npm - rapidkit - Versions diffs - 0.25.5 → 0.25.6 - Mend

rapidkit 0.25.5 → 0.25.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/chunk-Q7ULIFQA.js +5 -0
package/dist/chunk-VM2TOHNX.js +2 -0
package/dist/chunk-ZAZJEYYT.js +11 -0
package/dist/create-27NVMJAR.js +776 -0
package/dist/demo-kit-63CFMCPD.js +141 -0
package/dist/doctor-P57TTWEP.js +38 -0
package/dist/gofiber-standard-NQHMZTFK.js +1572 -0
package/dist/gogin-standard-2G2C3VQL.js +1656 -0
package/dist/index.js +167 -3568
package/dist/package.json +1 -1
package/dist/{workspace-KRZ3DWL4.js → workspace-VXNLNKCM.js} +5 -5
package/package.json +1 -1
package/dist/chunk-EDH5S5JF.js +0 -6
package/dist/chunk-KAV65WZO.js +0 -786
package/dist/create-PIVSRLDS.js +0 -1

package/dist/gogin-standard-2G2C3VQL.js ADDED Viewed

@@ -0,0 +1,1656 @@
+import {b as b$1}from'./chunk-Q7ULIFQA.js';import {promises}from'fs';import s from'path';import n from'chalk';import f from'ora';import {execa}from'execa';function l(e){return e.split(/[-_\s]+/).map(o=>o.charAt(0).toUpperCase()+o.slice(1)).join("")}async function w(e,o){await promises.mkdir(s.dirname(e),{recursive:true}),await promises.writeFile(e,o,"utf8");}function v(e){return `package main
+import (
+	"context"
+	"errors"
+	"fmt"
+	"log/slog"
+	"net/http"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+	_ "${e.module_path}/docs"
+	"${e.module_path}/internal/config"
+	"${e.module_path}/internal/server"
+)
+// Build-time variables \u2014 injected via -ldflags.
+var (
+	version = "dev"
+	commit  = "none"
+	date    = "unknown"
+)
+func main() {
+	cfg := config.Load()
+	log := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{
+		Level: config.ParseLogLevel(cfg.LogLevel),
+	}))
+	slog.SetDefault(log)
+	r := server.NewRouter(cfg)
+	srv := &http.Server{
+		Addr:         ":" + cfg.Port,
+		Handler:      r,
+		ReadTimeout:  5 * time.Second,
+		WriteTimeout: 10 * time.Second,
+		IdleTimeout:  30 * time.Second,
+	}
+	go func() {
+		slog.Info("starting", "port", cfg.Port, "version", version, "commit", commit, "date", date, "env", cfg.Env)
+		fmt.Printf("\\n\u{1F680}  Server  \u2192 http://127.0.0.1:%s\\n", cfg.Port)
+		fmt.Printf("\u{1F4D6}  Docs    \u2192 http://127.0.0.1:%s/docs\\n\\n", cfg.Port)
+		if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
+			slog.Error("server error", "err", err)
+			os.Exit(1)
+		}
+	}()
+	quit := make(chan os.Signal, 1)
+	signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
+	<-quit
+	slog.Info("shutting down\u2026")
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	if err := srv.Shutdown(ctx); err != nil {
+		slog.Error("forced shutdown", "err", err)
+		os.Exit(1)
+	}
+	slog.Info("server stopped")
+}
+`}function R(e){return `module ${e.module_path}
+go ${e.go_version}
+require (
+	github.com/gin-gonic/gin v1.10.0
+	github.com/swaggo/gin-swagger v1.6.0
+	github.com/swaggo/swag v1.16.3
+)
+require (
+	github.com/KyleBanks/depth v1.2.1 // indirect
+	github.com/bytedance/sonic v1.11.6 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/ghodss/yaml v1.0.0 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.20.0 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/swaggo/files v1.0.1 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
+	golang.org/x/arch v0.8.0 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
+	golang.org/x/tools v0.21.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
+`}function S(e){return `package config
+import (
+	"log/slog"
+	"os"
+	"strings"
+)
+// Config holds application configuration loaded from environment variables.
+type Config struct {
+	Port     string
+	Env      string
+	GinMode  string
+	LogLevel string
+}
+// Load reads configuration from environment variables with sensible defaults.
+func Load() *Config {
+	env := getEnv("APP_ENV", "development")
+	return &Config{
+		Port:     getEnv("PORT", "${e.port}"),
+		Env:      env,
+		GinMode:  getEnv("GIN_MODE", "debug"),
+		LogLevel: getEnv("LOG_LEVEL", defaultLogLevel(env)),
+	}
+}
+// ParseLogLevel maps a level string to the corresponding slog.Level.
+// Falls back to Info for unrecognised values.
+func ParseLogLevel(s string) slog.Level {
+	switch strings.ToLower(s) {
+	case "debug":
+		return slog.LevelDebug
+	case "warn", "warning":
+		return slog.LevelWarn
+	case "error":
+		return slog.LevelError
+	default:
+		return slog.LevelInfo
+	}
+}
+func defaultLogLevel(env string) string {
+	if env == "development" {
+		return "debug"
+	}
+	return "info"
+}
+func getEnv(key, fallback string) string {
+	if v, ok := os.LookupEnv(key); ok && v != "" {
+		return v
+	}
+	return fallback
+}
+`}function b(e){return `package server
+import (
+	"net/http"
+	"github.com/gin-gonic/gin"
+	ginSwagger "github.com/swaggo/gin-swagger"
+	swaggerFiles "github.com/swaggo/files"
+	"${e.module_path}/internal/apierr"
+	"${e.module_path}/internal/config"
+	"${e.module_path}/internal/handlers"
+	"${e.module_path}/internal/middleware"
+)
+// NewRouter assembles the Gin engine with all middleware and routes.
+// Call this from main \u2014 or from tests via server.NewRouter(cfg).
+func NewRouter(cfg *config.Config) *gin.Engine {
+	if cfg.GinMode == "release" {
+		gin.SetMode(gin.ReleaseMode)
+	}
+	r := gin.New()
+	r.Use(gin.Recovery())
+	r.Use(middleware.CORS())
+	r.Use(middleware.RequestID())
+	r.Use(middleware.RateLimit())
+	r.Use(middleware.Logger())
+	// Swagger UI \u2014 /docs redirects to /docs/index.html
+	r.GET("/docs", func(c *gin.Context) { c.Redirect(http.StatusFound, "/docs/index.html") })
+	r.GET("/docs/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
+	v1 := r.Group("/api/v1")
+	{
+		v1.GET("/health/live",  handlers.Liveness)
+		v1.GET("/health/ready", handlers.Readiness)
+		v1.GET("/echo/:name",   handlers.EchoParams)
+	}
+	// Return JSON for unknown routes/methods instead of Gin's default text responses.
+	// HandleMethodNotAllowed must be true so NoMethod handler fires for 405 cases.
+	r.HandleMethodNotAllowed = true
+	r.NoRoute(func(c *gin.Context) {
+		apierr.NotFound(c, "route not found")
+	})
+	r.NoMethod(func(c *gin.Context) {
+		apierr.MethodNotAllowed(c)
+	})
+	return r
+}
+`}function T(){return `package handlers
+import (
+	"net/http"
+	"time"
+	"github.com/gin-gonic/gin"
+)
+// Liveness signals the process is alive (Kubernetes livenessProbe).
+//
+//	@Summary		Liveness probe
+//	@Description	Returns 200 when the process is alive.
+//	@Tags			health
+//	@Produce		json
+//	@Success		200	{object}	map[string]string
+//	@Router			/api/v1/health/live [get]
+func Liveness(c *gin.Context) {
+	c.JSON(http.StatusOK, gin.H{
+		"status": "ok",
+		"time":   time.Now().UTC().Format(time.RFC3339),
+	})
+}
+// Readiness signals the service can accept traffic (Kubernetes readinessProbe).
+// Extend this function to check database connectivity, caches, etc.
+//
+//	@Summary		Readiness probe
+//	@Description	Returns 200 when the service is ready to accept traffic.
+//	@Tags			health
+//	@Produce		json
+//	@Success		200	{object}	map[string]string
+//	@Router			/api/v1/health/ready [get]
+func Readiness(c *gin.Context) {
+	c.JSON(http.StatusOK, gin.H{
+		"status": "ready",
+		"time":   time.Now().UTC().Format(time.RFC3339),
+	})
+}
+`}function _(e){return `package handlers_test
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"github.com/gin-gonic/gin"
+	"${e.module_path}/internal/config"
+	"${e.module_path}/internal/server"
+)
+func init() { gin.SetMode(gin.TestMode) }
+func newRouter() *gin.Engine { return server.NewRouter(config.Load()) }
+func TestLiveness(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/api/v1/health/live", nil)
+	newRouter().ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]any
+	if err := json.Unmarshal(w.Body.Bytes(), &body); err != nil {
+		t.Fatalf("invalid JSON: %v", err)
+	}
+	if body["status"] != "ok" {
+		t.Fatalf("expected ok, got %v", body["status"])
+	}
+}
+func TestReadiness(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/api/v1/health/ready", nil)
+	newRouter().ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+}
+`}function O(){return `# \u2500\u2500 Build stage \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+FROM golang:1.24-alpine AS builder
+# Build-time version injection
+ARG VERSION=dev
+ARG COMMIT=none
+ARG DATE=unknown
+WORKDIR /app
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+RUN CGO_ENABLED=0 GOOS=linux go build \\
+    -ldflags="-s -w -X main.version=$\${VERSION} -X main.commit=$\${COMMIT} -X main.date=$\${DATE}" \\
+    -o server ./cmd/server
+# \u2500\u2500 Runtime stage \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+# alpine includes busybox wget required for the HEALTHCHECK below.
+FROM alpine:3.21
+RUN addgroup -S app && adduser -S -G app app
+COPY --from=builder /app/server /server
+USER app
+EXPOSE 8080
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \\
+  CMD wget -qO- http://localhost:8080/api/v1/health/live || exit 1
+ENTRYPOINT ["/server"]
+`}function N(e){return `version: "3.9"
+services:
+  api:
+    build: .
+    container_name: ${e.project_name}
+    ports:
+      - "${e.port}:${e.port}"
+    environment:
+      PORT: "${e.port}"
+      APP_ENV: development
+      GIN_MODE: debug
+      LOG_LEVEL: info
+      CORS_ALLOW_ORIGINS: "*"
+      RATE_LIMIT_RPS: "100"
+    restart: unless-stopped
+`}function E(e){return `.PHONY: dev run build test cover lint fmt tidy docs docker-up docker-down
+# Build-time metadata
+VERSION ?= $(shell git describe --tags --always --dirty 2>/dev/null || echo "dev")
+COMMIT  ?= $(shell git rev-parse --short HEAD 2>/dev/null || echo "none")
+DATE    ?= $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
+LDFLAGS  = -ldflags "-s -w -X main.version=$(VERSION) -X main.commit=$(COMMIT) -X main.date=$(DATE)"
+# Go tool binaries are installed to GOPATH/bin; include it so \`air\` and \`swag\` are found.
+GOBIN   ?= $(shell go env GOPATH)/bin
+# Hot reload \u2014 installs air on first use
+dev:
+	@test -x "$(GOBIN)/air" || go install github.com/air-verse/air@latest
+	GIN_MODE=debug $(GOBIN)/air
+run:
+	GIN_MODE=debug go run $(LDFLAGS) ./cmd/server
+build:
+	go build $(LDFLAGS) -o bin/${e.project_name} ./cmd/server
+test:
+	GIN_MODE=test go test ./... -v -race
+cover:
+	GIN_MODE=test go test ./... -race -coverprofile=coverage.out
+	go tool cover -html=coverage.out -o coverage.html
+	@echo "Coverage report: coverage.html"
+# Generate Swagger docs \u2014 installs swag on first use
+docs:
+	@test -x "$(GOBIN)/swag" || go install github.com/swaggo/swag/cmd/swag@latest
+	$(GOBIN)/swag init -g main.go -d cmd/server,internal/handlers,internal/apierr -o docs --parseDependency
+lint:
+	@command -v golangci-lint >/dev/null 2>&1 || (echo "golangci-lint not found. Install: https://golangci-lint.run/usage/install/" && exit 1)
+	golangci-lint run ./...
+fmt:
+	gofmt -w .
+tidy:
+	go mod tidy
+docker-up:
+	go mod tidy
+	docker compose up --build \\
+		--build-arg VERSION=$(VERSION) \\
+		--build-arg COMMIT=$(COMMIT) \\
+		--build-arg DATE=$(DATE) \\
+		-d
+docker-down:
+	docker compose down
+`}function G(e){return `# Application
+PORT=${e.port}
+APP_ENV=development
+GIN_MODE=debug
+LOG_LEVEL=debug
+# CORS \u2014 comma-separated list of allowed origins, or * to allow all
+CORS_ALLOW_ORIGINS=*
+# Rate limiting \u2014 max requests per IP per second
+RATE_LIMIT_RPS=100
+`}function q(){return `# Binaries
+bin/
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+# Test binary
+*.test
+# Output of go coverage tool
+*.out
+coverage.html
+# Go workspace
+go.work
+go.work.sum
+# Environment
+.env
+.env.local
+# Hot reload (air)
+tmp/
+# Swagger \u2014 generated files (committed stub docs/doc.go; run \`make docs\` to regenerate)
+docs/swagger.json
+docs/swagger.yaml
+docs/docs.go
+# Editor
+.idea/
+.vscode/
+*.swp
+*.swo
+# OS
+.DS_Store
+Thumbs.db
+`}function C(e){return `name: CI
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main]
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "${e.go_version}"
+          cache: true
+      - name: Tidy
+        run: go mod tidy
+      - name: Build
+        run: go build ./...
+      - name: Test
+        run: GIN_MODE=test go test ./... -race -coverprofile=coverage.out
+      - name: Upload coverage
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage
+          path: coverage.out
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "${e.go_version}"
+          cache: true
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
+`}function y(e){return `# ${l(e.project_name)}
+> ${e.description}
+Built with [Go](https://go.dev/) + [Gin](https://gin-gonic.com/) \xB7 Scaffolded by [RapidKit](https://getrapidkit.com)
+## Quick start
+\`\`\`bash
+# Run locally (hot reload)
+make dev
+# Run tests
+make test
+# Build binary
+make build
+# Generate / refresh Swagger docs
+make docs
+# Docker
+make docker-up
+\`\`\`
+## Swagger / OpenAPI
+After running \`make docs\`, the interactive UI is available at:
+\`\`\`
+http://localhost:${e.port}/docs
+\`\`\`
+The raw OpenAPI spec is served at \`/docs/doc.json\`.
+## Endpoints
+| Method | Path | Description |
+|--------|------|--------------|
+| GET    | /api/v1/health/live    | Kubernetes livenessProbe  |
+| GET    | /api/v1/health/ready   | Kubernetes readinessProbe |
+| GET    | /api/v1/echo/:name     | Example handler \u2014 remove in production |
+| GET    | /docs/*                | Swagger UI (OpenAPI docs) |
+## Configuration
+All configuration is done through environment variables (see \`.env.example\`):
+| Variable | Default | Description |
+|----------|---------|-------------|
+| \`PORT\` | \`${e.port}\` | HTTP listen port |
+| \`APP_ENV\` | \`development\` | Application environment |
+| \`GIN_MODE\` | \`debug\` | \`debug\` \\| \`release\` \\| \`test\` |
+| \`LOG_LEVEL\` | \`debug\` / \`info\` | \`debug\` \\| \`info\` \\| \`warn\` \\| \`error\` |
+| \`CORS_ALLOW_ORIGINS\` | \`*\` | Comma-separated list of allowed origins, or \`*\` |
+| \`RATE_LIMIT_RPS\` | \`100\` | Max requests per IP per second |
+## Project structure
+\`\`\`
+${e.project_name}/
+\u251C\u2500\u2500 cmd/
+\u2502   \u2514\u2500\u2500 server/
+\u2502       \u2514\u2500\u2500 main.go                  # Graceful shutdown + version ldflags
+\u251C\u2500\u2500 docs/                            # Swagger generated files (\`make docs\`)
+\u2502   \u2514\u2500\u2500 doc.go                   # Package-level OpenAPI annotations
+\u251C\u2500\u2500 internal/
+\u2502   \u251C\u2500\u2500 apierr/                      # Consistent JSON error envelope
+\u2502   \u2502   \u251C\u2500\u2500 apierr.go
+\u2502   \u2502   \u2514\u2500\u2500 apierr_test.go
+\u2502   \u251C\u2500\u2500 config/                      # 12-factor configuration
+\u2502   \u2502   \u251C\u2500\u2500 config.go
+\u2502   \u2502   \u2514\u2500\u2500 config_test.go
+\u2502   \u251C\u2500\u2500 handlers/                    # HTTP handlers + tests
+\u2502   \u2502   \u251C\u2500\u2500 health.go
+\u2502   \u2502   \u251C\u2500\u2500 health_test.go
+\u2502   \u2502   \u251C\u2500\u2500 example.go               # EchoParams \u2014 replace with your own handlers
+\u2502   \u2502   \u2514\u2500\u2500 example_test.go
+\u2502   \u251C\u2500\u2500 middleware/
+\u2502   \u2502   \u251C\u2500\u2500 requestid.go             # X-Request-ID + structured logger
+\u2502   \u2502   \u251C\u2500\u2500 requestid_test.go
+\u2502   \u2502   \u251C\u2500\u2500 cors.go                  # CORS (CORS_ALLOW_ORIGINS)
+\u2502   \u2502   \u251C\u2500\u2500 cors_test.go
+\u2502   \u2502   \u251C\u2500\u2500 ratelimit.go             # Per-IP limiter (RATE_LIMIT_RPS)
+\u2502   \u2502   \u2514\u2500\u2500 ratelimit_test.go
+\u2502   \u2514\u2500\u2500 server/
+\u2502       \u251C\u2500\u2500 server.go
+\u2502       \u2514\u2500\u2500 server_test.go
+\u251C\u2500\u2500 .air.toml                        # Hot reload
+\u251C\u2500\u2500 .github/workflows/ci.yml         # CI: test + lint
+\u251C\u2500\u2500 .golangci.yml
+\u251C\u2500\u2500 Dockerfile                       # Multi-stage, alpine HEALTHCHECK
+\u251C\u2500\u2500 docker-compose.yml
+\u251C\u2500\u2500 Makefile
+\u2514\u2500\u2500 README.md
+\`\`\`
+## Available commands
+| Command | Description |
+|---------|-------------|
+| \`make dev\` | Hot reload via [air](https://github.com/air-verse/air) |
+| \`make run\` | Run without hot reload |
+| \`make build\` | Binary with version ldflags |
+| \`make test\` | Run tests with race detector |
+| \`make cover\` | HTML coverage report |
+| \`make docs\` | Re-generate Swagger JSON (needs \`swag\`) |
+| \`make lint\` | golangci-lint |
+| \`make fmt\` | gofmt |
+| \`make tidy\` | go mod tidy |
+| \`make docker-up\` | Build & run via Docker Compose |
+| \`make docker-down\` | Stop |
+## License
+${e.app_version} \xB7 ${e.author}
+`}function I(){return `package middleware
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"log/slog"
+	"time"
+	"github.com/gin-gonic/gin"
+)
+const headerRequestID = "X-Request-ID"
+// RequestID injects a unique identifier into every request.
+// If the caller sends an X-Request-ID header it is reused; otherwise a new one
+// is generated and written back in the response.
+func RequestID() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		id := c.GetHeader(headerRequestID)
+		if id == "" {
+			id = newID()
+		}
+		c.Set(headerRequestID, id)
+		c.Header(headerRequestID, id)
+		c.Next()
+	}
+}
+// Logger emits a structured JSON log line after each request.
+func Logger() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		start := time.Now()
+		c.Next()
+		slog.Info("http",
+			"method",     c.Request.Method,
+			"path",       c.Request.URL.Path,
+			"status",     c.Writer.Status(),
+			"bytes",      c.Writer.Size(),
+			"latency_ms", time.Since(start).Milliseconds(),
+			"ip",         c.ClientIP(),
+			"request_id", c.GetString(headerRequestID),
+		)
+	}
+}
+func newID() string {
+	b := make([]byte, 8)
+	if _, err := rand.Read(b); err != nil {
+		return "unknown"
+	}
+	return hex.EncodeToString(b)
+}
+`}function L(e){return `package middleware_test
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"github.com/gin-gonic/gin"
+	"${e.module_path}/internal/middleware"
+)
+func init() { gin.SetMode(gin.TestMode) }
+func newTestRouter() *gin.Engine {
+	r := gin.New()
+	r.Use(middleware.RequestID())
+	r.Use(middleware.Logger())
+	r.GET("/ping", func(c *gin.Context) {
+		c.String(http.StatusOK, "pong")
+	})
+	return r
+}
+func TestRequestID_IsGenerated(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/ping", nil)
+	newTestRouter().ServeHTTP(w, req)
+	id := w.Header().Get("X-Request-ID")
+	if id == "" {
+		t.Fatal("expected X-Request-ID header to be set")
+	}
+	if len(id) != 16 { // 8 random bytes \u2192 16 hex chars
+		t.Fatalf("unexpected request ID length %d, want 16", len(id))
+	}
+}
+func TestRequestID_IsReused(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/ping", nil)
+	req.Header.Set("X-Request-ID", "my-trace-id")
+	newTestRouter().ServeHTTP(w, req)
+	id := w.Header().Get("X-Request-ID")
+	if id != "my-trace-id" {
+		t.Fatalf("expected X-Request-ID to be reused, got %q", id)
+	}
+}
+`}function x(){return `// Package apierr provides a consistent JSON error envelope for all API responses.
+//
+// Every error response looks like:
+//
+//	{"error": "user not found", "code": "NOT_FOUND", "request_id": "a1b2c3d4..."}
+package apierr
+import (
+	"net/http"
+	"github.com/gin-gonic/gin"
+)
+// Response is the standard error envelope returned by all API endpoints.
+type Response struct {
+	Error     string \`json:"error"\`
+	Code      string \`json:"code"\`
+	RequestID string \`json:"request_id,omitempty"\`
+}
+func reply(c *gin.Context, status int, msg, code string) {
+	c.AbortWithStatusJSON(status, Response{
+		Error:     msg,
+		Code:      code,
+		RequestID: c.GetString("X-Request-ID"),
+	})
+}
+// BadRequest responds with 400 and code "BAD_REQUEST".
+func BadRequest(c *gin.Context, msg string) {
+	reply(c, http.StatusBadRequest, msg, "BAD_REQUEST")
+}
+// NotFound responds with 404 and code "NOT_FOUND".
+func NotFound(c *gin.Context, msg string) {
+	reply(c, http.StatusNotFound, msg, "NOT_FOUND")
+}
+// Unauthorized responds with 401 and code "UNAUTHORIZED".
+func Unauthorized(c *gin.Context) {
+	reply(c, http.StatusUnauthorized, "authentication required", "UNAUTHORIZED")
+}
+// Forbidden responds with 403 and code "FORBIDDEN".
+func Forbidden(c *gin.Context) {
+	reply(c, http.StatusForbidden, "access denied", "FORBIDDEN")
+}
+// MethodNotAllowed responds with 405 and code "METHOD_NOT_ALLOWED".
+func MethodNotAllowed(c *gin.Context) {
+	reply(c, http.StatusMethodNotAllowed, "method not allowed", "METHOD_NOT_ALLOWED")
+}
+// InternalError responds with 500 and code "INTERNAL_ERROR".
+// The original error is intentionally not exposed to the client.
+func InternalError(c *gin.Context, _ error) {
+	reply(c, http.StatusInternalServerError, "an internal error occurred", "INTERNAL_ERROR")
+}
+// TooManyRequests responds with 429 and code "TOO_MANY_REQUESTS".
+func TooManyRequests(c *gin.Context) {
+	reply(c, http.StatusTooManyRequests, "rate limit exceeded", "TOO_MANY_REQUESTS")
+}
+`}function k(e){return `package apierr_test
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"github.com/gin-gonic/gin"
+	"${e.module_path}/internal/apierr"
+)
+func init() { gin.SetMode(gin.TestMode) }
+func makeRouter(fn gin.HandlerFunc) *gin.Engine {
+	r := gin.New()
+	r.GET("/test", fn)
+	return r
+}
+func readJSON(t *testing.T, w *httptest.ResponseRecorder) apierr.Response {
+	t.Helper()
+	var out apierr.Response
+	if err := json.NewDecoder(w.Body).Decode(&out); err != nil {
+		t.Fatalf("invalid JSON: %v", err)
+	}
+	return out
+}
+func TestBadRequest(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test", nil)
+	makeRouter(func(c *gin.Context) { apierr.BadRequest(c, "invalid email") }).ServeHTTP(w, req)
+	if w.Code != http.StatusBadRequest {
+		t.Fatalf("expected 400, got %d", w.Code)
+	}
+	body := readJSON(t, w)
+	if body.Code != "BAD_REQUEST" {
+		t.Fatalf("expected BAD_REQUEST, got %q", body.Code)
+	}
+	if body.Error != "invalid email" {
+		t.Fatalf("unexpected error message: %q", body.Error)
+	}
+}
+func TestNotFound(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test", nil)
+	makeRouter(func(c *gin.Context) { apierr.NotFound(c, "user not found") }).ServeHTTP(w, req)
+	if w.Code != http.StatusNotFound {
+		t.Fatalf("expected 404, got %d", w.Code)
+	}
+	body := readJSON(t, w)
+	if body.Code != "NOT_FOUND" {
+		t.Fatalf("expected NOT_FOUND, got %q", body.Code)
+	}
+}
+func TestUnauthorized(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test", nil)
+	makeRouter(func(c *gin.Context) { apierr.Unauthorized(c) }).ServeHTTP(w, req)
+	if w.Code != http.StatusUnauthorized {
+		t.Fatalf("expected 401, got %d", w.Code)
+	}
+}
+func TestForbidden(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test", nil)
+	makeRouter(func(c *gin.Context) { apierr.Forbidden(c) }).ServeHTTP(w, req)
+	if w.Code != http.StatusForbidden {
+		t.Fatalf("expected 403, got %d", w.Code)
+	}
+	body := readJSON(t, w)
+	if body.Code != "FORBIDDEN" {
+		t.Fatalf("expected FORBIDDEN, got %q", body.Code)
+	}
+}
+func TestMethodNotAllowed(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test", nil)
+	makeRouter(func(c *gin.Context) { apierr.MethodNotAllowed(c) }).ServeHTTP(w, req)
+	if w.Code != http.StatusMethodNotAllowed {
+		t.Fatalf("expected 405, got %d", w.Code)
+	}
+	body := readJSON(t, w)
+	if body.Code != "METHOD_NOT_ALLOWED" {
+		t.Fatalf("expected METHOD_NOT_ALLOWED, got %q", body.Code)
+	}
+}
+func TestInternalError(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test", nil)
+	makeRouter(func(c *gin.Context) { apierr.InternalError(c, nil) }).ServeHTTP(w, req)
+	if w.Code != http.StatusInternalServerError {
+		t.Fatalf("expected 500, got %d", w.Code)
+	}
+	body := readJSON(t, w)
+	if body.Code != "INTERNAL_ERROR" {
+		t.Fatalf("expected INTERNAL_ERROR, got %q", body.Code)
+	}
+}
+func TestTooManyRequests(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test", nil)
+	makeRouter(func(c *gin.Context) { apierr.TooManyRequests(c) }).ServeHTTP(w, req)
+	if w.Code != http.StatusTooManyRequests {
+		t.Fatalf("expected 429, got %d", w.Code)
+	}
+	body := readJSON(t, w)
+	if body.Code != "TOO_MANY_REQUESTS" {
+		t.Fatalf("expected TOO_MANY_REQUESTS, got %q", body.Code)
+	}
+}
+`}function M(e){return `// Package docs provides the swaggo-generated OpenAPI specification.
+//
+// Run \`make docs\` to regenerate after changing handler annotations.
+//
+//	@title			${l(e.project_name)} API
+//	@version		${e.app_version}
+//	@description	${e.description}
+//	@host			localhost:${e.port}
+//	@BasePath		/
+//	@schemes		http https
+//
+//	@contact.name	${e.author}
+//	@license.name	MIT
+package docs
+`}function D(e){return `package handlers
+import (
+	"net/http"
+	"github.com/gin-gonic/gin"
+	"${e.module_path}/internal/apierr"
+)
+// EchoResponse is the JSON body returned by EchoParams.
+type EchoResponse struct {
+	Name      string \`json:"name"\`
+	RequestID string \`json:"request_id"\`
+}
+// EchoParams is an example handler demonstrating how to:
+//   - read URL path parameters
+//   - use apierr for consistent JSON error responses
+//   - access the request ID injected by RequestID middleware
+//
+// Replace or remove this file once you add your own business logic.
+//
+//	@Summary		Echo path parameter
+//	@Description	Returns the :name path parameter together with the request ID.
+//	@Tags			example
+//	@Produce		json
+//	@Param			name	path		string	true	"Name to echo"
+//	@Success		200		{object}	handlers.EchoResponse
+//	@Failure		400		{object}	apierr.Response
+//	@Router			/api/v1/echo/{name} [get]
+func EchoParams(c *gin.Context) {
+	name := c.Param("name")
+	if name == "" {
+		apierr.BadRequest(c, "name parameter is required")
+		return
+	}
+	c.JSON(http.StatusOK, EchoResponse{
+		Name:      name,
+		RequestID: c.GetString("X-Request-ID"),
+	})
+}
+`}function P(e){return `package handlers_test
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"github.com/gin-gonic/gin"
+	"${e.module_path}/internal/handlers"
+	"${e.module_path}/internal/middleware"
+)
+func newEchoRouter() *gin.Engine {
+	r := gin.New()
+	r.Use(middleware.RequestID())
+	r.GET("/echo/:name", handlers.EchoParams)
+	return r
+}
+func TestEchoParams_Success(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/echo/alice", nil)
+	newEchoRouter().ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d", w.Code)
+	}
+	var body map[string]any
+	if err := json.NewDecoder(w.Body).Decode(&body); err != nil {
+		t.Fatalf("invalid JSON: %v", err)
+	}
+	if body["name"] != "alice" {
+		t.Fatalf("expected name=alice, got %v", body["name"])
+	}
+	if body["request_id"] == nil || body["request_id"] == "" {
+		t.Fatal("expected request_id to be set by RequestID middleware")
+	}
+}
+// TestEchoParams_EmptyName registers EchoParams on a param-free route so that
+// c.Param("name") returns "" and the 400 guard executes.
+func TestEchoParams_EmptyName(t *testing.T) {
+	gin.SetMode(gin.TestMode)
+	r := gin.New()
+	r.Use(middleware.RequestID())
+	r.GET("/echo-bare", handlers.EchoParams)
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/echo-bare", nil)
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusBadRequest {
+		t.Fatalf("expected 400, got %d", w.Code)
+	}
+	var body map[string]any
+	if err := json.NewDecoder(w.Body).Decode(&body); err != nil {
+		t.Fatalf("invalid JSON: %v", err)
+	}
+	if body["code"] != "BAD_REQUEST" {
+		t.Fatalf("expected code=BAD_REQUEST, got %v", body["code"])
+	}
+}
+`}function A(e){return `package config_test
+import (
+	"log/slog"
+	"testing"
+	"${e.module_path}/internal/config"
+)
+func TestParseLogLevel(t *testing.T) {
+	tests := []struct {
+		input string
+		want  slog.Level
+	}{
+		{"debug", slog.LevelDebug},
+		{"DEBUG", slog.LevelDebug},
+		{"warn", slog.LevelWarn},
+		{"warning", slog.LevelWarn},
+		{"error", slog.LevelError},
+		{"info", slog.LevelInfo},
+		{"", slog.LevelInfo},
+		{"unknown", slog.LevelInfo},
+	}
+	for _, tc := range tests {
+		got := config.ParseLogLevel(tc.input)
+		if got != tc.want {
+			t.Errorf("ParseLogLevel(%q) = %v, want %v", tc.input, got, tc.want)
+		}
+	}
+}
+func TestLoad_EnvOverride(t *testing.T) {
+	t.Setenv("PORT", "9090")
+	t.Setenv("APP_ENV", "production")
+	t.Setenv("LOG_LEVEL", "warn")
+	t.Setenv("GIN_MODE", "release")
+	cfg := config.Load()
+	if cfg.Port != "9090" {
+		t.Errorf("expected Port=9090, got %q", cfg.Port)
+	}
+	if cfg.Env != "production" {
+		t.Errorf("expected Env=production, got %q", cfg.Env)
+	}
+	if cfg.LogLevel != "warn" {
+		t.Errorf("expected LogLevel=warn, got %q", cfg.LogLevel)
+	}
+	if cfg.GinMode != "release" {
+		t.Errorf("expected GinMode=release, got %q", cfg.GinMode)
+	}
+}
+func TestLoad_Defaults(t *testing.T) {
+	// Empty string forces getEnv() to return the built-in fallback value.
+	t.Setenv("PORT", "")
+	t.Setenv("APP_ENV", "")
+	t.Setenv("LOG_LEVEL", "")
+	t.Setenv("GIN_MODE", "")
+	cfg := config.Load()
+	if cfg.Port != "${e.port}" {
+		t.Errorf("expected default Port=${e.port}, got %q", cfg.Port)
+	}
+	if cfg.Env != "development" {
+		t.Errorf("expected default Env=development, got %q", cfg.Env)
+	}
+	// APP_ENV="" \u2192 fallback "development" \u2192 defaultLogLevel \u2192 "debug"
+	if cfg.LogLevel != "debug" {
+		t.Errorf("expected default LogLevel=debug (development env), got %q", cfg.LogLevel)
+	}
+	if cfg.GinMode != "debug" {
+		t.Errorf("expected default GinMode=debug, got %q", cfg.GinMode)
+	}
+}
+`}function H(){return `package middleware
+import (
+	"net/http"
+	"os"
+	"strings"
+	"github.com/gin-gonic/gin"
+)
+// CORS returns a Gin middleware configured via CORS_ALLOW_ORIGINS env var.
+//
+// Set CORS_ALLOW_ORIGINS="*" for development (the default when unset).
+// In production supply a comma-separated list of allowed origins:
+//
+//	CORS_ALLOW_ORIGINS=https://app.example.com,https://admin.example.com
+func CORS() gin.HandlerFunc {
+	allowed := os.Getenv("CORS_ALLOW_ORIGINS")
+	if allowed == "" {
+		allowed = "*"
+	}
+	allowAll := allowed == "*"
+	return func(c *gin.Context) {
+		origin := c.Request.Header.Get("Origin")
+		if allowAll {
+			c.Header("Access-Control-Allow-Origin", "*")
+		} else if origin != "" {
+			for _, o := range strings.Split(allowed, ",") {
+				if strings.TrimSpace(o) == origin {
+					c.Header("Access-Control-Allow-Origin", origin)
+					c.Header("Vary", "Origin")
+					break
+				}
+			}
+		}
+		c.Header("Access-Control-Allow-Methods", "GET,POST,PUT,PATCH,DELETE,OPTIONS")
+		c.Header("Access-Control-Allow-Headers", "Origin,Content-Type,Authorization,X-Request-ID")
+		c.Header("Access-Control-Expose-Headers", "X-Request-ID")
+		c.Header("Access-Control-Max-Age", "600")
+		if c.Request.Method == http.MethodOptions {
+			c.AbortWithStatus(http.StatusNoContent)
+			return
+		}
+		c.Next()
+	}
+}
+`}function $(e){return `package middleware_test
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"github.com/gin-gonic/gin"
+	"${e.module_path}/internal/middleware"
+)
+func newCORSRouter(t *testing.T) *gin.Engine {
+	t.Helper()
+	gin.SetMode(gin.TestMode)
+	r := gin.New()
+	r.Use(middleware.CORS())
+	r.GET("/ping", func(c *gin.Context) { c.Status(http.StatusOK) })
+	return r
+}
+func TestCORS_Wildcard(t *testing.T) {
+	t.Setenv("CORS_ALLOW_ORIGINS", "*")
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/ping", nil)
+	req.Header.Set("Origin", "https://example.com")
+	newCORSRouter(t).ServeHTTP(w, req)
+	if got := w.Header().Get("Access-Control-Allow-Origin"); got != "*" {
+		t.Fatalf("expected ACAO=*, got %q", got)
+	}
+}
+func TestCORS_Preflight(t *testing.T) {
+	t.Setenv("CORS_ALLOW_ORIGINS", "*")
+	gin.SetMode(gin.TestMode)
+	r := gin.New()
+	r.Use(middleware.CORS())
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodOptions, "/ping", nil)
+	req.Header.Set("Origin", "https://example.com")
+	req.Header.Set("Access-Control-Request-Method", "POST")
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusNoContent {
+		t.Fatalf("expected 204 preflight, got %d", w.Code)
+	}
+}
+func TestCORS_SpecificOrigin_Allowed(t *testing.T) {
+	t.Setenv("CORS_ALLOW_ORIGINS", "https://app.example.com")
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/ping", nil)
+	req.Header.Set("Origin", "https://app.example.com")
+	newCORSRouter(t).ServeHTTP(w, req)
+	if got := w.Header().Get("Access-Control-Allow-Origin"); got != "https://app.example.com" {
+		t.Fatalf("expected ACAO=https://app.example.com, got %q", got)
+	}
+}
+func TestCORS_SpecificOrigin_Denied(t *testing.T) {
+	t.Setenv("CORS_ALLOW_ORIGINS", "https://app.example.com")
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/ping", nil)
+	req.Header.Set("Origin", "https://evil.com")
+	newCORSRouter(t).ServeHTTP(w, req)
+	if got := w.Header().Get("Access-Control-Allow-Origin"); got != "" {
+		t.Fatalf("expected no ACAO header for denied origin, got %q", got)
+	}
+}
+func TestCORS_Default_Origin(t *testing.T) {
+	// When CORS_ALLOW_ORIGINS is unset the middleware must default to "*".
+	t.Setenv("CORS_ALLOW_ORIGINS", "")
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/ping", nil)
+	req.Header.Set("Origin", "https://anywhere.com")
+	newCORSRouter(t).ServeHTTP(w, req)
+	if got := w.Header().Get("Access-Control-Allow-Origin"); got == "" {
+		t.Fatal("expected CORS header when CORS_ALLOW_ORIGINS defaults to *")
+	}
+}
+`}function F(e){return `package server_test
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"github.com/gin-gonic/gin"
+	"${e.module_path}/internal/config"
+	"${e.module_path}/internal/server"
+)
+func init() { gin.SetMode(gin.TestMode) }
+type serverAPIError struct {
+	Code    string \`json:"code"\`
+	Message string \`json:"message"\`
+}
+func TestServer_NotFound_JSON(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/no-such-route", nil)
+	server.NewRouter(config.Load()).ServeHTTP(w, req)
+	if w.Code != http.StatusNotFound {
+		t.Fatalf("expected 404, got %d", w.Code)
+	}
+	var body serverAPIError
+	if err := json.NewDecoder(w.Body).Decode(&body); err != nil {
+		t.Fatalf("expected JSON error body: %v", err)
+	}
+	if body.Code != "NOT_FOUND" {
+		t.Fatalf("expected code=NOT_FOUND, got %q", body.Code)
+	}
+}
+func TestServer_MethodNotAllowed_JSON(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodPost, "/api/v1/health/live", nil)
+	server.NewRouter(config.Load()).ServeHTTP(w, req)
+	if w.Code != http.StatusMethodNotAllowed {
+		t.Fatalf("expected 405, got %d", w.Code)
+	}
+	var body serverAPIError
+	if err := json.NewDecoder(w.Body).Decode(&body); err != nil {
+		t.Fatalf("expected JSON error body: %v", err)
+	}
+	if body.Code != "METHOD_NOT_ALLOWED" {
+		t.Fatalf("expected code=METHOD_NOT_ALLOWED, got %q", body.Code)
+	}
+}
+func TestServer_CORS_Header(t *testing.T) {
+	t.Setenv("CORS_ALLOW_ORIGINS", "*")
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/api/v1/health/live", nil)
+	req.Header.Set("Origin", "https://example.com")
+	server.NewRouter(config.Load()).ServeHTTP(w, req)
+	if got := w.Header().Get("Access-Control-Allow-Origin"); got == "" {
+		t.Fatal("expected Access-Control-Allow-Origin header to be set")
+	}
+}
+func TestServer_HealthLive(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/api/v1/health/live", nil)
+	server.NewRouter(config.Load()).ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d", w.Code)
+	}
+	var body map[string]any
+	if err := json.NewDecoder(w.Body).Decode(&body); err != nil {
+		t.Fatalf("invalid JSON: %v", err)
+	}
+	if body["status"] != "ok" {
+		t.Fatalf("expected status=ok, got %v", body["status"])
+	}
+}
+func TestServer_Docs_Redirect(t *testing.T) {
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/docs", nil)
+	server.NewRouter(config.Load()).ServeHTTP(w, req)
+	if w.Code != http.StatusFound {
+		t.Fatalf("expected 302 redirect from /docs, got %d", w.Code)
+	}
+	if loc := w.Header().Get("Location"); loc != "/docs/index.html" {
+		t.Fatalf("expected Location=/docs/index.html, got %q", loc)
+	}
+}
+func TestServer_ReleaseMode(t *testing.T) {
+	// Covers the gin.SetMode(gin.ReleaseMode) branch in NewRouter.
+	// Restore test mode after so other tests are not affected.
+	t.Cleanup(func() { gin.SetMode(gin.TestMode) })
+	t.Setenv("GIN_MODE", "release")
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/api/v1/health/live", nil)
+	server.NewRouter(config.Load()).ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected 200 in release mode, got %d", w.Code)
+	}
+}
+`}function j(e){return `package middleware
+import (
+	"os"
+	"strconv"
+	"sync"
+	"time"
+	"github.com/gin-gonic/gin"
+	"${e.module_path}/internal/apierr"
+)
+// ipBucket tracks the per-IP fixed-window request counter.
+type ipBucket struct {
+	mu          sync.Mutex
+	count       int
+	windowStart time.Time
+}
+// RateLimit returns a per-IP fixed-window rate limiter.
+// Configure the limit via RATE_LIMIT_RPS env var (requests per second, default 100).
+func RateLimit() gin.HandlerFunc {
+	rps := 100
+	if raw := os.Getenv("RATE_LIMIT_RPS"); raw != "" {
+		if n, err := strconv.Atoi(raw); err == nil && n > 0 {
+			rps = n
+		}
+	}
+	var buckets sync.Map
+	return func(c *gin.Context) {
+		ip := c.ClientIP()
+		now := time.Now()
+		v, _ := buckets.LoadOrStore(ip, &ipBucket{windowStart: now})
+		b := v.(*ipBucket)
+		b.mu.Lock()
+		if now.Sub(b.windowStart) >= time.Second {
+			b.count = 0
+			b.windowStart = now
+		}
+		b.count++
+		count := b.count
+		b.mu.Unlock()
+		if count > rps {
+			apierr.TooManyRequests(c)
+			c.Header("Retry-After", "1")
+			return
+		}
+		c.Next()
+	}
+}
+`}function U(e){return `package middleware_test
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"github.com/gin-gonic/gin"
+	"${e.module_path}/internal/middleware"
+)
+func newRateLimitRouter(t *testing.T) *gin.Engine {
+	t.Helper()
+	gin.SetMode(gin.TestMode)
+	r := gin.New()
+	r.Use(middleware.RateLimit())
+	r.GET("/", func(c *gin.Context) { c.Status(http.StatusOK) })
+	return r
+}
+func TestRateLimit_AllowsUnderLimit(t *testing.T) {
+	t.Setenv("RATE_LIMIT_RPS", "3")
+	r := newRateLimitRouter(t)
+	for i := 0; i < 3; i++ {
+		w := httptest.NewRecorder()
+		req, _ := http.NewRequest(http.MethodGet, "/", nil)
+		r.ServeHTTP(w, req)
+		if w.Code != http.StatusOK {
+			t.Fatalf("request %d: expected 200, got %d", i+1, w.Code)
+		}
+	}
+}
+func TestRateLimit_Blocks_After_Limit(t *testing.T) {
+	t.Setenv("RATE_LIMIT_RPS", "2")
+	r := newRateLimitRouter(t)
+	// Exhaust the limit.
+	for i := 0; i < 2; i++ {
+		w := httptest.NewRecorder()
+		req, _ := http.NewRequest(http.MethodGet, "/", nil)
+		r.ServeHTTP(w, req)
+	}
+	// Next request must be rejected.
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/", nil)
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusTooManyRequests {
+		t.Fatalf("expected 429 after limit, got %d", w.Code)
+	}
+}
+func TestRateLimit_InvalidRPS(t *testing.T) {
+	// When RATE_LIMIT_RPS is not a valid positive integer, the middleware
+	// must fall back to the default limit (100 rps) and allow normal requests.
+	t.Setenv("RATE_LIMIT_RPS", "not-a-number")
+	r := newRateLimitRouter(t)
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/", nil)
+	r.ServeHTTP(w, req)
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected 200 with invalid RPS env, got %d", w.Code)
+	}
+}
+`}function B(e){return `# Air \u2014 live reload for Go projects
+# https://github.com/air-verse/air
+root = "."
+tmp_dir = "tmp"
+[build]
+	pre_cmd        = ["$(go env GOPATH)/bin/swag init -g main.go -d cmd/server,internal/handlers,internal/apierr -o docs --parseDependency 2>/dev/null || true"]
+  cmd            = "go build -o ./tmp/server ./cmd/server"
+  bin            = "./tmp/server"
+  include_ext    = ["go", "yaml", "yml", "env"]
+  exclude_dir    = ["tmp", "vendor", ".git", "testdata", "docs"]
+  delay          = 500
+  rerun_delay    = 500
+  send_interrupt = true
+  kill_delay     = "200ms"
+[env]
+  GIN_MODE = "debug"
+  PORT     = "${e.port}"
+[misc]
+  clean_on_exit = true
+[log]
+  time = false
+`}function V(e){return `run:
+  timeout: 5m
+linters:
+  enable:
+    - bodyclose
+    - durationcheck
+    - errcheck
+    - errname
+    - errorlint
+    - gci
+    - goimports
+    - gosimple
+    - govet
+    - ineffassign
+    - misspell
+    - noctx
+    - nolintlint
+    - prealloc
+    - staticcheck
+    - unconvert
+    - unused
+    - wrapcheck
+linters-settings:
+  gci:
+    sections:
+      - standard
+      - default
+      - prefix(${e})
+  goimports:
+    local-prefixes: "${e}"
+  govet:
+    enable:
+      - shadow
+  wrapcheck:
+    ignorePackageGlobs:
+      - "${e}/*"
+issues:
+  max-same-issues: 5
+  exclude-rules:
+    - path: _test.go
+      linters:
+        - errcheck
+        - wrapcheck
+`}function W(){return JSON.stringify({engine:"npm",runtime:"go"},null,2)}function J(e,o){return JSON.stringify({kit_name:"gogin.standard",runtime:"go",module_support:false,project_name:e.project_name,module_path:e.module_path,app_version:e.app_version,created_by:"rapidkit-npm",rapidkit_version:o,created_at:new Date().toISOString()},null,2)}function K(e){return `#!/usr/bin/env sh
+# RapidKit Go/Gin project launcher \u2014 generated by RapidKit CLI
+# https://getrapidkit.com
+SCRIPT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
+CMD="\${1:-}"
+shift 2>/dev/null || true
+case "$CMD" in
+  init)
+    cd "$SCRIPT_DIR"
+    echo "\u{1F439} Initializing Go/Gin project\u2026"
+    GOBIN="$(go env GOPATH)/bin"
+    echo "  \u2192 installing air (hot reload)\u2026"
+    go install github.com/air-verse/air@latest 2>/dev/null && echo "  \u2713 air" || echo "  \u26A0  air install failed (run: go install github.com/air-verse/air@latest)"
+    echo "  \u2192 installing swag (swagger)\u2026"
+    go install github.com/swaggo/swag/cmd/swag@latest 2>/dev/null && echo "  \u2713 swag" || echo "  \u26A0  swag install failed (run: go install github.com/swaggo/swag/cmd/swag@latest)"
+    if [ ! -f ".env" ] && [ -f ".env.example" ]; then
+      cp .env.example .env && echo "  \u2713 .env created from .env.example"
+    fi
+    go mod tidy && echo "  \u2713 go mod tidy"
+    echo "  \u2192 generating swagger docs (first build)\u2026"
+		"$(go env GOPATH)/bin/swag" init -g main.go -d cmd/server,internal/handlers,internal/apierr -o docs --parseDependency 2>/dev/null       && echo "  \u2713 swagger docs generated"       || echo "  \u26A0  swagger docs skipped (run: rapidkit docs)"
+    echo "\u2705 Ready \u2014 run: rapidkit dev"
+    ;;
+  dev)
+    cd "$SCRIPT_DIR"
+    echo "\u{1F4D6} Syncing swagger docs\u2026"
+		"$(go env GOPATH)/bin/swag" init -g main.go -d cmd/server,internal/handlers,internal/apierr -o docs --parseDependency 2>/dev/null || true
+    if [ -f "$SCRIPT_DIR/Makefile" ]; then
+      exec make -C "$SCRIPT_DIR" dev "$@"
+    else
+      cd "$SCRIPT_DIR" && GIN_MODE=debug exec go run ./cmd/server "$@"
+    fi
+    ;;
+  start)
+    BIN="$SCRIPT_DIR/bin/${e.project_name}"
+    if [ ! -f "$BIN" ]; then
+      make -C "$SCRIPT_DIR" build
+    fi
+    exec "$BIN" "$@"
+    ;;
+  build)
+    exec make -C "$SCRIPT_DIR" build "$@"
+    ;;
+  test)
+    exec make -C "$SCRIPT_DIR" test "$@"
+    ;;
+  lint)
+    exec make -C "$SCRIPT_DIR" lint "$@"
+    ;;
+  format|fmt)
+    exec make -C "$SCRIPT_DIR" fmt "$@"
+    ;;
+  docs)
+    exec make -C "$SCRIPT_DIR" docs "$@"
+    ;;
+  help|--help|-h)
+    echo "RapidKit \u2014 Go/Gin project: ${e.project_name}"
+    echo ""
+    echo "Usage: rapidkit <command>"
+    echo ""
+    echo "  init     Install tools + create .env  (air, swag, go mod tidy)"
+    echo "  dev      Hot reload dev server        (make dev \u2014 requires air)"
+    echo "  start    Run compiled binary          (make build + bin)"
+    echo "  build    Build binary                 (make build)"
+    echo "  docs     Generate Swagger docs        (make docs \u2014 requires swag)"
+    echo "  test     Run tests                   (make test)"
+    echo "  lint     Run linter                  (make lint)"
+    echo "  format   Format code                 (make fmt)"
+    ;;
+  *)
+    if [ -n "$CMD" ]; then
+      echo "rapidkit: unknown command: $CMD" >&2
+    fi
+    echo "Available: init, dev, start, build, docs, test, lint, format" >&2
+    exit 1
+    ;;
+esac
+`}function X(e){return `@echo off
+rem RapidKit Go/Gin project launcher \u2014 Windows
+set CMD=%1
+if "%CMD%"=="" goto usage
+shift
+if "%CMD%"=="init" (
+  echo Initializing Go/Gin project...
+  go install github.com/air-verse/air@latest
+  go install github.com/swaggo/swag/cmd/swag@latest
+  if not exist .env if exist .env.example copy .env.example .env
+  go mod tidy
+  exit /b %ERRORLEVEL%
+)
+if "%CMD%"=="dev"  ( make dev %*   & exit /b %ERRORLEVEL% )
+if "%CMD%"=="build" ( make build %* & exit /b %ERRORLEVEL% )
+if "%CMD%"=="test"  ( make test %*  & exit /b %ERRORLEVEL% )
+if "%CMD%"=="lint"  ( make lint %*  & exit /b %ERRORLEVEL% )
+if "%CMD%"=="format" ( make fmt %*  & exit /b %ERRORLEVEL% )
+if "%CMD%"=="docs"  ( make docs %*  & exit /b %ERRORLEVEL% )
+if "%CMD%"=="start" ( bin\\${e.project_name}.exe %* & exit /b %ERRORLEVEL% )
+:usage
+echo Available: init, dev, start, build, docs, test, lint, format
+exit /b 1
+`}async function ne(e,o){let r={project_name:o.project_name,module_path:o.module_path||o.project_name,author:o.author||"RapidKit User",description:o.description||`Go/Gin REST API \u2014 ${o.project_name}`,go_version:o.go_version||"1.24",app_version:o.app_version||"0.1.0",port:o.port||"8080",skipGit:o.skipGit??false},g=b$1();try{await execa("go",["version"],{timeout:3e3});}catch{console.log(n.yellow("\n\u26A0  Go not found in PATH \u2014 project will be scaffolded, but `go mod tidy` requires Go 1.21+")),console.log(n.gray(`   Install: https://go.dev/dl/
+`));}let i=f(`Generating Go/Gin project: ${r.project_name}\u2026`).start();try{let t=(m,h)=>w(s.join(e,m),h),u=s.join(e,"rapidkit"),p=s.join(e,"rapidkit.cmd");await Promise.all([t("cmd/server/main.go",v(r)),t("go.mod",R(r)),t("internal/config/config.go",S(r)),t("internal/server/server.go",b(r)),t("internal/middleware/requestid.go",I()),t("internal/middleware/requestid_test.go",L(r)),t("internal/apierr/apierr.go",x()),t("internal/apierr/apierr_test.go",k(r)),t("internal/handlers/health.go",T()),t("internal/handlers/health_test.go",_(r)),t("internal/handlers/example.go",D(r)),t("internal/handlers/example_test.go",P(r)),t("internal/config/config_test.go",A(r)),t("internal/middleware/cors.go",H()),t("internal/middleware/cors_test.go",$(r)),t("internal/middleware/ratelimit.go",j(r)),t("internal/middleware/ratelimit_test.go",U(r)),t("internal/server/server_test.go",F(r)),t("docs/doc.go",M(r)),t(".air.toml",B(r)),t("Dockerfile",O()),t("docker-compose.yml",N(r)),t("Makefile",E(r)),t(".golangci.yml",V(r.module_path)),t(".env.example",G(r)),t(".gitignore",q()),t(".github/workflows/ci.yml",C(r)),t("README.md",y(r)),t(".rapidkit/project.json",J(r,g)),t(".rapidkit/context.json",W()),t("rapidkit",K(r)),t("rapidkit.cmd",X(r))]),await promises.chmod(u,493),await promises.chmod(p,493),i.succeed(n.green(`Project created at ${e}`));try{i.start("Fetching Go dependencies\u2026"),await execa("go",["mod","tidy"],{cwd:e,timeout:12e4}),i.succeed(n.gray("\u2713 go mod tidy completed"));}catch{i.warn(n.yellow("\u26A0  go mod tidy failed \u2014 run manually: go mod tidy"));}if(!r.skipGit)try{await execa("git",["init"],{cwd:e}),await execa("git",["add","-A"],{cwd:e}),await execa("git",["commit","-m","chore: initial scaffold (rapidkit gogin.standard)"],{cwd:e}),console.log(n.gray("\u2713 git repository initialized"));}catch{console.log(n.gray("\u26A0  git init skipped (git not found or error)"));}console.log(""),console.log(n.bold("\u2705 Go/Gin project ready!")),console.log(""),console.log(n.cyan("Next steps:")),console.log(n.white(`  cd ${r.project_name}`)),console.log(n.white("  make run            # start dev server")),console.log(n.white("  make test           # run tests")),console.log(""),console.log(n.gray("Server will listen on port "+r.port)),console.log(n.gray("  http://localhost:"+r.port+"/api/v1/health/live")),console.log(n.gray("  http://localhost:"+r.port+"/api/v1/health/ready")),console.log(""),console.log(n.yellow("\u2139  RapidKit modules are not available for Go projects (module system uses Python/pip).")),console.log("");}catch(t){throw i.fail(n.red("Failed to generate Go/Gin project")),t}}
+export{ne as generateGoGinKit};