@zero-server/auth 0.9.6 → 0.9.8

package/index.d.ts

@@ -1,2 +1,2 @@
-// AUTO-GENERATED by .tools/generate-package-stubs.js — edit .tools/scope-manifest.js and re-run `npm run packages:generate`.
+// AUTO-GENERATED by .tools/generate-package-stubs.js - edit .tools/scope-manifest.js and re-run `npm run packages:generate`.
 export * from './types/auth';

package/index.js

@@ -1,4 +1,4 @@
-// AUTO-GENERATED by .tools/generate-package-stubs.js — edit .tools/scope-manifest.js and re-run `npm run packages:generate`.
+// AUTO-GENERATED by .tools/generate-package-stubs.js - edit .tools/scope-manifest.js and re-run `npm run packages:generate`.
 'use strict';
 const lib = require("./lib/auth");
 

package/lib/auth/authorize.js

@@ -1,6 +1,6 @@
 /**
  * @module auth/authorize
- * @description Authorization helpers — role-based access control (RBAC),
+ * @description Authorization helpers - role-based access control (RBAC),
  *              permission-based access, and policy classes.
  *
  *              Works with any authentication middleware that sets `req.user`.
@@ -13,22 +13,22 @@
  *   app.use(jwt({ secret: process.env.JWT_SECRET }));
  *   app.use(attachUserHelpers());
  *
- *   // Role-based — only admins and editors can modify posts
+ *   // Role-based - only admins and editors can modify posts
  *   app.put('/posts/:id', authorize('admin', 'editor'), (req, res) => {
  *       res.json({ updated: true });
  *   });
  *
- *   // Permission-based — require ALL listed permissions
+ *   // Permission-based - require ALL listed permissions
  *   app.delete('/users/:id', can('users:read', 'users:delete'), (req, res) => {
  *       res.json({ deleted: true });
  *   });
  *
- *   // ANY permission — useful for overlapping access
+ *   // ANY permission - useful for overlapping access
  *   app.get('/reports', canAny('reports:read', 'admin:read'), (req, res) => {
  *       res.json({ reports: [] });
  *   });
  *
- *   // Policy class — resource-level authorization
+ *   // Policy class - resource-level authorization
  *   class PostPolicy extends Policy {
  *       before(user) { if (user.role === 'superadmin') return true; }
  *       update(user, post) { return user.id === post.authorId || user.role === 'admin'; }
@@ -114,9 +114,9 @@ function authorize(...roles)
  * Checks `req.user.permissions` (array or Set) for the required permission(s).
  *
  * Permission strings follow a `resource:action` convention:
- *   - `'posts:write'` — write access to posts
- *   - `'users:delete'` — delete users
- *   - `'*'` — superuser wildcard
+ *   - `'posts:write'` - write access to posts
+ *   - `'users:delete'` - delete users
+ *   - `'*'` - superuser wildcard
  *
  * @param {...string} permissions - Required permissions (ALL must be present unless `opts.any` is true).
  * @returns {Function} Middleware `(req, res, next) => void`.
@@ -293,7 +293,7 @@ function gate(policy, action, getResource)
             });
         }
 
-        // Attach resource if loaded — saves a redundant DB query in the handler
+        // Attach resource if loaded - saves a redundant DB query in the handler
         if (resource && !req.resource) req.resource = resource;
         next();
     };
@@ -306,8 +306,8 @@ function gate(policy, action, getResource)
  * Call this middleware after JWT/session middleware.
  *
  * Adds:
- *   - `req.user.is(...roles)` — check roles
- *   - `req.user.can(...perms)` — check permissions
+ *   - `req.user.is(...roles)` - check roles
+ *   - `req.user.can(...perms)` - check permissions
  *
  * @returns {Function} Middleware.
  *

package/lib/auth/enrollment.js

@@ -5,10 +5,10 @@
  *              for TOTP-based two-factor authentication.
  *
  *              Steps:
- *              1. `start()` — Generate secret + backup codes, store in session
- *              2. `verify()` — Confirm user can produce a valid TOTP code
- *              3. `complete()` — Persist the verified secret to the database
- *              4. `disable()` — Remove 2FA from the account
+ *              1. `start()` - Generate secret + backup codes, store in session
+ *              2. `verify()` - Confirm user can produce a valid TOTP code
+ *              3. `complete()` - Persist the verified secret to the database
+ *              4. `disable()` - Remove 2FA from the account
  *
  * @example | Full enrollment flow
  *   const { enrollment } = require('@zero-server/sdk');
@@ -356,7 +356,7 @@ function enrollment(opts = {})
 
 function _defaultGetAccount(req)
 {
-    if (!req.user) throw new Error('No user on request — authentication middleware required');
+    if (!req.user) throw new Error('No user on request - authentication middleware required');
     return req.user.email || req.user.id || req.user.sub;
 }
 

package/lib/auth/jwt.js

@@ -13,7 +13,7 @@
  *   const app = createApp();
  *   const SECRET = process.env.JWT_SECRET;
  *
- *   // Public — issue tokens
+ *   // Public - issue tokens
  *   app.post('/login', json(), async (req, res) => {
  *       const { email, password } = req.body;
  *       const user = await db.users.findOne({ email });
@@ -24,7 +24,7 @@
  *       res.json({ token });
  *   });
  *
- *   // Protected — everything under /api requires a valid token
+ *   // Protected - everything under /api requires a valid token
  *   const api = Router();
  *   api.use(jwt({ secret: SECRET }));
  *   api.get('/me', (req, res) => res.json({ id: req.user.sub, role: req.user.role }));
@@ -79,7 +79,7 @@ function _base64urlDecode(str)
 
 /**
  * Decode a JWT without verifying the signature.
- * Returns `null` for malformed tokens — never throws.
+ * Returns `null` for malformed tokens - never throws.
  *
  * @param {string} token - Raw JWT string.
  * @returns {{ header: object, payload: object, signature: string }|null}
@@ -268,7 +268,7 @@ function verify(token, secretOrKey, opts = {})
  * @param {Function} [opts.fetcher] - Custom fetch function (default: built-in fetch).
  * @param {number} [opts.cacheTtl=600000] - Cache TTL in ms (default 10 minutes).
  * @param {number} [opts.requestTimeout=5000] - Request timeout in ms.
- * @returns {Function} `async (header) => publicKey` — resolves the signing key for a JWT header.
+ * @returns {Function} `async (header) => publicKey` - resolves the signing key for a JWT header.
  *
  * @example
  *   const getKey = jwks('https://auth.example.com/.well-known/jwks.json');
@@ -330,7 +330,7 @@ function jwks(jwksUri, opts = {})
             return pem;
         }
 
-        // No kid — return the first RSA key
+        // No kid - return the first RSA key
         const first = keys.values().next().value;
         if (!first) throw _jwtError('No suitable key in JWKS', 'JWKS_NO_KEY');
         return first;
@@ -347,9 +347,9 @@ function jwks(jwksUri, opts = {})
  * Create JWT authentication middleware.
  *
  * On success, populates:
- *   - `req.user` — decoded payload
- *   - `req.auth` — `{ header, payload, token }` full decode info
- *   - `req.token` — raw JWT string
+ *   - `req.user` - decoded payload
+ *   - `req.auth` - `{ header, payload, token }` full decode info
+ *   - `req.token` - raw JWT string
  *
  * @param {object} opts - Configuration.
  * @param {string|Buffer} [opts.secret] - HMAC secret for HS* algorithms.
@@ -367,7 +367,7 @@ function jwks(jwksUri, opts = {})
  * @param {number} [opts.clockTolerance=0] - Clock skew tolerance in seconds.
  * @param {number} [opts.maxAge] - Maximum token age in seconds.
  * @param {boolean} [opts.credentialsRequired=true] - Return 401 if no token found (false = optional auth).
- * @param {Function} [opts.isRevoked] - `async (payload) => boolean` — check token revocation.
+ * @param {Function} [opts.isRevoked] - `async (payload) => boolean` - check token revocation.
  * @param {Function} [opts.onError] - Custom error handler `(err, req, res) => void`.
  * @returns {Function} Middleware `(req, res, next) => void`.
  *

package/lib/auth/oauth.js

@@ -224,7 +224,7 @@ function oauth(opts = {})
             // Validate state (CSRF prevention)
             if (verify.state && query.state !== verify.state)
             {
-                throw _oauthError('State mismatch — possible CSRF attack', 'OAUTH_STATE_MISMATCH');
+                throw _oauthError('State mismatch - possible CSRF attack', 'OAUTH_STATE_MISMATCH');
             }
 
             const body = {

package/lib/auth/session.js

@@ -263,7 +263,7 @@ class Session
         return { ...this._flash };
     }
 
-    /** @private — serialize to JSON for cookie/store */
+    /** @private - serialize to JSON for cookie/store */
     _serialize()
     {
         const obj = { d: this._data };
@@ -271,7 +271,7 @@ class Session
         return JSON.stringify(obj);
     }
 
-    /** @private — deserialize from JSON */
+    /** @private - deserialize from JSON */
     static _deserialize(json, id)
     {
         try
@@ -472,7 +472,7 @@ function session(opts = {})
         req.session = sess;
 
         // Intercept response to persist session
-        // Hook into res.raw.end (Node ServerResponse) — the Response wrapper
+        // Hook into res.raw.end (Node ServerResponse) - the Response wrapper
         // has no .end() method; its .send()/.json() helpers call raw.end().
         const raw = res.raw;
         const origEnd = raw.end.bind(raw);
@@ -481,7 +481,7 @@ function session(opts = {})
             try
             {
                 // _saveSession calls res.cookie() / res.clearCookie() which set
-                // Set-Cookie headers on raw via raw.setHeader — safe because
+                // Set-Cookie headers on raw via raw.setHeader - safe because
                 // headers aren't flushed until the original end() runs.
                 // NOTE: store-based sessions are sync-compatible because
                 // MemoryStore.set/get return resolved promises synchronously
@@ -574,7 +574,7 @@ function _saveSession(req, res, sess, ctx)
         const encrypted = _encrypt(payload, ctx.keys[0]);
         if (encrypted.length > MAX_COOKIE_SIZE)
         {
-            log.warn('session cookie exceeds %d bytes — consider using a store', MAX_COOKIE_SIZE);
+            log.warn('session cookie exceeds %d bytes - consider using a store', MAX_COOKIE_SIZE);
         }
         res.cookie(ctx.cookieName, encrypted, cOpts);
         log.debug('cookie session saved');

package/lib/auth/trustedDevice.js

@@ -7,7 +7,7 @@
  *              Subsequent requests skip the 2FA prompt if the trust token is valid.
  *              Supports secret rotation, IP binding, and revocation.
  *
- *              Uses AES-256-GCM encryption — tokens are encrypted, not just signed,
+ *              Uses AES-256-GCM encryption - tokens are encrypted, not just signed,
  *              preventing information leakage.
  *
  * @example
@@ -370,7 +370,7 @@ function _defaultFingerprint(req)
  */
 function _defaultGetUserId(req)
 {
-    if (!req.user) throw new Error('No user on request — authentication middleware required');
+    if (!req.user) throw new Error('No user on request - authentication middleware required');
     return req.user.id || req.user.sub || req.user._id;
 }
 

package/lib/auth/twoFactor.js

@@ -4,7 +4,7 @@
  *              Implements TOTP (RFC 6238 / RFC 4226), backup codes,
  *              and composable middleware for step-up verification.
  *
- *              Uses only Node.js built-in `crypto` — no external packages.
+ *              Uses only Node.js built-in `crypto` - no external packages.
  *
  * @example | Setup 2FA for a user
  *   const { twoFactor } = require('@zero-server/sdk');
@@ -228,7 +228,7 @@ function _base32Decode(str)
 
 /**
  * Generate an HOTP code for a given counter value.
- * Implements RFC 4226 §5 — HMAC-based One-Time Password.
+ * Implements RFC 4226 §5 - HMAC-based One-Time Password.
  *
  * @param {Buffer} secret - Shared secret key.
  * @param {number} counter - 8-byte counter value.
@@ -498,13 +498,13 @@ function verifyBackupCode(code, hashes)
 
 /**
  * Middleware that requires completed 2FA verification on the session.
- * Checks `req.session.get('twoFactorVerified')` — returns 403 if not set.
+ * Checks `req.session.get('twoFactorVerified')` - returns 403 if not set.
  *
  * Designed to compose with `jwt()` or `session()` middleware:
  *
  *     app.use(jwt({ secret }));
  *     app.use(require2FA());
- *     // — or —
+ *     // - or -
  *     app.use(session({ secret }));
  *     app.use(require2FA());
  *
@@ -517,7 +517,7 @@ function verifyBackupCode(code, hashes)
  *        Defaults to always requiring 2FA.
  * @returns {Function} Middleware `(req, res, next) => void`.
  *
- * @example | Basic — all authenticated users must complete 2FA
+ * @example | Basic - all authenticated users must complete 2FA
  *   app.use(require2FA());
  *
  * @example | Only enforce for users who have enrolled
@@ -548,7 +548,7 @@ function require2FA(opts = {})
                 const enabled = await isEnabled(req);
                 if (!enabled)
                 {
-                    log('2FA not enabled for user — skipping');
+                    log('2FA not enabled for user - skipping');
                     return next();
                 }
             }
@@ -568,7 +568,7 @@ function require2FA(opts = {})
         const session = req.session;
         if (!session || typeof session.get !== 'function')
         {
-            log.warn('require2FA: no session found — is session() middleware active?');
+            log.warn('require2FA: no session found - is session() middleware active?');
             const raw = res.raw || res;
             if (raw.headersSent) return;
             raw.statusCode = 500;
@@ -583,7 +583,7 @@ function require2FA(opts = {})
             return next();
         }
 
-        log.warn('2FA not completed — blocking request');
+        log.warn('2FA not completed - blocking request');
         const raw = res.raw || res;
         if (raw.headersSent) return;
         raw.statusCode = statusCode;
@@ -690,7 +690,7 @@ function verifyTOTPMiddleware(opts = {})
                 raw.end(JSON.stringify({ error: 'Too many attempts. Try again later.', retryAfter }));
                 return;
             }
-            // Lockout expired — reset
+            // Lockout expired - reset
             attempts.delete(ip);
         }
 
@@ -735,7 +735,7 @@ function verifyTOTPMiddleware(opts = {})
 
         if (result.valid)
         {
-            // Replay prevention (RFC 6238 §5.2) — check AFTER signature
+            // Replay prevention (RFC 6238 §5.2) - check AFTER signature
             // verification to avoid leaking timing information about whether
             // a code was previously used.
             if (opts.replayStore)
@@ -775,7 +775,7 @@ function verifyTOTPMiddleware(opts = {})
                 catch (err)
                 {
                     log.error('replay store error: %s', err.message);
-                    // Fail open for store errors — don't block legitimate users
+                    // Fail open for store errors - don't block legitimate users
                 }
             }
 

package/lib/auth/webauthn.js

@@ -145,7 +145,7 @@ const cbor = {
                     if (additionalInfo === 23) return undefined;
                     if (additionalInfo === 25)
                     {
-                        // float16 — not commonly used in WebAuthn but handle it
+                        // float16 - not commonly used in WebAuthn but handle it
                         offset -= 0; // already read
                         return readArgument(additionalInfo);
                     }
@@ -593,7 +593,7 @@ function verifyRegistration(opts)
         if (clientData.type !== 'webauthn.create')
             return { verified: false, credential: null, error: `Invalid type: ${clientData.type}` };
 
-        // Strict origin validation — exact match, no regex
+        // Strict origin validation - exact match, no regex
         if (clientData.origin !== expectedOrigin)
             return { verified: false, credential: null, error: `Origin mismatch: ${clientData.origin}` };
 
@@ -627,7 +627,7 @@ function verifyRegistration(opts)
 
         if (fmt === 'none')
         {
-            // No attestation — acceptable for 'none' conveyance
+            // No attestation - acceptable for 'none' conveyance
             log.debug('registration with "none" attestation format');
         }
         else if (fmt === 'packed')
@@ -644,7 +644,7 @@ function verifyRegistration(opts)
         }
         else
         {
-            log.warn('unknown attestation format: %s — treating as none', fmt);
+            log.warn('unknown attestation format: %s - treating as none', fmt);
         }
 
         // 8. Extract public key from COSE format
@@ -703,7 +703,7 @@ function _verifyPackedAttestation(attStmt, parsedAuthData, rawAuthData, clientDa
     }
     else
     {
-        // Self-attestation — verify with the credential public key
+        // Self-attestation - verify with the credential public key
         const { key } = _coseToPublicKey(parsedAuthData.credentialPublicKey);
         const algName = _coseAlgToNodeAlg(alg);
         return crypto.verify(algName, signedData, key, sig);
@@ -881,7 +881,7 @@ function verifyAuthentication(opts)
         if (!authData.userPresent)
             return { verified: false, newCounter: null, error: 'User not present' };
 
-        // 5. Counter validation — detect cloned authenticators
+        // 5. Counter validation - detect cloned authenticators
         if (authData.signCount > 0 || credential.counter > 0)
         {
             if (authData.signCount <= credential.counter)

package/lib/debug.js

@@ -16,7 +16,7 @@
  *   log.error('failed to connect', err);
  *   log('shorthand for debug level');
  *
- *   // Set minimum level — anything below is silenced
+ *   // Set minimum level - anything below is silenced
  *   debug.level('warn');   // only warn, error, fatal
  *   debug.level('silent'); // suppress all output
  *   debug.level('trace');  // show everything
@@ -81,7 +81,7 @@ _enabledPatterns = _parsePatterns();
  */
 function _isEnabled(ns)
 {
-    if (!_enabledPatterns) return true; // No DEBUG set — enable all
+    if (!_enabledPatterns) return true; // No DEBUG set - enable all
     let enabled = false;
     for (const { neg, re } of _enabledPatterns)
     {
@@ -116,7 +116,7 @@ function _ts()
 }
 
 /**
- * Format arguments (like console.log — supports %s, %d, %j, %o).
+ * Format arguments (like console.log - supports %s, %d, %j, %o).
  * @private
  */
 function _format(args)
@@ -278,13 +278,13 @@ function debug(namespace)
  * Messages below this level are silenced.
  *
  * @param {string|number} level - Level name or number.
- *   `'trace'` (0) — all output
- *   `'debug'` (1) — debug and above
- *   `'info'` (2) — info and above
- *   `'warn'` (3) — warn and above
- *   `'error'` (4) — error and fatal only
- *   `'fatal'` (5) — fatal only
- *   `'silent'` (6) — nothing
+ *   `'trace'` (0) - all output
+ *   `'debug'` (1) - debug and above
+ *   `'info'` (2) - info and above
+ *   `'warn'` (3) - warn and above
+ *   `'error'` (4) - error and fatal only
+ *   `'fatal'` (5) - fatal only
+ *   `'silent'` (6) - nothing
  */
 debug.level = function(level)
 {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zero-server/auth",
-  "version": "0.9.6",
+  "version": "0.9.8",
   "description": "JWT, sessions, OAuth, authorize, MFA stack.",
   "keywords": [
     "zero-server",
@@ -45,10 +45,10 @@
   },
   "sideEffects": false,
   "dependencies": {
-    "@zero-server/fetch": "0.9.6"
+    "@zero-server/fetch": "0.9.8"
   },
   "peerDependencies": {
-    "@zero-server/sdk": ">=0.9.6"
+    "@zero-server/sdk": ">=0.9.8"
   },
   "peerDependenciesMeta": {
     "@zero-server/sdk": {

package/types/body.d.ts

@@ -1,14 +1,82 @@
-// Re-exports for @zero-server/body — body parser types
-export {
-    BodyParserOptions,
-    JsonParserOptions,
-    UrlencodedParserOptions,
-    TextParserOptions,
-    MultipartOptions,
-    MultipartFile,
-    json,
-    urlencoded,
-    text,
-    raw,
-    multipart,
-} from './middleware';
+// TypeScript declarations for the bundled body parsers
+// (`json`, `urlencoded`, `text`, `raw`, `multipart`).
+//
+// These live in `lib/body/*` at runtime and are surfaced both via the
+// top-level SDK and the standalone `@zero-server/body` scope.  They are
+// declared here (not in `./middleware`) so the body-parser package has
+// a self-contained declaration file.
+
+import { MiddlewareFunction } from './middleware';
+import { Request } from './request';
+import { Response } from './response';
+
+export interface BodyParserOptions {
+    /** Max body size (e.g. '10kb', '1mb'). Default: '1mb'. */
+    limit?: string | number;
+    /** Content-Type(s) to match. Accepts a string, an array of strings, or a predicate function. */
+    type?: string | string[] | ((ct: string) => boolean);
+    /** Reject non-HTTPS requests with 403. */
+    requireSecure?: boolean;
+    /**
+     * Verification callback invoked with the raw buffer before parsing.
+     * Throw an error to reject the request with 403.
+     * Useful for webhook signature verification (e.g. Stripe, GitHub).
+     */
+    verify?: (req: Request, res: Response, buf: Buffer, encoding: string) => void;
+    /** Decompress gzip/deflate/br request bodies. Default: true. When false, compressed bodies return 415. */
+    inflate?: boolean;
+}
+
+export interface JsonParserOptions extends BodyParserOptions {
+    /** JSON.parse reviver function. */
+    reviver?: (key: string, value: any) => any;
+    /** Reject non-object/array roots. Default: true. */
+    strict?: boolean;
+}
+
+export interface UrlencodedParserOptions extends BodyParserOptions {
+    /** Enable nested bracket parsing. Default: false. */
+    extended?: boolean;
+    /** Max number of parameters. Default: 1000. Prevents parameter flooding DoS. */
+    parameterLimit?: number;
+    /** Max nesting depth for bracket syntax. Default: 32. Prevents deep-nesting DoS. */
+    depth?: number;
+}
+
+export interface TextParserOptions extends BodyParserOptions {
+    /** Fallback character encoding when Content-Type has no charset. Default: 'utf8'. */
+    encoding?: BufferEncoding;
+}
+
+export interface MultipartOptions {
+    /** Upload directory (default: OS temp). */
+    dir?: string;
+    /** Maximum size per file in bytes. */
+    maxFileSize?: number;
+    /** Reject non-HTTPS requests with 403. */
+    requireSecure?: boolean;
+    /** Maximum number of non-file fields. Default: 1000. */
+    maxFields?: number;
+    /** Maximum number of uploaded files. Default: 10. */
+    maxFiles?: number;
+    /** Maximum size of a single field value in bytes. Default: 1 MB. */
+    maxFieldSize?: number;
+    /** Whitelist of allowed MIME types for uploaded files (e.g. ['image/png', 'image/jpeg']). */
+    allowedMimeTypes?: string[];
+    /** Maximum combined size of all uploaded files in bytes. */
+    maxTotalSize?: number;
+}
+
+export interface MultipartFile {
+    originalFilename: string;
+    storedName: string;
+    path: string;
+    contentType: string;
+    size: number;
+}
+
+export function json(options?: JsonParserOptions): MiddlewareFunction;
+export function urlencoded(options?: UrlencodedParserOptions): MiddlewareFunction;
+export function text(options?: TextParserOptions): MiddlewareFunction;
+export function raw(options?: BodyParserOptions): MiddlewareFunction;
+export function multipart(options?: MultipartOptions): MiddlewareFunction;

package/types/cli.d.ts

@@ -1,2 +1,40 @@
-// Re-exports for @zero-server/cli — CLI runner types
-export { CLI, runCLI } from './orm';
+// TypeScript declarations for the bundled CLI runner (`zs` / `zh`).
+//
+// The CLI lives in `lib/cli.js` and is published both as the `zs` /
+// `zh` bin scripts and as a programmatic API on the SDK.  It dispatches
+// ORM subcommands (`migrate`, `seed`, `make:*`) to `@zero-server/orm`
+// and `webrtc:*` subcommands to `@zero-server/webrtc`, but the runner
+// itself is scope-neutral - hence its own declaration file.
+
+/**
+ * CLI runner for the bundled `zs` command.
+ *
+ * Parses `process.argv`-style input, resolves a config file
+ * (`zero.config.js` / `.zero-server.js` / `.zero-http.js`), and
+ * dispatches to the matching subcommand handler.
+ */
+export class CLI {
+    constructor(argv?: string[]);
+
+    /** The first positional argument (subcommand name). Defaults to `"help"`. */
+    readonly command: string;
+
+    /** Remaining positional arguments after the subcommand. */
+    readonly args: string[];
+
+    /** Parsed `--flag=value` and `-f value` pairs. */
+    readonly flags: Map<string, string>;
+
+    /** Execute the parsed command.  Sets `process.exitCode` on failure. */
+    run(): Promise<void>;
+}
+
+/**
+ * One-shot helper: `new CLI(argv).run()`.
+ *
+ * @example
+ *   const { runCLI } = require('@zero-server/sdk');
+ *   await runCLI(['migrate']);
+ *   await runCLI(['make:model', 'User', '--dir=src/models']);
+ */
+export function runCLI(argv?: string[]): Promise<void>;