create-tigra 1.0.7 → 2.0.0

package/template/CLAUDE.md

@@ -1,207 +0,0 @@
-# Project Rules for Claude
-
-> This file is automatically loaded by Claude Code at the start of each conversation.
-> For detailed rules, see `.claude/rules/` directory.
-
-## Safe Editing Rules (CRITICAL)
-
-- Assume this is a **production project**. No destructive or experimental changes.
-- Keep changes **small and focused**.
-- Do NOT change existing function signatures, exports, or imports unless explicitly asked.
-- Preserve existing behavior for: Auth, Core business flows, Payment flows.
-- If introducing a breaking change, **call it out clearly**.
-- Add `// TODO:` comments for ambiguous or incomplete sections.
-- Do NOT add noisy debug logs.
-
----
-
-## Stack Overview
-
-### Server (`server/`)
-- **Runtime**: Node.js 20+ LTS
-- **Framework**: Fastify
-- **Language**: TypeScript (strict mode)
-- **Database**: MySQL + Prisma ORM
-- **Cache/Queue**: Redis + BullMQ
-- **Validation**: Zod
-- **Testing**: Vitest
-
-### Client (`client/`)
-- **Framework**: React 18+ with Vite
-- **UI Library**: Ant Design
-- **State**: Redux Toolkit + React Query
-- **Language**: TypeScript (strict mode)
-- **Styling**: CSS Modules / Tailwind
-
----
-
-## Server Architecture
-
-### File Structure
-```
-server/src/
-├── app.ts              # Fastify instance & plugin registration
-├── server.ts           # Server bootstrap (listen call only)
-├── config/             # env, constants
-├── libs/               # Shared: db, redis, logger, auth
-├── plugins/            # Fastify plugins
-├── hooks/              # Fastify hooks
-├── routes/             # Standalone routes (health, etc.)
-└── modules/<domain>/   # Domain modules
-    ├── <domain>.routes.ts
-    ├── <domain>.controller.ts
-    ├── <domain>.service.ts
-    ├── <domain>.repo.ts
-    ├── <domain>.schemas.ts
-    └── <domain>.types.ts
-```
-
-### Layered Architecture
-```
-Routes → Controllers → Services → Repositories → DB
-```
-
-- **Controllers**: HTTP handlers only, no business logic
-- **Services**: Business logic, throw typed `AppError` instances
-- **Repositories**: Database queries only
-
-### Response Contract (MANDATORY)
-
-**Success Response:**
-```json
-{
-  "success": true,
-  "message": "Human readable message",
-  "data": {}
-}
-```
-
-**Error Response:**
-```json
-{
-  "success": false,
-  "error": {
-    "code": "ERROR_CODE",
-    "message": "Human readable message"
-  }
-}
-```
-
-- Use `successResponse()` helper in controllers
-- Throw typed errors (`BadRequestError`, `NotFoundError`, etc.)
-- NEVER expose stack traces or internal errors to clients
-
-### Error Types
-- `BadRequestError`, `ValidationError`, `UnauthorizedError`
-- `ForbiddenError`, `NotFoundError`, `ConflictError`, `InternalError`
-
----
-
-## Client Architecture
-
-### File Structure
-```
-client/src/
-├── app/                # App config (App.tsx, router, providers)
-├── components/
-│   ├── layout/         # Header, Footer, Sidebar, MainLayout
-│   └── common/         # Shared components
-├── features/<domain>/  # Feature modules
-│   ├── components/
-│   ├── hooks/
-│   ├── pages/
-│   ├── services/
-│   ├── store/
-│   ├── types/
-│   └── utils/
-├── hooks/              # Global hooks
-├── lib/
-│   ├── api/            # Axios config, API types
-│   ├── constants/      # routes, api-endpoints, app.constants
-│   └── utils/
-├── store/              # Redux store
-├── types/              # Global types
-└── styles/
-```
-
-### Naming Conventions
-- **Components**: `PascalCase.tsx` (e.g., `ResourceCard.tsx`)
-- **Pages**: `PascalCase + Page.tsx` (e.g., `ResourcesPage.tsx`)
-- **Hooks**: `use<Name>.ts` (e.g., `useAuth.ts`)
-- **Services**: `<domain>.service.ts`
-- **Types**: `<domain>.types.ts`
-
-### TypeScript Rules
-- **NO `any` type** - use `unknown` if needed
-- Explicit return types for all functions
-- Use `interface` for props/objects, `type` for unions/intersections
-
-### API Response Types (must match backend)
-```tsx
-interface ApiResponse<T> {
-  success: boolean;
-  message: string;
-  data: T;
-}
-
-interface PaginatedApiResponse<T> {
-  success: boolean;
-  message: string;
-  data: {
-    items: T[];
-    pagination: {
-      page: number;
-      limit: number;
-      totalItems: number;
-      totalPages: number;
-      hasNextPage: boolean;
-      hasPreviousPage: boolean;
-    };
-  };
-}
-```
-
----
-
-## Coding Style (Both)
-
-- Prefer `async/await` over `.then()`
-- Prefer named exports (except `app.ts` and React pages)
-- Use path aliases: `@/`, `@/libs/`, `@/modules/`, etc.
-- Never `console.log` in production code - use the shared `logger`
-
----
-
-## Package Manager Detection
-
-- `pnpm-lock.yaml` exists → use `pnpm`
-- `yarn.lock` exists → use `yarn`
-- Otherwise → use `npm`
-
----
-
-## When Implementing Features
-
-1. Summarize what needs to be done
-2. List files to be created/modified
-3. Provide code for each file
-4. Mention any migrations or env variables needed
-5. If unsure, state assumptions clearly
-
----
-
-## Detailed Rules
-
-For comprehensive rules, read the appropriate files in `.claude/rules/`:
-
-**Server:**
-- `server-02-general-rules.md` - Architecture & code style
-- `server-05-project-conventions.md` - File structure & conventions
-- `server-06-response-handling.md` - Error & success responses
-
-**Client:**
-- `client-01-project-structure.md` - File structure & naming
-- `client-03-typescript-rules.md` - TypeScript conventions
-
-**Global:**
-- `global-ai-edit-safety.md` - Safe editing practices

package/template/server/.tsc-aliasrc.json

@@ -1,12 +0,0 @@
-{
-  "verbose": false,
-  "resolveFullPaths": true,
-  "replacers": {
-    "before": [],
-    "after": []
-  },
-  "fileExtensions": {
-    "inputGlob": "**/*.js",
-    "outputCheck": ["js"]
-  }
-}

package/template/server/README.md

@@ -1,183 +0,0 @@
-# {{PROJECT_DISPLAY_NAME}}
-
-{{PROJECT_DESCRIPTION}}
-
-## Features
-- JWT Authentication (access + refresh tokens)
-- User management with role-based access
-- Complete CRUD for resources
-- Pagination with filters
-- Rate limiting with Redis
-- Background job processing (BullMQ)
-- Comprehensive error handling
-- Request logging and monitoring
-- Health checks
-
-## Tech Stack
-- **Runtime**: Node.js 20+
-- **Framework**: Fastify 4
-- **Database**: MySQL 8.0 with Prisma ORM
-- **Cache/Queue**: Redis + BullMQ
-- **Validation**: Zod
-- **Authentication**: JWT (jsonwebtoken)
-- **Testing**: Vitest + Supertest
-
-## Prerequisites
-- Node.js 20 or higher
-- Docker and Docker Compose
-- npm or pnpm
-
-## Quick Start
-
-```bash
-# 1. Install dependencies
-npm install
-
-# 2. Start Docker services (MySQL + Redis)
-docker-compose up -d
-
-# 3. Initialize database (creates .env, waits for DB, runs migrations)
-npm run db:init
-
-# 4. Seed the database
-npm run prisma:seed
-
-# 5. Start development server
-npm run dev
-```
-
-Server will start at http://localhost:3000
-
-### Production Installation
-
-For production deployments, install only production dependencies:
-
-```bash
-# Install production dependencies only (faster, smaller)
-npm install --omit=dev
-
-# Generate Prisma Client
-npx prisma generate
-
-# Run migrations
-npx prisma migrate deploy
-```
-
-## API Endpoints
-
-Once running, you can access:
-- Health Check: http://localhost:3000/health
-- Auth endpoints: http://localhost:3000/api/v1/auth/*
-- Resources endpoints: http://localhost:3000/api/v1/resources/*
-- Admin endpoints: http://localhost:3000/api/v1/admin/*
-
-## Available Scripts
-
-```bash
-npm run dev              # Start dev server with hot reload
-npm run build            # Build for production
-npm run start            # Start production server
-npm test                 # Run tests
-npm run test:watch       # Run tests in watch mode
-npm run test:coverage    # Generate coverage report
-npm run prisma:generate  # Generate Prisma Client
-npm run prisma:migrate   # Run migrations (dev)
-npm run prisma:seed      # Seed database
-npm run prisma:studio    # Open Prisma Studio
-```
-
-## Project Structure
-
-```
-src/
-├── app.ts              # Fastify app with plugins
-├── server.ts           # Server startup
-├── config/
-│   └── env.ts         # Environment validation
-├── libs/
-│   ├── db.ts          # Prisma client
-│   ├── redis.ts       # Redis connection
-│   ├── logger.ts      # Pino logger
-│   └── queue.ts       # BullMQ queues
-├── modules/
-│   ├── auth/          # Authentication module
-│   │   ├── auth.routes.ts
-│   │   ├── auth.controller.ts
-│   │   ├── auth.service.ts
-│   │   ├── auth.repo.ts
-│   │   ├── auth.schemas.ts
-│   │   └── auth.types.ts
-│   └── resources/     # Resources module
-├── utils/
-│   ├── errors.ts      # Custom error classes
-│   ├── response.ts    # Response helpers
-│   └── pagination.ts  # Pagination helper
-└── workers/
-    └── email.worker.ts # Background email worker
-```
-
-## Environment Variables
-
-Required:
-- `DATABASE_URL` - MySQL connection string
-- `JWT_SECRET` - JWT signing secret (min 32 chars)
-- `REDIS_HOST` - Redis host
-- `REDIS_PORT` - Redis port
-
-See `.env.example` for all available variables.
-
-## Testing
-
-```bash
-npm test                 # Run all tests
-npm run test:coverage    # Generate coverage report
-```
-
-Coverage targets: 70%+ overall
-
-## Management Tools
-
-The project includes built-in web interfaces for managing your data:
-
-### Database (phpMyAdmin)
-- **URL:** [http://localhost:8080](http://localhost:8080)
-- **User:** `{{DATABASE_USER}}` or `root`
-- **Password:** `{{DATABASE_PASSWORD}}` or `password` (check `docker-compose.yml`)
-
-### Redis (Redis Commander)
-- **URL:** [http://localhost:8081](http://localhost:8081)
-- **Host:** `local:redis:6379` (default)
-
-## Production Deployment
-
-### Production Checklist
-
-- [ ] Set `NODE_ENV=production`
-- [ ] Build application: `npm run build`
-- [ ] Configure environment variables
-- [ ] Configure Nginx reverse proxy
-- [ ] Set up SSL certificates (Let's Encrypt)
-- [ ] Configure firewall (UFW/iptables)
-- [ ] Set up monitoring (Sentry, logging)
-- [ ] Configure log rotation
-- [ ] Set up automated backups (database + uploads)
-- [ ] Configure rate limiting for production
-- [ ] Enable CORS for production domains only
-
-## Security
-
-This project follows security best practices and undergoes regular security audits.
-
-**Security Status**: Production dependencies 100% secure
-
-For detailed information about:
-- Known security considerations
-- Security best practices
-- Vulnerability reporting
-- Audit history
-
-See **[SECURITY.md](./SECURITY.md)**
-
-## License
-
-MIT

package/template/server/SECURITY.md

@@ -1,190 +0,0 @@
-# Security Considerations
-
-## Overview
-
-This document outlines known security considerations for this project. We take security seriously and regularly audit our dependencies for vulnerabilities.
-
-**Last Security Audit**: January 10, 2026  
-**Next Scheduled Audit**: February 10, 2026
-
----
-
-## Current Security Status
-
-**Production Dependencies**: 100% Secure (0 vulnerabilities)  
-**Development Dependencies**: 100% Secure (0 vulnerabilities)  
-**Overall Security Score**: 100/100
-
----
-
-## Known Issues
-
-**None** - All dependencies are currently secure with no known vulnerabilities.
-
----
-
-## Security Best Practices
-
-### Dependency Management
-
-1. **Monthly Security Audits**
-   ```bash
-   npm audit
-   npm outdated
-   ```
-
-2. **Automated Monitoring**
-   - Enable GitHub Dependabot
-   - Subscribe to security advisories
-   - Monitor npm security feeds
-
-3. **Update Strategy**
-   - Patch versions: Update immediately
-   - Minor versions: Update monthly
-   - Major versions: Review and test before updating
-
-### Environment Variables
-
-1. **Never Commit Secrets**
-   - Use `.env` files (gitignored)
-   - Use environment-specific configurations
-   - Rotate secrets regularly
-
-2. **Required Environment Variables**
-   ```bash
-   # See .env.example for full list
-   DATABASE_URL=mysql://...
-   JWT_SECRET=<minimum-32-characters>
-   REDIS_HOST=localhost
-   ```
-
-3. **Validation**
-   - All environment variables are validated at startup
-   - See `src/config/env.ts` for schema
-
-### Authentication & Authorization
-
-1. **JWT Security**
-   - Tokens include issuer validation
-   - Access tokens expire in 15 minutes
-   - Refresh tokens expire in 7 days
-   - Secure secret (minimum 32 characters)
-
-2. **Password Security**
-   - bcrypt with 10 rounds
-   - Minimum password requirements enforced
-   - No password storage in logs
-
-3. **Role-Based Access Control (RBAC)**
-   - Implemented via middleware
-   - Three roles: USER, ORGANIZATION, ADMIN
-   - Route-level permission checks
-
-### API Security
-
-1. **Rate Limiting**
-   - Global: 100 requests per 15 minutes
-   - Login: 5 requests per 15 minutes
-   - Configurable per route
-
-2. **Input Validation**
-   - All inputs validated with Zod schemas
-   - Type-safe validation
-   - Automatic error responses
-
-3. **Security Headers**
-   - Helmet.js for security headers
-   - CORS properly configured
-   - CSP enabled in production
-
-### Database Security
-
-1. **SQL Injection Prevention**
-   - Prisma ORM (parameterized queries)
-   - No raw SQL with user input
-   - Type-safe database access
-
-2. **Connection Security**
-   - Encrypted connections (SSL/TLS)
-   - Connection pooling
-   - Credential rotation
-
-### Monitoring & Logging
-
-1. **Structured Logging**
-   - Pino for high-performance logging
-   - Sensitive data redaction
-   - Request ID tracking
-
-2. **Error Handling**
-   - No stack traces in production responses
-   - Internal errors logged securely
-   - User-friendly error messages
-
----
-
-## Reporting Security Issues
-
-If you discover a security vulnerability, please follow responsible disclosure:
-
-1. **Do NOT** open a public GitHub issue
-2. Email security concerns to: [itorn9777@gmail.com]
-3. Include:
-   - Description of the vulnerability
-   - Steps to reproduce
-   - Potential impact
-   - Suggested fix (if any)
-
-We will respond within 48 hours and work with you to address the issue.
-
----
-
-## Security Audit History
-
-### January 10, 2026
-- **Action**: Comprehensive dependency update
-- **Vulnerabilities Fixed**: 8 out of 8 (100%)
-- **Status**: All dependencies 100% secure
-- **Remaining**: None
-- **Next Review**: February 10, 2026
-
-### Previous Audits
-- Initial security setup and configuration
-
----
-
-## Compliance & Standards
-
-This project follows security best practices including:
-
-- OWASP Top 10 guidelines
-- Secure coding standards
-- Regular dependency audits
-- Input validation and sanitization
-- Secure authentication and authorization
-- Encrypted data transmission
-- Comprehensive logging and monitoring
-
----
-
-## Additional Resources
-
-**Security Tools:**
-- npm audit: Built-in vulnerability scanner
-- Snyk: https://snyk.io/
-- GitHub Dependabot: Automated dependency updates
-
-**Security Guides:**
-- OWASP: https://owasp.org/
-- Node.js Security Best Practices: https://nodejs.org/en/docs/guides/security/
-- Fastify Security: https://www.fastify.io/docs/latest/Guides/Security/
-
-**Monitoring:**
-- npm Security Advisories: https://github.com/advisories
-- Node.js Security Releases: https://nodejs.org/en/blog/vulnerability/
-
----
-
-**Last Updated**: January 10, 2026  
-**Maintained By**: Development Team  
-**Review Schedule**: Monthly