create-rebe 1.0.0

package/template/docs/Hooks.md

@@ -0,0 +1,48 @@
+# Hooks API
+
+`@core/hooks.core` runs application lifecycle hooks at fixed points during boot and
+shutdown. Handlers live in `app/hooks/register.hook.js`.
+
+```js
+const Hooks = require('@core/hooks.core')
+```
+
+## Stages
+
+| Stage      | When                                    | Failure behavior           |
+| ---------- | --------------------------------------- | -------------------------- |
+| `before`   | config loaded, services not started yet | thrown error aborts boot   |
+| `after`    | HTTP server is listening                | thrown error aborts boot   |
+| `shutdown` | SIGINT/SIGTERM received                 | logged; shutdown continues |
+
+Each handler receives a context object (`{ config }`).
+
+## Methods
+
+| Method                                         | Notes                          |
+| ---------------------------------------------- | ------------------------------ |
+| `before(ctx)` / `after(ctx)` / `shutdown(ctx)` | run a single stage             |
+| `run(stage, ctx)`                              | run an arbitrary stage by name |
+
+These are invoked by `bootstrap.core`; you rarely call them directly.
+
+## register.hook.js
+
+```js
+'use strict'
+
+module.exports = {
+	async before(ctx) {
+		// warm caches, assert external services are reachable
+	},
+	async after(ctx) {
+		// emit "ready", register health probes
+	},
+	async shutdown(ctx) {
+		// flush buffers, close third-party clients
+	},
+}
+```
+
+The file is optional — if absent, all stages are no-ops. Every declared key must be
+a function or the loader throws a clear error.

package/template/docs/Jwt.md

@@ -0,0 +1,63 @@
+# Jwt API
+
+`@core/jwt.core` wraps `jsonwebtoken` with separate access and refresh secrets. The
+signing algorithm is pinned to **HS256** on both sign and verify, which rejects
+forged tokens that use `none` or a swapped algorithm.
+
+```js
+const Jwt = require('@core/jwt.core')
+```
+
+## Methods
+
+| Method                           | Returns                                               | Notes                                      |
+| -------------------------------- | ----------------------------------------------------- | ------------------------------------------ |
+| `sign(payload, options?)`        | token string                                          | uses `JWT_SECRET`, `expiresIn` from config |
+| `verify(token, options?)`        | decoded payload                                       | throws on invalid/expired                  |
+| `signRefresh(payload, options?)` | token string                                          | uses `JWT_REFRESH_SECRET`                  |
+| `verifyRefresh(token, options?)` | decoded payload                                       | throws on invalid/expired                  |
+| `issue(payload)`                 | `{ accessToken, refreshToken, tokenType, expiresIn }` | issues a pair                              |
+| `tryVerify(token)`               | `{ valid, payload, error }`                           | non-throwing                               |
+| `decode(token, options?)`        | payload \| null                                       | no signature check                         |
+| `expiresAt(token)`               | `Date` \| null                                        | from `exp` claim                           |
+| `isExpired(token)`               | boolean                                               | true when no `exp` or already past         |
+| `fromHeader(authHeader)`         | token \| null                                         | parses `Bearer <token>`                    |
+
+`sign`/`verify` throw if the corresponding secret is not configured.
+
+## Examples
+
+Issue tokens on login:
+
+```js
+const tokens = Jwt.issue({ sub: user.id, email: user.email })
+res.json({ status: true, code: 200, message: 'OK', data: tokens, meta: null })
+```
+
+Protect a route (see `app/http/middlewares/auth.middleware.js`):
+
+```js
+const token = Jwt.fromHeader(req.headers.authorization)
+const { valid, payload } = Jwt.tryVerify(token)
+if (!valid) return res.status(401).json({ status: false, code: 401, message: 'Invalid token', data: null, meta: null })
+req.user = payload
+```
+
+Refresh flow:
+
+```js
+const { sub } = Jwt.verifyRefresh(refreshToken)
+const fresh = Jwt.issue({ sub })
+```
+
+## Configuration
+
+`JWT_SECRET`, `JWT_EXPIRES_IN` (`1d`), `JWT_REFRESH_SECRET`,
+`JWT_REFRESH_EXPIRES_IN` (`7d`). Generate secrets with
+`npm run cli -- key:jwt` and `npm run cli -- key:jwt --refresh`.
+
+## Security notes
+
+- Keep the access TTL short; use refresh tokens for renewal.
+- Put only non-sensitive claims in the payload (it is base64, not encrypted).
+- Rotating `JWT_SECRET` invalidates all existing access tokens.

package/template/docs/Logger.md

@@ -0,0 +1,60 @@
+# Logger API
+
+`@core/logger.core` exports a ready-to-use Winston instance (not a class). It writes
+a colored console line plus daily-rotating files (`combined-%DATE%.log` and
+`error-%DATE%.log`) under `LOG_FILE` (default `logs/`).
+
+```js
+const logger = require('@core/logger.core')
+```
+
+## Levels (lowest → highest priority)
+
+```js
+logger.silly('most verbose, development only')
+logger.debug('debug info, query params, ...')
+logger.verbose('more detail than info')
+logger.http('request/response logging')
+logger.info('normal application flow')
+logger.warn('non-critical anomaly')
+logger.error('critical failure')
+```
+
+## Metadata and errors
+
+```js
+logger.info('User login', { userId: 1, ip: '127.0.0.1' })
+
+// Pass an Error so the stack is captured (errors({ stack: true }) is enabled):
+logger.error(new Error('Something went wrong'))
+logger.error('DB connect failed', new Error('ECONNREFUSED'))
+
+// Dynamic level:
+logger.log({ level: 'info', message: 'custom level call' })
+```
+
+## What is shown
+
+Output depends on `LOG_LEVEL`:
+
+```
+LOG_LEVEL=silly   -> everything
+LOG_LEVEL=debug   -> debug and above (no silly)
+LOG_LEVEL=http    -> http and above
+LOG_LEVEL=info    -> info, warn, error
+LOG_LEVEL=warn    -> warn, error
+LOG_LEVEL=error   -> error only
+```
+
+In production (`APP_ENV=production`) a console filter additionally blocks `error`,
+`warn`, and `debug` from the console, so the console effectively shows `info`,
+`http`, and `verbose`. All levels are still written to the rotating log files.
+
+## Configuration
+
+| Env             | Default | Meaning                         |
+| --------------- | ------- | ------------------------------- |
+| `LOG_LEVEL`     | `debug` | minimum level emitted           |
+| `LOG_FILE`      | `logs`  | output directory                |
+| `LOG_MAX_SIZE`  | `20m`   | rotate when a file exceeds this |
+| `LOG_MAX_FILES` | `14d`   | retention window                |

package/template/docs/Mailer.md

@@ -0,0 +1,50 @@
+# Mailer API
+
+`@core/mailer.core` wraps `nodemailer`. The SMTP transport is created lazily and
+cached. When `MAIL_ENABLED=false`, `send()` is a safe no-op so application code never
+has to branch on the toggle.
+
+```js
+const Mailer = require('@core/mailer.core')
+```
+
+## Methods
+
+| Method          | Returns                                 | Notes                                                           |
+| --------------- | --------------------------------------- | --------------------------------------------------------------- |
+| `send(message)` | nodemailer info, or `{ skipped: true }` | `from` defaults from config                                     |
+| `verify()`      | boolean                                 | verifies the SMTP connection; logs and returns false on failure |
+
+`message` is a standard nodemailer payload: `{ to, subject, html, text, cc, bcc,
+attachments, from? }`.
+
+## Examples
+
+```js
+await Mailer.send({
+	to: 'user@example.com',
+	subject: 'Welcome',
+	html: '<h1>Hello</h1>',
+})
+```
+
+Pair with the queue so requests are not blocked by SMTP latency:
+
+```js
+// app/queue/register.queue.js
+module.exports = (Queue) => {
+	Queue.define('emails', async (payload) => Mailer.send(payload), { concurrency: 2 })
+}
+
+// anywhere:
+require('@core/queue.core').dispatch('emails', { to, subject, html })
+```
+
+## Configuration
+
+`MAIL_ENABLED`, `MAIL_HOST`, `MAIL_PORT` (`587`), `MAIL_SECURE` (`false`),
+`MAIL_USERNAME`, `MAIL_PASSWORD`, `MAIL_FROM_ADDRESS`, `MAIL_FROM_NAME`.
+
+When `MAIL_USERNAME` is empty, the transport is created without auth (useful for
+local relays / Mailtrap test inboxes). Set `MAIL_SECURE=true` for implicit TLS
+(port 465); leave it false for STARTTLS (port 587).

package/template/docs/Queue.md

@@ -0,0 +1,57 @@
+# Queue API
+
+`@core/queue.core` is an in-process job queue with per-queue concurrency and
+exponential-backoff retries. Persistence to the database is optional (jobs are
+recovered on restart). Workers are declared in `app/queue/register.queue.js`.
+
+```js
+const Queue = require('@core/queue.core')
+```
+
+## Methods
+
+| Method                               | Returns                           | Notes                                                    |
+| ------------------------------------ | --------------------------------- | -------------------------------------------------------- |
+| `define(name, handler, options?)`    | Queue                             | `options.concurrency`, `maxRetries`, `retryDelay`        |
+| `dispatch(name, payload?, options?)` | jobId                             | `options.delay` ms; `options.maxRetries`                 |
+| `start()`                            | Promise                           | loads workers, prepares the table, recovers pending jobs |
+| `stop(timeoutMs=10000)`              | Promise                           | best-effort drain                                        |
+| `stats()`                            | `{ [name]: { pending, active } }` | queue depth snapshot                                     |
+
+`handler(payload, job)` runs each job; throwing triggers a retry with backoff
+`retryDelay * 2^(attempt-1)` until `maxRetries` is exceeded.
+
+## Example
+
+```js
+// app/queue/register.queue.js
+module.exports = (Queue) => {
+	Queue.define(
+		'emails',
+		async (payload) => {
+			await require('@core/mailer.core').send(payload)
+		},
+		{ concurrency: 2, maxRetries: 3 },
+	)
+}
+
+// dispatch from anywhere:
+const Queue = require('@core/queue.core')
+Queue.dispatch('emails', { to, subject, html })
+Queue.dispatch('emails', { to, subject, html }, { delay: 5000 }) // after 5s
+```
+
+## Persistence (optional)
+
+When `QUEUE_PERSIST=true` and the database is enabled, the core auto-creates a
+`queue_jobs` table and recovers `pending`/`processing` jobs on the next boot. Without
+a database, the queue is purely in-memory and jobs are lost on restart.
+
+## Configuration
+
+`QUEUE_ENABLED` (`true`), `QUEUE_CONCURRENCY` (`5`), `QUEUE_MAX_RETRIES` (`3`),
+`QUEUE_RETRY_DELAY` (`1000`), `QUEUE_PERSIST` (`true`).
+
+> The `define`/`dispatch` contract is identical whether the backend is in-process or
+> (with `REDIS_USE_QUEUE`) a shared store — application code does not change when the
+> backend is swapped.

package/template/docs/README.md

@@ -0,0 +1,32 @@
+# rebe — API Reference
+
+Per-core API documentation. For project setup, structure, and the boot flow, see the
+[project README](../README.md); for the security model and audit, see
+[SECURITY.md](../SECURITY.md).
+
+## Cores
+
+| Core                       | Doc                            |
+| -------------------------- | ------------------------------ |
+| Logger                     | [Logger.md](./Logger.md)       |
+| JWT                        | [Jwt.md](./Jwt.md)             |
+| Mailer                     | [Mailer.md](./Mailer.md)       |
+| Redis (optional)           | [Redis.md](./Redis.md)         |
+| Hooks                      | [Hooks.md](./Hooks.md)         |
+| Express (HTTP)             | [Express.md](./Express.md)     |
+| Socket.IO                  | [Socket.md](./Socket.md)       |
+| Validator                  | [Validator.md](./Validator.md) |
+| Cron                       | [Cron.md](./Cron.md)           |
+| Queue                      | [Queue.md](./Queue.md)         |
+| Database                   | [Database.md](./Database.md)   |
+| Common (utils)             | [Common.md](./Common.md)       |
+| Register (app→core bridge) | [Register.md](./Register.md)   |
+| Bootstrap                  | [Bootstrap.md](./Bootstrap.md) |
+
+## Conventions
+
+- Every API handler returns the manual envelope `{ status, code, message, data, meta }`
+  (validation failures add `errors`).
+- Cores are static classes; import via aliases (`@core/...`, `@config/...`).
+- Configuration lives in `config/*` and is read from `.env` — see `.env.example` for
+  every variable and its default.

package/template/docs/Redis.md

@@ -0,0 +1,54 @@
+# Redis API
+
+`@core/redis.core` is a standalone `ioredis` connection. A client is created **only**
+when `REDIS_ENABLED=true`. Other features (cache, queue, socket, session) opt in via
+`REDIS_USE_*` and must provide a fallback when Redis is off, so the app runs
+unchanged with or without Redis.
+
+```js
+const Redis = require('@core/redis.core')
+```
+
+## Methods
+
+| Method                  | Returns        | Notes                                                            |
+| ----------------------- | -------------- | ---------------------------------------------------------------- |
+| `connect()`             | client \| null | no-op (returns null) when disabled; idempotent; pings on connect |
+| `client()`              | ioredis client | throws when disabled or not yet connected                        |
+| `isEnabledFor(feature)` | boolean        | `enabled && use[feature]` (`cache`/`queue`/`socket`/`session`)   |
+| `disconnect()`          | Promise        | closes the connection (called on shutdown)                       |
+
+`connect()` and `disconnect()` are wired into `bootstrap.core`; you normally only
+call `isEnabledFor()` and `client()`.
+
+## Example: optional cache with fallback
+
+```js
+const Redis = require('@core/redis.core')
+const Common = require('@core/common.core')
+
+async function getCached(key, ttl, producer) {
+	if (Redis.isEnabledFor('cache')) {
+		const hit = await Redis.client().get(key)
+		if (hit) return JSON.parse(hit)
+		const value = await producer()
+		await Redis.client().set(key, JSON.stringify(value), 'EX', ttl)
+		return value
+	}
+	// Fallback: in-memory cache (core/common/cache).
+	return Common.Cache.remember(key, ttl, producer)
+}
+```
+
+## Multi-instance socket
+
+With `REDIS_USE_SOCKET=true`, `socket.core` uses `@socket.io/redis-adapter` (install
+it separately) for cross-instance broadcasts. Without the package, it logs a warning
+and keeps the default in-memory adapter.
+
+## Configuration
+
+`REDIS_ENABLED`, `REDIS_HOST`, `REDIS_PORT`, `REDIS_USERNAME`, `REDIS_PASSWORD`,
+`REDIS_DB`, `REDIS_KEY_PREFIX`, `REDIS_TLS`, `REDIS_MAX_RETRIES`,
+`REDIS_CONNECT_TIMEOUT`, and the per-feature toggles `REDIS_USE_{CACHE,QUEUE,SOCKET,
+SESSION}` (effective only when `REDIS_ENABLED=true`).

package/template/docs/Register.md

@@ -0,0 +1,52 @@
+# Register API
+
+`@core/register.core` is the hardened loader for the app→core bridge. The core layer
+never imports application code statically; each core loads a single `register.*.js`
+entry point at runtime through this loader (Inversion of Control). The loader keeps
+the dependency arrow one-directional and turns malformed registers into clear errors
+instead of cryptic stacks deep inside a core.
+
+```js
+const Register = require('@core/register.core')
+```
+
+## Methods
+
+| Method                                    | Returns                 | Notes                                                                    |
+| ----------------------------------------- | ----------------------- | ------------------------------------------------------------------------ |
+| `path(...segments)`                       | absolute path           | resolves under the project root (`process.cwd()`)                        |
+| `require(file, { optional=true, label })` | module \| null          | unwraps a `default` export; null when an optional file is absent         |
+| `invoke(file, args=[], opts)`             | register result \| null | calls a function or `{ register }` export with `args`                    |
+| `object(file, allowed=[], opts)`          | object \| null          | requires a plain object; validates that each `allowed` key is a function |
+
+Behavior:
+
+- Missing **optional** file → logs a warning and returns null. Missing **required**
+  file (`optional: false`) → throws.
+- A `require()` failure is logged and rethrown.
+- `invoke` rejects an export that is neither a function nor `{ register() }`.
+- `object` rejects a non-object export or a non-function handler key.
+
+## How the cores use it
+
+| Core         | File                                          | Call                                                   |
+| ------------ | --------------------------------------------- | ------------------------------------------------------ |
+| cron.core    | `app/jobs/register.job.js`                    | `Register.invoke(file, [Cron])`                        |
+| queue.core   | `app/queue/register.queue.js`                 | `Register.invoke(file, [Queue])`                       |
+| express.core | `app/http/middlewares/register.middleware.js` | `Register.require(file)` → `(app)`                     |
+| socket.core  | `app/socket/register.socket.js`               | `Register.invoke(file, [io, Socket])`                  |
+| hooks.core   | `app/hooks/register.hook.js`                  | `Register.object(file, ['before','after','shutdown'])` |
+
+## Authoring a register
+
+Keep registers thin: wire application code to the core facade, no heavy logic.
+
+```js
+// app/jobs/register.job.js
+module.exports = (Cron) => {
+	Cron.define('heartbeat', '*/30 * * * *', async () => {})
+}
+```
+
+The `{ register(facade) {} }` object form is also accepted, but the direct function
+form is preferred for consistency.

package/template/docs/Socket.md

@@ -0,0 +1,55 @@
+# Socket API
+
+`@core/socket.core` attaches Socket.IO to the Express `http.Server` (single port).
+Connection handlers live in `app/socket/register.socket.js`.
+
+```js
+const Socket = require('@core/socket.core')
+```
+
+## Methods
+
+| Method                         | Returns               | Notes                                                |
+| ------------------------------ | --------------------- | ---------------------------------------------------- |
+| `attach(httpServer)`           | `Promise<io \| null>` | returns null when `SOCKET_ENABLED=false`; idempotent |
+| `broadcast(event, payload)`    | void                  | emit to all clients                                  |
+| `toRoom(room, event, payload)` | void                  | emit to a room                                       |
+| `close()`                      | Promise               | close the server                                     |
+
+`attach`/`close` are wired by `bootstrap.core`; you use `broadcast`/`toRoom` and the
+register file.
+
+## Connection handlers
+
+```js
+// app/socket/register.socket.js
+module.exports = (io, Socket) => {
+	io.on('connection', (socket) => {
+		socket.on('join', (room) => socket.join(room))
+		socket.on('ping', (payload) => socket.emit('pong', { received: payload, at: Date.now() }))
+	})
+}
+```
+
+Emit from elsewhere (e.g. a controller or job):
+
+```js
+const Socket = require('@core/socket.core')
+Socket.broadcast('notice', { message: 'hello' })
+Socket.toRoom('room:42', 'update', { id: 42 })
+```
+
+## Multi-instance (optional)
+
+With `REDIS_USE_SOCKET=true` and `@socket.io/redis-adapter` installed, the core wires
+the Redis adapter so rooms and broadcasts work across instances. Without the package
+it logs a warning and uses the default in-memory adapter.
+
+## Configuration
+
+`SOCKET_ENABLED`, `SOCKET_PATH`, ping/transport options, and CORS from
+`cors.config.js` (`SOCKET_CORS_ORIGIN`, `SOCKET_CORS_CREDENTIALS`). See `.env.example`
+for every variable.
+
+> CORS for sockets is enforced at the handshake. Lock `SOCKET_CORS_ORIGIN` down in
+> production rather than leaving it `*`.

package/template/docs/Validator.md

@@ -0,0 +1,45 @@
+# Validator API
+
+`@core/validator.core` turns a Zod schema into express-routing middleware. On
+failure it short-circuits with a 422 using the standard envelope plus an `errors`
+array; on success it stores the parsed value and continues.
+
+```js
+const Validator = require('@core/validator.core')
+```
+
+## Method
+
+`make(schema, source = 'body')` → `{ handle({ req, res, next }) }`
+
+- `source` is one of `'body'`, `'query'`, `'params'`.
+- On success: `req.validated[source]` holds the parsed data. For `source === 'body'`
+  it also replaces `req.body` (in Express 5 `req.query`/`req.params` are read-only and
+  must not be reassigned — read the parsed copy from `req.validated`).
+- On failure: responds `422 { status:false, code:422, message:'Validation failed',
+data:null, meta:null, errors:[{ field, message }] }`.
+
+## Example
+
+```js
+// app/http/validators/auth.validator.js
+const { z } = require('zod')
+module.exports.loginSchema = z.object({
+	email: z.string().email(),
+	password: z.string().min(6),
+})
+
+// app/routes/api.route.js
+Routes.post('auth/login', AuthController.login, [Validator.make(loginSchema)])
+
+// query validation:
+Routes.get('users', UserController.index, [Validator.make(listQuerySchema, 'query')])
+// -> read parsed values from req.validated.query
+```
+
+## Notes
+
+- Validate at the route boundary; do not re-validate in the controller when a schema
+  exists.
+- `errors[].field` is the dotted Zod path (e.g. `address.city`); `message` is the
+  Zod message.

package/template/ecosystem.config.js

@@ -0,0 +1,54 @@
+// PM2 process definition for the backend.
+//
+// IMPORTANT: run as a SINGLE fork instance (instances: 1, exec_mode: 'fork').
+// The app keeps state in-process — Socket.IO rooms, the in-process job queue,
+// import-progress tracking, and node-cron schedules. Cluster mode would
+// duplicate cron ticks, split socket rooms, and break queue/progress state.
+//
+// The backend serves BOTH the JSON API and any static assets from ./public, so
+// this one process is all you need in production. `.env` is loaded by the app
+// itself (index.js → dotenv), so PM2 does not inject it.
+//
+// The PM2 process name is read from APP_NAME (fallback 'rebe').
+//
+// Usage (from the project root):
+//   pm2 start ecosystem.config.js
+//   pm2 logs <APP_NAME>
+//   pm2 restart <APP_NAME>
+require('dotenv').config()
+
+module.exports = {
+	apps: [
+		{
+			name: process.env.APP_NAME || 'rebe',
+			cwd: __dirname, // process.cwd() must be the project root (relative paths: app, public, storage, logs)
+			script: 'index.js', // same entry as `npm start` (node .)
+			exec_mode: 'fork',
+			instances: 1,
+
+			autorestart: true,
+			watch: false, // never watch in prod; restarts would drop sockets/queue
+			max_memory_restart: '1G',
+
+			// Graceful shutdown: the app handles SIGINT/SIGTERM and waits for the
+			// queue to drain (up to ~10s). Give it headroom before PM2 force-kills.
+			kill_timeout: 15000,
+
+			// Treat the app as "online" only after it has been up a few seconds
+			// (avoids crash-loop flapping being counted as successful starts).
+			min_uptime: '10s',
+			max_restarts: 10,
+
+			env: {
+				NODE_ENV: 'production',
+			},
+
+			// Logs (PM2 stdout/stderr). The app also writes its own winston logs
+			// under ./logs via LOG_FILE.
+			time: true,
+			merge_logs: true,
+			out_file: 'logs/pm2-out.log',
+			error_file: 'logs/pm2-error.log',
+		},
+	],
+};

package/template/index.js

@@ -0,0 +1,6 @@
+'use strict'
+
+require('dotenv').config()
+require('module-alias/register')
+require('@core/runtime.core')
+require('@core/bootstrap.core').run()

package/template/jest.config.js

@@ -0,0 +1,27 @@
+'use strict'
+
+// Jest resolves the module aliases via moduleNameMapper (module-alias is a runtime
+// shim and does not apply under Jest). Keep this map in sync with
+// package.json._moduleAliases and jsconfig.json.
+module.exports = {
+	testEnvironment: 'node',
+	setupFiles: ['<rootDir>/tests/setup.js'],
+	testMatch: ['<rootDir>/tests/**/*.test.js'],
+	moduleNameMapper: {
+		'^@config$': '<rootDir>/config/index.js',
+		'^@config/(.*)$': '<rootDir>/config/$1',
+		'^@core/(.*)$': '<rootDir>/core/$1',
+		'^@app/(.*)$': '<rootDir>/app/$1',
+		'^@http/(.*)$': '<rootDir>/app/http/$1',
+		'^@routes/(.*)$': '<rootDir>/app/routes/$1',
+		'^@jobs/(.*)$': '<rootDir>/app/jobs/$1',
+		'^@queue/(.*)$': '<rootDir>/app/queue/$1',
+		'^@socket/(.*)$': '<rootDir>/app/socket/$1',
+		'^@hooks/(.*)$': '<rootDir>/app/hooks/$1',
+		'^@database/(.*)$': '<rootDir>/database/$1',
+		'^@storage/(.*)$': '<rootDir>/storage/$1',
+	},
+	// Winston's rotating-file transport keeps timers alive; force a clean exit.
+	forceExit: true,
+	clearMocks: true,
+}

package/template/jsconfig.json

@@ -0,0 +1,37 @@
+{
+    "compilerOptions": {
+        "paths": {
+            "@config/*": ["./config/*"],
+            "@core/*": ["./core/*"],
+            "@app/*": ["./app/*"],
+            "@http/*": ["./app/http/*"],
+            "@routes/*": ["./app/routes/*"],
+            "@jobs/*": ["./app/jobs/*"],
+            "@queue/*": ["./app/queue/*"],
+            "@socket/*": ["./app/socket/*"],
+            "@hooks/*": ["./app/hooks/*"],
+            "@database/*": ["./database/*"],
+            "@storage/*": ["./storage/*"]
+        },
+        "module": "commonjs",
+        "moduleResolution": "node",
+        "ignoreDeprecations": "6.0",
+        "target": "ES2023",
+        "lib": ["ES2023"]
+    },
+    "include": [
+        "*.js",
+        "config/**/*",
+        "core/**/*",
+        "app/**/*",
+        "database/**/*",
+        "storage/**/*"
+    ],
+    "exclude": [
+        "node_modules",
+        "dist",
+        "coverage",
+        "logs",
+        "create-rebe"
+    ]
+}