nestjs-ddd-cli 2.2.1 → 3.2.1

package/dist/utils/security.utils.js

@@ -0,0 +1,315 @@
+"use strict";
+/**
+ * Security utilities for the CLI
+ * Implements OWASP-recommended practices for input validation and path safety
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateSafePath = validateSafePath;
+exports.sanitizeEntityName = sanitizeEntityName;
+exports.validateFieldName = validateFieldName;
+exports.sanitizeShellInput = sanitizeShellInput;
+exports.validateNumericInput = validateNumericInput;
+exports.sanitizeHtmlOutput = sanitizeHtmlOutput;
+exports.maskSensitiveData = maskSensitiveData;
+exports.validateUrl = validateUrl;
+exports.createRateLimitKey = createRateLimitKey;
+exports.safeJsonParse = safeJsonParse;
+const path = __importStar(require("path"));
+/**
+ * Validates that a path does not escape the base directory
+ * Prevents path traversal attacks (OWASP A01:2021)
+ */
+function validateSafePath(basePath, targetPath) {
+    const resolvedBase = path.resolve(basePath);
+    const resolvedTarget = path.resolve(basePath, targetPath);
+    if (!resolvedTarget.startsWith(resolvedBase + path.sep) && resolvedTarget !== resolvedBase) {
+        throw new Error(`Security: Path traversal detected in "${targetPath}"`);
+    }
+    return resolvedTarget;
+}
+/**
+ * Sanitizes entity/module names for safe file system operations
+ * Prevents directory traversal and special character injection
+ */
+function sanitizeEntityName(name) {
+    if (!name || typeof name !== 'string') {
+        throw new Error('Security: Entity name must be a non-empty string');
+    }
+    // Remove any path separators, dots (for traversal), and special characters
+    const sanitized = name
+        .replace(/\.{2,}/g, '') // Remove consecutive dots (path traversal)
+        .replace(/[\/\\]/g, '') // Remove path separators
+        .replace(/[<>:"|?*\x00-\x1f]/g, '') // Remove invalid filename chars
+        .replace(/^[\s.-]+|[\s.-]+$/g, '') // Trim leading/trailing dots, spaces, hyphens
+        .trim();
+    if (sanitized.length === 0) {
+        throw new Error(`Security: Invalid entity name after sanitization: "${name}"`);
+    }
+    if (sanitized.length > 100) {
+        throw new Error(`Security: Entity name exceeds maximum length (100): "${name}"`);
+    }
+    // Block common injection patterns
+    const dangerousPatterns = [
+        /^(con|prn|aux|nul|com[0-9]|lpt[0-9])$/i, // Windows reserved names
+        /[\x00-\x1f]/g, // Control characters
+        /__proto__|constructor|prototype/i, // Prototype pollution
+    ];
+    for (const pattern of dangerousPatterns) {
+        if (pattern.test(sanitized)) {
+            throw new Error(`Security: Entity name contains dangerous pattern: "${name}"`);
+        }
+    }
+    return sanitized;
+}
+/**
+ * Validates that field names are safe for use in SQL/ORM queries
+ * Only allows alphanumeric characters and underscores, starting with letter
+ */
+function validateFieldName(fieldName, allowedFields) {
+    if (!fieldName || typeof fieldName !== 'string') {
+        throw new Error('Security: Field name must be a non-empty string');
+    }
+    // If allowed fields list provided, strict whitelist validation
+    if (allowedFields && allowedFields.length > 0) {
+        if (!allowedFields.includes(fieldName)) {
+            throw new Error(`Security: Field "${fieldName}" not in allowed list: ${allowedFields.join(', ')}`);
+        }
+        return fieldName;
+    }
+    // Pattern: must start with letter or underscore, followed by alphanumeric/underscore
+    const SAFE_FIELD_REGEX = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+    if (!SAFE_FIELD_REGEX.test(fieldName)) {
+        throw new Error(`Security: Invalid field name format: "${fieldName}"`);
+    }
+    if (fieldName.length > 64) {
+        throw new Error(`Security: Field name exceeds maximum length (64): "${fieldName}"`);
+    }
+    // Block SQL keywords as field names
+    const SQL_KEYWORDS = [
+        'SELECT',
+        'INSERT',
+        'UPDATE',
+        'DELETE',
+        'DROP',
+        'CREATE',
+        'ALTER',
+        'TRUNCATE',
+        'GRANT',
+        'REVOKE',
+        'UNION',
+        'WHERE',
+        'FROM',
+        'JOIN',
+        'OR',
+        'AND',
+        'NOT',
+        'NULL',
+        'TRUE',
+        'FALSE',
+        'EXEC',
+        'EXECUTE',
+        'XP_',
+        'SP_',
+    ];
+    if (SQL_KEYWORDS.includes(fieldName.toUpperCase())) {
+        throw new Error(`Security: Field name "${fieldName}" is a reserved SQL keyword`);
+    }
+    return fieldName;
+}
+/**
+ * Sanitizes input for use in shell commands
+ * Implements whitelist approach - only allows safe characters
+ */
+function sanitizeShellInput(input) {
+    if (!input || typeof input !== 'string') {
+        throw new Error('Security: Shell input must be a non-empty string');
+    }
+    // Strict whitelist: only alphanumeric, hyphen, underscore, dot, forward slash
+    // (for paths within allowed directories)
+    const SAFE_SHELL_REGEX = /^[a-zA-Z0-9_\-./]+$/;
+    if (!SAFE_SHELL_REGEX.test(input)) {
+        // Instead of throwing, sanitize by removing unsafe characters
+        const sanitized = input.replace(/[^a-zA-Z0-9_\-./]/g, '');
+        if (sanitized.length === 0) {
+            throw new Error('Security: Shell input contains only disallowed characters');
+        }
+        return sanitized;
+    }
+    // Block command injection patterns
+    if (/\.\./g.test(input)) {
+        throw new Error('Security: Shell input contains path traversal');
+    }
+    return input;
+}
+/**
+ * Validates numeric input is within safe bounds
+ */
+function validateNumericInput(value, options = {}) {
+    const { min = Number.MIN_SAFE_INTEGER, max = Number.MAX_SAFE_INTEGER, allowNegative = true, allowZero = true } = options;
+    if (typeof value !== 'number' || isNaN(value) || !isFinite(value)) {
+        throw new Error(`Security: Invalid numeric value: ${value}`);
+    }
+    if (!allowNegative && value < 0) {
+        throw new Error(`Security: Negative values not allowed: ${value}`);
+    }
+    if (!allowZero && value === 0) {
+        throw new Error('Security: Zero value not allowed');
+    }
+    if (value < min || value > max) {
+        throw new Error(`Security: Value ${value} out of range [${min}, ${max}]`);
+    }
+    return value;
+}
+/**
+ * Sanitizes string for safe HTML output
+ * Prevents XSS attacks (OWASP A03:2021)
+ */
+function sanitizeHtmlOutput(input) {
+    if (!input || typeof input !== 'string') {
+        return '';
+    }
+    const htmlEntities = {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&#x27;',
+        '/': '&#x2F;',
+        '`': '&#x60;',
+        '=': '&#x3D;',
+    };
+    return input.replace(/[&<>"'/`=]/g, (char) => htmlEntities[char] || char);
+}
+/**
+ * Masks sensitive data in strings (API keys, passwords, etc.)
+ * For safe logging
+ */
+function maskSensitiveData(input) {
+    if (!input || typeof input !== 'string') {
+        return '[EMPTY]';
+    }
+    if (input.length <= 8) {
+        return '****';
+    }
+    // Show first 4 and last 4 characters
+    return `${input.substring(0, 4)}${'*'.repeat(Math.min(input.length - 8, 20))}${input.substring(input.length - 4)}`;
+}
+/**
+ * Validates URL is safe and uses allowed protocols
+ */
+function validateUrl(url, allowedProtocols = ['https:', 'http:']) {
+    if (!url || typeof url !== 'string') {
+        throw new Error('Security: URL must be a non-empty string');
+    }
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        throw new Error(`Security: Invalid URL format: ${url}`);
+    }
+    if (!allowedProtocols.includes(parsed.protocol)) {
+        throw new Error(`Security: URL protocol "${parsed.protocol}" not allowed. Allowed: ${allowedProtocols.join(', ')}`);
+    }
+    // Block localhost and internal IPs in production
+    const hostname = parsed.hostname.toLowerCase();
+    const blockedHostPatterns = [
+        /^localhost$/i,
+        /^127\./,
+        /^10\./,
+        /^172\.(1[6-9]|2[0-9]|3[01])\./,
+        /^192\.168\./,
+        /^0\.0\.0\.0$/,
+        /^\[::1\]$/,
+        /^metadata\.google\.internal$/,
+        /^169\.254\./,
+    ];
+    if (process.env.NODE_ENV === 'production') {
+        for (const pattern of blockedHostPatterns) {
+            if (pattern.test(hostname)) {
+                throw new Error(`Security: URL hostname "${hostname}" blocked in production`);
+            }
+        }
+    }
+    return url;
+}
+/**
+ * Creates a rate limit key from request data
+ * Sanitizes to prevent key injection
+ */
+function createRateLimitKey(prefix, identifier) {
+    const sanitizedPrefix = prefix.replace(/[^a-zA-Z0-9_-]/g, '');
+    const sanitizedIdentifier = identifier.replace(/[^a-zA-Z0-9_\-@.]/g, '').substring(0, 128);
+    return `${sanitizedPrefix}:${sanitizedIdentifier}`;
+}
+/**
+ * Validates JSON input for safe parsing
+ * Prevents prototype pollution
+ */
+function safeJsonParse(input) {
+    if (!input || typeof input !== 'string') {
+        throw new Error('Security: JSON input must be a non-empty string');
+    }
+    // Check for potential prototype pollution patterns before parsing
+    if (/__proto__|constructor|prototype/.test(input)) {
+        throw new Error('Security: JSON contains prototype pollution attempt');
+    }
+    try {
+        const parsed = JSON.parse(input);
+        // Deep check for prototype pollution
+        function checkObject(obj, depth = 0) {
+            if (depth > 10)
+                return; // Limit recursion depth
+            if (obj && typeof obj === 'object') {
+                for (const key of Object.keys(obj)) {
+                    if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
+                        throw new Error('Security: JSON object contains prototype pollution key');
+                    }
+                    checkObject(obj[key], depth + 1);
+                }
+            }
+        }
+        checkObject(parsed);
+        return parsed;
+    }
+    catch (error) {
+        if (error instanceof Error && error.message.includes('Security:')) {
+            throw error;
+        }
+        throw new Error(`Security: Invalid JSON: ${error.message}`);
+    }
+}
+//# sourceMappingURL=security.utils.js.map

package/dist/utils/security.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.utils.js","sourceRoot":"","sources":["../../src/utils/security.utils.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAQH,4CASC;AAMD,gDAmCC;AAMD,8CA2DC;AAMD,gDAwBC;AAKD,oDAuBC;AAMD,gDAiBC;AAMD,8CAWC;AAKD,kCAyCC;AAMD,gDAKC;AAMD,sCAmCC;AA7TD,2CAA6B;AAE7B;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,QAAgB,EAAE,UAAkB;IACnE,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAE1D,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,cAAc,KAAK,YAAY,EAAE,CAAC;QAC3F,MAAM,IAAI,KAAK,CAAC,yCAAyC,UAAU,GAAG,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,IAAY;IAC7C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,2EAA2E;IAC3E,MAAM,SAAS,GAAG,IAAI;SACnB,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,2CAA2C;SAClE,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,yBAAyB;SAChD,OAAO,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC,gCAAgC;SACnE,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC,8CAA8C;SAChF,IAAI,EAAE,CAAC;IAEV,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,GAAG,CAAC,CAAC;IACjF,CAAC;IAED,IAAI,SAAS,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,wDAAwD,IAAI,GAAG,CAAC,CAAC;IACnF,CAAC;IAED,kCAAkC;IAClC,MAAM,iBAAiB,GAAG;QACxB,wCAAwC,EAAE,yBAAyB;QACnE,cAAc,EAAE,qBAAqB;QACrC,kCAAkC,EAAE,sBAAsB;KAC3D,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,GAAG,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,SAAiB,EAAE,aAAwB;IAC3E,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IAED,+DAA+D;IAC/D,IAAI,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,oBAAoB,SAAS,0BAA0B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAClF,CAAC;QACJ,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,qFAAqF;IACrF,MAAM,gBAAgB,GAAG,0BAA0B,CAAC;IAEpD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,yCAAyC,SAAS,GAAG,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,sDAAsD,SAAS,GAAG,CAAC,CAAC;IACtF,CAAC;IAED,oCAAoC;IACpC,MAAM,YAAY,GAAG;QACnB,QAAQ;QACR,QAAQ;QACR,QAAQ;QACR,QAAQ;QACR,MAAM;QACN,QAAQ;QACR,OAAO;QACP,UAAU;QACV,OAAO;QACP,QAAQ;QACR,OAAO;QACP,OAAO;QACP,MAAM;QACN,MAAM;QACN,IAAI;QACJ,KAAK;QACL,KAAK;QACL,MAAM;QACN,MAAM;QACN,OAAO;QACP,MAAM;QACN,SAAS;QACT,KAAK;QACL,KAAK;KACN,CAAC;IAEF,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,yBAAyB,SAAS,6BAA6B,CAAC,CAAC;IACnF,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,KAAa;IAC9C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,8EAA8E;IAC9E,yCAAyC;IACzC,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;IAE/C,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClC,8DAA8D;QAC9D,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;QAC1D,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;QAC/E,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,mCAAmC;IACnC,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAClC,KAAa,EACb,UAAwF,EAAE;IAE1F,MAAM,EAAE,GAAG,GAAG,MAAM,CAAC,gBAAgB,EAAE,GAAG,GAAG,MAAM,CAAC,gBAAgB,EAAE,aAAa,GAAG,IAAI,EAAE,SAAS,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAEzH,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CAAC,oCAAoC,KAAK,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC,aAAa,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,0CAA0C,KAAK,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,IAAI,CAAC,SAAS,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,KAAK,GAAG,GAAG,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,mBAAmB,KAAK,kBAAkB,GAAG,KAAK,GAAG,GAAG,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,KAAa;IAC9C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,YAAY,GAA2B;QAC3C,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,MAAM;QACX,GAAG,EAAE,MAAM;QACX,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,QAAQ;KACd,CAAC;IAEF,OAAO,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;AAC5E,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,qCAAqC;IACrC,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;AACrH,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,GAAW,EAAE,mBAA6B,CAAC,QAAQ,EAAE,OAAO,CAAC;IACvF,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,CAAC,QAAQ,2BAA2B,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACnG,CAAC;IACJ,CAAC;IAED,iDAAiD;IACjD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,mBAAmB,GAAG;QAC1B,cAAc;QACd,QAAQ;QACR,OAAO;QACP,+BAA+B;QAC/B,aAAa;QACb,cAAc;QACd,WAAW;QACX,8BAA8B;QAC9B,aAAa;KACd,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC1C,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;YAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,2BAA2B,QAAQ,yBAAyB,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,MAAc,EAAE,UAAkB;IACnE,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;IAC9D,MAAM,mBAAmB,GAAG,UAAU,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAE3F,OAAO,GAAG,eAAe,IAAI,mBAAmB,EAAE,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAAI,KAAa;IAC5C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IAED,kEAAkE;IAClE,IAAI,iCAAiC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEjC,qCAAqC;QACrC,SAAS,WAAW,CAAC,GAAQ,EAAE,KAAK,GAAG,CAAC;YACtC,IAAI,KAAK,GAAG,EAAE;gBAAE,OAAO,CAAC,wBAAwB;YAEhD,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACnC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;oBACnC,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,aAAa,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;wBACxE,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;oBAC5E,CAAC;oBACD,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;gBACnC,CAAC;YACH,CAAC;QACH,CAAC;QAED,WAAW,CAAC,MAAM,CAAC,CAAC;QACpB,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAClE,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,2BAA4B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC"}

package/dist/utils/template-engine.utils.d.ts

@@ -0,0 +1,80 @@
+/**
+ * Config-Driven Template System
+ * Provides template inheritance, hooks, and per-module overrides
+ */
+import Handlebars from 'handlebars';
+export interface TemplateConfig {
+    extends?: string;
+    overrides?: Record<string, string>;
+    hooks?: {
+        preGenerate?: string;
+        postGenerate?: string;
+        preCompile?: string;
+        postCompile?: string;
+    };
+    helpers?: Record<string, string>;
+    partials?: Record<string, string>;
+}
+export interface GenerationContext {
+    entityName: string;
+    moduleName: string;
+    fields: any[];
+    relations?: any[];
+    config: Record<string, any>;
+    options: Record<string, any>;
+    meta: {
+        timestamp: Date;
+        version: string;
+        generator: string;
+    };
+}
+export interface GenerationHook {
+    (context: GenerationContext): Promise<GenerationContext> | GenerationContext;
+}
+export interface TemplateRegistry {
+    templates: Map<string, CompiledTemplate>;
+    partials: Map<string, Handlebars.TemplateDelegate>;
+    helpers: Map<string, Handlebars.HelperDelegate>;
+    hooks: {
+        preGenerate: GenerationHook[];
+        postGenerate: GenerationHook[];
+    };
+}
+export interface CompiledTemplate {
+    name: string;
+    source: string;
+    compiled: Handlebars.TemplateDelegate;
+    config?: TemplateConfig;
+}
+/**
+ * Create a new template registry
+ */
+export declare function createTemplateRegistry(): TemplateRegistry;
+/**
+ * Load template from file with optional config
+ */
+export declare function loadTemplate(registry: TemplateRegistry, templatePath: string, name?: string): CompiledTemplate;
+/**
+ * Load all templates from a directory
+ */
+export declare function loadTemplatesFromDirectory(registry: TemplateRegistry, dirPath: string): void;
+/**
+ * Register a partial template
+ */
+export declare function registerPartial(registry: TemplateRegistry, name: string, source: string): void;
+/**
+ * Register a custom helper
+ */
+export declare function registerHelper(registry: TemplateRegistry, name: string, helper: Handlebars.HelperDelegate): void;
+/**
+ * Register a generation hook
+ */
+export declare function registerHook(registry: TemplateRegistry, phase: 'preGenerate' | 'postGenerate', hook: GenerationHook): void;
+/**
+ * Render a template with context
+ */
+export declare function renderTemplate(registry: TemplateRegistry, templateName: string, context: GenerationContext): Promise<string>;
+/**
+ * Create per-module template overrides
+ */
+export declare function createModuleTemplateConfig(moduleName: string, overrides: Record<string, string>): TemplateConfig;