create-velox-app 0.4.13 → 0.6.23

package/dist/templates/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/templates/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA0BH;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA2C;IACvE,MAAM,EAAE;QACN,IAAI,EAAE,QAAQ;QACd,KAAK,EAAE,QAAQ;QACf,IAAI,EAAE,sDAAsD;KAC7D;IACD,UAAU,EAAE;QACV,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,YAAY;QACnB,IAAI,EAAE,kDAAkD;QACxD,QAAQ,EAAE,IAAI;KACf;IACD,KAAK,EAAE;QACL,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,OAAO;QACd,IAAI,EAAE,6CAA6C;QACnD,QAAQ,EAAE,IAAI;KACf;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,OAAO,QAAQ,IAAI,iBAAiB,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAsB;IACxD,OAAO,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC;AAC/C,CAAC;AA8CD,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA2C;IACvE,OAAO,EAAE;QACP,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE,oCAAoC;QACjD,IAAI,EAAE,wCAAwC;KAC/C;IACD,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,0DAA0D;QACvE,IAAI,EAAE,0DAA0D;KACjE;IACD,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,aAAa;QACpB,WAAW,EAAE,oDAAoD;QACjE,IAAI,EAAE,oDAAoD;KAC3D;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,OAAO,QAAQ,IAAI,iBAAiB,CAAC;AACvC,CAAC"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/templates/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAgBH;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAiC;IAC5D,OAAO,EAAE,KAAK;IACd,SAAS,EAAE,KAAK;CACjB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,QAAgB;IACnD,IAAI,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACjC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,OAAO,QAAwB,CAAC;IAClC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAiBD;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA2C;IACvE,MAAM,EAAE;QACN,IAAI,EAAE,QAAQ;QACd,KAAK,EAAE,QAAQ;QACf,IAAI,EAAE,sDAAsD;KAC7D;IACD,UAAU,EAAE;QACV,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,YAAY;QACnB,IAAI,EAAE,kDAAkD;QACxD,QAAQ,EAAE,IAAI;KACf;IACD,KAAK,EAAE;QACL,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,OAAO;QACd,IAAI,EAAE,6CAA6C;QACnD,QAAQ,EAAE,IAAI;KACf;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,OAAO,QAAQ,IAAI,iBAAiB,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAsB;IACxD,OAAO,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC;AAC/C,CAAC;AA8CD,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA2C;IACvE,GAAG,EAAE;QACH,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,iDAAiD;QAC9D,IAAI,EAAE,2DAA2D;KAClE;IACD,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,YAAY;QACnB,WAAW,EAAE,yDAAyD;QACtE,IAAI,EAAE,0DAA0D;KACjE;IACD,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,YAAY;QACnB,WAAW,EAAE,gDAAgD;QAC7D,IAAI,EAAE,2DAA2D;KAClE;IACD,GAAG,EAAE;QACH,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,gBAAgB;QACvB,WAAW,EAAE,uDAAuD;QACpE,IAAI,EAAE,6DAA6D;KACpE;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,OAAO,QAAQ,IAAI,iBAAiB,CAAC;AACvC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-velox-app",
-  "version": "0.4.13",
+  "version": "0.6.23",
   "description": "Project scaffolder for VeloxTS framework",
   "type": "module",
   "main": "dist/index.js",
@@ -21,11 +21,11 @@
   ],
   "dependencies": {
     "@clack/prompts": "0.11.0",
-    "ora": "8.1.1",
+    "ora": "9.0.0",
     "picocolors": "1.1.1"
   },
   "devDependencies": {
-    "@types/node": "25.0.0",
+    "@types/node": "25.0.3",
     "typescript": "5.9.3"
   },
   "keywords": [

package/src/templates/source/api/config/auth.ts

@@ -9,7 +9,7 @@
 
 import type { AuthPluginOptions } from '@veloxts/velox';
 
-import { prisma } from './database.js';
+import { db } from './database.js';
 
 // ============================================================================
 // Environment Variable Validation
@@ -167,7 +167,7 @@ export function parseUserRoles(rolesJson: string | null): string[] {
 // ============================================================================
 
 async function userLoader(userId: string) {
-  const user = await prisma.user.findUnique({
+  const user = await db.user.findUnique({
     where: { id: userId },
   });
 

package/src/templates/source/api/config/database.ts

@@ -2,21 +2,55 @@
  * Database Client (Prisma 7.x)
  *
  * Prisma 7 requires:
- * - Generated client from custom output path
  * - Driver adapter for database connections
+ * - Uses standard @prisma/client import path
+ *
+ * Uses Laravel-style `db` export for consistency.
  */
 
-import { PrismaBetterSqlite3 } from '@prisma/adapter-better-sqlite3';
+// Runtime imports using createRequire for Node.js v24+ CJS interop
+import { createRequire } from 'node:module';
+
+// Type imports (erased at runtime, safe for ESM)
+import type { PrismaBetterSqlite3 as PrismaBetterSqlite3Type } from '@prisma/adapter-better-sqlite3';
+import type { PrismaClient as PrismaClientType } from '@prisma/client';
 
-import { PrismaClient } from '../generated/prisma/client.js';
+const require = createRequire(import.meta.url);
+const { PrismaBetterSqlite3 } = require('@prisma/adapter-better-sqlite3') as {
+  PrismaBetterSqlite3: typeof PrismaBetterSqlite3Type;
+};
+const { PrismaClient } = require('@prisma/client') as {
+  PrismaClient: typeof PrismaClientType;
+};
 
-// Validate DATABASE_URL is set
-if (!process.env.DATABASE_URL) {
-  throw new Error('DATABASE_URL environment variable is required');
+declare global {
+  // Allow global `var` declarations for hot reload in development
+  // eslint-disable-next-line no-var
+  var __db: PrismaClient | undefined;
 }
 
-// Create SQLite adapter with database URL from environment
-const adapter = new PrismaBetterSqlite3({ url: process.env.DATABASE_URL });
+/**
+ * Create a Prisma client instance using the SQLite adapter.
+ * Validates that DATABASE_URL is set before creating the client.
+ */
+function createPrismaClient(): PrismaClient {
+  const databaseUrl = process.env.DATABASE_URL;
+
+  if (!databaseUrl) {
+    throw new Error(
+      '[VeloxTS] DATABASE_URL environment variable is not set. ' +
+        'Ensure .env file exists with DATABASE_URL defined.'
+    );
+  }
 
-// Export configured Prisma client
-export const prisma = new PrismaClient({ adapter });
+  // Prisma 7 requires driver adapters for direct connections
+  const adapter = new PrismaBetterSqlite3({ url: databaseUrl });
+  return new PrismaClient({ adapter });
+}
+
+// Use global singleton for hot reload in development
+export const db = globalThis.__db ?? createPrismaClient();
+
+if (process.env.NODE_ENV !== 'production') {
+  globalThis.__db = db;
+}

package/src/templates/source/api/index.auth.ts

@@ -4,24 +4,18 @@
 
 import 'dotenv/config';
 
-import { authPlugin, databasePlugin, extractRoutes, rest, veloxApp } from '@veloxts/velox';
+import { authPlugin, databasePlugin, rest, veloxApp } from '@veloxts/velox';
 
 import { config } from './config/app.js';
 import { authConfig } from './config/auth.js';
-import { prisma } from './config/database.js';
-import { authProcedures } from './procedures/auth.js';
-import { healthProcedures } from './procedures/health.js';
-import { userProcedures } from './procedures/users.js';
+import { db } from './config/database.js';
+// Import router definition (type-only safe for frontend imports)
+import { collections } from './router.js';
 
-// Procedure collections for routing
-const collections = [healthProcedures, authProcedures, userProcedures];
-
-// Router type for frontend type safety
-const router = { auth: authProcedures, health: healthProcedures, users: userProcedures };
-export type AppRouter = typeof router;
-
-// Route mappings for frontend client - imported directly, no manual duplication needed
-export const routes = extractRoutes(collections);
+// Re-export AppRouter and routes for backward compatibility
+// Frontend should import from ./router.js directly for type safety
+export type { AppRouter } from './router.js';
+export { routes } from './router.js';
 
 const app = await veloxApp({
   port: config.port,
@@ -29,7 +23,7 @@ const app = await veloxApp({
   logger: config.logger,
 });
 
-await app.register(databasePlugin({ client: prisma }));
+await app.register(databasePlugin({ client: db }));
 await app.register(authPlugin(authConfig));
 
 app.routes(
@@ -54,7 +48,7 @@ const shutdown = async () => {
   isShuttingDown = true;
 
   try {
-    await prisma.$disconnect();
+    await db.$disconnect();
   } catch {
     // Ignore disconnect errors during shutdown
   }

package/src/templates/source/api/index.default.ts

@@ -7,13 +7,14 @@ import 'dotenv/config';
 import { databasePlugin, rest, veloxApp } from '@veloxts/velox';
 
 import { config } from './config/app.js';
-import { prisma } from './config/database.js';
-import { healthProcedures } from './procedures/health.js';
-import { userProcedures } from './procedures/users.js';
+import { db } from './config/database.js';
+// Import router definition (type-only safe for frontend imports)
+import { collections } from './router.js';
 
-// Router type for frontend type safety
-const router = { health: healthProcedures, users: userProcedures };
-export type AppRouter = typeof router;
+// Re-export AppRouter and routes for backward compatibility
+// Frontend should import from ./router.js directly for type safety
+export type { AppRouter } from './router.js';
+export { routes } from './router.js';
 
 const app = await veloxApp({
   port: config.port,
@@ -21,10 +22,10 @@ const app = await veloxApp({
   logger: config.logger,
 });
 
-await app.register(databasePlugin({ client: prisma }));
+await app.register(databasePlugin({ client: db }));
 
 app.routes(
-  rest([healthProcedures, userProcedures], {
+  rest(collections, {
     prefix: config.apiPrefix,
   })
 );
@@ -45,7 +46,7 @@ const shutdown = async () => {
   isShuttingDown = true;
 
   try {
-    await prisma.$disconnect();
+    await db.$disconnect();
   } catch {
     // Ignore disconnect errors during shutdown
   }

package/src/templates/source/api/index.trpc.ts

@@ -13,32 +13,13 @@ import 'dotenv/config';
 import { databasePlugin, serve, veloxApp } from '@veloxts/velox';
 
 import { config } from './config/app.js';
-import { prisma } from './config/database.js';
-import { healthProcedures } from './procedures/health.js';
-import { userProcedures } from './procedures/users.js';
+import { db } from './config/database.js';
+// Import router definition (type-only safe for frontend imports)
+import { collections } from './router.js';
 
-// ============================================================================
-// Type Exports for Frontend
-// ============================================================================
-
-/**
- * AppRouter type for frontend type safety
- *
- * Constructed from procedure collections to preserve full type information.
- * This enables type-safe API calls with full autocomplete.
- *
- * @example
- * ```typescript
- * import type { AppRouter } from '../../api/src';
- * import { createVeloxHooks } from '@veloxts/client/react';
- *
- * export const api = createVeloxHooks<AppRouter>();
- * ```
- */
-export type AppRouter = {
-  health: typeof healthProcedures;
-  users: typeof userProcedures;
-};
+// Re-export AppRouter for backward compatibility
+// Frontend should import from ./router.js directly for type safety
+export type { AppRouter } from './router.js';
 
 // ============================================================================
 // Application Bootstrap
@@ -50,7 +31,7 @@ const app = await veloxApp({
   logger: config.logger,
 });
 
-await app.register(databasePlugin({ client: prisma }));
+await app.register(databasePlugin({ client: db }));
 
 // ============================================================================
 // API Registration
@@ -62,7 +43,7 @@ await app.register(databasePlugin({ client: prisma }));
  * - REST: /api/users, /api/health
  * - tRPC: /trpc/users.getUser, /trpc/health.getHealth
  */
-await serve(app, [healthProcedures, userProcedures], {
+await serve(app, collections, {
   api: config.apiPrefix,
   rpc: '/trpc',
 });
@@ -83,7 +64,7 @@ const shutdown = async () => {
   isShuttingDown = true;
 
   try {
-    await prisma.$disconnect();
+    await db.$disconnect();
   } catch {
     // Ignore disconnect errors during shutdown
   }

package/src/templates/source/api/package.auth.json

@@ -17,21 +17,22 @@
     "postinstall": "prisma generate"
   },
   "dependencies": {
-    "@prisma/adapter-better-sqlite3": "7.1.0",
-    "@prisma/client": "7.1.0",
+    "@prisma/adapter-better-sqlite3": "7.2.0",
+    "@prisma/client": "7.2.0",
+    "@prisma/client-runtime-utils": "7.2.0",
     "@veloxts/velox": "__VELOXTS_VERSION__",
-    "bcrypt": "5.1.1",
+    "bcrypt": "6.0.0",
     "better-sqlite3": "12.5.0",
     "dotenv": "17.2.3",
     "file-uri-to-path": "2.0.0",
-    "zod": "3.24.4"
+    "zod": "3.25.76"
   },
   "devDependencies": {
-    "@types/bcrypt": "5.0.2",
+    "@types/bcrypt": "6.0.0",
     "@types/node": "25.0.2",
     "@veloxts/cli": "__VELOXTS_VERSION__",
     "hot-hook": "0.4.0",
-    "prisma": "7.1.0",
+    "prisma": "7.2.0",
     "tsup": "8.5.1",
     "tsx": "4.21.0",
     "typescript": "5.9.3"

package/src/templates/source/api/package.default.json

@@ -17,19 +17,20 @@
     "postinstall": "prisma generate"
   },
   "dependencies": {
-    "@prisma/adapter-better-sqlite3": "7.1.0",
-    "@prisma/client": "7.1.0",
+    "@prisma/adapter-better-sqlite3": "7.2.0",
+    "@prisma/client": "7.2.0",
+    "@prisma/client-runtime-utils": "7.2.0",
     "@veloxts/velox": "__VELOXTS_VERSION__",
     "better-sqlite3": "12.5.0",
     "dotenv": "17.2.3",
     "file-uri-to-path": "2.0.0",
-    "zod": "3.24.4"
+    "zod": "3.25.76"
   },
   "devDependencies": {
     "@types/node": "25.0.2",
     "@veloxts/cli": "__VELOXTS_VERSION__",
     "hot-hook": "0.4.0",
-    "prisma": "7.1.0",
+    "prisma": "7.2.0",
     "tsup": "8.5.1",
     "tsx": "4.21.0",
     "typescript": "5.9.3"

package/src/templates/source/api/prisma/schema.auth.prisma

@@ -4,8 +4,9 @@
 // Using SQLite for simplicity - easily swap to PostgreSQL for production.
 
 generator client {
-  provider = "prisma-client"
-  output   = "../src/generated/prisma"
+  provider = "prisma-client-js"
+  // Generate to root node_modules for workspace compatibility
+  output   = "../../../node_modules/.prisma/client"
 }
 
 datasource db {

package/src/templates/source/api/prisma/schema.default.prisma

@@ -4,8 +4,9 @@
 // Using SQLite for simplicity - easily swap to PostgreSQL for production.
 
 generator client {
-  provider = "prisma-client"
-  output   = "../src/generated/prisma"
+  provider = "prisma-client-js"
+  // Generate to root node_modules for workspace compatibility
+  output   = "../../../node_modules/.prisma/client"
 }
 
 datasource db {

package/src/templates/source/api/prisma.config.ts

@@ -8,9 +8,15 @@ import 'dotenv/config';
 
 import { defineConfig } from 'prisma/config';
 
+const databaseUrl = process.env.DATABASE_URL;
+
+if (!databaseUrl) {
+  throw new Error('DATABASE_URL environment variable is required');
+}
+
 export default defineConfig({
   schema: './prisma/schema.prisma',
   datasource: {
-    url: process.env.DATABASE_URL!,
+    url: databaseUrl,
   },
 });

package/src/templates/source/api/procedures/auth.ts

@@ -20,11 +20,17 @@ import {
   jwtManager,
   procedure,
   verifyPassword,
-  z,
 } from '@veloxts/velox';
 
-import { authConfig, parseUserRoles, tokenStore } from '../config/auth.js';
-import { prisma } from '../config/database.js';
+import {
+  LoginInput,
+  LogoutResponse,
+  RefreshInput,
+  RegisterInput,
+  TokenResponse,
+  UserResponse,
+} from '../schemas/auth.js';
+import { getJwtSecrets, parseUserRoles, tokenStore } from '../utils/auth.js';
 
 // ============================================================================
 // Rate Limiter
@@ -50,7 +56,7 @@ const rateLimiter = createAuthRateLimiter({
 });
 
 // ============================================================================
-// Password Blacklist
+// Password Blacklist (runtime-only, not in type chain)
 // ============================================================================
 
 const COMMON_PASSWORDS = new Set([
@@ -64,66 +70,32 @@ const COMMON_PASSWORDS = new Set([
   'admin123',
 ]);
 
-// ============================================================================
-// Schemas
-// ============================================================================
-
-const PasswordSchema = z
-  .string()
-  .min(12, 'Password must be at least 12 characters')
-  .max(128, 'Password must not exceed 128 characters')
-  .refine((pwd) => /[a-z]/.test(pwd), 'Password must contain at least one lowercase letter')
-  .refine((pwd) => /[A-Z]/.test(pwd), 'Password must contain at least one uppercase letter')
-  .refine((pwd) => /[0-9]/.test(pwd), 'Password must contain at least one number')
-  .refine(
-    (pwd) => !COMMON_PASSWORDS.has(pwd.toLowerCase()),
-    'Password is too common. Please choose a stronger password.'
-  );
-
-const EmailSchema = z
-  .string()
-  .email('Invalid email address')
-  .transform((email) => email.toLowerCase().trim());
-
-const RegisterInput = z.object({
-  name: z.string().min(2).max(100).trim(),
-  email: EmailSchema,
-  password: PasswordSchema,
-});
-
-const LoginInput = z.object({
-  email: EmailSchema,
-  password: z.string().min(1),
-});
-
-const RefreshInput = z.object({
-  refreshToken: z.string(),
-});
-
-const TokenResponse = z.object({
-  accessToken: z.string(),
-  refreshToken: z.string(),
-  expiresIn: z.number(),
-  tokenType: z.literal('Bearer'),
-});
-
-const UserResponse = z.object({
-  id: z.string(),
-  name: z.string(),
-  email: z.string(),
-  roles: z.array(z.string()),
-});
-
-const LogoutResponse = z.object({
-  success: z.boolean(),
-  message: z.string(),
+// Enhanced password validation with common password check
+const EnhancedRegisterInput = RegisterInput.extend({
+  password: RegisterInput.shape.password
+    .refine((pwd) => /[a-z]/.test(pwd), 'Password must contain at least one lowercase letter')
+    .refine((pwd) => /[A-Z]/.test(pwd), 'Password must contain at least one uppercase letter')
+    .refine((pwd) => /[0-9]/.test(pwd), 'Password must contain at least one number')
+    .refine(
+      (pwd) => !COMMON_PASSWORDS.has(pwd.toLowerCase()),
+      'Password is too common. Please choose a stronger password.'
+    ),
 });
 
 // ============================================================================
 // JWT Manager
 // ============================================================================
 
-const jwt = jwtManager(authConfig.jwt);
+const { jwtSecret, refreshSecret } = getJwtSecrets();
+
+const jwt = jwtManager({
+  secret: jwtSecret,
+  refreshSecret: refreshSecret,
+  accessTokenExpiry: '15m',
+  refreshTokenExpiry: '7d',
+  issuer: 'velox-app',
+  audience: 'velox-app-client',
+});
 
 // Dummy hash for timing attack prevention
 const DUMMY_HASH = '$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/X4.uy7dPSSXB5G6Uy';
@@ -136,12 +108,12 @@ export const authProcedures = defineProcedures('auth', {
   createAccount: procedure()
     .rest({ method: 'POST', path: '/auth/register' })
     .use(rateLimiter.register())
-    .input(RegisterInput)
+    .input(EnhancedRegisterInput)
     .output(TokenResponse)
-    .mutation(async ({ input }) => {
+    .mutation(async ({ input, ctx }) => {
       const normalizedEmail = input.email.toLowerCase().trim();
 
-      const existing = await prisma.user.findUnique({
+      const existing = await ctx.db.user.findUnique({
         where: { email: normalizedEmail },
       });
 
@@ -155,7 +127,7 @@ export const authProcedures = defineProcedures('auth', {
 
       const hashedPassword = await hashPassword(input.password);
 
-      const user = await prisma.user.create({
+      const user = await ctx.db.user.create({
         data: {
           name: input.name.trim(),
           email: normalizedEmail,
@@ -181,10 +153,10 @@ export const authProcedures = defineProcedures('auth', {
     )
     .input(LoginInput)
     .output(TokenResponse)
-    .mutation(async ({ input }) => {
+    .mutation(async ({ input, ctx }) => {
       const normalizedEmail = input.email.toLowerCase().trim();
 
-      const user = await prisma.user.findUnique({
+      const user = await ctx.db.user.findUnique({
         where: { email: normalizedEmail },
       });
 
@@ -209,7 +181,7 @@ export const authProcedures = defineProcedures('auth', {
     .use(rateLimiter.refresh())
     .input(RefreshInput)
     .output(TokenResponse)
-    .mutation(async ({ input }) => {
+    .mutation(async ({ input, ctx }) => {
       try {
         const payload = jwt.verifyToken(input.refreshToken);
 
@@ -234,7 +206,7 @@ export const authProcedures = defineProcedures('auth', {
           tokenStore.markRefreshTokenUsed(payload.jti, payload.sub);
         }
 
-        const user = await prisma.user.findUnique({
+        const user = await ctx.db.user.findUnique({
           where: { id: payload.sub },
         });
 

package/src/templates/source/api/procedures/health.ts

@@ -2,19 +2,14 @@
  * Health Check Procedures
  */
 
-import { defineProcedures, procedure, VELOX_VERSION, z } from '@veloxts/velox';
+import { defineProcedures, procedure, VELOX_VERSION } from '@veloxts/velox';
+
+import { HealthResponse } from '../schemas/health.js';
 
 export const healthProcedures = defineProcedures('health', {
   getHealth: procedure()
     .rest({ method: 'GET', path: '/health' })
-    .output(
-      z.object({
-        status: z.literal('ok'),
-        version: z.string(),
-        timestamp: z.string().datetime(),
-        uptime: z.number(),
-      })
-    )
+    .output(HealthResponse)
     .query(async () => ({
       status: 'ok' as const,
       version: VELOX_VERSION,

package/src/templates/source/api/procedures/users.auth.ts

@@ -20,7 +20,12 @@ import {
   z,
 } from '@veloxts/velox';
 
-import { CreateUserInput, UpdateUserInput, UserSchema } from '../schemas/user.js';
+import {
+  CreateUserInput,
+  ListUsersResponse,
+  UpdateUserInput,
+  UserSchema,
+} from '../schemas/user.js';
 
 // ============================================================================
 // User Procedures
@@ -41,16 +46,7 @@ export const userProcedures = defineProcedures('users', {
 
   listUsers: procedure()
     .input(paginationInputSchema.optional())
-    .output(
-      z.object({
-        data: z.array(UserSchema),
-        meta: z.object({
-          page: z.number(),
-          limit: z.number(),
-          total: z.number(),
-        }),
-      })
-    )
+    .output(ListUsersResponse)
     .query(async ({ input, ctx }) => {
       const page = input?.page ?? 1;
       const limit = input?.limit ?? 10;

package/src/templates/source/api/procedures/users.default.ts

@@ -15,7 +15,12 @@ import {
   z,
 } from '@veloxts/velox';
 
-import { CreateUserInput, UpdateUserInput, UserSchema } from '../schemas/user.js';
+import {
+  CreateUserInput,
+  ListUsersResponse,
+  UpdateUserInput,
+  UserSchema,
+} from '../schemas/user.js';
 
 export const userProcedures = defineProcedures('users', {
   getUser: procedure()
@@ -32,16 +37,7 @@ export const userProcedures = defineProcedures('users', {
 
   listUsers: procedure()
     .input(paginationInputSchema.optional())
-    .output(
-      z.object({
-        data: z.array(UserSchema),
-        meta: z.object({
-          page: z.number(),
-          limit: z.number(),
-          total: z.number(),
-        }),
-      })
-    )
+    .output(ListUsersResponse)
     .query(async ({ input, ctx }) => {
       const page = input?.page ?? 1;
       const limit = input?.limit ?? 10;