create-forgeon 0.3.16 → 0.3.18

package/src/modules/executor.test.mjs

@@ -231,164 +231,244 @@ function assertRbacWiring(projectRoot) {
   const readme = fs.readFileSync(path.join(projectRoot, 'README.md'), 'utf8');
   assert.match(readme, /## RBAC \/ Permissions Module/);
   assert.match(readme, /installs independently/i);
-  assert.match(readme, /jwt-auth.*optional/i);
-}
-
-function assertFilesWiring(projectRoot, expectedStorageDriver = 'local') {
-  const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
-  assert.match(appModule, /filesConfig/);
-  assert.match(appModule, /filesEnvSchema/);
-  assert.match(appModule, /ForgeonFilesModule/);
-
-  const apiPackage = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'package.json'), 'utf8');
-  assert.match(apiPackage, /@forgeon\/files/);
-  assert.match(apiPackage, /pnpm --filter @forgeon\/files build/);
-
-  const apiDockerfile = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'Dockerfile'), 'utf8');
-  assert.match(apiDockerfile, /COPY packages\/files\/package\.json packages\/files\/package\.json/);
-  assert.match(apiDockerfile, /COPY packages\/files packages\/files/);
-  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/files build/);
-
-  const apiEnv = fs.readFileSync(path.join(projectRoot, 'apps', 'api', '.env.example'), 'utf8');
-  assert.match(apiEnv, /FILES_ENABLED=true/);
-  assert.match(apiEnv, new RegExp(`FILES_STORAGE_DRIVER=${expectedStorageDriver}`));
-  assert.match(apiEnv, /FILES_PUBLIC_BASE_PATH=\/files/);
-  assert.match(apiEnv, /FILES_MAX_FILE_SIZE_BYTES=10485760/);
-  assert.match(apiEnv, /FILES_ALLOWED_MIME_PREFIXES=image\/,application\/pdf,text\//);
-
-  const healthController = fs.readFileSync(
-    path.join(projectRoot, 'apps', 'api', 'src', 'health', 'health.controller.ts'),
-    'utf8',
-  );
-  assert.match(healthController, /@Post\('files'\)/);
-  assert.match(healthController, /@Get\('files-variants'\)/);
-  assert.match(healthController, /filesService\.createProbeRecord/);
-  assert.match(healthController, /filesService\.getVariantsProbeStatus/);
-  assert.match(healthController, /filesService\.deleteByPublicId/);
-
-  const filesController = fs.readFileSync(
-    path.join(projectRoot, 'packages', 'files', 'src', 'files.controller.ts'),
-    'utf8',
-  );
-  assert.match(filesController, /@Query\('variant'\) variantQuery\?: string/);
-  assert.match(filesController, /parseVariant\(variantQuery\)/);
-  assert.match(filesController, /@Delete\(':publicId'\)/);
-
-  const filesService = fs.readFileSync(
-    path.join(projectRoot, 'packages', 'files', 'src', 'files.service.ts'),
-    'utf8',
-  );
-  assert.match(filesService, /getOrCreateBlob/);
-  assert.match(filesService, /cleanupReferencedBlobs/);
-  assert.match(filesService, /isUniqueConstraintError/);
-  assert.match(filesService, /fileBlob\.deleteMany/);
-  assert.match(filesService, /variants:\s*\{[\s\S]*?none:\s*\{[\s\S]*?\}/);
-  assert.match(filesService, /prisma\.fileBlob/);
-
-  assertWebProbeShell(projectRoot);
-  const probesTs = readWebProbes(projectRoot);
-  assert.match(probesTs, /"id": "files"/);
-  assert.match(probesTs, /"buttonLabel": "Check files probe \(create metadata\)"/);
-  assert.match(probesTs, /"resultTitle": "Files probe response"/);
-  assert.match(probesTs, /"id": "files-variants"/);
-  assert.match(probesTs, /"buttonLabel": "Check files variants capability"/);
-  assert.match(probesTs, /"resultTitle": "Files variants probe response"/);
-
-  const schema = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'prisma', 'schema.prisma'), 'utf8');
-  assert.match(schema, /model FileRecord \{/);
-  assert.match(schema, /variants\s+FileVariant\[\]/);
-  assert.match(schema, /model FileVariant \{/);
-  assert.match(schema, /model FileBlob \{/);
-  assert.match(schema, /blobId\s+String/);
-  assert.match(schema, /@@unique\(\[hash,\s*size,\s*mimeType,\s*storageDriver\]\)/);
-  assert.match(schema, /@@unique\(\[fileId,\s*variantKey\]\)/);
-  assert.match(schema, /publicId\s+String\s+@unique/);
-  assert.match(schema, /@@index\(\[ownerType,\s*ownerId,\s*createdAt\]\)/);
-
-  const migration = path.join(
-    projectRoot,
-    'apps',
-    'api',
-    'prisma',
-    'migrations',
-    '20260306_files_file_record',
-    'migration.sql',
-  );
-  assert.equal(fs.existsSync(migration), true);
-
-  const variantMigration = path.join(
-    projectRoot,
-    'apps',
-    'api',
-    'prisma',
-    'migrations',
-    '20260306_files_file_variant',
-    'migration.sql',
-  );
-  assert.equal(fs.existsSync(variantMigration), true);
-}
-
-function assertFilesLocalWiring(projectRoot) {
-  const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
-  assert.match(appModule, /filesLocalConfig/);
-  assert.match(appModule, /filesLocalEnvSchemaZod/);
-  assert.match(appModule, /FilesLocalConfigModule/);
-
-  const apiPackage = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'package.json'), 'utf8');
-  assert.match(apiPackage, /@forgeon\/files-local/);
-  assert.match(apiPackage, /pnpm --filter @forgeon\/files-local build/);
-
-  const apiDockerfile = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'Dockerfile'), 'utf8');
-  assert.match(apiDockerfile, /COPY packages\/files-local\/package\.json packages\/files-local\/package\.json/);
-  assert.match(apiDockerfile, /COPY packages\/files-local packages\/files-local/);
-  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/files-local build/);
-
-  const apiEnv = fs.readFileSync(path.join(projectRoot, 'apps', 'api', '.env.example'), 'utf8');
-  assert.match(apiEnv, /FILES_LOCAL_ROOT=storage\/uploads/);
-
-  const gitignore = fs.readFileSync(path.join(projectRoot, '.gitignore'), 'utf8');
-  assert.match(gitignore, /storage\//);
-
-  const compose = fs.readFileSync(path.join(projectRoot, 'infra', 'docker', 'compose.yml'), 'utf8');
-  assert.match(compose, /files_data:\/app\/storage/);
-  assert.match(compose, /^\s{2}files_data:\s*$/m);
-}
-
-function assertFilesS3Wiring(projectRoot) {
-  const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
-  assert.match(appModule, /filesS3Config/);
-  assert.match(appModule, /filesS3EnvSchemaZod/);
-  assert.match(appModule, /FilesS3ConfigModule/);
-
-  const apiPackage = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'package.json'), 'utf8');
-  assert.match(apiPackage, /@forgeon\/files-s3/);
-  assert.match(apiPackage, /pnpm --filter @forgeon\/files-s3 build/);
-
-  const apiDockerfile = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'Dockerfile'), 'utf8');
-  assert.match(apiDockerfile, /COPY packages\/files-s3\/package\.json packages\/files-s3\/package\.json/);
-  assert.match(apiDockerfile, /COPY packages\/files-s3 packages\/files-s3/);
-  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/files-s3 build/);
-
-  const apiEnv = fs.readFileSync(path.join(projectRoot, 'apps', 'api', '.env.example'), 'utf8');
-  assert.match(apiEnv, /FILES_STORAGE_DRIVER=s3/);
-  assert.match(apiEnv, /FILES_S3_PROVIDER_PRESET=minio/);
-  assert.match(apiEnv, /FILES_S3_BUCKET=forgeon-files/);
-  assert.match(apiEnv, /FILES_S3_REGION=/);
-  assert.match(apiEnv, /FILES_S3_ENDPOINT=/);
-  assert.match(apiEnv, /FILES_S3_FORCE_PATH_STYLE=/);
-  assert.match(apiEnv, /FILES_S3_MAX_ATTEMPTS=3/);
-
-  const compose = fs.readFileSync(path.join(projectRoot, 'infra', 'docker', 'compose.yml'), 'utf8');
-  assert.match(compose, /FILES_S3_PROVIDER_PRESET: \$\{FILES_S3_PROVIDER_PRESET\}/);
-  assert.match(compose, /FILES_S3_MAX_ATTEMPTS: \$\{FILES_S3_MAX_ATTEMPTS\}/);
-
-  const filesS3Package = fs.readFileSync(
-    path.join(projectRoot, 'packages', 'files-s3', 'package.json'),
-    'utf8',
-  );
-  assert.match(filesS3Package, /@aws-sdk\/client-s3/);
+  assert.match(readme, /accounts.*optional/i);
 }
 
+function assertFilesWiring(projectRoot, expectedStorageDriver = 'local') {
+  const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
+  assert.match(appModule, /filesConfig/);
+  assert.match(appModule, /filesEnvSchema/);
+  assert.match(appModule, /ForgeonFilesModule\.register\(\{/);
+  assert.match(appModule, /ForgeonFilesDbPrismaModule/);
+  if (expectedStorageDriver === 's3') {
+    assert.match(appModule, /ForgeonFilesS3StorageModule/);
+    assert.doesNotMatch(appModule, /imports: \[ForgeonFilesDbPrismaModule, ForgeonFilesLocalStorageModule\]/);
+  } else {
+    assert.match(appModule, /ForgeonFilesLocalStorageModule/);
+  }
+
+  const apiPackage = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'package.json'), 'utf8');
+  assert.match(apiPackage, /@forgeon\/files/);
+  assert.match(apiPackage, /pnpm --filter @forgeon\/files build/);
+
+  const apiDockerfile = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'Dockerfile'), 'utf8');
+  assert.match(apiDockerfile, /COPY packages\/files\/package\.json packages\/files\/package\.json/);
+  assert.match(apiDockerfile, /COPY packages\/files packages\/files/);
+  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/files build/);
+
+  const apiEnv = fs.readFileSync(path.join(projectRoot, 'apps', 'api', '.env.example'), 'utf8');
+  assert.match(apiEnv, /FILES_ENABLED=true/);
+  assert.match(apiEnv, new RegExp('FILES_STORAGE_DRIVER=' + expectedStorageDriver));
+  assert.match(apiEnv, /FILES_PUBLIC_BASE_PATH=\/files/);
+  assert.match(apiEnv, /FILES_MAX_FILE_SIZE_BYTES=10485760/);
+  assert.match(apiEnv, /FILES_ALLOWED_MIME_PREFIXES=image\/,application\/pdf,text\//);
+
+  const healthController = fs.readFileSync(
+    path.join(projectRoot, 'apps', 'api', 'src', 'health', 'health.controller.ts'),
+    'utf8',
+  );
+  assert.match(healthController, /@Post\('files'\)/);
+  assert.match(healthController, /@Get\('files-variants'\)/);
+  assert.match(healthController, /filesService\.createProbeRecord/);
+  assert.match(healthController, /filesService\.getVariantsProbeStatus/);
+  assert.match(healthController, /filesService\.deleteByPublicId/);
+
+  const filesController = fs.readFileSync(
+    path.join(projectRoot, 'packages', 'files', 'src', 'files.controller.ts'),
+    'utf8',
+  );
+  assert.match(filesController, /@Query\('variant'\) variantQuery\?: string/);
+  assert.match(filesController, /parseVariant\(variantQuery\)/);
+  assert.match(filesController, /@Delete\(':publicId'\)/);
+
+  const filesService = fs.readFileSync(
+    path.join(projectRoot, 'packages', 'files', 'src', 'files.service.ts'),
+    'utf8',
+  );
+  assert.match(filesService, /FILES_PERSISTENCE_PORT/);
+  assert.match(filesService, /FILES_STORAGE_ADAPTER/);
+  assert.match(filesService, /getOrCreateBlob/);
+  assert.match(filesService, /cleanupReferencedBlobs/);
+  assert.match(filesService, /isUniqueConstraintError/);
+  assert.match(filesService, /storageAdapter\.put/);
+  assert.match(filesService, /persistence\.createBlob/);
+  assert.match(filesService, /persistence\.deleteBlobIfUnreferenced/);
+  assert.doesNotMatch(filesService, /PrismaService/);
+  assert.doesNotMatch(filesService, /@aws-sdk\/client-s3/);
+
+  const filesPorts = fs.readFileSync(
+    path.join(projectRoot, 'packages', 'files', 'src', 'files.ports.ts'),
+    'utf8',
+  );
+  assert.match(filesPorts, /FILES_PERSISTENCE_PORT/);
+  assert.match(filesPorts, /FILES_STORAGE_ADAPTER/);
+  assert.match(filesPorts, /interface FilesPersistencePort/);
+  assert.match(filesPorts, /interface FilesStorageAdapter/);
+
+  const filesModule = fs.readFileSync(
+    path.join(projectRoot, 'packages', 'files', 'src', 'forgeon-files.module.ts'),
+    'utf8',
+  );
+  assert.match(filesModule, /ForgeonFilesModuleOptions/);
+  assert.match(filesModule, /static register\(options: ForgeonFilesModuleOptions = \{\}\)/);
+  assert.match(filesModule, /FILES_PERSISTENCE_PORT/);
+  assert.match(filesModule, /FILES_STORAGE_ADAPTER/);
+
+  const filesPackage = fs.readFileSync(path.join(projectRoot, 'packages', 'files', 'package.json'), 'utf8');
+  assert.doesNotMatch(filesPackage, /@forgeon\/db-prisma/);
+
+  const prismaFilesStore = fs.readFileSync(
+    path.join(projectRoot, 'apps', 'api', 'src', 'files', 'prisma-files-persistence.store.ts'),
+    'utf8',
+  );
+  assert.match(prismaFilesStore, /PrismaService/);
+  assert.match(prismaFilesStore, /FILES_PERSISTENCE_PORT/);
+  assert.match(prismaFilesStore, /fileBlob\.deleteMany/);
+
+  const prismaFilesModule = fs.readFileSync(
+    path.join(projectRoot, 'apps', 'api', 'src', 'files', 'forgeon-files-db-prisma.module.ts'),
+    'utf8',
+  );
+  assert.match(prismaFilesModule, /ForgeonFilesDbPrismaModule/);
+  assert.match(prismaFilesModule, /DbPrismaModule/);
+  assert.match(prismaFilesModule, /FILES_PERSISTENCE_PORT/);
+
+  assertWebProbeShell(projectRoot);
+  const probesTs = readWebProbes(projectRoot);
+  assert.match(probesTs, /"id": "files"/);
+  assert.match(probesTs, /"buttonLabel": "Check files probe \(create metadata\)"/);
+  assert.match(probesTs, /"resultTitle": "Files probe response"/);
+  assert.match(probesTs, /"id": "files-variants"/);
+  assert.match(probesTs, /"buttonLabel": "Check files variants capability"/);
+  assert.match(probesTs, /"resultTitle": "Files variants probe response"/);
+
+  const schema = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'prisma', 'schema.prisma'), 'utf8');
+  assert.match(schema, /model FileRecord \{/);
+  assert.match(schema, /variants\s+FileVariant\[\]/);
+  assert.match(schema, /model FileVariant \{/);
+  assert.match(schema, /model FileBlob \{/);
+  assert.match(schema, /blobId\s+String/);
+  assert.match(schema, /@@unique\(\[hash,\s*size,\s*mimeType,\s*storageDriver\]\)/);
+  assert.match(schema, /@@unique\(\[fileId,\s*variantKey\]\)/);
+  assert.match(schema, /publicId\s+String\s+@unique/);
+  assert.match(schema, /@@index\(\[ownerType,\s*ownerId,\s*createdAt\]\)/);
+
+  const migration = path.join(
+    projectRoot,
+    'apps',
+    'api',
+    'prisma',
+    'migrations',
+    '20260306_files_file_record',
+    'migration.sql',
+  );
+  assert.equal(fs.existsSync(migration), true);
+
+  const variantMigration = path.join(
+    projectRoot,
+    'apps',
+    'api',
+    'prisma',
+    'migrations',
+    '20260306_files_file_variant',
+    'migration.sql',
+  );
+  assert.equal(fs.existsSync(variantMigration), true);
+}
+
+function assertFilesLocalWiring(projectRoot) {
+  const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
+  assert.match(appModule, /filesLocalConfig/);
+  assert.match(appModule, /filesLocalEnvSchemaZod/);
+  assert.match(appModule, /FilesLocalConfigModule/);
+  assert.match(appModule, /ForgeonFilesLocalStorageModule/);
+
+  const apiPackage = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'package.json'), 'utf8');
+  assert.match(apiPackage, /@forgeon\/files-local/);
+  assert.match(apiPackage, /pnpm --filter @forgeon\/files-local build/);
+
+  const apiDockerfile = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'Dockerfile'), 'utf8');
+  assert.match(apiDockerfile, /COPY packages\/files-local\/package\.json packages\/files-local\/package\.json/);
+  assert.match(apiDockerfile, /COPY packages\/files-local packages\/files-local/);
+  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/files-local build/);
+
+  const apiEnv = fs.readFileSync(path.join(projectRoot, 'apps', 'api', '.env.example'), 'utf8');
+  assert.match(apiEnv, /FILES_LOCAL_ROOT=storage\/uploads/);
+
+  const localModule = fs.readFileSync(
+    path.join(projectRoot, 'packages', 'files-local', 'src', 'forgeon-files-local-storage.module.ts'),
+    'utf8',
+  );
+  assert.match(localModule, /ForgeonFilesLocalStorageModule/);
+  assert.match(localModule, /FORGEON_FILES_STORAGE_ADAPTER/);
+
+  const localAdapter = fs.readFileSync(
+    path.join(projectRoot, 'packages', 'files-local', 'src', 'local-files-storage.adapter.ts'),
+    'utf8',
+  );
+  assert.match(localAdapter, /readonly driver = 'local'/);
+  assert.match(localAdapter, /createReadStream/);
+  assert.match(localAdapter, /writeFile/);
+
+  const gitignore = fs.readFileSync(path.join(projectRoot, '.gitignore'), 'utf8');
+  assert.match(gitignore, /storage\//);
+
+  const compose = fs.readFileSync(path.join(projectRoot, 'infra', 'docker', 'compose.yml'), 'utf8');
+  assert.match(compose, /files_data:\/app\/storage/);
+  assert.match(compose, /^\s{2}files_data:\s*$/m);
+}
+
+function assertFilesS3Wiring(projectRoot) {
+  const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
+  assert.match(appModule, /filesS3Config/);
+  assert.match(appModule, /filesS3EnvSchemaZod/);
+  assert.match(appModule, /FilesS3ConfigModule/);
+  assert.match(appModule, /ForgeonFilesS3StorageModule/);
+
+  const apiPackage = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'package.json'), 'utf8');
+  assert.match(apiPackage, /@forgeon\/files-s3/);
+  assert.match(apiPackage, /pnpm --filter @forgeon\/files-s3 build/);
+
+  const apiDockerfile = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'Dockerfile'), 'utf8');
+  assert.match(apiDockerfile, /COPY packages\/files-s3\/package\.json packages\/files-s3\/package\.json/);
+  assert.match(apiDockerfile, /COPY packages\/files-s3 packages\/files-s3/);
+  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/files-s3 build/);
+
+  const apiEnv = fs.readFileSync(path.join(projectRoot, 'apps', 'api', '.env.example'), 'utf8');
+  assert.match(apiEnv, /FILES_STORAGE_DRIVER=s3/);
+  assert.match(apiEnv, /FILES_S3_PROVIDER_PRESET=minio/);
+  assert.match(apiEnv, /FILES_S3_BUCKET=forgeon-files/);
+  assert.match(apiEnv, /FILES_S3_REGION=/);
+  assert.match(apiEnv, /FILES_S3_ENDPOINT=/);
+  assert.match(apiEnv, /FILES_S3_FORCE_PATH_STYLE=/);
+  assert.match(apiEnv, /FILES_S3_MAX_ATTEMPTS=3/);
+
+  const compose = fs.readFileSync(path.join(projectRoot, 'infra', 'docker', 'compose.yml'), 'utf8');
+  assert.match(compose, /FILES_S3_PROVIDER_PRESET: \$\{FILES_S3_PROVIDER_PRESET\}/);
+  assert.match(compose, /FILES_S3_MAX_ATTEMPTS: \$\{FILES_S3_MAX_ATTEMPTS\}/);
+
+  const filesS3Package = fs.readFileSync(
+    path.join(projectRoot, 'packages', 'files-s3', 'package.json'),
+    'utf8',
+  );
+  assert.match(filesS3Package, /@aws-sdk\/client-s3/);
+
+  const s3Module = fs.readFileSync(
+    path.join(projectRoot, 'packages', 'files-s3', 'src', 'forgeon-files-s3-storage.module.ts'),
+    'utf8',
+  );
+  assert.match(s3Module, /ForgeonFilesS3StorageModule/);
+  assert.match(s3Module, /FORGEON_FILES_STORAGE_ADAPTER/);
+
+  const s3Adapter = fs.readFileSync(
+    path.join(projectRoot, 'packages', 'files-s3', 'src', 's3-files-storage.adapter.ts'),
+    'utf8',
+  );
+  assert.match(s3Adapter, /readonly driver = 's3'/);
+  assert.match(s3Adapter, /@aws-sdk\/client-s3/);
+  assert.match(s3Adapter, /loadS3Module/);
+}
+
 function assertFilesAccessWiring(projectRoot) {
   const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
   assert.match(appModule, /ForgeonFilesAccessModule/);
@@ -626,70 +706,80 @@ function assertFilesImageWiring(projectRoot) {
   assert.match(readme, /metadata is stripped before storage/i);
 }
 
-function assertJwtAuthWiring(projectRoot, withPrismaStore) {
-  const apiPackage = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'package.json'), 'utf8');
-  assert.match(apiPackage, /@forgeon\/auth-api/);
-  assert.match(apiPackage, /@forgeon\/auth-contracts/);
-  assert.match(apiPackage, /pnpm --filter @forgeon\/auth-contracts build/);
-  assert.match(apiPackage, /pnpm --filter @forgeon\/auth-api build/);
-
-  const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
-  assert.match(appModule, /authConfig/);
-  assert.match(appModule, /authEnvSchema/);
-  assert.match(appModule, /ForgeonAuthModule\.register\(/);
-  if (withPrismaStore) {
-    assert.match(appModule, /AUTH_REFRESH_TOKEN_STORE/);
-    assert.match(appModule, /PrismaAuthRefreshTokenStore/);
-  } else {
-    assert.doesNotMatch(appModule, /PrismaAuthRefreshTokenStore/);
-  }
-
-  const healthController = fs.readFileSync(
-    path.join(projectRoot, 'apps', 'api', 'src', 'health', 'health.controller.ts'),
-    'utf8',
-  );
-  assert.match(healthController, /@Get\('auth'\)/);
-  assert.match(healthController, /authService\.getProbeStatus/);
-  assert.doesNotMatch(healthController, /,\s*,/);
-
-  assertWebProbeShell(projectRoot);
-  const probesTs = readWebProbes(projectRoot);
-  assert.match(probesTs, /"id": "auth"/);
-  assert.match(probesTs, /"buttonLabel": "Check JWT auth probe"/);
-  assert.match(probesTs, /"resultTitle": "Auth probe response"/);
-
-  const apiDockerfile = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'Dockerfile'), 'utf8');
-  assert.match(
-    apiDockerfile,
-    /COPY packages\/auth-contracts\/package\.json packages\/auth-contracts\/package\.json/,
-  );
-  assert.match(apiDockerfile, /COPY packages\/auth-api\/package\.json packages\/auth-api\/package\.json/);
-  assert.match(apiDockerfile, /COPY packages\/auth-contracts packages\/auth-contracts/);
-  assert.match(apiDockerfile, /COPY packages\/auth-api packages\/auth-api/);
-  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/auth-contracts build/);
-  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/auth-api build/);
-
-  const apiEnv = fs.readFileSync(path.join(projectRoot, 'apps', 'api', '.env.example'), 'utf8');
-  assert.match(apiEnv, /JWT_ACCESS_SECRET=/);
-  assert.match(apiEnv, /JWT_REFRESH_SECRET=/);
-  assert.match(apiEnv, /AUTH_DEMO_EMAIL=/);
-  assert.match(apiEnv, /AUTH_DEMO_PASSWORD=/);
-
-  const compose = fs.readFileSync(path.join(projectRoot, 'infra', 'docker', 'compose.yml'), 'utf8');
-  assert.match(compose, /JWT_ACCESS_SECRET: \$\{JWT_ACCESS_SECRET\}/);
-  assert.match(compose, /JWT_REFRESH_SECRET: \$\{JWT_REFRESH_SECRET\}/);
-
-  const readme = fs.readFileSync(path.join(projectRoot, 'README.md'), 'utf8');
-  assert.match(readme, /## JWT Auth Module/);
-
-  const authServiceSource = fs.readFileSync(
-    path.join(projectRoot, 'packages', 'auth-api', 'src', 'auth.service.ts'),
-    'utf8',
-  );
-  assert.match(authServiceSource, /import type \{/);
-  assert.doesNotMatch(authServiceSource, /import\s*\{\s*AUTH_ERROR_CODES/);
-}
-
+function assertAccountsWiring(projectRoot) {
+  const apiPackage = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'package.json'), 'utf8');
+  assert.match(apiPackage, /@forgeon\/accounts-api/);
+  assert.match(apiPackage, /@forgeon\/accounts-contracts/);
+  assert.match(apiPackage, /pnpm --filter @forgeon\/accounts-contracts build/);
+  assert.match(apiPackage, /pnpm --filter @forgeon\/accounts-api build/);
+
+  const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
+  assert.match(appModule, /authConfig/);
+  assert.match(appModule, /authEnvSchema/);
+  assert.match(appModule, /ForgeonAccountsDbPrismaModule/);
+  assert.match(appModule, /ForgeonAccountsModule\.register\(\{/);
+  assert.match(appModule, /UsersModule\.register\(\{\}\)/);
+  assert.doesNotMatch(appModule, /AUTH_REFRESH_TOKEN_STORE/);
+
+  const healthController = fs.readFileSync(
+    path.join(projectRoot, 'apps', 'api', 'src', 'health', 'health.controller.ts'),
+    'utf8',
+  );
+  assert.match(healthController, /@Get\('auth'\)/);
+  assert.match(healthController, /authService\.getProbeStatus/);
+  assert.match(healthController, /\$queryRaw/);
+  assert.doesNotMatch(healthController, /data:\s*\{\s*email\s*\}/);
+  assert.doesNotMatch(healthController, /,\s*,/);
+
+  assertWebProbeShell(projectRoot);
+  const probesTs = readWebProbes(projectRoot);
+  assert.match(probesTs, /"id": "auth"/);
+  assert.match(probesTs, /"buttonLabel": "Check accounts probe"/);
+  assert.match(probesTs, /"resultTitle": "Accounts probe response"/);
+
+  const apiDockerfile = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'Dockerfile'), 'utf8');
+  assert.match(
+    apiDockerfile,
+    /COPY packages\/accounts-contracts\/package\.json packages\/accounts-contracts\/package\.json/,
+  );
+  assert.match(apiDockerfile, /COPY packages\/accounts-api\/package\.json packages\/accounts-api\/package\.json/);
+  assert.match(apiDockerfile, /COPY packages\/accounts-contracts packages\/accounts-contracts/);
+  assert.match(apiDockerfile, /COPY packages\/accounts-api packages\/accounts-api/);
+  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/accounts-contracts build/);
+  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/accounts-api build/);
+
+  const apiEnv = fs.readFileSync(path.join(projectRoot, 'apps', 'api', '.env.example'), 'utf8');
+  assert.match(apiEnv, /JWT_ACCESS_SECRET=/);
+  assert.match(apiEnv, /JWT_REFRESH_SECRET=/);
+  assert.match(apiEnv, /AUTH_ARGON2_MEMORY_COST=/);
+  assert.match(apiEnv, /AUTH_ARGON2_PARALLELISM=/);
+
+  const compose = fs.readFileSync(path.join(projectRoot, 'infra', 'docker', 'compose.yml'), 'utf8');
+  assert.match(compose, /JWT_ACCESS_SECRET: \$\{JWT_ACCESS_SECRET\}/);
+  assert.match(compose, /JWT_REFRESH_SECRET: \$\{JWT_REFRESH_SECRET\}/);
+  assert.match(compose, /AUTH_ARGON2_MEMORY_COST: \$\{AUTH_ARGON2_MEMORY_COST\}/);
+
+  const readme = fs.readFileSync(path.join(projectRoot, 'README.md'), 'utf8');
+  assert.match(readme, /## Accounts Module/);
+  assert.match(readme, /owner-scoped user routes/);
+  assert.match(readme, /AccountsEmailPort/);
+
+  const authServiceSource = fs.readFileSync(
+    path.join(projectRoot, 'packages', 'accounts-api', 'src', 'auth.service.ts'),
+    'utf8',
+  );
+  assert.match(authServiceSource, /import type \{ RegisterRequest \} from '@forgeon\/accounts-contracts';/);
+
+  const prismaStorePath = path.join(
+    projectRoot,
+    'apps',
+    'api',
+    'src',
+    'accounts',
+    'prisma-accounts-persistence.store.ts',
+  );
+  assert.equal(fs.existsSync(prismaStorePath), true);
+}
 function stripDbPrismaArtifacts(projectRoot) {
   const dbPackageDir = path.join(projectRoot, 'packages', 'db-prisma');
   if (fs.existsSync(dbPackageDir)) {
@@ -1452,17 +1542,21 @@ describe('addModule', () => {
         packageRoot,
       });
 
-      const apiEnv = fs.readFileSync(path.join(projectRoot, 'apps', 'api', '.env.example'), 'utf8');
-      assert.match(apiEnv, /FILES_STORAGE_DRIVER=s3/);
-
-      const filesService = fs.readFileSync(
-        path.join(projectRoot, 'packages', 'files', 'src', 'files.service.ts'),
-        'utf8',
-      );
-      assert.match(filesService, /storeS3/);
-      assert.match(filesService, /openS3/);
-      assert.match(filesService, /deleteS3/);
-      assert.match(filesService, /@aws-sdk\/client-s3/);
+      const apiEnv = fs.readFileSync(path.join(projectRoot, 'apps', 'api', '.env.example'), 'utf8');
+      assert.match(apiEnv, /FILES_STORAGE_DRIVER=s3/);
+
+      const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
+      assert.match(appModule, /ForgeonFilesS3StorageModule/);
+      assert.doesNotMatch(appModule, /imports: \[ForgeonFilesDbPrismaModule, ForgeonFilesLocalStorageModule\]/);
+
+      const filesService = fs.readFileSync(
+        path.join(projectRoot, 'packages', 'files', 'src', 'files.service.ts'),
+        'utf8',
+      );
+      assert.doesNotMatch(filesService, /storeS3/);
+      assert.doesNotMatch(filesService, /openS3/);
+      assert.doesNotMatch(filesService, /deleteS3/);
+      assert.doesNotMatch(filesService, /@aws-sdk\/client-s3/);
     } finally {
       fs.rmSync(targetRoot, { recursive: true, force: true });
     }
@@ -2072,239 +2166,179 @@ describe('addModule', () => {
     }
   });
 
-  it('applies jwt-auth with db-prisma as stateless first, then wires persistence via explicit sync', () => {
-    const targetRoot = mkTmp('forgeon-module-jwt-db-');
-    const projectRoot = path.join(targetRoot, 'demo-jwt-db');
-    const templateRoot = path.join(packageRoot, 'templates', 'base');
-
-    try {
-      scaffoldProject({
-        templateRoot,
-        packageRoot,
-        targetRoot: projectRoot,
-        projectName: 'demo-jwt-db',
-        frontend: 'react',
-        db: 'prisma',
-        dbPrismaEnabled: true,
-        i18nEnabled: true,
-        proxy: 'caddy',
-      });
-
-      const result = addModule({
-        moduleId: 'jwt-auth',
-        targetRoot: projectRoot,
-        packageRoot,
-      });
-
-      assert.equal(result.applied, true);
-      assertJwtAuthWiring(projectRoot, false);
-
-      const syncResult = syncIntegrations({ targetRoot: projectRoot, packageRoot });
-      const dbPair = syncResult.summary.find((item) => item.id === 'auth-persistence');
-      assert.ok(dbPair);
-      assert.equal(dbPair.result.applied, true);
-      assert.equal(syncResult.changedFiles.length > 0, true);
-
-      assertJwtAuthWiring(projectRoot, true);
-
-      const storeFile = path.join(
-        projectRoot,
-        'apps',
-        'api',
-        'src',
-        'auth',
-        'prisma-auth-refresh-token.store.ts',
-      );
-      assert.equal(fs.existsSync(storeFile), true);
-
-      const schema = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'prisma', 'schema.prisma'), 'utf8');
-      assert.match(schema, /refreshTokenHash/);
-
-      const migrationPath = path.join(
-        projectRoot,
-        'apps',
-        'api',
-        'prisma',
-        'migrations',
-        '0002_auth_refresh_token_hash',
-        'migration.sql',
-      );
-      assert.equal(fs.existsSync(migrationPath), true);
-
-      const readme = fs.readFileSync(path.join(projectRoot, 'README.md'), 'utf8');
-      assert.match(readme, /refresh token persistence: enabled/);
-      assert.match(readme, /db-adapter/);
-      assert.match(readme, /current provider: `db-prisma`/);
-      assert.match(readme, /0002_auth_refresh_token_hash/);
-
-      const moduleDoc = fs.readFileSync(result.docsPath, 'utf8');
-      assert.match(moduleDoc, /Status: implemented/);
-      assert.match(moduleDoc, /db-adapter/);
-    } finally {
-      fs.rmSync(targetRoot, { recursive: true, force: true });
-    }
-  });
-
-  it('applies jwt-auth without db and keeps stateless fallback until pair sync is available', () => {
-    const targetRoot = mkTmp('forgeon-module-jwt-nodb-');
-    const projectRoot = path.join(targetRoot, 'demo-jwt-nodb');
-    const templateRoot = path.join(packageRoot, 'templates', 'base');
-
-    try {
-      scaffoldProject({
-        templateRoot,
-        packageRoot,
-        targetRoot: projectRoot,
-        projectName: 'demo-jwt-nodb',
-        frontend: 'react',
-        db: 'prisma',
-        dbPrismaEnabled: true,
-        i18nEnabled: false,
-        proxy: 'caddy',
-      });
-
-      stripDbPrismaArtifacts(projectRoot);
-
-      const result = addModule({
-        moduleId: 'jwt-auth',
-        targetRoot: projectRoot,
-        packageRoot,
-      });
-
-      assert.equal(result.applied, true);
-      assertJwtAuthWiring(projectRoot, false);
-      assert.equal(
-        fs.existsSync(path.join(projectRoot, 'apps', 'api', 'src', 'auth', 'prisma-auth-refresh-token.store.ts')),
-        false,
-      );
-
-      const readme = fs.readFileSync(path.join(projectRoot, 'README.md'), 'utf8');
-      assert.match(readme, /refresh token persistence: disabled/);
-      assert.match(readme, /db-adapter/);
-      assert.match(readme, /create-forgeon add db-prisma/);
-
-    } finally {
-      fs.rmSync(targetRoot, { recursive: true, force: true });
-    }
-  });
-
-  it('detects and applies jwt-auth + rbac claims integration explicitly', () => {
-    const targetRoot = mkTmp('forgeon-module-jwt-rbac-');
-    const projectRoot = path.join(targetRoot, 'demo-jwt-rbac');
-    const templateRoot = path.join(packageRoot, 'templates', 'base');
-
-    try {
-      scaffoldProject({
-        templateRoot,
-        packageRoot,
-        targetRoot: projectRoot,
-        projectName: 'demo-jwt-rbac',
-        frontend: 'react',
-        db: 'prisma',
-        dbPrismaEnabled: false,
-        i18nEnabled: false,
-        proxy: 'caddy',
-      });
-
-      addModule({
-        moduleId: 'rbac',
-        targetRoot: projectRoot,
-        packageRoot,
-      });
-      addModule({
-        moduleId: 'jwt-auth',
-        targetRoot: projectRoot,
-        packageRoot,
-      });
-
-      const scan = scanIntegrations({
-        targetRoot: projectRoot,
-        relatedModuleId: 'jwt-auth',
-      });
-      assert.equal(scan.groups.some((group) => group.id === 'auth-rbac-claims'), true);
-
-      const syncResult = syncIntegrations({
-        targetRoot: projectRoot,
-        packageRoot,
-        groupIds: ['auth-rbac-claims'],
-      });
-      const claimsPair = syncResult.summary.find((item) => item.id === 'auth-rbac-claims');
-      assert.ok(claimsPair);
-      assert.equal(claimsPair.result.applied, true);
-
-      const authContracts = fs.readFileSync(
-        path.join(projectRoot, 'packages', 'auth-contracts', 'src', 'index.ts'),
-        'utf8',
-      );
-      assert.match(authContracts, /permissions\?: string\[\];/);
-
-      const authService = fs.readFileSync(
-        path.join(projectRoot, 'packages', 'auth-api', 'src', 'auth.service.ts'),
-        'utf8',
-      );
-      assert.match(authService, /permissions: \['health\.rbac'\]/);
-      assert.match(authService, /permissions: user\.permissions,/);
-      assert.match(
-        authService,
-        /permissions: Array\.isArray\(payload\.permissions\) \? payload\.permissions : \[\],/,
-      );
-
-      const authController = fs.readFileSync(
-        path.join(projectRoot, 'packages', 'auth-api', 'src', 'auth.controller.ts'),
-        'utf8',
-      );
-      assert.match(
-        authController,
-        /permissions: Array\.isArray\(payload\.permissions\) \? payload\.permissions : \[\],/,
-      );
-    } finally {
-      fs.rmSync(targetRoot, { recursive: true, force: true });
-    }
-  });
-
-  it('scans auth persistence as db-adapter participant while remaining triggerable from db-prisma install order', () => {
-    const targetRoot = mkTmp('forgeon-module-jwt-db-scan-');
-    const projectRoot = path.join(targetRoot, 'demo-jwt-db-scan');
-    const templateRoot = path.join(packageRoot, 'templates', 'base');
-
-    try {
-      scaffoldProject({
-        templateRoot,
-        packageRoot,
-        targetRoot: projectRoot,
-        projectName: 'demo-jwt-db-scan',
-        frontend: 'react',
-        db: 'prisma',
-        dbPrismaEnabled: false,
-        i18nEnabled: false,
-        proxy: 'caddy',
-      });
-
-      addModule({
-        moduleId: 'jwt-auth',
-        targetRoot: projectRoot,
-        packageRoot,
-      });
-      addModule({
-        moduleId: 'db-prisma',
-        targetRoot: projectRoot,
-        packageRoot,
-      });
-
-      const scan = scanIntegrations({
-        targetRoot: projectRoot,
-        relatedModuleId: 'db-prisma',
-      });
-      const persistenceGroup = scan.groups.find((group) => group.id === 'auth-persistence');
-
-      assert.ok(persistenceGroup);
-      assert.deepEqual(persistenceGroup.modules, ['jwt-auth', 'db-adapter']);
-    } finally {
-      fs.rmSync(targetRoot, { recursive: true, force: true });
-    }
-  });
-
-  it('applies logger then jwt-auth on db/i18n-disabled scaffold without breaking health controller syntax', () => {
+  it('applies accounts with db-prisma and wires the DB-backed runtime immediately', () => {
+    const targetRoot = mkTmp('forgeon-module-accounts-db-');
+    const projectRoot = path.join(targetRoot, 'demo-accounts-db');
+    const templateRoot = path.join(packageRoot, 'templates', 'base');
+
+    try {
+      scaffoldProject({
+        templateRoot,
+        packageRoot,
+        targetRoot: projectRoot,
+        projectName: 'demo-accounts-db',
+        frontend: 'react',
+        db: 'prisma',
+        dbPrismaEnabled: true,
+        i18nEnabled: true,
+        proxy: 'caddy',
+      });
+
+      const result = addModule({
+        moduleId: 'accounts',
+        targetRoot: projectRoot,
+        packageRoot,
+      });
+
+      assert.equal(result.applied, true);
+      assertAccountsWiring(projectRoot);
+
+      const schema = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'prisma', 'schema.prisma'), 'utf8');
+      assert.match(schema, /model UserProfile/);
+      assert.match(schema, /model UserSettings/);
+      assert.match(schema, /model AuthIdentity/);
+      assert.match(schema, /model AuthCredential/);
+      assert.match(schema, /model AuthRefreshToken/);
+      assert.doesNotMatch(schema, /roles\s+/i);
+      assert.doesNotMatch(schema, /permissions\s+/i);
+
+      const migrationPath = path.join(
+        projectRoot,
+        'apps',
+        'api',
+        'prisma',
+        'migrations',
+        '0002_accounts_core',
+        'migration.sql',
+      );
+      assert.equal(fs.existsSync(migrationPath), true);
+
+      const seedSource = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'prisma', 'seed.ts'), 'utf8');
+      assert.match(seedSource, /Prisma\.dmmf/);
+      assert.match(seedSource, /userFields\.has\('email'\)/);
+
+      const readme = fs.readFileSync(path.join(projectRoot, 'README.md'), 'utf8');
+      assert.match(readme, /POST \/api\/auth\/register/);
+      assert.match(readme, /POST \/api\/auth\/password-reset\/request/);
+      assert.match(readme, /\/api\/users\/:id\/settings/);
+
+      const moduleDoc = fs.readFileSync(result.docsPath, 'utf8');
+      assert.match(moduleDoc, /Status: implemented/);
+      assert.match(moduleDoc, /db-adapter/);
+      assert.match(moduleDoc, /owner-scoped/);
+    } finally {
+      fs.rmSync(targetRoot, { recursive: true, force: true });
+    }
+  });
+
+  it('detects and applies accounts-rbac compatibility sync explicitly', () => {
+    const targetRoot = mkTmp('forgeon-module-accounts-rbac-');
+    const projectRoot = path.join(targetRoot, 'demo-accounts-rbac');
+    const templateRoot = path.join(packageRoot, 'templates', 'base');
+
+    try {
+      scaffoldProject({
+        templateRoot,
+        packageRoot,
+        targetRoot: projectRoot,
+        projectName: 'demo-accounts-rbac',
+        frontend: 'react',
+        db: 'prisma',
+        dbPrismaEnabled: true,
+        i18nEnabled: false,
+        proxy: 'caddy',
+      });
+
+      addModule({
+        moduleId: 'rbac',
+        targetRoot: projectRoot,
+        packageRoot,
+      });
+      addModule({
+        moduleId: 'accounts',
+        targetRoot: projectRoot,
+        packageRoot,
+      });
+
+      const scan = scanIntegrations({
+        targetRoot: projectRoot,
+        relatedModuleId: 'accounts',
+      });
+      assert.equal(scan.groups.some((group) => group.id === 'accounts-rbac'), true);
+
+      const syncResult = syncIntegrations({
+        targetRoot: projectRoot,
+        packageRoot,
+        groupIds: ['accounts-rbac'],
+      });
+      const claimsPair = syncResult.summary.find((item) => item.id === 'accounts-rbac');
+      assert.ok(claimsPair);
+      assert.equal(claimsPair.result.applied, true);
+
+      const contracts = fs.readFileSync(
+        path.join(projectRoot, 'packages', 'accounts-contracts', 'src', 'index.ts'),
+        'utf8',
+      );
+      assert.match(contracts, /roles\?: string\[\];/);
+      assert.match(contracts, /permissions\?: string\[\];/);
+
+      const authTypes = fs.readFileSync(
+        path.join(projectRoot, 'packages', 'accounts-api', 'src', 'auth.types.ts'),
+        'utf8',
+      );
+      assert.match(authTypes, /roles\?: string\[\];/);
+      assert.match(authTypes, /permissions\?: string\[\];/);
+
+      const readme = fs.readFileSync(path.join(projectRoot, 'README.md'), 'utf8');
+      assert.match(readme, /forgeon:accounts:rbac:start/);
+      assert.match(readme, /base accounts schema remains free of roles and permissions/);
+    } finally {
+      fs.rmSync(targetRoot, { recursive: true, force: true });
+    }
+  });
+
+  it('scans accounts-rbac compatibility when accounts and rbac are both installed', () => {
+    const targetRoot = mkTmp('forgeon-module-accounts-rbac-scan-');
+    const projectRoot = path.join(targetRoot, 'demo-accounts-rbac-scan');
+    const templateRoot = path.join(packageRoot, 'templates', 'base');
+
+    try {
+      scaffoldProject({
+        templateRoot,
+        packageRoot,
+        targetRoot: projectRoot,
+        projectName: 'demo-accounts-rbac-scan',
+        frontend: 'react',
+        db: 'prisma',
+        dbPrismaEnabled: true,
+        i18nEnabled: false,
+        proxy: 'caddy',
+      });
+
+      addModule({
+        moduleId: 'accounts',
+        targetRoot: projectRoot,
+        packageRoot,
+      });
+      addModule({
+        moduleId: 'rbac',
+        targetRoot: projectRoot,
+        packageRoot,
+      });
+
+      const scan = scanIntegrations({
+        targetRoot: projectRoot,
+        relatedModuleId: 'rbac',
+      });
+      const compatibilityGroup = scan.groups.find((group) => group.id === 'accounts-rbac');
+
+      assert.ok(compatibilityGroup);
+      assert.deepEqual(compatibilityGroup.modules, ['accounts', 'rbac']);
+    } finally {
+      fs.rmSync(targetRoot, { recursive: true, force: true });
+    }
+  });
+  it('applies logger then accounts on db/i18n-disabled scaffold without breaking health controller syntax', () => {
     const targetRoot = mkTmp('forgeon-module-jwt-nodb-noi18n-');
     const projectRoot = path.join(targetRoot, 'demo-jwt-nodb-noi18n');
     const templateRoot = path.join(packageRoot, 'templates', 'base');
@@ -2328,7 +2362,7 @@ describe('addModule', () => {
         packageRoot,
       });
       addModule({
-        moduleId: 'jwt-auth',
+        moduleId: 'accounts',
         targetRoot: projectRoot,
         packageRoot,
       });
@@ -2352,7 +2386,7 @@ describe('addModule', () => {
     }
   });
 
-  it('keeps health controller valid for add sequence jwt-auth -> logger -> swagger -> i18n -> db-prisma on db/i18n-disabled scaffold', () => {
+  it('keeps health controller valid for add sequence accounts -> logger -> swagger -> i18n -> db-prisma on db/i18n-disabled scaffold', () => {
     const targetRoot = mkTmp('forgeon-module-seq-health-valid-');
     const projectRoot = path.join(targetRoot, 'demo-seq-health-valid');
     const templateRoot = path.join(packageRoot, 'templates', 'base');
@@ -2370,7 +2404,7 @@ describe('addModule', () => {
         proxy: 'caddy',
       });
 
-      for (const moduleId of ['jwt-auth', 'logger', 'swagger', 'i18n', 'db-prisma']) {
+      for (const moduleId of ['accounts', 'logger', 'swagger', 'i18n', 'db-prisma']) {
         addModule({ moduleId, targetRoot: projectRoot, packageRoot });
       }
 
@@ -2405,9 +2439,9 @@ describe('addModule', () => {
     }
   });
 
-  it('applies swagger then jwt-auth without forcing swagger dependency in auth-api', () => {
-    const targetRoot = mkTmp('forgeon-module-jwt-swagger-');
-    const projectRoot = path.join(targetRoot, 'demo-jwt-swagger');
+  it('applies swagger then accounts without forcing swagger dependency in accounts-api', () => {
+    const targetRoot = mkTmp('forgeon-module-accounts-swagger-');
+    const projectRoot = path.join(targetRoot, 'demo-accounts-swagger');
     const templateRoot = path.join(packageRoot, 'templates', 'base');
 
     try {
@@ -2415,7 +2449,7 @@ describe('addModule', () => {
         templateRoot,
         packageRoot,
         targetRoot: projectRoot,
-        projectName: 'demo-jwt-swagger',
+        projectName: 'demo-accounts-swagger',
         frontend: 'react',
         db: 'prisma',
         dbPrismaEnabled: false,
@@ -2429,15 +2463,15 @@ describe('addModule', () => {
         packageRoot,
       });
       addModule({
-        moduleId: 'jwt-auth',
+        moduleId: 'accounts',
         targetRoot: projectRoot,
         packageRoot,
       });
 
-      const authApiPackage = JSON.parse(
-        fs.readFileSync(path.join(projectRoot, 'packages', 'auth-api', 'package.json'), 'utf8'),
+      const accountsApiPackage = JSON.parse(
+        fs.readFileSync(path.join(projectRoot, 'packages', 'accounts-api', 'package.json'), 'utf8'),
       );
-      assert.equal(Object.hasOwn(authApiPackage.dependencies ?? {}, '@nestjs/swagger'), false);
+      assert.equal(Object.hasOwn(accountsApiPackage.dependencies ?? {}, '@nestjs/swagger'), false);
     } finally {
       fs.rmSync(targetRoot, { recursive: true, force: true });
     }
@@ -2461,7 +2495,7 @@ describe('addModule', () => {
         proxy: 'caddy',
       });
 
-      for (const moduleId of ['jwt-auth', 'logger', 'swagger', 'rate-limit', 'i18n', 'db-prisma']) {
+      for (const moduleId of ['accounts', 'logger', 'swagger', 'rate-limit', 'i18n', 'db-prisma']) {
         addModule({ moduleId, targetRoot: projectRoot, packageRoot });
       }
 
@@ -2498,7 +2532,7 @@ describe('addModule', () => {
         proxy: 'caddy',
       });
 
-      for (const moduleId of ['jwt-auth', 'logger', 'rate-limit', 'rbac', 'swagger', 'i18n', 'db-prisma']) {
+      for (const moduleId of ['accounts', 'logger', 'rate-limit', 'rbac', 'swagger', 'i18n', 'db-prisma']) {
         addModule({ moduleId, targetRoot: projectRoot, packageRoot });
       }
 
@@ -2599,3 +2633,13 @@ describe('addModule', () => {
 
 
 
+
+
+
+
+
+
+
+
+
+