create-forgeon 0.3.16 → 0.3.17

package/templates/module-presets/files/packages/files/src/forgeon-files.module.ts

@@ -1,12 +1,136 @@
-import { Module } from '@nestjs/common';
+import {
+  DynamicModule,
+  Injectable,
+  Module,
+  ModuleMetadata,
+  Provider,
+  ServiceUnavailableException,
+} from '@nestjs/common';
+import type {
+  FilesBlobCreateInput,
+  FilesPersistencePort,
+  FilesRecordCreateInput,
+  FilesStorageAdapter,
+  FilesVariantCreateInput,
+} from './files.ports';
+import { FILES_PERSISTENCE_PORT, FILES_STORAGE_ADAPTER } from './files.ports';
 import { FilesController } from './files.controller';
 import { FilesConfigModule } from './files-config.module';
 import { FilesService } from './files.service';
 
+export interface ForgeonFilesModuleOptions {
+  imports?: ModuleMetadata['imports'];
+  persistenceProvider?: Provider;
+  storageAdapterProvider?: Provider;
+}
+
+@Injectable()
+class MissingFilesPersistencePort implements FilesPersistencePort {
+  private unconfigured(): never {
+    throw new ServiceUnavailableException(
+      'Files persistence provider is not configured. Install/add a db-adapter provider and wire FILES_PERSISTENCE_PORT.',
+    );
+  }
+
+  async createFileRecord(_data: FilesRecordCreateInput): Promise<{ id: string; publicId: string }> {
+    return this.unconfigured();
+  }
+
+  async deleteFileRecordById(_id: string): Promise<void> {
+    return this.unconfigured();
+  }
+
+  async deleteFileRecordByPublicId(_publicId: string): Promise<void> {
+    return this.unconfigured();
+  }
+
+  async findFileRecordWithVariantKeys(_publicId: string) {
+    return this.unconfigured();
+  }
+
+  async findFileRecordForDelete(_publicId: string) {
+    return this.unconfigured();
+  }
+
+  async findFileRecordForDownload(_publicId: string) {
+    return this.unconfigured();
+  }
+
+  async countOwnerUsage(_ownerType: string, _ownerId: string) {
+    return this.unconfigured();
+  }
+
+  async findBlobRef(_hash: string, _size: number, _mimeType: string, _storageDriver: string) {
+    return this.unconfigured();
+  }
+
+  async createBlob(_data: FilesBlobCreateInput) {
+    return this.unconfigured();
+  }
+
+  async createVariants(_data: FilesVariantCreateInput[]): Promise<void> {
+    return this.unconfigured();
+  }
+
+  async findBlobById(_id: string) {
+    return this.unconfigured();
+  }
+
+  async deleteBlobIfUnreferenced(_id: string) {
+    return this.unconfigured();
+  }
+}
+
+@Injectable()
+class MissingFilesStorageAdapter implements FilesStorageAdapter {
+  readonly driver = 'unconfigured';
+
+  private unconfigured(): never {
+    throw new ServiceUnavailableException(
+      'Files storage adapter is not configured. Install/add a files-storage-adapter provider and wire FILES_STORAGE_ADAPTER.',
+    );
+  }
+
+  async put(_buffer: Buffer, _fileName: string): Promise<{ storageKey: string }> {
+    return this.unconfigured();
+  }
+
+  async open(_storageKey: string) {
+    return this.unconfigured();
+  }
+
+  async delete(_storageKey: string): Promise<void> {
+    return this.unconfigured();
+  }
+}
+
 @Module({
   imports: [FilesConfigModule],
   controllers: [FilesController],
   providers: [FilesService],
   exports: [FilesConfigModule, FilesService],
 })
-export class ForgeonFilesModule {}
+export class ForgeonFilesModule {
+  static register(options: ForgeonFilesModuleOptions = {}): DynamicModule {
+    const persistenceProvider =
+      options.persistenceProvider ??
+      ({
+        provide: FILES_PERSISTENCE_PORT,
+        useClass: MissingFilesPersistencePort,
+      } satisfies Provider);
+
+    const storageAdapterProvider =
+      options.storageAdapterProvider ??
+      ({
+        provide: FILES_STORAGE_ADAPTER,
+        useClass: MissingFilesStorageAdapter,
+      } satisfies Provider);
+
+    return {
+      module: ForgeonFilesModule,
+      imports: [...(options.imports ?? [])],
+      providers: [persistenceProvider, storageAdapterProvider],
+      exports: [FILES_PERSISTENCE_PORT, FILES_STORAGE_ADAPTER],
+    };
+  }
+}

package/templates/module-presets/files/packages/files/src/index.ts

@@ -5,5 +5,6 @@ export * from './files-config.loader';
 export * from './files-config.module';
 export * from './files-config.service';
 export * from './files-env.schema';
+export * from './files.ports';
 export * from './files.service';
-export * from './files.types';
+export * from './files.types';

package/templates/module-presets/files-local/packages/files-local/src/forgeon-files-local-storage.module.ts

@@ -0,0 +1,18 @@
+import { Module } from '@nestjs/common';
+import { FilesLocalConfigModule } from './files-local-config.module';
+import { LocalFilesStorageAdapter } from './local-files-storage.adapter';
+
+const FORGEON_FILES_STORAGE_ADAPTER = 'FORGEON_FILES_STORAGE_ADAPTER';
+
+@Module({
+  imports: [FilesLocalConfigModule],
+  providers: [
+    LocalFilesStorageAdapter,
+    {
+      provide: FORGEON_FILES_STORAGE_ADAPTER,
+      useExisting: LocalFilesStorageAdapter,
+    },
+  ],
+  exports: [FilesLocalConfigModule, LocalFilesStorageAdapter, FORGEON_FILES_STORAGE_ADAPTER],
+})
+export class ForgeonFilesLocalStorageModule {}

package/templates/module-presets/files-local/packages/files-local/src/index.ts

@@ -2,3 +2,5 @@ export * from './files-local-config.loader';
 export * from './files-local-config.module';
 export * from './files-local-config.service';
 export * from './files-local-env.schema';
+export * from './forgeon-files-local-storage.module';
+export * from './local-files-storage.adapter';

package/templates/module-presets/files-local/packages/files-local/src/local-files-storage.adapter.ts

@@ -0,0 +1,53 @@
+import fs from 'node:fs';
+import { promises as fsPromises } from 'node:fs';
+import path from 'node:path';
+import { Readable } from 'node:stream';
+import { Injectable, InternalServerErrorException, NotFoundException } from '@nestjs/common';
+import { FilesLocalConfigService } from './files-local-config.service';
+
+@Injectable()
+export class LocalFilesStorageAdapter {
+  readonly driver = 'local';
+
+  constructor(private readonly configService: FilesLocalConfigService) {}
+
+  async put(buffer: Buffer, storageKey: string): Promise<{ storageKey: string }> {
+    const absoluteRoot = path.resolve(process.cwd(), this.configService.rootDir);
+    const absolutePath = path.join(absoluteRoot, storageKey);
+
+    await fsPromises.mkdir(absoluteRoot, { recursive: true });
+    await fsPromises.writeFile(absolutePath, buffer);
+
+    return { storageKey };
+  }
+
+  async open(storageKey: string): Promise<Readable> {
+    const absoluteRoot = path.resolve(process.cwd(), this.configService.rootDir);
+    const absolutePath = path.join(absoluteRoot, storageKey);
+    if (!fs.existsSync(absolutePath)) {
+      throw new NotFoundException('File content not found');
+    }
+    return fs.createReadStream(absolutePath);
+  }
+
+  async delete(storageKey: string): Promise<void> {
+    const absoluteRoot = path.resolve(process.cwd(), this.configService.rootDir);
+    const absolutePath = path.join(absoluteRoot, storageKey);
+
+    if (!fs.existsSync(absolutePath)) {
+      return;
+    }
+
+    try {
+      await fsPromises.unlink(absolutePath);
+    } catch (error) {
+      throw new InternalServerErrorException({
+        message: 'Failed to delete file content',
+        details: {
+          storageKey,
+          reason: error instanceof Error ? error.message : 'unknown',
+        },
+      });
+    }
+  }
+}

package/templates/module-presets/files-s3/packages/files-s3/src/forgeon-files-s3-storage.module.ts

@@ -0,0 +1,18 @@
+import { Module } from '@nestjs/common';
+import { FilesS3ConfigModule } from './files-s3-config.module';
+import { S3FilesStorageAdapter } from './s3-files-storage.adapter';
+
+const FORGEON_FILES_STORAGE_ADAPTER = 'FORGEON_FILES_STORAGE_ADAPTER';
+
+@Module({
+  imports: [FilesS3ConfigModule],
+  providers: [
+    S3FilesStorageAdapter,
+    {
+      provide: FORGEON_FILES_STORAGE_ADAPTER,
+      useExisting: S3FilesStorageAdapter,
+    },
+  ],
+  exports: [FilesS3ConfigModule, S3FilesStorageAdapter, FORGEON_FILES_STORAGE_ADAPTER],
+})
+export class ForgeonFilesS3StorageModule {}

package/templates/module-presets/files-s3/packages/files-s3/src/index.ts

@@ -2,3 +2,5 @@ export * from './files-s3-config.loader';
 export * from './files-s3-config.module';
 export * from './files-s3-config.service';
 export * from './files-s3-env.schema';
+export * from './forgeon-files-s3-storage.module';
+export * from './s3-files-storage.adapter';

package/templates/module-presets/files-s3/packages/files-s3/src/s3-files-storage.adapter.ts

@@ -0,0 +1,130 @@
+import { Readable } from 'node:stream';
+import { Injectable, InternalServerErrorException, NotFoundException, ServiceUnavailableException } from '@nestjs/common';
+import { FilesS3ConfigService } from './files-s3-config.service';
+
+type S3ModuleLike = {
+  S3Client: new (config: Record<string, unknown>) => {
+    send: (command: unknown) => Promise<{
+      Body?: unknown;
+    }>;
+  };
+  PutObjectCommand: new (input: Record<string, unknown>) => unknown;
+  GetObjectCommand: new (input: Record<string, unknown>) => unknown;
+  DeleteObjectCommand: new (input: Record<string, unknown>) => unknown;
+};
+
+@Injectable()
+export class S3FilesStorageAdapter {
+  readonly driver = 's3';
+
+  private s3Client:
+    | {
+        send: (command: unknown) => Promise<{
+          Body?: unknown;
+        }>;
+      }
+    | null = null;
+
+  constructor(private readonly configService: FilesS3ConfigService) {}
+
+  async put(buffer: Buffer, storageKey: string): Promise<{ storageKey: string }> {
+    const { PutObjectCommand } = await this.loadS3Module();
+    const client = await this.getS3Client();
+
+    await client.send(
+      new PutObjectCommand({
+        Bucket: this.configService.bucket,
+        Key: storageKey,
+        Body: buffer,
+      }),
+    );
+
+    return { storageKey };
+  }
+
+  async open(storageKey: string): Promise<Readable> {
+    const { GetObjectCommand } = await this.loadS3Module();
+    const client = await this.getS3Client();
+
+    const response = await client.send(
+      new GetObjectCommand({
+        Bucket: this.configService.bucket,
+        Key: storageKey,
+      }),
+    );
+    if (!response.Body) {
+      throw new NotFoundException('File content not found');
+    }
+
+    return this.toNodeReadable(response.Body);
+  }
+
+  async delete(storageKey: string): Promise<void> {
+    const { DeleteObjectCommand } = await this.loadS3Module();
+    const client = await this.getS3Client();
+    await client.send(
+      new DeleteObjectCommand({
+        Bucket: this.configService.bucket,
+        Key: storageKey,
+      }),
+    );
+  }
+
+  private async getS3Client(): Promise<{
+    send: (command: unknown) => Promise<{
+      Body?: unknown;
+    }>;
+  }> {
+    if (this.s3Client) {
+      return this.s3Client;
+    }
+
+    const { S3Client } = await this.loadS3Module();
+    const providerPreset = this.configService.providerPreset;
+    const endpoint = this.configService.endpoint;
+
+    if (providerPreset !== 'aws' && !endpoint) {
+      throw new ServiceUnavailableException(
+        `files-s3 adapter endpoint is required for provider preset "${providerPreset}".`,
+      );
+    }
+
+    this.s3Client = new S3Client({
+      region: this.configService.region,
+      ...(endpoint ? { endpoint } : {}),
+      forcePathStyle: this.configService.forcePathStyle,
+      maxAttempts: this.configService.maxAttempts,
+      credentials: {
+        accessKeyId: this.configService.accessKeyId,
+        secretAccessKey: this.configService.secretAccessKey,
+      },
+    });
+    return this.s3Client;
+  }
+
+  private toNodeReadable(body: unknown): Readable {
+    if (body instanceof Readable) {
+      return body;
+    }
+    if (typeof body === 'string' || Buffer.isBuffer(body) || body instanceof Uint8Array) {
+      return Readable.from(body);
+    }
+    if (
+      typeof body === 'object' &&
+      body !== null &&
+      typeof (body as { transformToWebStream?: unknown }).transformToWebStream === 'function'
+    ) {
+      return Readable.fromWeb(
+        (body as { transformToWebStream: () => unknown }).transformToWebStream() as never,
+      );
+    }
+    throw new InternalServerErrorException('Unsupported S3 response body type');
+  }
+
+  private async loadS3Module(): Promise<S3ModuleLike> {
+    const importModule = new Function('specifier', 'return import(specifier)') as (
+      specifier: string,
+    ) => Promise<S3ModuleLike>;
+    return importModule('@aws-sdk/client-s3');
+  }
+}

package/src/modules/jwt-auth.mjs

@@ -1,271 +0,0 @@
-import fs from 'node:fs';
-import path from 'node:path';
-import { copyRecursive, writeJson } from '../utils/fs.mjs';
-import {
-  ensureBuildSteps,
-  ensureDependency,
-  ensureLineAfter,
-  ensureLineBefore,
-  upsertEnvLines,
-} from './shared/patch-utils.mjs';
-import { patchAppModuleRegistration, patchHealthControllerServiceProbe } from './shared/nest-runtime-wiring.mjs';
-import { ensureWebProbeDefinition, resolveProbeTargets } from './shared/probes.mjs';
-
-const JWT_AUTH_PERSISTENCE_MARKERS = {
-  start: '<!-- forgeon:jwt-auth:persistence:start -->',
-  end: '<!-- forgeon:jwt-auth:persistence:end -->',
-};
-
-const JWT_AUTH_RBAC_MARKERS = {
-  start: '<!-- forgeon:jwt-auth:rbac:start -->',
-  end: '<!-- forgeon:jwt-auth:rbac:end -->',
-};
-
-const JWT_AUTH_DEFAULT_PERSISTENCE_BLOCK = [
-  '- refresh token persistence: disabled by default (stateless mode; enable it later through a `db-adapter` provider + integration sync)',
-  '- to enable persistence later:',
-  '  1. install a DB adapter provider first (current provider: `create-forgeon add db-prisma --project .`);',
-  '  2. run `pnpm forgeon:sync-integrations` to wire auth persistence to the active DB adapter implementation.',
-].join('\n');
-
-const JWT_AUTH_DEFAULT_RBAC_BLOCK =
-  '- RBAC integration: not enabled by default (add `rbac` and run `pnpm forgeon:sync-integrations` to include demo `health.rbac` claims).';
-
-function copyFromPreset(packageRoot, targetRoot, relativePath) {
-  const source = path.join(packageRoot, 'templates', 'module-presets', 'jwt-auth', relativePath);
-  if (!fs.existsSync(source)) {
-    throw new Error(`Missing jwt-auth preset template: ${source}`);
-  }
-  const destination = path.join(targetRoot, relativePath);
-  fs.mkdirSync(path.dirname(destination), { recursive: true });
-  copyRecursive(source, destination);
-}
-
-function patchApiPackage(targetRoot) {
-  const packagePath = path.join(targetRoot, 'apps', 'api', 'package.json');
-  if (!fs.existsSync(packagePath)) {
-    return;
-  }
-
-  const packageJson = JSON.parse(fs.readFileSync(packagePath, 'utf8'));
-  ensureDependency(packageJson, '@forgeon/auth-api', 'workspace:*');
-  ensureDependency(packageJson, '@forgeon/auth-contracts', 'workspace:*');
-
-  ensureBuildSteps(packageJson, 'predev', [
-    'pnpm --filter @forgeon/auth-contracts build',
-    'pnpm --filter @forgeon/auth-api build',
-  ]);
-
-  writeJson(packagePath, packageJson);
-}
-
-function patchAppModule(targetRoot) {
-  patchAppModuleRegistration(targetRoot, {
-    importLine: "import { authConfig, authEnvSchema, ForgeonAuthModule } from '@forgeon/auth-api';",
-    loadItem: 'authConfig',
-    envSchema: 'authEnvSchema',
-    moduleLine: '    ForgeonAuthModule.register(),',
-    beforeAnchors: [
-      '    ForgeonI18nModule.register({',
-    ],
-    afterAnchors: [
-      '    DbPrismaModule,',
-      '    ForgeonLoggerModule,',
-      '    ForgeonSwaggerModule,',
-    ],
-    fallbackAnchor: '    CoreErrorsModule,',
-  });
-}
-
-function patchHealthController(targetRoot, probeTargets) {
-  patchHealthControllerServiceProbe(targetRoot, probeTargets, {
-    importLine: "import { AuthService } from '@forgeon/auth-api';",
-    constructorMember: 'private readonly authService: AuthService',
-    routePath: 'auth',
-    methodName: 'getAuthProbe',
-    serviceCall: 'this.authService.getProbeStatus()',
-    beforeNeedles: ["@Post('db')"],
-    beforeNeedle: 'private translate(',
-  });
-}
-
-function registerWebProbe(targetRoot, probeTargets) {
-  ensureWebProbeDefinition({
-    targetRoot,
-    probeTargets,
-    definition: {
-      id: 'auth',
-      title: 'JWT Auth',
-      buttonLabel: 'Check JWT auth probe',
-      resultTitle: 'Auth probe response',
-      path: '/health/auth',
-    },
-  });
-}
-
-function patchApiDockerfile(targetRoot) {
-  const dockerfilePath = path.join(targetRoot, 'apps', 'api', 'Dockerfile');
-  if (!fs.existsSync(dockerfilePath)) {
-    return;
-  }
-
-  let content = fs.readFileSync(dockerfilePath, 'utf8').replace(/\r\n/g, '\n');
-  const packageAnchors = [
-    'COPY packages/swagger/package.json packages/swagger/package.json',
-    'COPY packages/logger/package.json packages/logger/package.json',
-    'COPY packages/i18n/package.json packages/i18n/package.json',
-    'COPY packages/db-prisma/package.json packages/db-prisma/package.json',
-    'COPY packages/core/package.json packages/core/package.json',
-  ];
-  const packageAnchor = packageAnchors.find((line) => content.includes(line)) ?? packageAnchors.at(-1);
-  content = ensureLineAfter(
-    content,
-    packageAnchor,
-    'COPY packages/auth-contracts/package.json packages/auth-contracts/package.json',
-  );
-  content = ensureLineAfter(
-    content,
-    'COPY packages/auth-contracts/package.json packages/auth-contracts/package.json',
-    'COPY packages/auth-api/package.json packages/auth-api/package.json',
-  );
-
-  const sourceAnchors = [
-    'COPY packages/swagger packages/swagger',
-    'COPY packages/logger packages/logger',
-    'COPY packages/i18n packages/i18n',
-    'COPY packages/db-prisma packages/db-prisma',
-    'COPY packages/core packages/core',
-  ];
-  const sourceAnchor = sourceAnchors.find((line) => content.includes(line)) ?? sourceAnchors.at(-1);
-  content = ensureLineAfter(content, sourceAnchor, 'COPY packages/auth-contracts packages/auth-contracts');
-  content = ensureLineAfter(
-    content,
-    'COPY packages/auth-contracts packages/auth-contracts',
-    'COPY packages/auth-api packages/auth-api',
-  );
-
-  content = content
-    .replace(/^RUN pnpm --filter @forgeon\/auth-contracts build\r?\n?/gm, '')
-    .replace(/^RUN pnpm --filter @forgeon\/auth-api build\r?\n?/gm, '');
-
-  const buildAnchor = content.includes('RUN pnpm --filter @forgeon/api prisma:generate')
-    ? 'RUN pnpm --filter @forgeon/api prisma:generate'
-    : 'RUN pnpm --filter @forgeon/api build';
-  content = ensureLineBefore(content, buildAnchor, 'RUN pnpm --filter @forgeon/auth-contracts build');
-  content = ensureLineBefore(content, buildAnchor, 'RUN pnpm --filter @forgeon/auth-api build');
-
-  fs.writeFileSync(dockerfilePath, `${content.trimEnd()}\n`, 'utf8');
-}
-
-function patchCompose(targetRoot) {
-  const composePath = path.join(targetRoot, 'infra', 'docker', 'compose.yml');
-  if (!fs.existsSync(composePath)) {
-    return;
-  }
-
-  let content = fs.readFileSync(composePath, 'utf8').replace(/\r\n/g, '\n');
-  if (!content.includes('JWT_ACCESS_SECRET: ${JWT_ACCESS_SECRET}')) {
-    content = content.replace(
-      /^(\s+API_PREFIX:.*)$/m,
-      `$1
-      JWT_ACCESS_SECRET: \${JWT_ACCESS_SECRET}
-      JWT_ACCESS_EXPIRES_IN: \${JWT_ACCESS_EXPIRES_IN}
-      JWT_REFRESH_SECRET: \${JWT_REFRESH_SECRET}
-      JWT_REFRESH_EXPIRES_IN: \${JWT_REFRESH_EXPIRES_IN}
-      AUTH_BCRYPT_ROUNDS: \${AUTH_BCRYPT_ROUNDS}
-      AUTH_DEMO_EMAIL: \${AUTH_DEMO_EMAIL}
-      AUTH_DEMO_PASSWORD: \${AUTH_DEMO_PASSWORD}`,
-    );
-  }
-
-  fs.writeFileSync(composePath, `${content.trimEnd()}\n`, 'utf8');
-}
-
-function patchReadme(targetRoot) {
-  const readmePath = path.join(targetRoot, 'README.md');
-  if (!fs.existsSync(readmePath)) {
-    return;
-  }
-
-  const section = [
-    '## JWT Auth Module',
-    '',
-    'The jwt-auth add-module provides:',
-    '- `@forgeon/auth-contracts` shared auth routes/types/error codes',
-    '- `@forgeon/auth-api` Nest auth module (`login`, `refresh`, `logout`, `me`)',
-    '- JWT guard + passport strategy',
-    '- auth probe endpoint: `GET /api/health/auth`',
-    '',
-    'Current mode:',
-    JWT_AUTH_PERSISTENCE_MARKERS.start,
-    JWT_AUTH_DEFAULT_PERSISTENCE_BLOCK,
-    JWT_AUTH_PERSISTENCE_MARKERS.end,
-    JWT_AUTH_RBAC_MARKERS.start,
-    JWT_AUTH_DEFAULT_RBAC_BLOCK,
-    JWT_AUTH_RBAC_MARKERS.end,
-    '',
-    'Default demo credentials:',
-    '- `AUTH_DEMO_EMAIL=demo@forgeon.local`',
-    '- `AUTH_DEMO_PASSWORD=forgeon-demo-password`',
-    '',
-    'Default routes:',
-    '- `POST /api/auth/login`',
-    '- `POST /api/auth/refresh`',
-    '- `POST /api/auth/logout`',
-    '- `GET /api/auth/me`',
-  ].join('\n');
-
-  let content = fs.readFileSync(readmePath, 'utf8').replace(/\r\n/g, '\n');
-  const sectionHeading = '## JWT Auth Module';
-  if (content.includes(sectionHeading)) {
-    const start = content.indexOf(sectionHeading);
-    const tail = content.slice(start + sectionHeading.length);
-    const nextHeadingMatch = tail.match(/\n##\s+/);
-    const end =
-      nextHeadingMatch && nextHeadingMatch.index !== undefined
-        ? start + sectionHeading.length + nextHeadingMatch.index + 1
-        : content.length;
-    content = `${content.slice(0, start)}${section}\n\n${content.slice(end).replace(/^\n+/, '')}`;
-  } else if (content.includes('## Prisma In Docker Start')) {
-    content = content.replace('## Prisma In Docker Start', `${section}\n\n## Prisma In Docker Start`);
-  } else {
-    content = `${content.trimEnd()}\n\n${section}\n`;
-  }
-
-  fs.writeFileSync(readmePath, `${content.trimEnd()}\n`, 'utf8');
-}
-
-export function applyJwtAuthModule({ packageRoot, targetRoot }) {
-  copyFromPreset(packageRoot, targetRoot, path.join('packages', 'auth-contracts'));
-  copyFromPreset(packageRoot, targetRoot, path.join('packages', 'auth-api'));
-
-  const probeTargets = resolveProbeTargets({ targetRoot, moduleId: 'jwt-auth' });
-
-  patchApiPackage(targetRoot);
-  patchAppModule(targetRoot);
-  patchHealthController(targetRoot, probeTargets);
-  registerWebProbe(targetRoot, probeTargets);
-  patchApiDockerfile(targetRoot);
-  patchCompose(targetRoot);
-  patchReadme(targetRoot);
-
-  upsertEnvLines(path.join(targetRoot, 'apps', 'api', '.env.example'), [
-    'JWT_ACCESS_SECRET=forgeon-access-secret-change-me',
-    'JWT_ACCESS_EXPIRES_IN=15m',
-    'JWT_REFRESH_SECRET=forgeon-refresh-secret-change-me',
-    'JWT_REFRESH_EXPIRES_IN=7d',
-    'AUTH_BCRYPT_ROUNDS=10',
-    'AUTH_DEMO_EMAIL=demo@forgeon.local',
-    'AUTH_DEMO_PASSWORD=forgeon-demo-password',
-  ]);
-
-  upsertEnvLines(path.join(targetRoot, 'infra', 'docker', '.env.example'), [
-    'JWT_ACCESS_SECRET=forgeon-access-secret-change-me',
-    'JWT_ACCESS_EXPIRES_IN=15m',
-    'JWT_REFRESH_SECRET=forgeon-refresh-secret-change-me',
-    'JWT_REFRESH_EXPIRES_IN=7d',
-    'AUTH_BCRYPT_ROUNDS=10',
-    'AUTH_DEMO_EMAIL=demo@forgeon.local',
-    'AUTH_DEMO_PASSWORD=forgeon-demo-password',
-  ]);
-}

package/templates/module-fragments/jwt-auth/20_scope.md

@@ -1,19 +0,0 @@
-## Scope
-
-Implemented scope:
-
-1. Split into reusable packages:
-   - `@forgeon/auth-contracts`
-   - `@forgeon/auth-api`
-2. API runtime:
-   - JWT login/refresh/logout/me endpoints
-   - `JwtStrategy` + `JwtAuthGuard`
-   - `authConfig` + `authEnvSchema` wiring through root `ConfigModule` validator chain
-3. DB behavior:
-   - module install stays stateless by default
-   - refresh token hash persistence is enabled later through the `db-adapter` capability via `pnpm forgeon:sync-integrations`
-   - current DB adapter implementation for this integration is `db-prisma`
-   - if no DB adapter is installed, the module stays stateless and prints an optional integration warning with follow-up commands
-4. Module checks:
-   - API probe endpoint: `GET /api/health/auth`
-   - default web probe button + result block

package/templates/module-fragments/jwt-auth/90_status_implemented.md

@@ -1,8 +0,0 @@
-## Current State
-
-Status: implemented.
-
-Notes:
-- The persistence boundary is `db-adapter`, not a hard dependency on one concrete DB module.
-- The current DB adapter implementation for auth persistence is `db-prisma`.
-- If no DB adapter is installed, jwt-auth stays in stateless refresh mode and surfaces an optional integration warning.

package/templates/module-fragments/jwt-auth/90_status_planned.md

@@ -1,3 +0,0 @@
-## Current State
-
-This module is registered but not implemented yet.