nessun file caricato"
 }

package/locales/ja_JP.json

@@ -175,5 +175,23 @@
     "token_missing_email": "トークンにメール情報が含まれていません",
     "oauth_config_missing": "{provider}のアプリIDとシークレットを環境変数で設定する必要があります",
     "token_app_mismatch": "トークンはこのアプリケーションに属していません",
-    "oauth_email_permission_missing": "{provider}ユーザーがメール許可を付与していません"
+    "oauth_email_permission_missing": "{provider}ユーザーがメール許可を付与していません",
+    "internal_server_error": "問題が発生しました",
+    "duplicate_entry": "{model}の重複エントリ。{field}: '{value}'のレコードは既に存在します",
+    "authentication_not_available": "認証は利用できません",
+    "authentication_required": "認証が必要です",
+    "user_and_password_required": "ユーザーとパスワードが必要です",
+    "auth_not_configured": "認証が設定されていません",
+    "email_and_password_required": "メールアドレスとパスワードが必要です",
+    "email_already_exists": "メールアドレスは既に存在します",
+    "user_registered": "ユーザーが正常に登録されました",
+    "invalid_composite_key": "無効な複合キー: {expected}フィールドが必要ですが、{received}を受信しました",
+    "invalid_composite_key_format": "無効な複合キー形式。オブジェクトまたはチルダ区切りの文字列が必要です",
+    "no_permission_to_create": "{model}を作成する権限がありません",
+    "no_permission_to_update": "レコードを更新する権限がありません",
+    "no_permission_to_delete": "レコードを削除する権限がありません",
+    "field_not_nullable": "フィールド'{field}'はnullにできません",
+    "relation_not_included": "リレーション'{relation}'はフィールドで参照されていますが、含まれていません。{hint}",
+    "max_nesting_depth_exceeded": "最大ネスト深度{depth}を超えました",
+    "no_file_uploaded": "ファイルがアップロードされていません"
 }

package/locales/pt_BR.json

@@ -175,5 +175,23 @@
     "token_missing_email": "O token não contém informações de e-mail",
     "oauth_config_missing": "O ID do aplicativo e o segredo do {provider} devem ser configurados nas variáveis de ambiente",
     "token_app_mismatch": "O token não pertence a esta aplicação",
-    "oauth_email_permission_missing": "O usuário do {provider} não concedeu permissão de e-mail"
+    "oauth_email_permission_missing": "O usuário do {provider} não concedeu permissão de e-mail",
+    "internal_server_error": "Algo deu errado",
+    "duplicate_entry": "Entrada duplicada para {model}. Registro com {field}: '{value}' já existe",
+    "authentication_not_available": "A autenticação não está disponível",
+    "authentication_required": "Autenticação necessária",
+    "user_and_password_required": "Usuário e senha são obrigatórios",
+    "auth_not_configured": "A autenticação não está configurada",
+    "email_and_password_required": "E-mail e senha são obrigatórios",
+    "email_already_exists": "E-mail já existe",
+    "user_registered": "Usuário registrado com sucesso",
+    "invalid_composite_key": "Chave composta inválida: esperados {expected} campos, recebidos {received}",
+    "invalid_composite_key_format": "Formato de chave composta inválido. Esperado um objeto ou string separada por til",
+    "no_permission_to_create": "Sem permissão para criar {model}",
+    "no_permission_to_update": "Sem permissão para atualizar o registro",
+    "no_permission_to_delete": "Sem permissão para excluir o registro",
+    "field_not_nullable": "O campo '{field}' não pode ser nulo",
+    "relation_not_included": "A relação '{relation}' é referenciada nos campos mas não está incluída. {hint}",
+    "max_nesting_depth_exceeded": "Profundidade máxima de aninhamento de {depth} excedida",
+    "no_file_uploaded": "Nenhum arquivo enviado"
 }

package/locales/ru_RU.json

@@ -175,5 +175,23 @@
     "token_missing_email": "Токен не содержит информацию об электронной почте",
     "oauth_config_missing": "ID приложения и секрет {provider} должны быть настроены в переменных окружения",
     "token_app_mismatch": "Токен не принадлежит этому приложению",
-    "oauth_email_permission_missing": "Пользователь {provider} не предоставил разрешение на доступ к электронной почте"
+    "oauth_email_permission_missing": "Пользователь {provider} не предоставил разрешение на доступ к электронной почте",
+    "internal_server_error": "Что-то пошло не так",
+    "duplicate_entry": "Дублирующая запись для {model}. Запись с {field}: '{value}' уже существует",
+    "authentication_not_available": "Аутентификация недоступна",
+    "authentication_required": "Требуется аутентификация",
+    "user_and_password_required": "Пользователь и пароль обязательны",
+    "auth_not_configured": "Аутентификация не настроена",
+    "email_and_password_required": "Электронная почта и пароль обязательны",
+    "email_already_exists": "Электронная почта уже существует",
+    "user_registered": "Пользователь успешно зарегистрирован",
+    "invalid_composite_key": "Недопустимый составной ключ: ожидалось {expected} полей, получено {received}",
+    "invalid_composite_key_format": "Недопустимый формат составного ключа. Ожидается объект или строка, разделенная тильдой",
+    "no_permission_to_create": "Нет разрешения на создание {model}",
+    "no_permission_to_update": "Нет разрешения на обновление записи",
+    "no_permission_to_delete": "Нет разрешения на удаление записи",
+    "field_not_nullable": "Поле '{field}' не может быть пустым",
+    "relation_not_included": "Связь '{relation}' указана в полях, но не включена. {hint}",
+    "max_nesting_depth_exceeded": "Превышена максимальная глубина вложенности {depth}",
+    "no_file_uploaded": "Файл не загружен"
 }

package/locales/tr_TR.json

@@ -175,5 +175,23 @@
     "token_missing_email": "Token e-posta bilgisi içermiyor",
     "oauth_config_missing": "{provider} Uygulama ID'si ve Secret ortam değişkenlerinde yapılandırılmalıdır",
     "token_app_mismatch": "Token bu uygulamaya ait değil",
-    "oauth_email_permission_missing": "{provider} kullanıcısı e-posta izni vermemiş"
+    "oauth_email_permission_missing": "{provider} kullanıcısı e-posta izni vermemiş",
+    "internal_server_error": "Bir şeyler ters gitti",
+    "duplicate_entry": "{model} için yinelenen kayıt. {field}: '{value}' değerine sahip kayıt zaten mevcut",
+    "authentication_not_available": "Kimlik doğrulama kullanılamıyor",
+    "authentication_required": "Kimlik doğrulama gerekli",
+    "user_and_password_required": "Kullanıcı ve şifre gerekli",
+    "auth_not_configured": "Kimlik doğrulama yapılandırılmamış",
+    "email_and_password_required": "E-posta ve şifre gerekli",
+    "email_already_exists": "E-posta zaten mevcut",
+    "user_registered": "Kullanıcı başarıyla kaydedildi",
+    "invalid_composite_key": "Geçersiz bileşik anahtar: {expected} alan bekleniyor, {received} alındı",
+    "invalid_composite_key_format": "Geçersiz bileşik anahtar formatı. Bir nesne veya tilde ile ayrılmış bir dize bekleniyor",
+    "no_permission_to_create": "{model} oluşturma izni yok",
+    "no_permission_to_update": "Kaydı güncelleme izni yok",
+    "no_permission_to_delete": "Kaydı silme izni yok",
+    "field_not_nullable": "'{field}' alanı null olamaz",
+    "relation_not_included": "'{relation}' ilişkisi alanlarda referans ediliyor ancak dahil edilmemiş. {hint}",
+    "max_nesting_depth_exceeded": "Maksimum iç içe geçme derinliği {depth} aşıldı",
+    "no_file_uploaded": "Dosya yüklenmedi"
 }

package/main.ts

@@ -1,6 +1,7 @@
 import 'dotenv/config';
 import { getEnv } from './src/core/env';
 import { buildApp } from './src/app';
+import { Logger } from './src/utils/Logger';
 
 /**
  * Application entry point
@@ -14,16 +15,15 @@ export async function start(): Promise<void> {
         const app = await buildApp();
 
         await app.listen({ port, host });
-        console.log(`[Rapidd] Server running at http://${host}:${port}`);
-        console.log(`[Rapidd] Environment: ${getEnv('NODE_ENV')}`);
+        Logger.log('Server running', { host, port });
+        Logger.log('Environment', { env: getEnv('NODE_ENV') });
 
         // Warn if running compiled build with development NODE_ENV
         if (process.argv[1]?.includes('/dist/') && getEnv('NODE_ENV') === 'development') {
-            console.warn('[Rapidd] Warning: Running compiled build with NODE_ENV=development.');
-            console.warn('[Rapidd] Set NODE_ENV=production in your .env for production use.');
+            Logger.warn('Running compiled build with NODE_ENV=development. Set NODE_ENV=production in your .env for production use.');
         }
     } catch (err) {
-        console.error('[Startup Error]', (err as Error).message);
+        Logger.error(err as Error);
         process.exit(1);
     }
 }

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "2.1.2",
+  "version": "2.1.4",
   "description": "Code-first REST API framework for TypeScript. Database in, API out.",
   "main": "dist/main.js",
   "bin": {

package/src/app.ts

@@ -12,6 +12,7 @@ import { LanguageDict } from './core/i18n';
 import { disconnectAll } from './core/prisma';
 import { validateEnv } from './core/env';
 import { env } from './utils';
+import { Logger } from './utils/Logger';
 
 // Plugins
 import securityPlugin from './plugins/security';
@@ -137,9 +138,35 @@ export async function buildApp(options: RapiddOptions = {}): Promise<FastifyInst
         await loadRoutes(app, routesPath);
     }
 
+    // ── Request Logging ─────────────────────────────
+    app.addHook('onSend', async (request, _reply, payload) => {
+        if (typeof payload === 'string') {
+            (request as any)._responsePayload = payload;
+        }
+        return payload;
+    });
+
+    app.addHook('onResponse', async (request, reply) => {
+        Logger.request({
+            method: request.method,
+            url: request.url,
+            status: reply.statusCode,
+            time: reply.elapsedTime,
+            ip: request.ip,
+            contentLength: request.headers['content-length'],
+            userId: request.user?.id,
+            userAgent: request.headers['user-agent'],
+            requestHeaders: request.headers,
+            requestBody: request.body,
+            responseHeaders: reply.getHeaders(),
+            responseBody: (request as any)._responsePayload,
+        });
+    });
+
     // ── 404 Handler ─────────────────────────────────
-    app.setNotFoundHandler((_request, reply) => {
-        reply.code(404).send({ status_code: 404, message: 'Not found' });
+    app.setNotFoundHandler((request, reply) => {
+        const language = request.language || 'en_US';
+        reply.code(404).send({ status_code: 404, message: LanguageDict.get('record_not_found', null, language) });
     });
 
     // ── Graceful Shutdown ───────────────────────────
@@ -183,7 +210,7 @@ async function loadRoutes(app: FastifyInstance, routePath: string): Promise<void
                         await app.register(plugin, { prefix: route });
                     }
                 } catch (err) {
-                    console.error(`Failed to load route ${route}:`, (err as Error).message);
+                    Logger.error(err as Error, { route });
                 }
             }
         }
@@ -193,12 +220,12 @@ async function loadRoutes(app: FastifyInstance, routePath: string): Promise<void
 
 // Handle uncaught errors
 process.on('uncaughtException', (err) => {
-    console.error('[Uncaught Exception]', err);
+    Logger.error(err);
     process.exit(1);
 });
 
-process.on('unhandledRejection', (reason, promise) => {
-    console.error('[Unhandled Rejection] at:', promise, 'reason:', reason);
+process.on('unhandledRejection', (reason) => {
+    Logger.error(reason as Error);
 });
 
 export default buildApp;