create-prisma-php-app 3.5.3 → 3.6.0

package/dist/.htaccess

@@ -1,38 +1,45 @@
 # Turn on rewrite engine
 RewriteEngine On
 
-# Prevent access to sensitive files
+# ------------------------------------------------------------------------------
+# Block sensitive files (Apache 2.2 + 2.4 compatible)
+# ------------------------------------------------------------------------------
 <FilesMatch "(^\.htaccess|\.git|\.env|composer\.(json|lock)|package(-lock)?\.json|phpunit\.xml)$">
+  <IfModule mod_authz_core.c>
+    Require all denied
+  </IfModule>
+  <IfModule !mod_authz_core.c>
     Order allow,deny
     Deny from all
+  </IfModule>
 </FilesMatch>
 
-# Allow cross-origin requests (CORS) for all routes
-<IfModule mod_headers.c>
-    Header set Access-Control-Allow-Origin "*"
-    Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS"
-    Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
-</IfModule>
+# ------------------------------------------------------------------------------
+# CORS: handled in PHP via Lib\Middleware\CorsMiddleware
+# (Remove any Apache-level Access-Control-* headers to avoid conflicts)
+# ------------------------------------------------------------------------------
 
-# Set Content-Type with charset UTF-8 for HTML, CSS, and JS files
+# ------------------------------------------------------------------------------
+# Content-Type with charset UTF-8 for HTML, CSS, and JS files
+# ------------------------------------------------------------------------------
 <IfModule mod_headers.c>
-    # For HTML files
-    <FilesMatch "\.(html|htm)$">
-        Header set Content-Type "text/html; charset=UTF-8"
-    </FilesMatch>
-
-    # For CSS files
-    <FilesMatch "\.(css)$">
-        Header set Content-Type "text/css; charset=UTF-8"
-    </FilesMatch>
-
-    # For JavaScript files
-    <FilesMatch "\.(js)$">
-        Header set Content-Type "application/javascript; charset=UTF-8"
-    </FilesMatch>
+  # HTML
+  <FilesMatch "\.(html|htm)$">
+    Header set Content-Type "text/html; charset=UTF-8"
+  </FilesMatch>
+  # CSS
+  <FilesMatch "\.(css)$">
+    Header set Content-Type "text/css; charset=UTF-8"
+  </FilesMatch>
+  # JS
+  <FilesMatch "\.(js)$">
+    Header set Content-Type "application/javascript; charset=UTF-8"
+  </FilesMatch>
 </IfModule>
 
-# Set Content Security Policy (CSP) headers to prevent XSS attacks while allowing CDNs
+# ------------------------------------------------------------------------------
+# Content Security Policy
+# ------------------------------------------------------------------------------
 <IfModule mod_headers.c>
   Header set Content-Security-Policy "\
     default-src 'self' https:; \
@@ -44,32 +51,38 @@ RewriteEngine On
     object-src  'none';"
 </IfModule>
 
-# Add important security headers
+# ------------------------------------------------------------------------------
+# Security headers
+# ------------------------------------------------------------------------------
 <IfModule mod_headers.c>
-    # Enforce HTTPS and prevent protocol downgrade attacks
-    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+  # HSTS (only meaningful over HTTPS)
+  Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
 
-    # Protect against Cross-Site Scripting (XSS) attacks
-    Header set X-XSS-Protection "1; mode=block"
+  # XSS Protection (legacy but harmless)
+  Header set X-XSS-Protection "1; mode=block"
 
-    # Prevent MIME-type sniffing
-    Header set X-Content-Type-Options "nosniff"
+  # Prevent MIME-type sniffing
+  Header set X-Content-Type-Options "nosniff"
 
-    # Clickjacking protection
-    Header always set X-Frame-Options "DENY"
+  # Clickjacking protection
+  Header always set X-Frame-Options "DENY"
 
-    # Set a strict Referrer Policy
-    Header set Referrer-Policy "strict-origin-when-cross-origin"
+  # Referrer Policy
+  Header set Referrer-Policy "strict-origin-when-cross-origin"
 
-    # Control browser permissions (optional but recommended)
-    Header set Permissions-Policy "geolocation=(), microphone=(), camera=(), autoplay=()"
+  # Permissions Policy (tune as needed)
+  Header set Permissions-Policy "geolocation=(), microphone=(), camera=(), autoplay=()"
 </IfModule>
 
-# Exclude static files from being redirected
+# ------------------------------------------------------------------------------
+# Preflight: route all OPTIONS to bootstrap so CorsMiddleware can reply 204
+# ------------------------------------------------------------------------------
+RewriteCond %{REQUEST_METHOD} =OPTIONS
+RewriteRule ^ bootstrap.php [QSA,L]
+
+# ------------------------------------------------------------------------------
+# Front controller: exclude static files, everything else -> bootstrap.php
+# ------------------------------------------------------------------------------
 RewriteCond %{REQUEST_URI} !\.(css|js|png|jpe?g|gif|svg|webp|woff2?|ttf|eot|ico|pdf|mp4|webm|mp3|ogg)$ [NC]
 RewriteCond %{REQUEST_URI} !^/bootstrap.php
 RewriteRule ^(.*)$ bootstrap.php [QSA,L]
-
-# Ensure OPTIONS requests are handled correctly
-RewriteCond %{REQUEST_METHOD} OPTIONS
-RewriteRule ^ - [R=200,L]

package/dist/bootstrap.php

@@ -2,14 +2,22 @@
 
 declare(strict_types=1);
 
-if (session_status() === PHP_SESSION_NONE) {
-    session_start();
-}
-
 require_once __DIR__ . '/vendor/autoload.php';
 require_once __DIR__ . '/settings/paths.php';
 
 use Dotenv\Dotenv;
+use Lib\Middleware\CorsMiddleware;
+
+// Load environment variables
+Dotenv::createImmutable(DOCUMENT_PATH)->load();
+
+// CORS must run before sessions/any output
+CorsMiddleware::handle();
+
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
 use Lib\Request;
 use Lib\PrismaPHPSettings;
 use Lib\StateManager;
@@ -56,9 +64,6 @@ final class Bootstrap extends RuntimeException
 
     public static function run(): void
     {
-        // Load environment variables
-        Dotenv::createImmutable(DOCUMENT_PATH)->load();
-
         // Set timezone
         date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'UTC');
 

package/dist/index.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import{execSync,spawnSync}from"child_process";import fs from"fs";import{fileURLToPath}from"url";import path from"path";import chalk from"chalk";import prompts from"prompts";import https from"https";import{randomBytes}from"crypto";const __filename=fileURLToPath(import.meta.url),__dirname=path.dirname(__filename);let updateAnswer=null;const nonBackendFiles=["favicon.ico","\\src\\app\\index.php","metadata.php","not-found.php","error.php"],dockerFiles=[".dockerignore","docker-compose.yml","Dockerfile","apache.conf"];function bsConfigUrls(e){const s=e.indexOf("\\htdocs\\");if(-1===s)return{bsTarget:"",bsPathRewrite:{}};const t=e.substring(0,s+"\\htdocs\\".length).replace(/\\/g,"\\\\"),n=e.replace(new RegExp(`^${t}`),"").replace(/\\/g,"/");let c=`http://localhost/${n}`;c=c.endsWith("/")?c.slice(0,-1):c;const o=c.replace(/(?<!:)(\/\/+)/g,"/"),i=n.replace(/\/\/+/g,"/");return{bsTarget:`${o}/`,bsPathRewrite:{"^/":`/${i.startsWith("/")?i.substring(1):i}/`}}}async function updatePackageJson(e,s){const t=path.join(e,"package.json");if(checkExcludeFiles(t))return;const n=JSON.parse(fs.readFileSync(t,"utf8"));n.scripts={...n.scripts,projectName:"tsx settings/project-name.ts"};let c=[];if(s.tailwindcss&&(n.scripts={...n.scripts,tailwind:"postcss src/app/css/tailwind.css -o src/app/css/styles.css --watch","tailwind:build":"postcss src/app/css/tailwind.css -o src/app/css/styles.css"},c.push("tailwind")),s.websocket&&(n.scripts={...n.scripts,websocket:"tsx settings/restart-websocket.ts"},c.push("websocket")),s.docker&&(n.scripts={...n.scripts,docker:"docker-compose up"},c.push("docker")),s.swaggerDocs){const e=s.prisma?"tsx settings/auto-swagger-docs.ts":"tsx settings/swagger-config.ts";n.scripts={...n.scripts,"create-swagger-docs":e}}let o={...n.scripts};o.browserSync="tsx settings/bs-config.ts",o["browserSync:build"]="tsx settings/build.ts",o.dev=`npm-run-all projectName -p browserSync ${c.join(" ")}`,o.build=`npm-run-all${s.tailwindcss?" tailwind:build":""} browserSync:build`,n.scripts=o,n.type="module",fs.writeFileSync(t,JSON.stringify(n,null,2))}async function updateComposerJson(e){checkExcludeFiles(path.join(e,"composer.json"))}async function updateIndexJsForWebSocket(e,s){if(!s.websocket)return;const t=path.join(e,"src","app","js","index.js");if(checkExcludeFiles(t))return;let n=fs.readFileSync(t,"utf8");n+='\n// WebSocket initialization\nvar ws = new WebSocket("ws://localhost:8080");\n',fs.writeFileSync(t,n,"utf8")}function generateAuthSecret(){return randomBytes(33).toString("base64")}function generateHexEncodedKey(e=16){return randomBytes(e).toString("hex")}function copyRecursiveSync(e,s,t){const n=fs.existsSync(e),c=n&&fs.statSync(e);if(n&&c&&c.isDirectory()){const n=s.toLowerCase();if(!t.websocket&&n.includes("src\\lib\\websocket"))return;if(t.backendOnly&&n.includes("src\\app\\js")||t.backendOnly&&n.includes("src\\app\\css")||t.backendOnly&&n.includes("src\\app\\assets"))return;if(!t.swaggerDocs&&n.includes("src\\app\\swagger-docs"))return;const c=s.replace(/\\/g,"/");if(updateAnswer?.excludeFilePath?.includes(c))return;fs.existsSync(s)||fs.mkdirSync(s,{recursive:!0}),fs.readdirSync(e).forEach((n=>{copyRecursiveSync(path.join(e,n),path.join(s,n),t)}))}else{if(checkExcludeFiles(s))return;if(!t.tailwindcss&&(s.includes("tailwind.css")||s.includes("styles.css")))return;if(!t.websocket&&(s.includes("restart-websocket.ts")||s.includes("restart-websocket.bat")))return;if(!t.docker&&dockerFiles.some((e=>s.includes(e))))return;if(t.backendOnly&&nonBackendFiles.some((e=>s.includes(e))))return;if(!t.backendOnly&&s.includes("route.php"))return;if(t.backendOnly&&!t.swaggerDocs&&s.includes("layout.php"))return;if(!t.swaggerDocs&&s.includes("swagger-config.ts"))return;if(t.tailwindcss&&s.includes("index.css"))return;if((!t.swaggerDocs||!t.prisma)&&(s.includes("auto-swagger-docs.ts")||s.includes("prisma-schema-config.json")))return;fs.copyFileSync(e,s,0)}}async function executeCopy(e,s,t){s.forEach((({src:s,dest:n})=>{copyRecursiveSync(path.join(__dirname,s),path.join(e,n),t)}))}function modifyPostcssConfig(e){const s=path.join(e,"postcss.config.js");if(checkExcludeFiles(s))return;fs.writeFileSync(s,'export default {\n  plugins: {\n    "@tailwindcss/postcss": {},\n    cssnano: {},\n  },\n};',{flag:"w"})}function modifyLayoutPHP(e,s){const t=path.join(e,"src","app","layout.php");if(!checkExcludeFiles(t))try{let e=fs.readFileSync(t,"utf8"),n="";s.backendOnly||(s.tailwindcss||(n='\n    <link href="<?= Request::baseUrl; ?>/css/index.css" rel="stylesheet" />'),n+='\n    <script src="<?= Request::baseUrl; ?>/js/morphdom-umd.min.js"><\/script>\n    <script src="<?= Request::baseUrl; ?>/js/json5.min.js"><\/script>\n    <script src="<?= Request::baseUrl; ?>/js/index.js"><\/script>');let c="";s.backendOnly||(c=s.tailwindcss?`    <link href="<?= Request::baseUrl; ?>/css/styles.css" rel="stylesheet" /> ${n}`:n),e=e.replace("</head>",`${c}\n</head>`),fs.writeFileSync(t,e,{flag:"w"})}catch(e){}}async function createOrUpdateEnvFile(e,s){const t=path.join(e,".env");checkExcludeFiles(t)||fs.writeFileSync(t,s,{flag:"w"})}function checkExcludeFiles(e){return!!updateAnswer?.isUpdate&&(updateAnswer?.excludeFilePath?.includes(e.replace(/\\/g,"/"))??!1)}async function createDirectoryStructure(e,s){const t=[{src:"/bootstrap.php",dest:"/bootstrap.php"},{src:"/.htaccess",dest:"/.htaccess"},{src:"/tsconfig.json",dest:"/tsconfig.json"},{src:"/app-gitignore",dest:"/.gitignore"}];s.tailwindcss&&t.push({src:"/postcss.config.js",dest:"/postcss.config.js"});const n=[{src:"/settings",dest:"/settings"},{src:"/src",dest:"/src"}];s.docker&&n.push({src:"/.dockerignore",dest:"/.dockerignore"},{src:"/docker-compose.yml",dest:"/docker-compose.yml"},{src:"/Dockerfile",dest:"/Dockerfile"},{src:"/apache.conf",dest:"/apache.conf"}),t.forEach((({src:s,dest:t})=>{const n=path.join(__dirname,s),c=path.join(e,t);if(checkExcludeFiles(c))return;const o=fs.readFileSync(n,"utf8");fs.writeFileSync(c,o,{flag:"w"})})),await executeCopy(e,n,s),await updatePackageJson(e,s),await updateComposerJson(e),s.backendOnly||await updateIndexJsForWebSocket(e,s),s.tailwindcss&&modifyPostcssConfig(e),(s.tailwindcss||!s.backendOnly||s.swaggerDocs)&&modifyLayoutPHP(e,s);const c=generateAuthSecret(),o=generateHexEncodedKey(),i=`# Authentication secret key for JWT or session encryption.\nAUTH_SECRET="${c}"\n# Name of the authentication cookie.\nAUTH_COOKIE_NAME="${generateHexEncodedKey(8)}"\n\n# PHPMailer SMTP configuration (uncomment and set as needed)\n# SMTP_HOST="smtp.gmail.com"           # Your SMTP host\n# SMTP_USERNAME="john.doe@gmail.com"   # Your SMTP username\n# SMTP_PASSWORD="123456"               # Your SMTP password\n# SMTP_PORT="587"                      # 587 for TLS, 465 for SSL, or your SMTP port\n# SMTP_ENCRYPTION="ssl"                # ssl or tls\n# MAIL_FROM="john.doe@gmail.com"       # Sender email address\n# MAIL_FROM_NAME="John Doe"            # Sender name\n\n# Show errors in the browser (development only). Set to false in production.\nSHOW_ERRORS="true"\n\n# Application timezone (default: UTC)\nAPP_TIMEZONE="UTC"\n\n# Application environment (development or production)\nAPP_ENV="development"\n\n# Enable or disable application cache (default: false)\nCACHE_ENABLED="false"\n# Cache time-to-live in seconds (default: 600)\nCACHE_TTL="600"\n\n# Local storage key for browser storage (auto-generated if not set).\n# Spaces will be replaced with underscores and converted to lowercase.\nLOCALSTORE_KEY="${o}"\n\n# Secret key for encrypting function calls.\nFUNCTION_CALL_SECRET="${generateHexEncodedKey(32)}"`;if(s.prisma){const s=`${'# Environment variables declared in this file are automatically made available to Prisma.\n# See the documentation for more detail: https://pris.ly/d/prisma-schema#accessing-environment-variables-from-the-schema\n\n# Prisma supports the native connection string format for PostgreSQL, MySQL, SQLite, SQL Server, MongoDB and CockroachDB.\n# See the documentation for all the connection string options: https://pris.ly/d/connection-strings\n\nDATABASE_URL="postgresql://johndoe:randompassword@localhost:5432/mydb?schema=public"'}\n\n${i}`;await createOrUpdateEnvFile(e,s)}else await createOrUpdateEnvFile(e,i)}async function getAnswer(e={}){const s=[];e.projectName||s.push({type:"text",name:"projectName",message:"What is your project named?",initial:"my-app"}),e.backendOnly||updateAnswer?.isUpdate||s.push({type:"toggle",name:"backendOnly",message:`Would you like to create a ${chalk.blue("backend-only project")}?`,initial:!1,active:"Yes",inactive:"No"});const t=()=>{process.exit(0)},n=await prompts(s,{onCancel:t}),c=[];n.backendOnly??e.backendOnly??!1?(e.swaggerDocs||c.push({type:"toggle",name:"swaggerDocs",message:`Would you like to use ${chalk.blue("Swagger Docs")}?`,initial:!1,active:"Yes",inactive:"No"}),e.websocket||c.push({type:"toggle",name:"websocket",message:`Would you like to use ${chalk.blue("Websocket")}?`,initial:!1,active:"Yes",inactive:"No"}),e.prisma||c.push({type:"toggle",name:"prisma",message:`Would you like to use ${chalk.blue("Prisma PHP ORM")}?`,initial:!1,active:"Yes",inactive:"No"}),e.docker||c.push({type:"toggle",name:"docker",message:`Would you like to use ${chalk.blue("Docker")}?`,initial:!1,active:"Yes",inactive:"No"})):(e.swaggerDocs||c.push({type:"toggle",name:"swaggerDocs",message:`Would you like to use ${chalk.blue("Swagger Docs")}?`,initial:!1,active:"Yes",inactive:"No"}),e.tailwindcss||c.push({type:"toggle",name:"tailwindcss",message:`Would you like to use ${chalk.blue("Tailwind CSS")}?`,initial:!1,active:"Yes",inactive:"No"}),e.websocket||c.push({type:"toggle",name:"websocket",message:`Would you like to use ${chalk.blue("Websocket")}?`,initial:!1,active:"Yes",inactive:"No"}),e.prisma||c.push({type:"toggle",name:"prisma",message:`Would you like to use ${chalk.blue("Prisma PHP ORM")}?`,initial:!1,active:"Yes",inactive:"No"}),e.docker||c.push({type:"toggle",name:"docker",message:`Would you like to use ${chalk.blue("Docker")}?`,initial:!1,active:"Yes",inactive:"No"}));const o=await prompts(c,{onCancel:t});return{projectName:n.projectName?String(n.projectName).trim().replace(/ /g,"-"):e.projectName??"my-app",backendOnly:n.backendOnly??e.backendOnly??!1,swaggerDocs:o.swaggerDocs??e.swaggerDocs??!1,tailwindcss:o.tailwindcss??e.tailwindcss??!1,websocket:o.websocket??e.websocket??!1,prisma:o.prisma??e.prisma??!1,docker:o.docker??e.docker??!1}}async function uninstallNpmDependencies(e,s,t=!1){s.forEach((e=>{}));const n=`npm uninstall ${t?"--save-dev":"--save"} ${s.join(" ")}`;execSync(n,{stdio:"inherit",cwd:e})}async function uninstallComposerDependencies(e,s){s.forEach((e=>{}));const t=`C:\\xampp\\php\\php.exe C:\\ProgramData\\ComposerSetup\\bin\\composer.phar remove ${s.join(" ")}`;execSync(t,{stdio:"inherit",cwd:e})}function fetchPackageVersion(e){return new Promise(((s,t)=>{https.get(`https://registry.npmjs.org/${e}`,(e=>{let n="";e.on("data",(e=>n+=e)),e.on("end",(()=>{try{const e=JSON.parse(n);s(e["dist-tags"].latest)}catch(e){t(new Error("Failed to parse JSON response"))}}))})).on("error",(e=>t(e)))}))}const readJsonFile=e=>{const s=fs.readFileSync(e,"utf8");return JSON.parse(s)};function compareVersions(e,s){const t=e.split(".").map(Number),n=s.split(".").map(Number);for(let e=0;e<t.length;e++){if(t[e]>n[e])return 1;if(t[e]<n[e])return-1}return 0}function getInstalledPackageVersion(e){try{const s=execSync(`npm list -g ${e} --depth=0`).toString().match(new RegExp(`${e}@(\\d+\\.\\d+\\.\\d+)`));return s?s[1]:null}catch(e){return null}}
+import{execSync,spawnSync}from"child_process";import fs from"fs";import{fileURLToPath}from"url";import path from"path";import chalk from"chalk";import prompts from"prompts";import https from"https";import{randomBytes}from"crypto";const __filename=fileURLToPath(import.meta.url),__dirname=path.dirname(__filename);let updateAnswer=null;const nonBackendFiles=["favicon.ico","\\src\\app\\index.php","metadata.php","not-found.php","error.php"],dockerFiles=[".dockerignore","docker-compose.yml","Dockerfile","apache.conf"];function bsConfigUrls(e){const s=e.indexOf("\\htdocs\\");if(-1===s)return{bsTarget:"",bsPathRewrite:{}};const t=e.substring(0,s+"\\htdocs\\".length).replace(/\\/g,"\\\\"),n=e.replace(new RegExp(`^${t}`),"").replace(/\\/g,"/");let c=`http://localhost/${n}`;c=c.endsWith("/")?c.slice(0,-1):c;const o=c.replace(/(?<!:)(\/\/+)/g,"/"),i=n.replace(/\/\/+/g,"/");return{bsTarget:`${o}/`,bsPathRewrite:{"^/":`/${i.startsWith("/")?i.substring(1):i}/`}}}async function updatePackageJson(e,s){const t=path.join(e,"package.json");if(checkExcludeFiles(t))return;const n=JSON.parse(fs.readFileSync(t,"utf8"));n.scripts={...n.scripts,projectName:"tsx settings/project-name.ts"};let c=[];if(s.tailwindcss&&(n.scripts={...n.scripts,tailwind:"postcss src/app/css/tailwind.css -o src/app/css/styles.css --watch","tailwind:build":"postcss src/app/css/tailwind.css -o src/app/css/styles.css"},c.push("tailwind")),s.websocket&&(n.scripts={...n.scripts,websocket:"tsx settings/restart-websocket.ts"},c.push("websocket")),s.mcp&&(n.scripts={...n.scripts,mcp:"tsx settings/restart-mcp.ts"},c.push("mcp")),s.docker&&(n.scripts={...n.scripts,docker:"docker-compose up"},c.push("docker")),s.swaggerDocs){const e=s.prisma?"tsx settings/auto-swagger-docs.ts":"tsx settings/swagger-config.ts";n.scripts={...n.scripts,"create-swagger-docs":e}}let o={...n.scripts};o.browserSync="tsx settings/bs-config.ts",o["browserSync:build"]="tsx settings/build.ts",o.dev=`npm-run-all projectName -p browserSync ${c.join(" ")}`,o.build=`npm-run-all${s.tailwindcss?" tailwind:build":""} browserSync:build`,n.scripts=o,n.type="module",fs.writeFileSync(t,JSON.stringify(n,null,2))}async function updateComposerJson(e){checkExcludeFiles(path.join(e,"composer.json"))}async function updateIndexJsForWebSocket(e,s){if(!s.websocket)return;const t=path.join(e,"src","app","js","index.js");if(checkExcludeFiles(t))return;let n=fs.readFileSync(t,"utf8");n+='\n// WebSocket initialization\nvar ws = new WebSocket("ws://localhost:8080");\n',fs.writeFileSync(t,n,"utf8")}function generateAuthSecret(){return randomBytes(33).toString("base64")}function generateHexEncodedKey(e=16){return randomBytes(e).toString("hex")}function copyRecursiveSync(e,s,t){const n=fs.existsSync(e),c=n&&fs.statSync(e);if(n&&c&&c.isDirectory()){const n=s.toLowerCase();if(!t.websocket&&n.includes("src\\lib\\websocket"))return;if(!t.mcp&&n.includes("src\\lib\\mcp"))return;if(t.backendOnly&&n.includes("src\\app\\js")||t.backendOnly&&n.includes("src\\app\\css")||t.backendOnly&&n.includes("src\\app\\assets"))return;if(!t.swaggerDocs&&n.includes("src\\app\\swagger-docs"))return;const c=s.replace(/\\/g,"/");if(updateAnswer?.excludeFilePath?.includes(c))return;fs.existsSync(s)||fs.mkdirSync(s,{recursive:!0}),fs.readdirSync(e).forEach((n=>{copyRecursiveSync(path.join(e,n),path.join(s,n),t)}))}else{if(checkExcludeFiles(s))return;if(!t.tailwindcss&&(s.includes("tailwind.css")||s.includes("styles.css")))return;if(!t.websocket&&s.includes("restart-websocket.ts"))return;if(!t.mcp&&s.includes("restart-mcp.ts"))return;if(!t.docker&&dockerFiles.some((e=>s.includes(e))))return;if(t.backendOnly&&nonBackendFiles.some((e=>s.includes(e))))return;if(!t.backendOnly&&s.includes("route.php"))return;if(t.backendOnly&&!t.swaggerDocs&&s.includes("layout.php"))return;if(!t.swaggerDocs&&s.includes("swagger-config.ts"))return;if(t.tailwindcss&&s.includes("index.css"))return;if((!t.swaggerDocs||!t.prisma)&&(s.includes("auto-swagger-docs.ts")||s.includes("prisma-schema-config.json")))return;fs.copyFileSync(e,s,0)}}async function executeCopy(e,s,t){s.forEach((({src:s,dest:n})=>{copyRecursiveSync(path.join(__dirname,s),path.join(e,n),t)}))}function modifyPostcssConfig(e){const s=path.join(e,"postcss.config.js");if(checkExcludeFiles(s))return;fs.writeFileSync(s,'export default {\n  plugins: {\n    "@tailwindcss/postcss": {},\n    cssnano: {},\n  },\n};',{flag:"w"})}function modifyLayoutPHP(e,s){const t=path.join(e,"src","app","layout.php");if(!checkExcludeFiles(t))try{let e=fs.readFileSync(t,"utf8"),n="";s.backendOnly||(s.tailwindcss||(n='\n    <link href="<?= Request::baseUrl; ?>/css/index.css" rel="stylesheet" />'),n+='\n    <script src="<?= Request::baseUrl; ?>/js/morphdom-umd.min.js"><\/script>\n    <script src="<?= Request::baseUrl; ?>/js/json5.min.js"><\/script>\n    <script src="<?= Request::baseUrl; ?>/js/index.js"><\/script>');let c="";s.backendOnly||(c=s.tailwindcss?`    <link href="<?= Request::baseUrl; ?>/css/styles.css" rel="stylesheet" /> ${n}`:n),e=e.replace("</head>",`${c}\n</head>`),fs.writeFileSync(t,e,{flag:"w"})}catch(e){}}async function createOrUpdateEnvFile(e,s){const t=path.join(e,".env");checkExcludeFiles(t)||fs.writeFileSync(t,s,{flag:"w"})}function checkExcludeFiles(e){return!!updateAnswer?.isUpdate&&(updateAnswer?.excludeFilePath?.includes(e.replace(/\\/g,"/"))??!1)}async function createDirectoryStructure(e,s){const t=[{src:"/bootstrap.php",dest:"/bootstrap.php"},{src:"/.htaccess",dest:"/.htaccess"},{src:"/tsconfig.json",dest:"/tsconfig.json"},{src:"/app-gitignore",dest:"/.gitignore"}];s.tailwindcss&&t.push({src:"/postcss.config.js",dest:"/postcss.config.js"});const n=[{src:"/settings",dest:"/settings"},{src:"/src",dest:"/src"}];s.docker&&n.push({src:"/.dockerignore",dest:"/.dockerignore"},{src:"/docker-compose.yml",dest:"/docker-compose.yml"},{src:"/Dockerfile",dest:"/Dockerfile"},{src:"/apache.conf",dest:"/apache.conf"}),t.forEach((({src:s,dest:t})=>{const n=path.join(__dirname,s),c=path.join(e,t);if(checkExcludeFiles(c))return;const o=fs.readFileSync(n,"utf8");fs.writeFileSync(c,o,{flag:"w"})})),await executeCopy(e,n,s),await updatePackageJson(e,s),await updateComposerJson(e),s.backendOnly||await updateIndexJsForWebSocket(e,s),s.tailwindcss&&modifyPostcssConfig(e),(s.tailwindcss||!s.backendOnly||s.swaggerDocs)&&modifyLayoutPHP(e,s);const c=generateAuthSecret(),o=generateHexEncodedKey(),i=`# Authentication secret key for JWT or session encryption.\nAUTH_SECRET="${c}"\n# Name of the authentication cookie.\nAUTH_COOKIE_NAME="${generateHexEncodedKey(8)}"\n\n# PHPMailer SMTP configuration (uncomment and set as needed)\n# SMTP_HOST="smtp.gmail.com"           # Your SMTP host\n# SMTP_USERNAME="john.doe@gmail.com"   # Your SMTP username\n# SMTP_PASSWORD="123456"               # Your SMTP password\n# SMTP_PORT="587"                      # 587 for TLS, 465 for SSL, or your SMTP port\n# SMTP_ENCRYPTION="ssl"                # ssl or tls\n# MAIL_FROM="john.doe@gmail.com"       # Sender email address\n# MAIL_FROM_NAME="John Doe"            # Sender name\n\n# Show errors in the browser (development only). Set to false in production.\nSHOW_ERRORS="true"\n\n# Application timezone (default: UTC)\nAPP_TIMEZONE="UTC"\n\n# Application environment (development or production)\nAPP_ENV="development"\n\n# Enable or disable application cache (default: false)\nCACHE_ENABLED="false"\n# Cache time-to-live in seconds (default: 600)\nCACHE_TTL="600"\n\n# Local storage key for browser storage (auto-generated if not set).\n# Spaces will be replaced with underscores and converted to lowercase.\nLOCALSTORE_KEY="${o}"\n\n# Secret key for encrypting function calls.\nFUNCTION_CALL_SECRET="${generateHexEncodedKey(32)}"\n\n# Single or multiple origins (CSV or JSON array)\nCORS_ALLOWED_ORIGINS=[]\n\n# If you need cookies/Authorization across origins, keep this true\nCORS_ALLOW_CREDENTIALS="true"\n\n# Optional tuning\nCORS_ALLOWED_METHODS="GET,POST,PUT,PATCH,DELETE,OPTIONS"\nCORS_ALLOWED_HEADERS="Content-Type,Authorization,X-Requested-With"\nCORS_EXPOSE_HEADERS=""\nCORS_MAX_AGE="86400"`;if(s.prisma){const s=`${'# Environment variables declared in this file are automatically made available to Prisma.\n# See the documentation for more detail: https://pris.ly/d/prisma-schema#accessing-environment-variables-from-the-schema\n\n# Prisma supports the native connection string format for PostgreSQL, MySQL, SQLite, SQL Server, MongoDB and CockroachDB.\n# See the documentation for all the connection string options: https://pris.ly/d/connection-strings\n\nDATABASE_URL="postgresql://johndoe:randompassword@localhost:5432/mydb?schema=public"'}\n\n${i}`;await createOrUpdateEnvFile(e,s)}else await createOrUpdateEnvFile(e,i)}async function getAnswer(e={}){const s=[];e.projectName||s.push({type:"text",name:"projectName",message:"What is your project named?",initial:"my-app"}),e.backendOnly||updateAnswer?.isUpdate||s.push({type:"toggle",name:"backendOnly",message:`Would you like to create a ${chalk.blue("backend-only project")}?`,initial:!1,active:"Yes",inactive:"No"});const t=()=>{process.exit(0)},n=await prompts(s,{onCancel:t}),c=[];n.backendOnly??e.backendOnly??!1?(e.swaggerDocs||c.push({type:"toggle",name:"swaggerDocs",message:`Would you like to use ${chalk.blue("Swagger Docs")}?`,initial:!1,active:"Yes",inactive:"No"}),e.websocket||c.push({type:"toggle",name:"websocket",message:`Would you like to use ${chalk.blue("Websocket")}?`,initial:!1,active:"Yes",inactive:"No"}),e.mcp||c.push({type:"toggle",name:"mcp",message:`Would you like to use ${chalk.blue("MCP (Model Context Protocol)")}?`,initial:!1,active:"Yes",inactive:"No"}),e.prisma||c.push({type:"toggle",name:"prisma",message:`Would you like to use ${chalk.blue("Prisma PHP ORM")}?`,initial:!1,active:"Yes",inactive:"No"}),e.docker||c.push({type:"toggle",name:"docker",message:`Would you like to use ${chalk.blue("Docker")}?`,initial:!1,active:"Yes",inactive:"No"})):(e.swaggerDocs||c.push({type:"toggle",name:"swaggerDocs",message:`Would you like to use ${chalk.blue("Swagger Docs")}?`,initial:!1,active:"Yes",inactive:"No"}),e.tailwindcss||c.push({type:"toggle",name:"tailwindcss",message:`Would you like to use ${chalk.blue("Tailwind CSS")}?`,initial:!1,active:"Yes",inactive:"No"}),e.websocket||c.push({type:"toggle",name:"websocket",message:`Would you like to use ${chalk.blue("Websocket")}?`,initial:!1,active:"Yes",inactive:"No"}),e.mcp||c.push({type:"toggle",name:"mcp",message:`Would you like to use ${chalk.blue("MCP (Model Context Protocol)")}?`,initial:!1,active:"Yes",inactive:"No"}),e.prisma||c.push({type:"toggle",name:"prisma",message:`Would you like to use ${chalk.blue("Prisma PHP ORM")}?`,initial:!1,active:"Yes",inactive:"No"}),e.docker||c.push({type:"toggle",name:"docker",message:`Would you like to use ${chalk.blue("Docker")}?`,initial:!1,active:"Yes",inactive:"No"}));const o=await prompts(c,{onCancel:t});return{projectName:n.projectName?String(n.projectName).trim().replace(/ /g,"-"):e.projectName??"my-app",backendOnly:n.backendOnly??e.backendOnly??!1,swaggerDocs:o.swaggerDocs??e.swaggerDocs??!1,tailwindcss:o.tailwindcss??e.tailwindcss??!1,websocket:o.websocket??e.websocket??!1,mcp:o.mcp??e.mcp??!1,prisma:o.prisma??e.prisma??!1,docker:o.docker??e.docker??!1}}async function uninstallNpmDependencies(e,s,t=!1){s.forEach((e=>{}));const n=`npm uninstall ${t?"--save-dev":"--save"} ${s.join(" ")}`;execSync(n,{stdio:"inherit",cwd:e})}async function uninstallComposerDependencies(e,s){s.forEach((e=>{}));const t=`C:\\xampp\\php\\php.exe C:\\ProgramData\\ComposerSetup\\bin\\composer.phar remove ${s.join(" ")}`;execSync(t,{stdio:"inherit",cwd:e})}function fetchPackageVersion(e){return new Promise(((s,t)=>{https.get(`https://registry.npmjs.org/${e}`,(e=>{let n="";e.on("data",(e=>n+=e)),e.on("end",(()=>{try{const e=JSON.parse(n);s(e["dist-tags"].latest)}catch(e){t(new Error("Failed to parse JSON response"))}}))})).on("error",(e=>t(e)))}))}const readJsonFile=e=>{const s=fs.readFileSync(e,"utf8");return JSON.parse(s)};function compareVersions(e,s){const t=e.split(".").map(Number),n=s.split(".").map(Number);for(let e=0;e<t.length;e++){if(t[e]>n[e])return 1;if(t[e]<n[e])return-1}return 0}function getInstalledPackageVersion(e){try{const s=execSync(`npm list -g ${e} --depth=0`).toString().match(new RegExp(`${e}@(\\d+\\.\\d+\\.\\d+)`));return s?s[1]:null}catch(e){return null}}
 /**
  * Install dependencies in the specified directory.
  * @param {string} baseDir - The base directory where to install the dependencies.
@@ -140,7 +140,6 @@ const npmPinnedVersions = {
   "@types/prompts": "^2.4.9",
   "browser-sync": "^3.0.4",
   chalk: "^5.5.0",
-  "chokidar-cli": "^3.0.0",
   cssnano: "^7.1.0",
   "http-proxy-middleware": "^3.0.5",
   "npm-run-all": "^4.1.5",
@@ -165,6 +164,7 @@ const composerPinnedVersions = {
   "brick/math": "^0.13.1",
   "cboden/ratchet": "^0.4.4",
   "tsnc/prisma-php": "^1.0.0",
+  "php-mcp/server": "3.3.0",
 };
 function composerPkg(name) {
   return composerPinnedVersions[name]
@@ -196,6 +196,7 @@ async function main() {
           swaggerDocs: localSettings.swaggerDocs,
           tailwindcss: localSettings.tailwindcss,
           websocket: localSettings.websocket,
+          mcp: localSettings.mcp,
           prisma: localSettings.prisma,
           docker: localSettings.docker,
           isUpdate: true,
@@ -215,6 +216,7 @@ async function main() {
           websocket: args.includes("--websocket") || localSettings.websocket,
           prisma: args.includes("--prisma") || localSettings.prisma,
           docker: args.includes("--docker") || localSettings.docker,
+          mcp: args.includes("--mcp") || localSettings.mcp,
         };
         answer = await getAnswer(predefinedAnswers);
         // IMPORTANT: Update updateAnswer with the NEW answer after getting user input
@@ -225,6 +227,7 @@ async function main() {
             swaggerDocs: answer.swaggerDocs,
             tailwindcss: answer.tailwindcss,
             websocket: answer.websocket,
+            mcp: answer.mcp,
             prisma: answer.prisma,
             docker: answer.docker,
             isUpdate: true,
@@ -239,6 +242,7 @@ async function main() {
         let useSwaggerDocs = args.includes("--swagger-docs");
         let useTailwind = args.includes("--tailwindcss");
         let useWebsocket = args.includes("--websocket");
+        let useMcp = args.includes("--mcp");
         let usePrisma = args.includes("--prisma");
         let useDocker = args.includes("--docker");
         const predefinedAnswers = {
@@ -247,6 +251,7 @@ async function main() {
           swaggerDocs: useSwaggerDocs,
           tailwindcss: useTailwind,
           websocket: useWebsocket,
+          mcp: useMcp,
           prisma: usePrisma,
           docker: useDocker,
         };
@@ -334,9 +339,11 @@ async function main() {
       );
     }
     if (answer.websocket) {
-      npmDependencies.push(npmPkg("chokidar-cli"));
       composerDependencies.push("cboden/ratchet");
     }
+    if (answer.mcp) {
+      composerDependencies.push("php-mcp/server");
+    }
     if (answer.prisma) {
       execSync("npm install -g prisma-client-php", { stdio: "inherit" });
     }
@@ -489,10 +496,7 @@ async function main() {
         });
       }
       if (!updateAnswer.websocket) {
-        const websocketFiles = [
-          "restart-websocket.ts",
-          "restart-websocket.bat",
-        ];
+        const websocketFiles = ["restart-websocket.ts"];
         websocketFiles.forEach((file) => {
           const filePath = path.join(projectPath, "settings", file);
           if (fs.existsSync(filePath)) {
@@ -510,14 +514,30 @@ async function main() {
           fs.rmSync(websocketFolder, { recursive: true, force: true });
           console.log(`Websocket folder was deleted successfully.`);
         }
-        // Only add to uninstall list if packages are actually installed
-        if (isNpmPackageInstalled("chokidar-cli")) {
-          updateUninstallNpmDependencies.push("chokidar-cli");
-        }
+        // composer package for websocket only
         if (isComposerPackageInstalled("cboden/ratchet")) {
           updateUninstallComposerDependencies.push("cboden/ratchet");
         }
       }
+      if (!updateAnswer.mcp) {
+        const mcpFiles = ["restart-mcp.ts"];
+        mcpFiles.forEach((file) => {
+          const filePath = path.join(projectPath, "settings", file);
+          if (fs.existsSync(filePath)) {
+            fs.unlinkSync(filePath);
+            console.log(`${file} was deleted successfully.`);
+          }
+        });
+        const mcpFolder = path.join(projectPath, "src", "Lib", "MCP");
+        if (fs.existsSync(mcpFolder)) {
+          fs.rmSync(mcpFolder, { recursive: true, force: true });
+          console.log(`MCP folder was deleted successfully.`);
+        }
+        // composer package for MCP only
+        if (isComposerPackageInstalled("php-mcp/server")) {
+          updateUninstallComposerDependencies.push("php-mcp/server");
+        }
+      }
       if (!updateAnswer.prisma) {
         const prismaPackages = [
           "prisma",
@@ -546,28 +566,18 @@ async function main() {
         });
       }
       // Only uninstall if there are packages to uninstall
-      if (updateUninstallNpmDependencies.length > 0) {
-        console.log(
-          `Uninstalling npm packages: ${updateUninstallNpmDependencies.join(
-            ", "
-          )}`
-        );
-        await uninstallNpmDependencies(
-          projectPath,
-          updateUninstallNpmDependencies,
-          true
-        );
+      const uniq = (arr) => Array.from(new Set(arr));
+      const npmToUninstall = uniq(updateUninstallNpmDependencies);
+      const composerToUninstall = uniq(updateUninstallComposerDependencies);
+      if (npmToUninstall.length > 0) {
+        console.log(`Uninstalling npm packages: ${npmToUninstall.join(", ")}`);
+        await uninstallNpmDependencies(projectPath, npmToUninstall, true);
       }
-      if (updateUninstallComposerDependencies.length > 0) {
+      if (composerToUninstall.length > 0) {
         console.log(
-          `Uninstalling composer packages: ${updateUninstallComposerDependencies.join(
-            ", "
-          )}`
-        );
-        await uninstallComposerDependencies(
-          projectPath,
-          updateUninstallComposerDependencies
+          `Uninstalling composer packages: ${composerToUninstall.join(", ")}`
         );
+        await uninstallComposerDependencies(projectPath, composerToUninstall);
       }
     }
     const projectPathModified = projectPath.replace(/\\/g, "\\");
@@ -583,6 +593,7 @@ async function main() {
       swaggerDocs: answer.swaggerDocs,
       tailwindcss: answer.tailwindcss,
       websocket: answer.websocket,
+      mcp: answer.mcp,
       prisma: answer.prisma,
       docker: answer.docker,
       version: latestVersionOfCreatePrismaPhpApp,