millas 0.2.12-beta-1 → 0.2.13

package/src/commands/migrate.js

@@ -9,40 +9,81 @@ module.exports = function (program) {
   // ── makemigrations ──────────────────────────────────────────────────────────
   program
     .command('makemigrations')
-    .description('Scan model files, detect schema changes, generate migration files')
-    .action(async () => {
+    .description('Detect model changes and generate migration files (never touches DB)')
+    .option('--dry-run',  'Show what would be generated without writing files')
+    .option('--noinput',  'Non-interactive mode — fails if dangerous fields need resolution')
+    .action(async (options) => {
       try {
-        const ctx            = getProjectContext();
-        const ModelInspector = require('../orm/migration/ModelInspector');
-        const inspector      = new ModelInspector(
-          ctx.modelsPath,
-          ctx.migrationsPath,
-          ctx.snapshotPath,
-        );
-        const result = await inspector.makeMigrations();
+        const ctx  = getProjectContext();
+        const Mk   = require('../orm/migration/Makemigrations');
+        const mk   = new Mk(ctx.modelsPath, ctx.appMigPath, ctx.systemMigPath, {
+          nonInteractive: options.noinput || false,
+        });
+        const result = await mk.run({ dryRun: options.dryRun });
 
         if (result.files.length === 0) {
-          console.log(chalk.yellow(`\n  ${result.message}\n`));
+          console.log(chalk.yellow(`\n  No changes detected.\n`));
         } else {
-          console.log(chalk.green(`\n  ✔  ${result.message}`));
-          result.files.forEach(f => console.log(chalk.cyan(`     + ${f}`)));
-          console.log(chalk.gray('\n  Run: millas migrate   to apply these migrations.\n'));
+          if (options.dryRun) {
+            console.log(chalk.cyan('\n  Would generate:'));
+          } else {
+            console.log(chalk.green('\n  Migrations generated:'));
+          }
+          result.files.forEach(f => console.log(chalk.cyan(`    + ${f}`)));
+          result.ops.forEach(op => {
+            // Match Django's +/-/~ prefix style exactly
+            let prefix, label;
+            switch (op.type) {
+              case 'CreateModel':
+                prefix = chalk.green('+'); label = `Create model ${op.table}`; break;
+              case 'DeleteModel':
+                prefix = chalk.red('-');   label = `Delete model ${op.table}`; break;
+              case 'AddField':
+                prefix = chalk.green('+'); label = `Add field ${op.column} to ${op.table}`; break;
+              case 'RemoveField':
+                prefix = chalk.red('-');   label = `Remove field ${op.column} from ${op.table}`; break;
+              case 'AlterField':
+                prefix = chalk.yellow('~'); label = `Alter field ${op.column} on ${op.table}`; break;
+              case 'RenameField':
+                prefix = chalk.yellow('~'); label = `Rename field ${op.oldColumn} on ${op.table} to ${op.newColumn}`; break;
+              case 'RenameModel':
+                prefix = chalk.yellow('~'); label = `Rename model ${op.oldTable} to ${op.newTable}`; break;
+              default:
+                prefix = chalk.gray(' ');   label = op.type;
+            }
+            console.log(chalk.gray(`      ${prefix} ${label}`));
+          });
+          if (!options.dryRun) {
+            console.log(chalk.gray('\n  Run: millas migrate   to apply.\n'));
+          } else {
+            console.log();
+          }
         }
       } catch (err) {
         bail('makemigrations', err);
       }
-      // makemigrations doesn't open a DB connection so no closeDb() needed
     });
 
   // ── migrate ─────────────────────────────────────────────────────────────────
   program
     .command('migrate')
-    .description('Run all pending migrations')
-    .action(async () => {
+    .description('Apply pending migrations in dependency order (never generates migrations)')
+    .option('--fake <name>', 'Mark a migration as applied without running it')
+    .action(async (options) => {
       try {
         const runner = await getRunner();
+
+        if (options.fake) {
+          const [source, name] = options.fake.includes(':')
+            ? options.fake.split(':')
+            : ['app', options.fake];
+          const result = await runner.fake(source, name);
+          console.log(chalk.green(`\n  Marked "${result.key}" as applied (fake).\n`));
+          return;
+        }
+
         const result = await runner.migrate();
-        printMigrationResult(result, 'Ran');
+        printResult(result.ran, 'Applying');
       } catch (err) {
         bail('migrate', err);
       } finally {
@@ -50,18 +91,69 @@ module.exports = function (program) {
       }
     });
 
-  // ── migrate:fresh ────────────────────────────────────────────────────────────
+  // ── migrate:plan ─────────────────────────────────────────────────────────────
   program
-    .command('migrate:fresh')
-    .description('Drop ALL tables then re-run every migration from scratch')
+    .command('migrate:plan')
+    .description('Preview which migrations would run without applying them')
+    .action(async () => {
+      try {
+        const runner  = await getRunner();
+        const pending = await runner.plan();
+
+        if (pending.length === 0) {
+          console.log(chalk.yellow('\n  Nothing to migrate.\n'));
+          return;
+        }
+
+        console.log(chalk.cyan('\n  Migration plan:\n'));
+        pending.forEach(p => {
+          const color = p.source === 'system' ? chalk.gray : chalk.cyan;
+          console.log(color(`    ${p.key}`));
+        });
+        console.log();
+      } catch (err) {
+        bail('migrate:plan', err);
+      } finally {
+        await closeDb();
+      }
+    });
+
+  // ── migrate:status ───────────────────────────────────────────────────────────
+  program
+    .command('migrate:status')
+    .description('Show the status of all migrations')
     .action(async () => {
       try {
-        console.log(chalk.yellow('\n  ⚠  Dropping all tables…\n'));
         const runner = await getRunner();
-        const result = await runner.fresh();
-        printMigrationResult(result, 'Ran');
+        const rows   = await runner.status();
+
+        if (rows.length === 0) {
+          console.log(chalk.yellow('\n  No migrations found.\n'));
+          return;
+        }
+
+        const colW = Math.max(...rows.map(r => r.key.length)) + 2;
+        console.log(`\n  ${'Migration'.padEnd(colW)}  ${'Status'.padEnd(10)}  Batch`);
+        console.log(chalk.gray('  ' + '─'.repeat(colW + 20)));
+
+        let lastSource = null;
+        for (const row of rows) {
+          if (row.source !== lastSource) {
+            if (lastSource !== null) console.log();
+            lastSource = row.source;
+          }
+          const status = row.status === 'Applied'
+            ? chalk.green(row.status.padEnd(10))
+            : chalk.yellow(row.status.padEnd(10));
+          const batch = row.batch ? chalk.gray(String(row.batch)) : chalk.gray('—');
+          const label = row.source === 'system'
+            ? chalk.gray(row.key.padEnd(colW))
+            : chalk.cyan(row.key.padEnd(colW));
+          console.log(`  ${label}  ${status}  ${batch}`);
+        }
+        console.log();
       } catch (err) {
-        bail('migrate:fresh', err);
+        bail('migrate:status', err);
       } finally {
         await closeDb();
       }
@@ -76,7 +168,7 @@ module.exports = function (program) {
       try {
         const runner = await getRunner();
         const result = await runner.rollback(Number(options.steps));
-        printMigrationResult(result, 'Rolled back');
+        printResult(result.rolledBack, 'Reverting');
       } catch (err) {
         bail('migrate:rollback', err);
       } finally {
@@ -84,66 +176,50 @@ module.exports = function (program) {
       }
     });
 
-  // ── migrate:reset ────────────────────────────────────────────────────────────
+  // ── migrate:fresh ────────────────────────────────────────────────────────────
   program
-    .command('migrate:reset')
-    .description('Rollback ALL migrations')
+    .command('migrate:fresh')
+    .description('Drop all tables and re-run every migration from scratch')
     .action(async () => {
       try {
+        console.log(chalk.yellow('\n  ⚠  Dropping all tables…\n'));
         const runner = await getRunner();
-        const result = await runner.reset();
-        printMigrationResult(result, 'Rolled back');
+        const result = await runner.fresh();
+        printResult(result.ran, 'Applying');
       } catch (err) {
-        bail('migrate:reset', err);
+        bail('migrate:fresh', err);
       } finally {
         await closeDb();
       }
     });
 
-  // ── migrate:refresh ──────────────────────────────────────────────────────────
+  // ── migrate:reset ────────────────────────────────────────────────────────────
   program
-    .command('migrate:refresh')
-    .description('Rollback all then re-run all migrations')
+    .command('migrate:reset')
+    .description('Rollback ALL migrations')
     .action(async () => {
       try {
         const runner = await getRunner();
-        const result = await runner.refresh();
-        printMigrationResult(result, 'Ran');
+        const result = await runner.reset();
+        printResult(result.rolledBack, 'Reverting');
       } catch (err) {
-        bail('migrate:refresh', err);
+        bail('migrate:reset', err);
       } finally {
         await closeDb();
       }
     });
 
-  // ── migrate:status ───────────────────────────────────────────────────────────
+  // ── migrate:refresh ──────────────────────────────────────────────────────────
   program
-    .command('migrate:status')
-    .description('Show the status of all migration files')
+    .command('migrate:refresh')
+    .description('Rollback all then re-run all migrations')
     .action(async () => {
       try {
         const runner = await getRunner();
-        const rows   = await runner.status();
-
-        if (rows.length === 0) {
-          console.log(chalk.yellow('\n  No migration files found.\n'));
-          return;
-        }
-
-        const colW = Math.max(...rows.map(r => r.name.length)) + 2;
-        console.log(`\n  ${'Migration'.padEnd(colW)}  ${'Status'.padEnd(10)}  Batch`);
-        console.log(chalk.gray('  ' + '─'.repeat(colW + 20)));
-
-        for (const row of rows) {
-          const status = row.status === 'Ran'
-            ? chalk.green(row.status.padEnd(10))
-            : chalk.yellow(row.status.padEnd(10));
-          const batch = row.batch ? chalk.gray(String(row.batch)) : chalk.gray('—');
-          console.log(`  ${chalk.cyan(row.name.padEnd(colW))}  ${status}  ${batch}`);
-        }
-        console.log();
+        const result = await runner.refresh();
+        printResult(result.ran, 'Applying');
       } catch (err) {
-        bail('migrate:status', err);
+        bail('migrate:refresh', err);
       } finally {
         await closeDb();
       }
@@ -193,10 +269,10 @@ module.exports = function (program) {
 function getProjectContext() {
   const cwd = process.cwd();
   return {
-    migrationsPath: path.join(cwd, 'database/migrations'),
-    seedersPath:    path.join(cwd, 'database/seeders'),
-    modelsPath:     path.join(cwd, 'app/models'),
-    snapshotPath:   path.join(cwd, '.millas/schema.json'),
+    appMigPath:    path.join(cwd, 'database/migrations'),
+    systemMigPath: path.join(__dirname, '../migrations/system'),
+    seedersPath:   path.join(cwd, 'database/seeders'),
+    modelsPath:    path.join(cwd, 'app/models'),
   };
 }
 
@@ -215,31 +291,28 @@ async function getRunner() {
   const MigrationRunner = require('../orm/migration/MigrationRunner');
   const ctx = getProjectContext();
   const db  = await getDbConnection();
-  return new MigrationRunner(db, ctx.migrationsPath);
+  return new MigrationRunner(db, ctx.appMigPath, ctx.systemMigPath);
 }
 
-/**
- * Destroy all open knex connection pools so the CLI process exits cleanly.
- * Without this, knex keeps the event loop alive indefinitely after the
- * command finishes, causing the terminal to appear to hang.
- */
 async function closeDb() {
   try {
     const DatabaseManager = require('../orm/drivers/DatabaseManager');
     await DatabaseManager.closeAll();
-  } catch { /* already closed or never opened — safe to ignore */ }
+  } catch {}
 }
 
-function printMigrationResult(result, verb) {
-  const list = result.ran || result.rolledBack || [];
-  if (list.length === 0) {
-    console.log(chalk.yellow(`\n  ${result.message}\n`));
+function printResult(list, verb) {
+  if (!list || list.length === 0) {
+    console.log(chalk.yellow('\n  Nothing to do.\n'));
     return;
   }
-  console.log(chalk.green(`\n  ✔  ${result.message}`));
-  list.forEach(f =>
-    console.log(chalk.cyan(`     ${verb === 'Ran' ? '+' : '-'} ${f}`))
-  );
+  console.log(chalk.green(`\n  Running migrations:`));
+  for (const entry of list) {
+    const label = typeof entry === 'object' ? entry.label || entry.key : entry;
+    const source = typeof entry === 'object' ? entry.source : null;
+    const color = source === 'system' ? chalk.gray : chalk.cyan;
+    console.log(color(`    ${verb} ${label}... OK`));
+  }
   console.log();
 }
 
@@ -247,4 +320,4 @@ function bail(cmd, err) {
   console.error(chalk.red(`\n  ✖  ${cmd} failed: ${err.message}\n`));
   if (process.env.DEBUG) console.error(err.stack);
   closeDb().finally(() => process.exit(1));
-}
+}

package/src/commands/serve.js

@@ -85,6 +85,7 @@ class HotReloader {
             env: {
                 ...extra,
                 MILLAS_CHILD: '1',
+                DEBUG: process.env.APP_DEBUG,
             },
             stdio: 'inherit',
         });
@@ -120,13 +121,11 @@ class HotReloader {
     }
 
     _restart(changedFile) {
-        const link = changedFile
-            ? `\x1b]8;;file://${changedFile}\x07${path.relative(process.cwd(), changedFile)}\x1b]8;;\x07`
-            : '';
+
         console.warn(
             chalk.yellow('↺') + '  ' +
             chalk.white('Reloading') +
-            (link ? chalk.blueBright('  ' + link) : '')
+            (changedFile ? chalk.blueBright('  ' + changedFile) : '')
         );
 
         this._restarts++;

package/src/container/AppInitializer.js

@@ -23,12 +23,15 @@ const HttpServer = require('./HttpServer');
  *   bootstrap/app.js  →  MillasInstance  →  AppInitialiser.boot()
  *                                              ├─ builds ExpressAdapter
  *                                              ├─ builds Application
- *                                              ├─ registers providers
+ *                                              ├─ registers core providers
+ *                                              │    Log → Database → Auth → Admin
+ *                                              │    → Cache → Mail → Queue → Events
+ *                                              ├─ registers app providers
  *                                              ├─ registers routes
  *                                              ├─ registers middleware aliases
- *                                              ├─ boots providers
+ *                                              ├─ boots all providers
  *                                              ├─ mounts routes
- *                                              ├─ mounts admin (if configured)
+ *                                              ├─ mounts admin panel
  *                                              ├─ mounts fallbacks
  *                                              └─ starts HttpServer
  */
@@ -46,52 +49,82 @@ class AppInitializer {
      * Boot the full application and start the HTTP server.
      * Returns a Promise that resolves once the server is listening.
      */
+    /**
+     * Boot the full application and start the HTTP server.
+     * Called by millas serve — no changes to the developer API.
+     */
     async boot() {
+        await this.bootKernel();
+        await this._serve();
+    }
+
+    /**
+     * Boot the application kernel only — DI container, providers, DB, auth,
+     * cache, mail, queue. No HTTP server, no routes, no listen().
+     *
+     * Used internally by CLI commands (millas migrate, millas createsuperuser, etc.)
+     * via MILLAS_CLI_BOOT=1 environment variable. Developers never call this directly.
+     *
+     * @returns {Application} the booted kernel
+     */
+    async bootKernel() {
         const cfg = this._config;
 
-        // ── Build the HTTP adapter ───────────────────────────────────────────────
         const ExpressAdapter = require('../http/adapters/ExpressAdapter');
         const expressApp = express();
         this._adapter = new ExpressAdapter(expressApp);
         this._adapter.applyBodyParsers();
 
-        // Raw adapter middleware (helmet, compression, etc.)
+        // ── Security — applied before any routes or developer middleware ──────
+        // Reads config/app.js for overrides. All protections are on by default:
+        // security headers, CSRF, rate limiting, cookie defaults, allowed hosts.
+        const SecurityBootstrap = require('../http/SecurityBootstrap');
+        const basePath          = cfg.basePath || process.cwd();
+        const appConfig         = SecurityBootstrap.loadConfig(basePath + '/config/app');
+        SecurityBootstrap.apply(this._adapter.nativeApp || expressApp, appConfig);
+        // ─────────────────────────────────────────────────────────────────────
+
         for (const mw of (cfg.adapterMiddleware || [])) {
             this._adapter.applyMiddleware(mw);
         }
 
-        // ── Build the Application kernel ─────────────────────────────────────────
         this._kernel = new Application(this._adapter);
 
-        // Core providers (auto-enabled unless disabled in config)
+        this._kernel._container.instance('basePath', basePath);
+
         const coreProviders = this._buildCoreProviders(cfg);
         this._kernel.providers([...coreProviders, ...cfg.providers]);
 
-        // Named middleware aliases
         for (const {alias, handler} of (cfg.middleware || [])) {
             this._kernel.middleware(alias, handler);
         }
 
-        // Route definitions
         if (cfg.routes) {
             this._kernel.routes(cfg.routes);
         }
 
-        // ── Boot providers ───────────────────────────────────────────────────────
         await this._kernel.boot();
 
-        // ── Mount routes ─────────────────────────────────────────────────────────
+        return this._kernel;
+    }
+
+    /**
+     * Mount routes and start the HTTP server.
+     * Internal — called only by boot(). CLI commands stop after bootKernel().
+     */
+    async _serve() {
+        const cfg = this._config;
+
         if (!process.env.MILLAS_ROUTE_LIST) {
             this._kernel.mountRoutes();
 
-            // Admin panel — mounted between routes and fallbacks
             if (cfg.admin !== null) {
                 try {
                     const Admin = require('../admin/Admin');
                     if (cfg.admin && Object.keys(cfg.admin).length) {
                         Admin.configure(cfg.admin);
                     }
-                    Admin.mount(expressApp);
+                    Admin.mount(this._adapter.nativeApp);
                 } catch (err) {
                     process.stderr.write(`[millas] Admin mount failed: ${err.message}\n`);
                 }
@@ -99,9 +132,8 @@ class AppInitializer {
 
             this._kernel.mountFallbacks();
 
-            // ── Start the HTTP server ──────────────────────────────────────────────
             const server = new HttpServer(this._kernel, {
-                onStart: cfg.onStart || undefined,
+                onStart:    cfg.onStart    || undefined,
                 onShutdown: cfg.onShutdown || undefined,
             });
 
@@ -114,22 +146,39 @@ class AppInitializer {
     _buildCoreProviders(cfg) {
         const providers = [];
         const load = (p) => {
-            try {
-                return require(p);
-            } catch {
-                return null;
-            }
+            try { return require(p); } catch { return null; }
         };
 
+        // ── 1. Logging ───────────────────────────────────────────────────────
         if (cfg.logging !== false) {
             const p = load('../providers/LogServiceProvider');
             if (p) providers.push(p);
         }
+
+        // ── 2. Database ──────────────────────────────────────────────────────
         if (cfg.database !== false) {
             const p = load('../providers/DatabaseServiceProvider');
             if (p) providers.push(p);
         }
 
+        // ── 3. Auth — always on unless explicitly disabled ───────────────────
+        // Mirrors Django: django.contrib.auth is in INSTALLED_APPS by default.
+        // Provides Auth.login/register, JWT middleware, the User model.
+        // Requires Database to be booted first.
+        if (cfg.auth !== false) {
+            const p = load('../providers/AuthServiceProvider');
+            if (p) providers.push(p);
+        }
+
+        // ── 4. Admin — on when .withAdmin() was called ───────────────────────
+        // Mirrors Django: django.contrib.admin is in INSTALLED_APPS by default.
+        // Requires Auth to be booted first (needs the resolved User model).
+        if (cfg.admin !== null && cfg.admin !== undefined) {
+            const p = load('../providers/AdminServiceProvider');
+            if (p) providers.push(p);
+        }
+
+        // ── 5. Cache + Storage ───────────────────────────────────────────────
         if (cfg.cache !== false || cfg.storage !== false) {
             const p = load('../providers/CacheStorageServiceProvider');
             if (p) {
@@ -138,21 +187,53 @@ class AppInitializer {
             }
         }
 
+        // ── 6. Mail ──────────────────────────────────────────────────────────
         if (cfg.mail !== false) {
             const p = load('../providers/MailServiceProvider');
             if (p) providers.push(p);
         }
+
+        // ── 7. Queue ─────────────────────────────────────────────────────────
         if (cfg.queue !== false) {
             const p = load('../providers/QueueServiceProvider');
             if (p) providers.push(p);
         }
+
+        // ── 8. Events ────────────────────────────────────────────────────────
         if (cfg.events !== false) {
             const p = load('../providers/EventServiceProvider');
             if (p) providers.push(p);
         }
 
+        // ── 9. i18n — opt-in via config/app.js use_i18n: true ───────────────
+        // Mirrors Django's USE_I18N = True in settings.py.
+        // Booted last so translations are available in all request handlers.
+        if (this._resolveI18nEnabled(cfg)) {
+            const p = load('../i18n/I18nServiceProvider');
+            if (p) providers.push(p);
+        }
+
         return providers;
     }
+
+    /**
+     * Resolve whether i18n should be enabled.
+     * Reads use_i18n from config/app.js — the single source of truth.
+     *
+     *   // config/app.js
+     *   module.exports = {
+     *     use_i18n: true,
+     *     locale:   'sw',
+     *     fallback: 'en',
+     *   };
+     */
+    _resolveI18nEnabled(cfg) {
+        try {
+            const basePath  = cfg.basePath || process.cwd();
+            const appConfig = require(basePath + '/config/app');
+            return appConfig.use_i18n === true;
+        } catch { return false; }
+    }
 }
 
 module.exports = AppInitializer;

package/src/container/Application.js

@@ -98,6 +98,22 @@ class Application {
         await this._providers.boot();
         this._booted = true;
 
+        // Wire cache, db, and storage into AI manager now that providers are booted
+        try {
+          const ai = this._container.make('ai');
+          if (ai) {
+            try { const cache = this._container.make('cache'); if (cache) ai.setCache(cache); } catch {}
+            try { const db    = this._container.make('db');    if (db)    ai.setDb(db);       } catch {}
+            try { const store = this._container.make('storage'); if (store) ai.setStorage(store); } catch {}
+            // Attach files and stores API as properties
+            try {
+              const { AIFilesAPI, AIStoresAPI } = require('../ai/files');
+              if (!ai.files)  Object.defineProperty(ai, 'files',  { get: () => new AIFilesAPI(ai),  configurable: true });
+              if (!ai.stores) Object.defineProperty(ai, 'stores', { get: () => new AIStoresAPI(ai), configurable: true });
+            } catch {}
+          }
+        } catch { /* ai not registered — skip */ }
+
         this._emitSync('platform.booted', {providers: this._providers.list()});
 
         return this;
@@ -287,9 +303,23 @@ class Application {
         });
         this._container.instance('url', urlGenerator);
 
+        const { HashManager } = require('../hashing/Hash');
+        const hashManager = new HashManager({ default: 'bcrypt', bcrypt: { rounds: 12 } });
+        this._container.instance('hash', hashManager);
+
+        const ProcessManager = require('../process/Process').ProcessManager;
+        this._container.instance('process', new ProcessManager());
+
+        const { AIManager } = require('../ai/AIManager');
+        const basePath = (() => { try { return this._container.make('basePath'); } catch { return process.cwd(); } })();
+        let aiConfig = { default: process.env.AI_PROVIDER || 'anthropic', providers: {} };
+        try { aiConfig = require(basePath + '/config/ai'); } catch { /* no config — use env vars */ }
+        const aiManager = new AIManager(aiConfig);
+        this._container.instance('ai', aiManager);
+
 
         this._mwRegistry.register('cors', new CorsMiddleware());
-        this._mwRegistry.register('throttle', new ThrottleMiddleware({max: 60, window: 60}));
+        this._mwRegistry.register('throttle', ThrottleMiddleware);
         this._mwRegistry.register('log', new LogMiddleware());
         this._mwRegistry.register('auth', AuthMiddleware);
     }

package/src/container/MillasApp.js

@@ -30,12 +30,19 @@ const MillasConfig = require('./MillasConfig');
 const Millas = {
   /**
    * Start building an application config.
-   * Returns a MillasConfig chain ending in .create().
+   * Equivalent to Millas.config().configure(basePath).
    *
+   * Usage (bootstrap/app.js):
+   *   module.exports = Millas.configure(__dirname)
+   *     .withAdmin()
+   *     .routes(Route => { ... })
+   *     .create();
+   *
+   * @param {string} basePath — pass __dirname from bootstrap/app.js
    * @returns {MillasConfig}
    */
-  config() {
-    return new MillasConfig();
+  configure(basePath) {
+    return new MillasConfig().configure(basePath);
   },
 };