create-tigra 1.1.0 → 2.0.1

package/package.json

@@ -1,41 +1,49 @@
-{
-  "name": "create-tigra",
-  "version": "1.1.0",
-  "type": "module",
-  "description": "Create a production-ready Fastify + TypeScript + Prisma API server",
-  "keywords": [
-    "create",
-    "generator",
-    "scaffold",
-    "fastify",
-    "typescript",
-    "prisma",
-    "api",
-    "rest",
-    "boilerplate",
-    "starter"
-  ],
-  "author": "",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/Makinloot/create-tigra.git"
-  },
-  "bin": {
-    "create-tigra": "bin/create-tigra.js"
-  },
-  "files": [
-    "bin",
-    "template"
-  ],
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "dependencies": {
-    "chalk": "^5.3.0",
-    "commander": "^12.1.0",
-    "fs-extra": "^11.2.0",
-    "ora": "^8.0.1",
-    "prompts": "^2.4.2"
-  }
-}
+{
+  "name": "create-tigra",
+  "version": "2.0.1",
+  "type": "module",
+  "description": "Create a production-ready full-stack app with Next.js 16 + Fastify 5 + Prisma + Redis",
+  "bin": {
+    "create-tigra": "bin/create-tigra.js"
+  },
+  "files": [
+    "bin",
+    "template"
+  ],
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "keywords": [
+    "create",
+    "generator",
+    "scaffold",
+    "fullstack",
+    "nextjs",
+    "fastify",
+    "typescript",
+    "prisma",
+    "redis",
+    "boilerplate",
+    "starter",
+    "react",
+    "tailwind",
+    "shadcn"
+  ],
+  "author": "seed977",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/blessandsoul/create-tigra.git"
+  },
+  "bugs": {
+    "url": "https://github.com/blessandsoul/create-tigra/issues"
+  },
+  "homepage": "https://github.com/blessandsoul/create-tigra#readme",
+  "dependencies": {
+    "chalk": "^5.4.1",
+    "commander": "^13.1.0",
+    "fs-extra": "^11.3.0",
+    "ora": "^8.2.0",
+    "prompts": "^2.4.2"
+  }
+}

package/template/_claude/QUICK_REFERENCE.md

@@ -0,0 +1,193 @@
+# Quick Reference for AI Assistants
+
+**Read this first, then dive into specific rule files as needed.**
+
+---
+
+If project is empty start server/client commands (`/create-server`, `/create-client`)
+
+## How Rules Are Organized
+
+Rules are scoped by directory:
+
+| Scope | Path | Applies To |
+|-------|------|------------|
+| **Global** | `.claude/rules/global/` | Entire workspace (server + client) |
+| **Server** | `.claude/rules/server/` | Backend (Fastify API server) only |
+| **Client** | `.claude/rules/client/` | Frontend (Next.js App Router) only |
+
+Always check which scope you're working in before writing code.
+
+---
+
+## Global Rules (Always Apply)
+
+### Safe Editing
+- Keep changes **small and focused**
+- Preserve existing function signatures and exports unless explicitly asked
+- Extend modules, don't rewrite
+- Add `// TODO:` comments for ambiguities or follow-ups
+- Never leave half-implemented features without explanation
+- No noisy debug logs; mark temporary ones with `// TODO: remove debug log`
+- Never delete or radically restructure large parts of the codebase
+- Preserve existing behavior for critical flows (auth, payments, core business logic)
+
+See: `global/core.md`
+
+---
+
+## Server Rules Summary
+
+### Architecture
+```
+Request -> Routes -> Controller -> Service -> Repository -> Database
+```
+
+- **Controllers**: Validate input (Zod), call services, return responses, throw typed errors. NO business logic, NO direct DB access.
+- **Services**: All business logic. Throw typed `AppError` instances. NO HTTP concepts (request/reply). Return data or throw.
+- **Repositories**: Database queries only.
+
+### Module Structure
+```
+src/modules/<domain>/
+  <domain>.routes.ts
+  <domain>.controller.ts
+  <domain>.service.ts
+  <domain>.repo.ts
+  <domain>.schemas.ts
+  <domain>.types.ts (optional)
+```
+
+### API Response Format (Mandatory)
+```json
+// Success
+{ "success": true, "message": "...", "data": { ... } }
+
+// Error
+{ "success": false, "error": { "code": "ERROR_CODE", "message": "..." } }
+```
+- Use `successResponse()` / `paginatedResponse()` helpers
+- Throw typed errors only (`AppError` subclasses)
+- Global error handler formats all errors
+
+### Auth Architecture
+- **httpOnly cookies** for token storage (access_token + refresh_token)
+- Account lockout with progressive thresholds
+- Session tracking with device info and IP
+- Transparent password rehash (bcrypt legacy -> argon2id)
+
+### Database
+- Schema changes via Prisma migrations only
+- Development: `prisma:reset` freely; Production: `prisma:migrate deploy` only
+- Prisma models: `PascalCase`; Fields: `camelCase`
+- All main tables need: `id`, `createdAt`, `updatedAt`
+
+### Code Style
+- TypeScript strict mode, type all params and returns
+- `async/await` over `.then()`
+- Named exports (exception: `app.ts` default-exports `buildApp`)
+- Use `logger` from `src/libs/`, never `console.log`
+- Detect package manager from lockfile
+
+See: `server/core.md`, `server/project-conventions.md`, `server/response-handling.md`, `server/database.md`
+
+---
+
+## Client Rules Summary
+
+### Architecture
+- Next.js App Router with Server Components by default
+- Client Components only when interactivity is needed (`'use client'`)
+- Feature modules under `src/features/<domain>/`
+
+### Auth Flow
+- **httpOnly cookies** — no tokens stored in Redux or localStorage
+- `AuthInitializer` component hydrates user state on page load via `getMe()` API call
+- Redux auth state: `{ user, isAuthenticated, isInitializing, isLoggingOut }`
+- Axios `withCredentials: true` sends cookies automatically
+
+### Module Structure
+```
+src/features/<domain>/
+  components/
+  hooks/
+  services/
+  store/ (Redux, if needed)
+  types/
+  actions/ (Server Actions, optional)
+```
+
+### State Management
+| State Type | Tool |
+|------------|------|
+| Server data (SSR) | Server Components |
+| Server data (client) | React Query |
+| Global client state | Redux (auth only) |
+| Local state | useState / useReducer |
+| URL state | useSearchParams |
+
+### Component Rules
+- Max 250 lines per component
+- Max 5 props (use object if more)
+- Max 3 levels of JSX nesting
+- Use `cn()` for conditional classes
+- Use Next.js `Image` and `Link` components
+- Follow import order: React/Next -> third-party -> UI -> local -> hooks -> services -> types -> utils
+
+### Styling
+- Tailwind CSS v4 only, no inline styles
+- OKLCH color space via CSS custom properties
+- Use semantic color tokens (e.g., `bg-primary`, `text-foreground`)
+- Never hardcode hex/rgb values
+- Pair backgrounds with foregrounds for contrast
+
+### Forms
+- React Hook Form + Zod for complex forms
+- Server Actions for simple forms
+- Always validate client-side AND server-side
+
+### Security
+- Never inject raw HTML without sanitization (use DOMPurify)
+- Never prefix secrets with `NEXT_PUBLIC_`
+- Validate all inputs, sanitize all outputs
+- Secure external links with `rel="noopener noreferrer"`
+
+See: `client/core.md`, `client/01-project-structure.md` through `client/06-ux-checklist.md`
+
+---
+
+## When Implementing Features
+
+1. **Identify scope** - Are you working in server, client, or both?
+2. **Read relevant rules** - Check the scoped rule files for that directory
+3. **Summarize** what needs to be done
+4. **List** files to create/modify
+5. **Provide** complete code for each file
+6. **Mention** migrations, env variables, or dependencies needed
+7. **State assumptions** if unsure
+
+---
+
+## Full Documentation Index
+
+### Global
+- `global/core.md` - Safe editing, TypeScript, git, env, testing rules
+
+### Server
+- `server/core.md` - Index and non-negotiables
+- `server/project-conventions.md` - Stack, folder structure, coding style, Postman
+- `server/response-handling.md` - Response contract, error classes
+- `server/database.md` - Database standards, migrations, indexing
+
+### Client
+- `client/core.md` - Architecture and non-negotiables
+- `client/01-project-structure.md` - Folder structure, naming, imports, constants
+- `client/02-components-and-types.md` - Component rules, TypeScript, API types
+- `client/03-data-and-state.md` - State management, React Query, Redux, Axios, forms
+- `client/04-design-system.md` - Colors, typography, spacing, motion, dark mode
+- `client/05-security.md` - Token storage, env vars, CSP, validation
+- `client/06-ux-checklist.md` - Cognitive load, accessibility, performance
+
+---
+
+**Last Updated**: 2026-02-20

package/template/_claude/README.md

@@ -0,0 +1,53 @@
+# Claude Assistant Rules
+
+This directory contains project-specific rules and guidelines for Claude.
+
+## Directory Structure
+
+```
+.claude/
+├── README.md                    # This file
+└── rules/
+    ├── global/                  # Cross-cutting rules (always active)
+    │   └── core.md              # Safe editing, TypeScript, git, env, testing
+    ├── client/                  # Next.js App Router rules
+    │   ├── core.md              # Index — which file to read for what
+    │   ├── 01-project-structure.md
+    │   ├── 02-components-and-types.md
+    │   ├── 03-data-and-state.md
+    │   ├── 04-design-system.md
+    │   ├── 05-security.md
+    │   └── 06-ux-checklist.md
+    └── server/                  # Fastify backend rules
+        ├── core.md              # Index — which file to read for what
+        ├── project-conventions.md
+        ├── response-handling.md
+        └── database.md
+```
+
+## For Claude
+
+- This directory is the source of truth for project rules.
+- **Don't read every file upfront.** Start with the relevant `core.md` index and follow it to the file you need.
+- `global/core.md` always applies. `client/` and `server/` rules apply based on which directory you're working in.
+
+## Key Principles (TL;DR)
+
+### Global
+- TypeScript strict, no `any`, Zod validation, explicit return types
+- Small focused changes, extend don't rewrite, protect critical flows
+- Conventional commits, `.env` never committed, tests for non-trivial changes
+
+### Server
+- **Stack**: Node.js, Fastify, TypeScript, MySQL, Prisma, Redis
+- **Architecture**: Routes → Controllers → Services → Repositories → DB
+- **API**: All routes prefixed with `/api/v1`
+- **Responses**: `successResponse()` / `paginatedResponse()` — no custom shapes
+- **Errors**: Only `AppError` subclasses, global error handler formats everything
+
+### Client
+- **Stack**: Next.js App Router, React Query, Redux (auth only), shadcn/ui, Tailwind
+- **Architecture**: Server Components by default, `'use client'` only when needed
+- **State**: Server data → Server Components or React Query. Redux → auth only. URL → filters/pagination
+- **Design**: Semantic color tokens only, no hardcoded colors, neuro-minimalist aesthetic
+- **Components**: Max 250 lines, max 5 props, max 3 JSX nesting levels