create-tigra 1.0.0

package/template/CLAUDE.md

@@ -0,0 +1,207 @@
+# Project Rules for Claude
+
+> This file is automatically loaded by Claude Code at the start of each conversation.
+> For detailed rules, see `.claude/rules/` directory.
+
+## Safe Editing Rules (CRITICAL)
+
+- Assume this is a **production project**. No destructive or experimental changes.
+- Keep changes **small and focused**.
+- Do NOT change existing function signatures, exports, or imports unless explicitly asked.
+- Preserve existing behavior for: Auth, Core business flows, Payment flows.
+- If introducing a breaking change, **call it out clearly**.
+- Add `// TODO:` comments for ambiguous or incomplete sections.
+- Do NOT add noisy debug logs.
+
+---
+
+## Stack Overview
+
+### Server (`server/`)
+- **Runtime**: Node.js 20+ LTS
+- **Framework**: Fastify
+- **Language**: TypeScript (strict mode)
+- **Database**: MySQL + Prisma ORM
+- **Cache/Queue**: Redis + BullMQ
+- **Validation**: Zod
+- **Testing**: Vitest
+
+### Client (`client/`)
+- **Framework**: React 18+ with Vite
+- **UI Library**: Ant Design
+- **State**: Redux Toolkit + React Query
+- **Language**: TypeScript (strict mode)
+- **Styling**: CSS Modules / Tailwind
+
+---
+
+## Server Architecture
+
+### File Structure
+```
+server/src/
+├── app.ts              # Fastify instance & plugin registration
+├── server.ts           # Server bootstrap (listen call only)
+├── config/             # env, constants
+├── libs/               # Shared: db, redis, logger, auth
+├── plugins/            # Fastify plugins
+├── hooks/              # Fastify hooks
+├── routes/             # Standalone routes (health, etc.)
+└── modules/<domain>/   # Domain modules
+    ├── <domain>.routes.ts
+    ├── <domain>.controller.ts
+    ├── <domain>.service.ts
+    ├── <domain>.repo.ts
+    ├── <domain>.schemas.ts
+    └── <domain>.types.ts
+```
+
+### Layered Architecture
+```
+Routes → Controllers → Services → Repositories → DB
+```
+
+- **Controllers**: HTTP handlers only, no business logic
+- **Services**: Business logic, throw typed `AppError` instances
+- **Repositories**: Database queries only
+
+### Response Contract (MANDATORY)
+
+**Success Response:**
+```json
+{
+  "success": true,
+  "message": "Human readable message",
+  "data": {}
+}
+```
+
+**Error Response:**
+```json
+{
+  "success": false,
+  "error": {
+    "code": "ERROR_CODE",
+    "message": "Human readable message"
+  }
+}
+```
+
+- Use `successResponse()` helper in controllers
+- Throw typed errors (`BadRequestError`, `NotFoundError`, etc.)
+- NEVER expose stack traces or internal errors to clients
+
+### Error Types
+- `BadRequestError`, `ValidationError`, `UnauthorizedError`
+- `ForbiddenError`, `NotFoundError`, `ConflictError`, `InternalError`
+
+---
+
+## Client Architecture
+
+### File Structure
+```
+client/src/
+├── app/                # App config (App.tsx, router, providers)
+├── components/
+│   ├── layout/         # Header, Footer, Sidebar, MainLayout
+│   └── common/         # Shared components
+├── features/<domain>/  # Feature modules
+│   ├── components/
+│   ├── hooks/
+│   ├── pages/
+│   ├── services/
+│   ├── store/
+│   ├── types/
+│   └── utils/
+├── hooks/              # Global hooks
+├── lib/
+│   ├── api/            # Axios config, API types
+│   ├── constants/      # routes, api-endpoints, app.constants
+│   └── utils/
+├── store/              # Redux store
+├── types/              # Global types
+└── styles/
+```
+
+### Naming Conventions
+- **Components**: `PascalCase.tsx` (e.g., `ResourceCard.tsx`)
+- **Pages**: `PascalCase + Page.tsx` (e.g., `ResourcesPage.tsx`)
+- **Hooks**: `use<Name>.ts` (e.g., `useAuth.ts`)
+- **Services**: `<domain>.service.ts`
+- **Types**: `<domain>.types.ts`
+
+### TypeScript Rules
+- **NO `any` type** - use `unknown` if needed
+- Explicit return types for all functions
+- Use `interface` for props/objects, `type` for unions/intersections
+
+### API Response Types (must match backend)
+```tsx
+interface ApiResponse<T> {
+  success: boolean;
+  message: string;
+  data: T;
+}
+
+interface PaginatedApiResponse<T> {
+  success: boolean;
+  message: string;
+  data: {
+    items: T[];
+    pagination: {
+      page: number;
+      limit: number;
+      totalItems: number;
+      totalPages: number;
+      hasNextPage: boolean;
+      hasPreviousPage: boolean;
+    };
+  };
+}
+```
+
+---
+
+## Coding Style (Both)
+
+- Prefer `async/await` over `.then()`
+- Prefer named exports (except `app.ts` and React pages)
+- Use path aliases: `@/`, `@/libs/`, `@/modules/`, etc.
+- Never `console.log` in production code - use the shared `logger`
+
+---
+
+## Package Manager Detection
+
+- `pnpm-lock.yaml` exists → use `pnpm`
+- `yarn.lock` exists → use `yarn`
+- Otherwise → use `npm`
+
+---
+
+## When Implementing Features
+
+1. Summarize what needs to be done
+2. List files to be created/modified
+3. Provide code for each file
+4. Mention any migrations or env variables needed
+5. If unsure, state assumptions clearly
+
+---
+
+## Detailed Rules
+
+For comprehensive rules, read the appropriate files in `.claude/rules/`:
+
+**Server:**
+- `server-02-general-rules.md` - Architecture & code style
+- `server-05-project-conventions.md` - File structure & conventions
+- `server-06-response-handling.md` - Error & success responses
+
+**Client:**
+- `client-01-project-structure.md` - File structure & naming
+- `client-03-typescript-rules.md` - TypeScript conventions
+
+**Global:**
+- `global-ai-edit-safety.md` - Safe editing practices

package/template/server/.env.example

@@ -0,0 +1,148 @@
+# ==============================================
+# SERVER CONFIGURATION
+# ==============================================
+
+# Environment: development | production | test
+NODE_ENV=development
+
+# Server port
+PORT=3000
+
+# API base path (e.g., /api/v1)
+API_PREFIX=/api/v1
+
+# Logging level: trace | debug | info | warn | error | fatal
+LOG_LEVEL=info
+
+# ==============================================
+# DATABASE CONFIGURATION (MySQL)
+# ==============================================
+
+# MySQL connection string format:
+# mysql://USER:PASSWORD@HOST:PORT/DATABASE
+# For local development with Docker:
+DATABASE_URL="mysql://root:{{DATABASE_PASSWORD}}@localhost:3306/{{DATABASE_NAME}}"
+
+# For production (example):
+# DATABASE_URL="mysql://user:secure_password@db.example.com:3306/{{DATABASE_NAME}}_production?connection_limit=10&pool_timeout=20"
+
+# ==============================================
+# REDIS CONFIGURATION
+# ==============================================
+
+# Redis host
+REDIS_HOST=localhost
+
+# Redis port
+REDIS_PORT=6379
+
+# Redis password (leave empty for local development)
+REDIS_PASSWORD=
+
+# Redis database number (0-15)
+REDIS_DB=0
+
+# ==============================================
+# JWT AUTHENTICATION
+# ==============================================
+
+# JWT secret key - CHANGE THIS IN PRODUCTION!
+# Generate with: openssl rand -base64 32
+JWT_SECRET=123412341234123412341234123412341234123412341234123412341234
+
+# Access token expiration (e.g., 15m, 1h, 7d)
+JWT_ACCESS_EXPIRATION=15m
+
+# Refresh token expiration (e.g., 7d, 30d, 90d)
+JWT_REFRESH_EXPIRATION=7d
+
+# JWT issuer (optional)
+JWT_ISSUER={{PROJECT_NAME}}
+
+# ==============================================
+# CORS CONFIGURATION
+# ==============================================
+
+# Allowed origins (comma-separated)
+# For development:
+CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000
+
+# For production:
+# CORS_ALLOWED_ORIGINS=https://yourdomain.com,https://www.yourdomain.com
+
+
+# ==============================================
+# FILE UPLOAD CONFIGURATION
+# ==============================================
+
+# Maximum file size in bytes (10MB default)
+MAX_FILE_SIZE=10485760
+
+# Allowed file types (comma-separated)
+ALLOWED_FILE_TYPES=image/jpeg,image/png,image/webp,application/pdf
+
+# Upload directory
+UPLOAD_DIR=./uploads
+
+# ==============================================
+# RATE LIMITING
+# ==============================================
+
+# Global rate limit (requests per time window)
+RATE_LIMIT_MAX=100
+
+# Time window in milliseconds (15 minutes = 900000)
+RATE_LIMIT_WINDOW=900000
+
+# ==============================================
+# MONITORING & ERROR TRACKING
+# ==============================================
+
+# ==============================================
+# API DOCUMENTATION (Swagger)
+# ==============================================
+
+# Enable Swagger UI (true/false)
+# Set to false in production for security
+SWAGGER_ENABLED=true
+
+# Swagger route prefix
+SWAGGER_ROUTE=/docs
+
+# ==============================================
+# EXTERNAL SERVICES (Optional)
+# ==============================================
+
+# AWS S3 (for file storage)
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# AWS_REGION=us-east-1
+# AWS_S3_BUCKET=
+
+# Stripe (for payments)
+# STRIPE_SECRET_KEY=
+# STRIPE_WEBHOOK_SECRET=
+
+
+
+# ==============================================
+# DEVELOPMENT TOOLS
+# ==============================================
+
+# Enable query logging in development
+PRISMA_QUERY_LOG=false
+
+# Enable slow query warnings (milliseconds)
+SLOW_QUERY_THRESHOLD=1000
+
+# ==============================================
+# ADMIN SEED (Initial Setup)
+# ==============================================
+
+# Admin user email for database seeding
+# Change this before running npm run prisma:seed
+ADMIN_EMAIL=admin@{{PROJECT_NAME}}.dev
+
+# Admin user password for database seeding
+# CHANGE THIS IMMEDIATELY AFTER FIRST LOGIN!
+ADMIN_PASSWORD=ChangeThisPassword123!

package/template/server/.tsc-aliasrc.json

@@ -0,0 +1,12 @@
+{
+  "verbose": false,
+  "resolveFullPaths": true,
+  "replacers": {
+    "before": [],
+    "after": []
+  },
+  "fileExtensions": {
+    "inputGlob": "**/*.js",
+    "outputCheck": ["js"]
+  }
+}

package/template/server/README.md

@@ -0,0 +1,175 @@
+# {{PROJECT_DISPLAY_NAME}}
+
+{{PROJECT_DESCRIPTION}}
+
+## Features
+- JWT Authentication (access + refresh tokens)
+- User management with role-based access
+- Complete CRUD for resources
+- Pagination with filters
+- Rate limiting with Redis
+- Background job processing (BullMQ)
+- API documentation (Swagger/OpenAPI)
+- Comprehensive error handling
+- Request logging and monitoring
+- Health checks
+
+## Tech Stack
+- **Runtime**: Node.js 20+
+- **Framework**: Fastify 4
+- **Database**: MySQL 8.0 with Prisma ORM
+- **Cache/Queue**: Redis + BullMQ
+- **Validation**: Zod
+- **Authentication**: JWT (jsonwebtoken)
+- **Testing**: Vitest + Supertest
+- **Documentation**: Swagger/OpenAPI 3.0
+
+## Prerequisites
+- Node.js 20 or higher
+- Docker and Docker Compose
+- npm or pnpm
+
+## Quick Start
+
+```bash
+# 1. Install dependencies
+npm install
+
+# 2. Copy environment variables
+cp .env.example .env
+# Edit .env and set required variables (DATABASE_URL, JWT_SECRET, etc.)
+
+# 3. Start Docker services (MySQL + Redis)
+docker-compose up -d
+
+# 4. Generate Prisma Client
+npm run prisma:generate
+
+# 5. Run database migrations
+npx prisma migrate dev --name init
+
+# 6. Seed the database
+npm run prisma:seed
+
+# 7. Start development server
+npm run dev
+```
+
+Server will start at http://localhost:3000
+
+## API Documentation
+
+Once running, visit:
+- Swagger UI: http://localhost:3000/docs
+- Health Check: http://localhost:3000/health
+
+## Available Scripts
+
+```bash
+npm run dev              # Start dev server with hot reload
+npm run build            # Build for production
+npm run start            # Start production server
+npm test                 # Run tests
+npm run test:watch       # Run tests in watch mode
+npm run test:coverage    # Generate coverage report
+npm run prisma:generate  # Generate Prisma Client
+npm run prisma:migrate   # Run migrations (dev)
+npm run prisma:seed      # Seed database
+npm run prisma:studio    # Open Prisma Studio
+```
+
+## Project Structure
+
+```
+src/
+├── app.ts              # Fastify app with plugins
+├── server.ts           # Server startup
+├── config/
+│   └── env.ts         # Environment validation
+├── libs/
+│   ├── db.ts          # Prisma client
+│   ├── redis.ts       # Redis connection
+│   ├── logger.ts      # Pino logger
+│   └── queue.ts       # BullMQ queues
+├── modules/
+│   ├── auth/          # Authentication module
+│   │   ├── auth.routes.ts
+│   │   ├── auth.controller.ts
+│   │   ├── auth.service.ts
+│   │   ├── auth.repo.ts
+│   │   ├── auth.schemas.ts
+│   │   └── auth.types.ts
+│   └── resources/     # Resources module
+├── utils/
+│   ├── errors.ts      # Custom error classes
+│   ├── response.ts    # Response helpers
+│   └── pagination.ts  # Pagination helper
+└── workers/
+    └── email.worker.ts # Background email worker
+```
+
+## Environment Variables
+
+Required:
+- `DATABASE_URL` - MySQL connection string
+- `JWT_SECRET` - JWT signing secret (min 32 chars)
+- `REDIS_HOST` - Redis host
+- `REDIS_PORT` - Redis port
+
+See `.env.example` for all available variables.
+
+## Testing
+
+```bash
+npm test                 # Run all tests
+npm run test:coverage    # Generate coverage report
+```
+
+Coverage targets: 70%+ overall
+
+## Management Tools
+
+The project includes built-in web interfaces for managing your data:
+
+### Database (phpMyAdmin)
+- **URL:** [http://localhost:8080](http://localhost:8080)
+- **User:** `{{DATABASE_USER}}` or `root`
+- **Password:** `{{DATABASE_PASSWORD}}` or `password` (check `docker-compose.yml`)
+
+### Redis (Redis Commander)
+- **URL:** [http://localhost:8081](http://localhost:8081)
+- **Host:** `local:redis:6379` (default)
+
+## Production Deployment
+
+### Production Checklist
+
+- [ ] Set `NODE_ENV=production`
+- [ ] Build application: `npm run build`
+- [ ] Configure environment variables
+- [ ] Configure Nginx reverse proxy
+- [ ] Set up SSL certificates (Let's Encrypt)
+- [ ] Configure firewall (UFW/iptables)
+- [ ] Set up monitoring (Sentry, logging)
+- [ ] Configure log rotation
+- [ ] Set up automated backups (database + uploads)
+- [ ] Configure rate limiting for production
+- [ ] Enable CORS for production domains only
+
+## Security
+
+This project follows security best practices and undergoes regular security audits.
+
+**Security Status**: Production dependencies 100% secure
+
+For detailed information about:
+- Known security considerations
+- Security best practices
+- Vulnerability reporting
+- Audit history
+
+See **[SECURITY.md](./SECURITY.md)**
+
+## License
+
+MIT