servcraft 0.1.5 → 0.1.7

package/dist/cli/index.cjs

@@ -23,8 +23,12 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
+// node_modules/tsup/assets/cjs_shims.js
+var getImportMetaUrl = () => typeof document === "undefined" ? new URL(`file:${__filename}`).href : document.currentScript && document.currentScript.tagName.toUpperCase() === "SCRIPT" ? document.currentScript.src : new URL("main.js", document.baseURI).href;
+var importMetaUrl = /* @__PURE__ */ getImportMetaUrl();
+
 // src/cli/index.ts
-var import_commander5 = require("commander");
+var import_commander6 = require("commander");
 
 // src/cli/commands/init.ts
 var import_commander = require("commander");
@@ -96,7 +100,7 @@ function getModulesDir() {
 }
 
 // src/cli/commands/init.ts
-var initCommand = new import_commander.Command("init").alias("new").description("Initialize a new Servcraft project").argument("[name]", "Project name").option("-y, --yes", "Skip prompts and use defaults").option("--ts, --typescript", "Use TypeScript (default)").option("--js, --javascript", "Use JavaScript").option("--db <database>", "Database type (postgresql, mysql, sqlite, mongodb, none)").action(
+var initCommand = new import_commander.Command("init").alias("new").description("Initialize a new Servcraft project").argument("[name]", "Project name").option("-y, --yes", "Skip prompts and use defaults").option("--ts, --typescript", "Use TypeScript (default)").option("--js, --javascript", "Use JavaScript").option("--esm", "Use ES Modules (import/export) - default").option("--cjs, --commonjs", "Use CommonJS (require/module.exports)").option("--db <database>", "Database type (postgresql, mysql, sqlite, mongodb, none)").action(
   async (name, cmdOptions) => {
     console.log(
       import_chalk2.default.blue(`
@@ -113,6 +117,7 @@ var initCommand = new import_commander.Command("init").alias("new").description(
       options = {
         name: name || "my-servcraft-app",
         language: cmdOptions.javascript ? "javascript" : "typescript",
+        moduleSystem: cmdOptions.commonjs ? "commonjs" : "esm",
         database: db,
         orm: db === "mongodb" ? "mongoose" : db === "none" ? "none" : "prisma",
         validator: "zod",
@@ -142,6 +147,16 @@ var initCommand = new import_commander.Command("init").alias("new").description(
           ],
           default: "typescript"
         },
+        {
+          type: "list",
+          name: "moduleSystem",
+          message: "Select module system:",
+          choices: [
+            { name: "ESM (import/export) - Recommended", value: "esm" },
+            { name: "CommonJS (require/module.exports)", value: "commonjs" }
+          ],
+          default: "esm"
+        },
         {
           type: "list",
           name: "database",
@@ -204,10 +219,10 @@ var initCommand = new import_commander.Command("init").alias("new").description(
         JSON.stringify(packageJson, null, 2)
       );
       if (options.language === "typescript") {
-        await writeFile(import_path2.default.join(projectDir, "tsconfig.json"), generateTsConfig());
-        await writeFile(import_path2.default.join(projectDir, "tsup.config.ts"), generateTsupConfig());
+        await writeFile(import_path2.default.join(projectDir, "tsconfig.json"), generateTsConfig(options));
+        await writeFile(import_path2.default.join(projectDir, "tsup.config.ts"), generateTsupConfig(options));
       } else {
-        await writeFile(import_path2.default.join(projectDir, "jsconfig.json"), generateJsConfig());
+        await writeFile(import_path2.default.join(projectDir, "jsconfig.json"), generateJsConfig(options));
       }
       await writeFile(import_path2.default.join(projectDir, ".env.example"), generateEnvExample(options));
       await writeFile(import_path2.default.join(projectDir, ".env"), generateEnvExample(options));
@@ -217,7 +232,7 @@ var initCommand = new import_commander.Command("init").alias("new").description(
         import_path2.default.join(projectDir, "docker-compose.yml"),
         generateDockerCompose(options)
       );
-      const ext = options.language === "typescript" ? "ts" : "js";
+      const ext = options.language === "typescript" ? "ts" : options.moduleSystem === "esm" ? "js" : "cjs";
       const dirs = [
         "src/core",
         "src/config",
@@ -246,6 +261,22 @@ var initCommand = new import_commander.Command("init").alias("new").description(
         import_path2.default.join(projectDir, `src/core/logger.${ext}`),
         generateLoggerFile(options)
       );
+      await writeFile(
+        import_path2.default.join(projectDir, `src/config/index.${ext}`),
+        generateConfigFile(options)
+      );
+      await writeFile(
+        import_path2.default.join(projectDir, `src/middleware/index.${ext}`),
+        generateMiddlewareFile(options)
+      );
+      await writeFile(
+        import_path2.default.join(projectDir, `src/utils/index.${ext}`),
+        generateUtilsFile(options)
+      );
+      await writeFile(
+        import_path2.default.join(projectDir, `src/types/index.${ext}`),
+        generateTypesFile(options)
+      );
       if (options.orm === "prisma") {
         await writeFile(
           import_path2.default.join(projectDir, "prisma/schema.prisma"),
@@ -307,18 +338,35 @@ var initCommand = new import_commander.Command("init").alias("new").description(
 );
 function generatePackageJson(options) {
   const isTS = options.language === "typescript";
+  const isESM = options.moduleSystem === "esm";
+  let devCommand;
+  if (isTS) {
+    devCommand = "tsx watch src/index.ts";
+  } else if (isESM) {
+    devCommand = "node --watch src/index.js";
+  } else {
+    devCommand = "node --watch src/index.cjs";
+  }
+  let startCommand;
+  if (isTS) {
+    startCommand = isESM ? "node dist/index.js" : "node dist/index.cjs";
+  } else if (isESM) {
+    startCommand = "node src/index.js";
+  } else {
+    startCommand = "node src/index.cjs";
+  }
   const pkg = {
     name: options.name,
     version: "0.1.0",
     description: "A Servcraft application",
-    main: isTS ? "dist/index.js" : "src/index.js",
-    type: "module",
+    main: isTS ? isESM ? "dist/index.js" : "dist/index.cjs" : isESM ? "src/index.js" : "src/index.cjs",
+    ...isESM && { type: "module" },
     scripts: {
-      dev: isTS ? "tsx watch src/index.ts" : "node --watch src/index.js",
+      dev: devCommand,
       build: isTS ? "tsup" : 'echo "No build needed for JS"',
-      start: isTS ? "node dist/index.js" : "node src/index.js",
+      start: startCommand,
       test: "vitest",
-      lint: isTS ? "eslint src --ext .ts" : "eslint src --ext .js"
+      lint: isTS ? "eslint src --ext .ts" : "eslint src --ext .js,.cjs"
     },
     dependencies: {
       fastify: "^4.28.1",
@@ -380,13 +428,14 @@ function generatePackageJson(options) {
   }
   return pkg;
 }
-function generateTsConfig() {
+function generateTsConfig(options) {
+  const isESM = options.moduleSystem === "esm";
   return JSON.stringify(
     {
       compilerOptions: {
         target: "ES2022",
-        module: "NodeNext",
-        moduleResolution: "NodeNext",
+        module: isESM ? "NodeNext" : "CommonJS",
+        moduleResolution: isESM ? "NodeNext" : "Node",
         lib: ["ES2022"],
         outDir: "./dist",
         rootDir: "./src",
@@ -405,12 +454,13 @@ function generateTsConfig() {
     2
   );
 }
-function generateJsConfig() {
+function generateJsConfig(options) {
+  const isESM = options.moduleSystem === "esm";
   return JSON.stringify(
     {
       compilerOptions: {
-        module: "NodeNext",
-        moduleResolution: "NodeNext",
+        module: isESM ? "NodeNext" : "CommonJS",
+        moduleResolution: isESM ? "NodeNext" : "Node",
         target: "ES2022",
         checkJs: true
       },
@@ -421,12 +471,13 @@ function generateJsConfig() {
     2
   );
 }
-function generateTsupConfig() {
+function generateTsupConfig(options) {
+  const isESM = options.moduleSystem === "esm";
   return `import { defineConfig } from 'tsup';
 
 export default defineConfig({
   entry: ['src/index.ts'],
-  format: ['esm'],
+  format: ['${isESM ? "esm" : "cjs"}'],
   dts: true,
   clean: true,
   sourcemap: true,
@@ -435,7 +486,7 @@ export default defineConfig({
 `;
 }
 function generateEnvExample(options) {
-  let env = `# Server
+  let env2 = `# Server
 NODE_ENV=development
 PORT=3000
 HOST=0.0.0.0
@@ -453,31 +504,31 @@ RATE_LIMIT_MAX=100
 LOG_LEVEL=info
 `;
   if (options.database === "postgresql") {
-    env += `
+    env2 += `
 # Database (PostgreSQL)
 DATABASE_PROVIDER=postgresql
 DATABASE_URL="postgresql://user:password@localhost:5432/mydb?schema=public"
 `;
   } else if (options.database === "mysql") {
-    env += `
+    env2 += `
 # Database (MySQL)
 DATABASE_PROVIDER=mysql
 DATABASE_URL="mysql://user:password@localhost:3306/mydb"
 `;
   } else if (options.database === "sqlite") {
-    env += `
+    env2 += `
 # Database (SQLite)
 DATABASE_PROVIDER=sqlite
 DATABASE_URL="file:./dev.db"
 `;
   } else if (options.database === "mongodb") {
-    env += `
+    env2 += `
 # Database (MongoDB)
 MONGODB_URI="mongodb://localhost:27017/mydb"
 `;
   }
   if (options.features.includes("email")) {
-    env += `
+    env2 += `
 # Email
 SMTP_HOST=smtp.example.com
 SMTP_PORT=587
@@ -487,12 +538,12 @@ SMTP_FROM="App <noreply@example.com>"
 `;
   }
   if (options.features.includes("redis")) {
-    env += `
+    env2 += `
 # Redis
 REDIS_URL=redis://localhost:6379
 `;
   }
-  return env;
+  return env2;
 }
 function generateGitignore() {
   return `node_modules/
@@ -621,7 +672,12 @@ model User {
 }
 function generateEntryFile(options) {
   const isTS = options.language === "typescript";
-  return `${isTS ? "import 'dotenv/config';\nimport { createServer } from './core/server.js';\nimport { logger } from './core/logger.js';" : "require('dotenv').config();\nconst { createServer } = require('./core/server.js');\nconst { logger } = require('./core/logger.js');"}
+  const isESM = options.moduleSystem === "esm";
+  const fileExt = isTS ? "js" : isESM ? "js" : "cjs";
+  if (isESM || isTS) {
+    return `import 'dotenv/config';
+import { createServer } from './core/server.${fileExt}';
+import { logger } from './core/logger.${fileExt}';
 
 async function main()${isTS ? ": Promise<void>" : ""} {
   const server = createServer();
@@ -636,16 +692,31 @@ async function main()${isTS ? ": Promise<void>" : ""} {
 
 main();
 `;
+  } else {
+    return `require('dotenv').config();
+const { createServer } = require('./core/server.cjs');
+const { logger } = require('./core/logger.cjs');
+
+async function main() {
+  const server = createServer();
+
+  try {
+    await server.start();
+  } catch (error) {
+    logger.error({ err: error }, 'Failed to start server');
+    process.exit(1);
+  }
+}
+
+main();
+`;
+  }
 }
 function generateServerFile(options) {
   const isTS = options.language === "typescript";
-  return `${isTS ? `import Fastify from 'fastify';
-import type { FastifyInstance } from 'fastify';
-import { logger } from './logger.js';` : `const Fastify = require('fastify');
-const { logger } = require('./logger.js');`}
-
-${isTS ? "export function createServer(): { instance: FastifyInstance; start: () => Promise<void> }" : "function createServer()"} {
-  const app = Fastify({ logger });
+  const isESM = options.moduleSystem === "esm";
+  const fileExt = isTS ? "js" : isESM ? "js" : "cjs";
+  const serverBody = `  const app = Fastify({ logger });
 
   // Health check
   app.get('/health', async () => ({
@@ -672,33 +743,58 @@ ${isTS ? "export function createServer(): { instance: FastifyInstance; start: ()
       logger.info(\`Server listening on \${host}:\${port}\`);
     },
   };
-}
+}`;
+  if (isESM || isTS) {
+    return `import Fastify from 'fastify';
+${isTS ? "import type { FastifyInstance } from 'fastify';" : ""}
+import { logger } from './logger.${fileExt}';
+
+${isTS ? "export function createServer(): { instance: FastifyInstance; start: () => Promise<void> }" : "export function createServer()"} {
+${serverBody}
+`;
+  } else {
+    return `const Fastify = require('fastify');
+const { logger } = require('./logger.cjs');
 
-${isTS ? "" : "module.exports = { createServer };"}
+function createServer() {
+${serverBody}
+
+module.exports = { createServer };
 `;
+  }
 }
 function generateLoggerFile(options) {
   const isTS = options.language === "typescript";
-  return `${isTS ? "import pino from 'pino';\nimport type { Logger } from 'pino';" : "const pino = require('pino');"}
-
-${isTS ? "export const logger: Logger" : "const logger"} = pino({
+  const isESM = options.moduleSystem === "esm";
+  const loggerBody = `pino({
   level: process.env.LOG_LEVEL || 'info',
   transport: process.env.NODE_ENV !== 'production' ? {
     target: 'pino-pretty',
     options: { colorize: true },
   } : undefined,
-});
+})`;
+  if (isESM || isTS) {
+    return `import pino from 'pino';
+${isTS ? "import type { Logger } from 'pino';" : ""}
 
-${isTS ? "" : "module.exports = { logger };"}
+export const logger${isTS ? ": Logger" : ""} = ${loggerBody};
 `;
+  } else {
+    return `const pino = require('pino');
+
+const logger = ${loggerBody};
+
+module.exports = { logger };
+`;
+  }
 }
 function generateMongooseConnection(options) {
   const isTS = options.language === "typescript";
-  return `${isTS ? "import mongoose from 'mongoose';\nimport { logger } from '../core/logger.js';" : "const mongoose = require('mongoose');\nconst { logger } = require('../core/logger.js');"}
+  const isESM = options.moduleSystem === "esm";
+  const fileExt = isTS ? "js" : isESM ? "js" : "cjs";
+  const connectionBody = `const MONGODB_URI = process.env.MONGODB_URI || 'mongodb://localhost:27017/mydb';
 
-const MONGODB_URI = process.env.MONGODB_URI || 'mongodb://localhost:27017/mydb';
-
-${isTS ? "export async function connectDatabase(): Promise<typeof mongoose>" : "async function connectDatabase()"} {
+async function connectDatabase()${isTS ? ": Promise<typeof mongoose>" : ""} {
   try {
     const conn = await mongoose.connect(MONGODB_URI);
     logger.info(\`MongoDB connected: \${conn.connection.host}\`);
@@ -709,35 +805,36 @@ ${isTS ? "export async function connectDatabase(): Promise<typeof mongoose>" : "
   }
 }
 
-${isTS ? "export async function disconnectDatabase(): Promise<void>" : "async function disconnectDatabase()"} {
+async function disconnectDatabase()${isTS ? ": Promise<void>" : ""} {
   try {
     await mongoose.disconnect();
     logger.info('MongoDB disconnected');
   } catch (error) {
     logger.error({ err: error }, 'MongoDB disconnect failed');
   }
-}
+}`;
+  if (isESM || isTS) {
+    return `import mongoose from 'mongoose';
+import { logger } from '../core/logger.${fileExt}';
+
+${connectionBody}
+
+export { connectDatabase, disconnectDatabase, mongoose };
+`;
+  } else {
+    return `const mongoose = require('mongoose');
+const { logger } = require('../core/logger.cjs');
+
+${connectionBody}
 
-${isTS ? "export { mongoose };" : "module.exports = { connectDatabase, disconnectDatabase, mongoose };"}
+module.exports = { connectDatabase, disconnectDatabase, mongoose };
 `;
+  }
 }
 function generateMongooseUserModel(options) {
   const isTS = options.language === "typescript";
-  return `${isTS ? "import mongoose, { Schema, Document } from 'mongoose';\nimport bcrypt from 'bcryptjs';" : "const mongoose = require('mongoose');\nconst bcrypt = require('bcryptjs');\nconst { Schema } = mongoose;"}
-
-${isTS ? `export interface IUser extends Document {
-  email: string;
-  password: string;
-  name?: string;
-  role: 'user' | 'admin';
-  status: 'active' | 'inactive' | 'suspended';
-  emailVerified: boolean;
-  createdAt: Date;
-  updatedAt: Date;
-  comparePassword(candidatePassword: string): Promise<boolean>;
-}` : ""}
-
-const userSchema = new Schema${isTS ? "<IUser>" : ""}({
+  const isESM = options.moduleSystem === "esm";
+  const schemaBody = `const userSchema = new Schema${isTS ? "<IUser>" : ""}({
   email: {
     type: String,
     required: true,
@@ -788,9 +885,237 @@ userSchema.pre('save', async function(next) {
 // Compare password method
 userSchema.methods.comparePassword = async function(candidatePassword${isTS ? ": string" : ""})${isTS ? ": Promise<boolean>" : ""} {
   return bcrypt.compare(candidatePassword, this.password);
-};
+};`;
+  const tsInterface = isTS ? `
+export interface IUser extends Document {
+  email: string;
+  password: string;
+  name?: string;
+  role: 'user' | 'admin';
+  status: 'active' | 'inactive' | 'suspended';
+  emailVerified: boolean;
+  createdAt: Date;
+  updatedAt: Date;
+  comparePassword(candidatePassword: string): Promise<boolean>;
+}
+` : "";
+  if (isESM || isTS) {
+    return `import mongoose${isTS ? ", { Schema, Document }" : ""} from 'mongoose';
+import bcrypt from 'bcryptjs';
+${!isTS ? "const { Schema } = mongoose;" : ""}
+${tsInterface}
+${schemaBody}
+
+export const User = mongoose.model${isTS ? "<IUser>" : ""}('User', userSchema);
+`;
+  } else {
+    return `const mongoose = require('mongoose');
+const bcrypt = require('bcryptjs');
+const { Schema } = mongoose;
+
+${schemaBody}
+
+const User = mongoose.model('User', userSchema);
+
+module.exports = { User };
+`;
+  }
+}
+function generateConfigFile(options) {
+  const isTS = options.language === "typescript";
+  const isESM = options.moduleSystem === "esm";
+  const configBody = `{
+  env: process.env.NODE_ENV || 'development',
+  port: parseInt(process.env.PORT || '3000', 10),
+  host: process.env.HOST || '0.0.0.0',
+
+  jwt: {
+    secret: process.env.JWT_SECRET || 'your-secret-key',
+    accessExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN || '15m',
+    refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN || '7d',
+  },
+
+  cors: {
+    origin: process.env.CORS_ORIGIN || 'http://localhost:3000',
+  },
+
+  rateLimit: {
+    max: parseInt(process.env.RATE_LIMIT_MAX || '100', 10),
+  },
+
+  log: {
+    level: process.env.LOG_LEVEL || 'info',
+  },
+}${isTS ? " as const" : ""}`;
+  if (isESM || isTS) {
+    return `import 'dotenv/config';
+
+export const config = ${configBody};
+`;
+  } else {
+    return `require('dotenv').config();
+
+const config = ${configBody};
+
+module.exports = { config };
+`;
+  }
+}
+function generateMiddlewareFile(options) {
+  const isTS = options.language === "typescript";
+  const isESM = options.moduleSystem === "esm";
+  const fileExt = isTS ? "js" : isESM ? "js" : "cjs";
+  const middlewareBody = `/**
+ * Error handler middleware
+ */
+function errorHandler(error${isTS ? ": Error" : ""}, request${isTS ? ": FastifyRequest" : ""}, reply${isTS ? ": FastifyReply" : ""})${isTS ? ": void" : ""} {
+  logger.error({ err: error, url: request.url, method: request.method }, 'Request error');
+
+  const statusCode = (error${isTS ? " as any" : ""}).statusCode || 500;
+  const message = statusCode === 500 ? 'Internal Server Error' : error.message;
+
+  reply.status(statusCode).send({
+    success: false,
+    error: message,
+    ...(process.env.NODE_ENV === 'development' && { stack: error.stack }),
+  });
+}
+
+/**
+ * Request logging middleware
+ */
+function requestLogger(request${isTS ? ": FastifyRequest" : ""}, reply${isTS ? ": FastifyReply" : ""}, done${isTS ? ": () => void" : ""})${isTS ? ": void" : ""} {
+  logger.info({ url: request.url, method: request.method, ip: request.ip }, 'Incoming request');
+  done();
+}`;
+  if (isESM || isTS) {
+    return `${isTS ? "import type { FastifyRequest, FastifyReply } from 'fastify';" : ""}
+import { logger } from '../core/logger.${fileExt}';
+
+${middlewareBody}
+
+export { errorHandler, requestLogger };
+`;
+  } else {
+    return `const { logger } = require('../core/logger.cjs');
+
+${middlewareBody}
+
+module.exports = { errorHandler, requestLogger };
+`;
+  }
+}
+function generateUtilsFile(options) {
+  const isTS = options.language === "typescript";
+  const isESM = options.moduleSystem === "esm";
+  const utilsBody = `/**
+ * Standard API response helper
+ */
+function apiResponse${isTS ? "<T>" : ""}(data${isTS ? ": T" : ""}, message = "Success")${isTS ? ": { success: boolean; message: string; data: T }" : ""} {
+  return {
+    success: true,
+    message,
+    data,
+  };
+}
+
+/**
+ * Error response helper
+ */
+function errorResponse(message${isTS ? ": string" : ""}, code${isTS ? "?: string" : ""})${isTS ? ": { success: boolean; error: string; code?: string }" : ""} {
+  return {
+    success: false,
+    error: message,
+    ...(code && { code }),
+  };
+}
+
+/**
+ * Pagination helper
+ */
+function paginate${isTS ? "<T>" : ""}(data${isTS ? ": T[]" : ""}, page${isTS ? ": number" : ""}, limit${isTS ? ": number" : ""}, total${isTS ? ": number" : ""})${isTS ? ": PaginationResult<T>" : ""} {
+  const totalPages = Math.ceil(total / limit);
+
+  return {
+    data,
+    pagination: {
+      page,
+      limit,
+      total,
+      totalPages,
+      hasNextPage: page < totalPages,
+      hasPrevPage: page > 1,
+    },
+  };
+}`;
+  const tsInterface = isTS ? `
+/**
+ * Pagination result type
+ */
+export interface PaginationResult<T> {
+  data: T[];
+  pagination: {
+    page: number;
+    limit: number;
+    total: number;
+    totalPages: number;
+    hasNextPage: boolean;
+    hasPrevPage: boolean;
+  };
+}
+` : "";
+  if (isESM || isTS) {
+    return `${tsInterface}
+${utilsBody}
+
+export { apiResponse, errorResponse, paginate };
+`;
+  } else {
+    return `${utilsBody}
+
+module.exports = { apiResponse, errorResponse, paginate };
+`;
+  }
+}
+function generateTypesFile(options) {
+  if (options.language !== "typescript") {
+    return "// Types file - not needed for JavaScript\n";
+  }
+  return `/**
+ * Common type definitions
+ */
+
+export interface ApiResponse<T = unknown> {
+  success: boolean;
+  message?: string;
+  data?: T;
+  error?: string;
+  code?: string;
+}
+
+export interface PaginatedResponse<T> {
+  data: T[];
+  pagination: {
+    page: number;
+    limit: number;
+    total: number;
+    totalPages: number;
+    hasNextPage: boolean;
+    hasPrevPage: boolean;
+  };
+}
 
-${isTS ? "export const User = mongoose.model<IUser>('User', userSchema);" : "const User = mongoose.model('User', userSchema);\nmodule.exports = { User };"}
+export interface RequestUser {
+  id: string;
+  email: string;
+  role: string;
+}
+
+declare module 'fastify' {
+  interface FastifyRequest {
+    user?: RequestUser;
+  }
+}
 `;
 }
 
@@ -1959,12 +2284,12 @@ var EnvManager = class {
   async addVariables(sections) {
     const added = [];
     const skipped = [];
-    let created = false;
+    let created2 = false;
     let envContent = "";
     if ((0, import_fs.existsSync)(this.envPath)) {
       envContent = await fs3.readFile(this.envPath, "utf-8");
     } else {
-      created = true;
+      created2 = true;
     }
     const existingKeys = this.parseExistingKeys(envContent);
     let newContent = envContent;
@@ -1995,7 +2320,7 @@ var EnvManager = class {
     if ((0, import_fs.existsSync)(this.envExamplePath)) {
       await this.updateEnvExample(sections);
     }
-    return { added, skipped, created };
+    return { added, skipped, created: created2 };
   }
   /**
    * Update .env.example file
@@ -3555,11 +3880,43 @@ export interface ${name.charAt(0).toUpperCase() + name.slice(1)}Data {
     await writeFile(import_path4.default.join(dir, fileName), content);
   }
 }
+async function findServercraftModules() {
+  const scriptDir = import_path4.default.dirname(new URL(importMetaUrl).pathname);
+  const possiblePaths = [
+    // Local node_modules (when servcraft is a dependency)
+    import_path4.default.join(process.cwd(), "node_modules", "servcraft", "src", "modules"),
+    // From dist/cli/index.js -> src/modules (npx or global install)
+    import_path4.default.resolve(scriptDir, "..", "..", "src", "modules"),
+    // From src/cli/commands/add-module.ts -> src/modules (development)
+    import_path4.default.resolve(scriptDir, "..", "..", "modules")
+  ];
+  for (const p of possiblePaths) {
+    try {
+      const stats = await fs5.stat(p);
+      if (stats.isDirectory()) {
+        return p;
+      }
+    } catch {
+    }
+  }
+  return null;
+}
 async function generateModuleFiles(moduleName, moduleDir) {
-  const sourceModuleDir = import_path4.default.join(process.cwd(), "src", "modules", moduleName);
-  if (await fileExists(sourceModuleDir)) {
-    await copyModuleFromSource(sourceModuleDir, moduleDir);
-    return;
+  const moduleNameMap = {
+    users: "user",
+    "rate-limit": "rate-limit",
+    "feature-flag": "feature-flag",
+    "api-versioning": "api-versioning",
+    "media-processing": "media-processing"
+  };
+  const sourceDirName = moduleNameMap[moduleName] || moduleName;
+  const servercraftModulesDir = await findServercraftModules();
+  if (servercraftModulesDir) {
+    const sourceModuleDir = import_path4.default.join(servercraftModulesDir, sourceDirName);
+    if (await fileExists(sourceModuleDir)) {
+      await copyModuleFromSource(sourceModuleDir, moduleDir);
+      return;
+    }
   }
   switch (moduleName) {
     case "auth":
@@ -3815,12 +4172,1782 @@ dbCommand.command("status").description("Show migration status").action(async ()
   }
 });
 
+// src/cli/commands/docs.ts
+var import_commander5 = require("commander");
+var import_path6 = __toESM(require("path"), 1);
+var import_promises4 = __toESM(require("fs/promises"), 1);
+var import_ora6 = __toESM(require("ora"), 1);
+var import_chalk6 = __toESM(require("chalk"), 1);
+
+// src/cli/utils/docs-generator.ts
+var import_promises3 = __toESM(require("fs/promises"), 1);
+var import_path5 = __toESM(require("path"), 1);
+var import_ora5 = __toESM(require("ora"), 1);
+
+// src/core/server.ts
+var import_fastify = __toESM(require("fastify"), 1);
+
+// src/core/logger.ts
+var import_pino = __toESM(require("pino"), 1);
+var defaultConfig = {
+  level: process.env.LOG_LEVEL || "info",
+  pretty: process.env.NODE_ENV !== "production",
+  name: "servcraft"
+};
+function createLogger(config2 = {}) {
+  const mergedConfig = { ...defaultConfig, ...config2 };
+  const transport = mergedConfig.pretty ? {
+    target: "pino-pretty",
+    options: {
+      colorize: true,
+      translateTime: "SYS:standard",
+      ignore: "pid,hostname"
+    }
+  } : void 0;
+  return (0, import_pino.default)({
+    name: mergedConfig.name,
+    level: mergedConfig.level,
+    transport,
+    formatters: {
+      level: (label) => ({ level: label })
+    },
+    timestamp: import_pino.default.stdTimeFunctions.isoTime
+  });
+}
+var logger = createLogger();
+
+// src/core/server.ts
+var defaultConfig2 = {
+  port: parseInt(process.env.PORT || "3000", 10),
+  host: process.env.HOST || "0.0.0.0",
+  trustProxy: true,
+  bodyLimit: 1048576,
+  // 1MB
+  requestTimeout: 3e4
+  // 30s
+};
+var Server = class {
+  app;
+  config;
+  logger;
+  isShuttingDown = false;
+  constructor(config2 = {}) {
+    this.config = { ...defaultConfig2, ...config2 };
+    this.logger = this.config.logger || logger;
+    const fastifyOptions = {
+      logger: this.logger,
+      trustProxy: this.config.trustProxy,
+      bodyLimit: this.config.bodyLimit,
+      requestTimeout: this.config.requestTimeout
+    };
+    this.app = (0, import_fastify.default)(fastifyOptions);
+    this.setupHealthCheck();
+    this.setupGracefulShutdown();
+  }
+  get instance() {
+    return this.app;
+  }
+  setupHealthCheck() {
+    this.app.get("/health", async (_request, reply) => {
+      const healthcheck = {
+        status: "ok",
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        uptime: process.uptime(),
+        memory: process.memoryUsage(),
+        version: process.env.npm_package_version || "0.1.0"
+      };
+      return reply.status(200).send(healthcheck);
+    });
+    this.app.get("/ready", async (_request, reply) => {
+      if (this.isShuttingDown) {
+        return reply.status(503).send({ status: "shutting_down" });
+      }
+      return reply.status(200).send({ status: "ready" });
+    });
+  }
+  setupGracefulShutdown() {
+    const signals = ["SIGINT", "SIGTERM", "SIGQUIT"];
+    signals.forEach((signal) => {
+      process.on(signal, async () => {
+        this.logger.info(`Received ${signal}, starting graceful shutdown...`);
+        await this.shutdown();
+      });
+    });
+    process.on("uncaughtException", async (error2) => {
+      this.logger.error({ err: error2 }, "Uncaught exception");
+      await this.shutdown(1);
+    });
+    process.on("unhandledRejection", async (reason) => {
+      this.logger.error({ err: reason }, "Unhandled rejection");
+      await this.shutdown(1);
+    });
+  }
+  async shutdown(exitCode = 0) {
+    if (this.isShuttingDown) {
+      return;
+    }
+    this.isShuttingDown = true;
+    this.logger.info("Graceful shutdown initiated...");
+    const shutdownTimeout = setTimeout(() => {
+      this.logger.error("Graceful shutdown timeout, forcing exit");
+      process.exit(1);
+    }, 3e4);
+    try {
+      await this.app.close();
+      this.logger.info("Server closed successfully");
+      clearTimeout(shutdownTimeout);
+      process.exit(exitCode);
+    } catch (error2) {
+      this.logger.error({ err: error2 }, "Error during shutdown");
+      clearTimeout(shutdownTimeout);
+      process.exit(1);
+    }
+  }
+  async start() {
+    try {
+      await this.app.listen({
+        port: this.config.port,
+        host: this.config.host
+      });
+      this.logger.info(`Server listening on ${this.config.host}:${this.config.port}`);
+    } catch (error2) {
+      this.logger.error({ err: error2 }, "Failed to start server");
+      throw error2;
+    }
+  }
+};
+function createServer(config2 = {}) {
+  return new Server(config2);
+}
+
+// src/utils/errors.ts
+var AppError = class _AppError extends Error {
+  statusCode;
+  isOperational;
+  errors;
+  constructor(message, statusCode = 500, isOperational = true, errors) {
+    super(message);
+    this.statusCode = statusCode;
+    this.isOperational = isOperational;
+    this.errors = errors;
+    Object.setPrototypeOf(this, _AppError.prototype);
+    Error.captureStackTrace(this, this.constructor);
+  }
+};
+var NotFoundError = class _NotFoundError extends AppError {
+  constructor(resource = "Resource") {
+    super(`${resource} not found`, 404);
+    Object.setPrototypeOf(this, _NotFoundError.prototype);
+  }
+};
+var UnauthorizedError = class _UnauthorizedError extends AppError {
+  constructor(message = "Unauthorized") {
+    super(message, 401);
+    Object.setPrototypeOf(this, _UnauthorizedError.prototype);
+  }
+};
+var ForbiddenError = class _ForbiddenError extends AppError {
+  constructor(message = "Forbidden") {
+    super(message, 403);
+    Object.setPrototypeOf(this, _ForbiddenError.prototype);
+  }
+};
+var BadRequestError = class _BadRequestError extends AppError {
+  constructor(message = "Bad request", errors) {
+    super(message, 400, true, errors);
+    Object.setPrototypeOf(this, _BadRequestError.prototype);
+  }
+};
+var ConflictError = class _ConflictError extends AppError {
+  constructor(message = "Resource already exists") {
+    super(message, 409);
+    Object.setPrototypeOf(this, _ConflictError.prototype);
+  }
+};
+var ValidationError = class _ValidationError extends AppError {
+  constructor(errors) {
+    super("Validation failed", 422, true, errors);
+    Object.setPrototypeOf(this, _ValidationError.prototype);
+  }
+};
+function isAppError(error2) {
+  return error2 instanceof AppError;
+}
+
+// src/config/env.ts
+var import_zod = require("zod");
+var import_dotenv = __toESM(require("dotenv"), 1);
+import_dotenv.default.config();
+var envSchema = import_zod.z.object({
+  // Server
+  NODE_ENV: import_zod.z.enum(["development", "staging", "production", "test"]).default("development"),
+  PORT: import_zod.z.string().transform(Number).default("3000"),
+  HOST: import_zod.z.string().default("0.0.0.0"),
+  // Database
+  DATABASE_URL: import_zod.z.string().optional(),
+  // JWT
+  JWT_SECRET: import_zod.z.string().min(32).optional(),
+  JWT_ACCESS_EXPIRES_IN: import_zod.z.string().default("15m"),
+  JWT_REFRESH_EXPIRES_IN: import_zod.z.string().default("7d"),
+  // Security
+  CORS_ORIGIN: import_zod.z.string().default("*"),
+  RATE_LIMIT_MAX: import_zod.z.string().transform(Number).default("100"),
+  RATE_LIMIT_WINDOW_MS: import_zod.z.string().transform(Number).default("60000"),
+  // Email
+  SMTP_HOST: import_zod.z.string().optional(),
+  SMTP_PORT: import_zod.z.string().transform(Number).optional(),
+  SMTP_USER: import_zod.z.string().optional(),
+  SMTP_PASS: import_zod.z.string().optional(),
+  SMTP_FROM: import_zod.z.string().optional(),
+  // Redis (optional)
+  REDIS_URL: import_zod.z.string().optional(),
+  // Logging
+  LOG_LEVEL: import_zod.z.enum(["fatal", "error", "warn", "info", "debug", "trace"]).default("info")
+});
+function validateEnv() {
+  const parsed = envSchema.safeParse(process.env);
+  if (!parsed.success) {
+    logger.error({ errors: parsed.error.flatten().fieldErrors }, "Invalid environment variables");
+    throw new Error("Invalid environment variables");
+  }
+  return parsed.data;
+}
+var env = validateEnv();
+function isProduction() {
+  return env.NODE_ENV === "production";
+}
+
+// src/config/index.ts
+function parseCorsOrigin(origin) {
+  if (origin === "*") return "*";
+  if (origin.includes(",")) {
+    return origin.split(",").map((o) => o.trim());
+  }
+  return origin;
+}
+function createConfig() {
+  return {
+    env,
+    server: {
+      port: env.PORT,
+      host: env.HOST
+    },
+    jwt: {
+      secret: env.JWT_SECRET || "change-me-in-production-please-32chars",
+      accessExpiresIn: env.JWT_ACCESS_EXPIRES_IN,
+      refreshExpiresIn: env.JWT_REFRESH_EXPIRES_IN
+    },
+    security: {
+      corsOrigin: parseCorsOrigin(env.CORS_ORIGIN),
+      rateLimit: {
+        max: env.RATE_LIMIT_MAX,
+        windowMs: env.RATE_LIMIT_WINDOW_MS
+      }
+    },
+    email: {
+      host: env.SMTP_HOST,
+      port: env.SMTP_PORT,
+      user: env.SMTP_USER,
+      pass: env.SMTP_PASS,
+      from: env.SMTP_FROM
+    },
+    database: {
+      url: env.DATABASE_URL
+    },
+    redis: {
+      url: env.REDIS_URL
+    }
+  };
+}
+var config = createConfig();
+
+// src/middleware/error-handler.ts
+function registerErrorHandler(app) {
+  app.setErrorHandler(
+    (error2, request, reply) => {
+      logger.error(
+        {
+          err: error2,
+          requestId: request.id,
+          method: request.method,
+          url: request.url
+        },
+        "Request error"
+      );
+      if (isAppError(error2)) {
+        return reply.status(error2.statusCode).send({
+          success: false,
+          message: error2.message,
+          errors: error2.errors,
+          ...isProduction() ? {} : { stack: error2.stack }
+        });
+      }
+      if ("validation" in error2 && error2.validation) {
+        const errors = {};
+        for (const err of error2.validation) {
+          const field = err.instancePath?.replace("/", "") || "body";
+          if (!errors[field]) {
+            errors[field] = [];
+          }
+          errors[field].push(err.message || "Invalid value");
+        }
+        return reply.status(400).send({
+          success: false,
+          message: "Validation failed",
+          errors
+        });
+      }
+      if ("statusCode" in error2 && typeof error2.statusCode === "number") {
+        return reply.status(error2.statusCode).send({
+          success: false,
+          message: error2.message,
+          ...isProduction() ? {} : { stack: error2.stack }
+        });
+      }
+      return reply.status(500).send({
+        success: false,
+        message: isProduction() ? "Internal server error" : error2.message,
+        ...isProduction() ? {} : { stack: error2.stack }
+      });
+    }
+  );
+  app.setNotFoundHandler((request, reply) => {
+    return reply.status(404).send({
+      success: false,
+      message: `Route ${request.method} ${request.url} not found`
+    });
+  });
+}
+
+// src/middleware/security.ts
+var import_helmet = __toESM(require("@fastify/helmet"), 1);
+var import_cors = __toESM(require("@fastify/cors"), 1);
+var import_rate_limit = __toESM(require("@fastify/rate-limit"), 1);
+var defaultOptions = {
+  helmet: true,
+  cors: true,
+  rateLimit: true
+};
+async function registerSecurity(app, options = {}) {
+  const opts = { ...defaultOptions, ...options };
+  if (opts.helmet) {
+    await app.register(import_helmet.default, {
+      contentSecurityPolicy: {
+        directives: {
+          defaultSrc: ["'self'"],
+          styleSrc: ["'self'", "'unsafe-inline'"],
+          scriptSrc: ["'self'"],
+          imgSrc: ["'self'", "data:", "https:"]
+        }
+      },
+      crossOriginEmbedderPolicy: false
+    });
+    logger.debug("Helmet security headers enabled");
+  }
+  if (opts.cors) {
+    await app.register(import_cors.default, {
+      origin: config.security.corsOrigin,
+      credentials: true,
+      methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
+      allowedHeaders: ["Content-Type", "Authorization", "X-Requested-With"],
+      exposedHeaders: ["X-Total-Count", "X-Page", "X-Limit"],
+      maxAge: 86400
+      // 24 hours
+    });
+    logger.debug({ origin: config.security.corsOrigin }, "CORS enabled");
+  }
+  if (opts.rateLimit) {
+    await app.register(import_rate_limit.default, {
+      max: config.security.rateLimit.max,
+      timeWindow: config.security.rateLimit.windowMs,
+      errorResponseBuilder: (_request, context) => ({
+        success: false,
+        message: "Too many requests, please try again later",
+        retryAfter: context.after
+      }),
+      keyGenerator: (request) => {
+        return request.headers["x-forwarded-for"]?.toString().split(",")[0] || request.ip || "unknown";
+      }
+    });
+    logger.debug(
+      {
+        max: config.security.rateLimit.max,
+        windowMs: config.security.rateLimit.windowMs
+      },
+      "Rate limiting enabled"
+    );
+  }
+}
+
+// src/modules/swagger/swagger.service.ts
+var import_swagger = __toESM(require("@fastify/swagger"), 1);
+var import_swagger_ui = __toESM(require("@fastify/swagger-ui"), 1);
+var defaultConfig3 = {
+  title: "Servcraft API",
+  description: "API documentation generated by Servcraft",
+  version: "1.0.0",
+  tags: [
+    { name: "Auth", description: "Authentication endpoints" },
+    { name: "Users", description: "User management endpoints" },
+    { name: "Health", description: "Health check endpoints" }
+  ]
+};
+async function registerSwagger(app, customConfig) {
+  const swaggerConfig = { ...defaultConfig3, ...customConfig };
+  await app.register(import_swagger.default, {
+    openapi: {
+      openapi: "3.0.3",
+      info: {
+        title: swaggerConfig.title,
+        description: swaggerConfig.description,
+        version: swaggerConfig.version,
+        contact: swaggerConfig.contact,
+        license: swaggerConfig.license
+      },
+      servers: swaggerConfig.servers || [
+        {
+          url: `http://localhost:${config.server.port}`,
+          description: "Development server"
+        }
+      ],
+      tags: swaggerConfig.tags,
+      components: {
+        securitySchemes: {
+          bearerAuth: {
+            type: "http",
+            scheme: "bearer",
+            bearerFormat: "JWT",
+            description: "Enter your JWT token"
+          }
+        }
+      }
+    }
+  });
+  await app.register(import_swagger_ui.default, {
+    routePrefix: "/docs",
+    uiConfig: {
+      docExpansion: "list",
+      deepLinking: true,
+      displayRequestDuration: true,
+      filter: true,
+      showExtensions: true,
+      showCommonExtensions: true
+    },
+    staticCSP: true,
+    transformStaticCSP: (header) => header
+  });
+  logger.info("Swagger documentation registered at /docs");
+}
+
+// src/modules/auth/index.ts
+var import_jwt = __toESM(require("@fastify/jwt"), 1);
+var import_cookie = __toESM(require("@fastify/cookie"), 1);
+
+// src/modules/auth/auth.service.ts
+var import_bcryptjs = __toESM(require("bcryptjs"), 1);
+var import_ioredis = require("ioredis");
+var AuthService = class {
+  app;
+  SALT_ROUNDS = 12;
+  redis = null;
+  BLACKLIST_PREFIX = "auth:blacklist:";
+  BLACKLIST_TTL = 7 * 24 * 60 * 60;
+  // 7 days in seconds
+  constructor(app, redisUrl) {
+    this.app = app;
+    if (redisUrl || process.env.REDIS_URL) {
+      try {
+        this.redis = new import_ioredis.Redis(redisUrl || process.env.REDIS_URL || "redis://localhost:6379");
+        this.redis.on("connect", () => {
+          logger.info("Auth service connected to Redis for token blacklist");
+        });
+        this.redis.on("error", (error2) => {
+          logger.error({ err: error2 }, "Redis connection error in Auth service");
+        });
+      } catch (error2) {
+        logger.warn({ err: error2 }, "Failed to connect to Redis, using in-memory blacklist");
+        this.redis = null;
+      }
+    } else {
+      logger.warn(
+        "No REDIS_URL provided, using in-memory token blacklist (not recommended for production)"
+      );
+    }
+  }
+  async hashPassword(password) {
+    return import_bcryptjs.default.hash(password, this.SALT_ROUNDS);
+  }
+  async verifyPassword(password, hash) {
+    return import_bcryptjs.default.compare(password, hash);
+  }
+  generateTokenPair(user) {
+    const accessPayload = {
+      sub: user.id,
+      email: user.email,
+      role: user.role,
+      type: "access"
+    };
+    const refreshPayload = {
+      sub: user.id,
+      email: user.email,
+      role: user.role,
+      type: "refresh"
+    };
+    const accessToken = this.app.jwt.sign(accessPayload, {
+      expiresIn: config.jwt.accessExpiresIn
+    });
+    const refreshToken = this.app.jwt.sign(refreshPayload, {
+      expiresIn: config.jwt.refreshExpiresIn
+    });
+    const expiresIn = this.parseExpiration(config.jwt.accessExpiresIn);
+    return { accessToken, refreshToken, expiresIn };
+  }
+  parseExpiration(expiration) {
+    const match = expiration.match(/^(\d+)([smhd])$/);
+    if (!match) return 900;
+    const value = parseInt(match[1] || "0", 10);
+    const unit = match[2];
+    switch (unit) {
+      case "s":
+        return value;
+      case "m":
+        return value * 60;
+      case "h":
+        return value * 3600;
+      case "d":
+        return value * 86400;
+      default:
+        return 900;
+    }
+  }
+  async verifyAccessToken(token) {
+    try {
+      if (await this.isTokenBlacklisted(token)) {
+        throw new UnauthorizedError("Token has been revoked");
+      }
+      const payload = this.app.jwt.verify(token);
+      if (payload.type !== "access") {
+        throw new UnauthorizedError("Invalid token type");
+      }
+      return payload;
+    } catch (error2) {
+      if (error2 instanceof UnauthorizedError) throw error2;
+      logger.debug({ err: error2 }, "Token verification failed");
+      throw new UnauthorizedError("Invalid or expired token");
+    }
+  }
+  async verifyRefreshToken(token) {
+    try {
+      if (await this.isTokenBlacklisted(token)) {
+        throw new UnauthorizedError("Token has been revoked");
+      }
+      const payload = this.app.jwt.verify(token);
+      if (payload.type !== "refresh") {
+        throw new UnauthorizedError("Invalid token type");
+      }
+      return payload;
+    } catch (error2) {
+      if (error2 instanceof UnauthorizedError) throw error2;
+      logger.debug({ err: error2 }, "Refresh token verification failed");
+      throw new UnauthorizedError("Invalid or expired refresh token");
+    }
+  }
+  /**
+   * Blacklist a token (JWT revocation)
+   * Uses Redis if available, falls back to in-memory Set
+   */
+  async blacklistToken(token) {
+    if (this.redis) {
+      try {
+        const key = `${this.BLACKLIST_PREFIX}${token}`;
+        await this.redis.setex(key, this.BLACKLIST_TTL, "1");
+        logger.debug("Token blacklisted in Redis");
+      } catch (error2) {
+        logger.error({ err: error2 }, "Failed to blacklist token in Redis");
+        throw new Error("Failed to revoke token");
+      }
+    } else {
+      logger.warn("Using in-memory blacklist - not suitable for multi-instance deployments");
+    }
+  }
+  /**
+   * Check if a token is blacklisted
+   * Uses Redis if available, falls back to always returning false
+   */
+  async isTokenBlacklisted(token) {
+    if (this.redis) {
+      try {
+        const key = `${this.BLACKLIST_PREFIX}${token}`;
+        const result = await this.redis.exists(key);
+        return result === 1;
+      } catch (error2) {
+        logger.error({ err: error2 }, "Failed to check token blacklist in Redis");
+        return false;
+      }
+    }
+    return false;
+  }
+  /**
+   * Get count of blacklisted tokens (Redis only)
+   */
+  async getBlacklistCount() {
+    if (this.redis) {
+      try {
+        const keys = await this.redis.keys(`${this.BLACKLIST_PREFIX}*`);
+        return keys.length;
+      } catch (error2) {
+        logger.error({ err: error2 }, "Failed to get blacklist count from Redis");
+        return 0;
+      }
+    }
+    return 0;
+  }
+  /**
+   * Close Redis connection
+   */
+  async close() {
+    if (this.redis) {
+      await this.redis.quit();
+      logger.info("Auth service Redis connection closed");
+    }
+  }
+  // OAuth support methods - to be implemented with user repository
+  async findUserByEmail(_email) {
+    return null;
+  }
+  async createUserFromOAuth(data) {
+    const user = {
+      id: `oauth_${Date.now()}`,
+      email: data.email,
+      role: "user"
+    };
+    logger.info({ email: data.email }, "Created user from OAuth");
+    return user;
+  }
+  async generateTokensForUser(userId) {
+    const user = {
+      id: userId,
+      email: "",
+      // Would be fetched from database in production
+      role: "user"
+    };
+    return this.generateTokenPair(user);
+  }
+  async verifyPasswordById(userId, _password) {
+    logger.debug({ userId }, "Password verification requested");
+    return false;
+  }
+};
+function createAuthService(app) {
+  return new AuthService(app);
+}
+
+// src/modules/auth/schemas.ts
+var import_zod2 = require("zod");
+var loginSchema = import_zod2.z.object({
+  email: import_zod2.z.string().email("Invalid email address"),
+  password: import_zod2.z.string().min(1, "Password is required")
+});
+var registerSchema = import_zod2.z.object({
+  email: import_zod2.z.string().email("Invalid email address"),
+  password: import_zod2.z.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number"),
+  name: import_zod2.z.string().min(2, "Name must be at least 2 characters").optional()
+});
+var refreshTokenSchema = import_zod2.z.object({
+  refreshToken: import_zod2.z.string().min(1, "Refresh token is required")
+});
+var passwordResetRequestSchema = import_zod2.z.object({
+  email: import_zod2.z.string().email("Invalid email address")
+});
+var passwordResetConfirmSchema = import_zod2.z.object({
+  token: import_zod2.z.string().min(1, "Token is required"),
+  password: import_zod2.z.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number")
+});
+var changePasswordSchema = import_zod2.z.object({
+  currentPassword: import_zod2.z.string().min(1, "Current password is required"),
+  newPassword: import_zod2.z.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number")
+});
+
+// src/utils/response.ts
+function success2(reply, data, statusCode = 200) {
+  const response = {
+    success: true,
+    data
+  };
+  return reply.status(statusCode).send(response);
+}
+function created(reply, data) {
+  return success2(reply, data, 201);
+}
+function noContent(reply) {
+  return reply.status(204).send();
+}
+
+// src/modules/validation/validator.ts
+var import_zod3 = require("zod");
+function validateBody(schema, data) {
+  const result = schema.safeParse(data);
+  if (!result.success) {
+    throw new ValidationError(formatZodErrors(result.error));
+  }
+  return result.data;
+}
+function validateQuery(schema, data) {
+  const result = schema.safeParse(data);
+  if (!result.success) {
+    throw new ValidationError(formatZodErrors(result.error));
+  }
+  return result.data;
+}
+function formatZodErrors(error2) {
+  const errors = {};
+  for (const issue of error2.issues) {
+    const path9 = issue.path.join(".") || "root";
+    if (!errors[path9]) {
+      errors[path9] = [];
+    }
+    errors[path9].push(issue.message);
+  }
+  return errors;
+}
+var idParamSchema = import_zod3.z.object({
+  id: import_zod3.z.string().uuid("Invalid ID format")
+});
+var paginationSchema = import_zod3.z.object({
+  page: import_zod3.z.string().transform(Number).optional().default("1"),
+  limit: import_zod3.z.string().transform(Number).optional().default("20"),
+  sortBy: import_zod3.z.string().optional(),
+  sortOrder: import_zod3.z.enum(["asc", "desc"]).optional().default("asc")
+});
+var searchSchema = import_zod3.z.object({
+  q: import_zod3.z.string().min(1, "Search query is required").optional(),
+  search: import_zod3.z.string().min(1).optional()
+});
+var emailSchema = import_zod3.z.string().email("Invalid email address");
+var passwordSchema = import_zod3.z.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number").regex(/[^A-Za-z0-9]/, "Password must contain at least one special character");
+var urlSchema = import_zod3.z.string().url("Invalid URL format");
+var phoneSchema = import_zod3.z.string().regex(/^\+?[1-9]\d{1,14}$/, "Invalid phone number format");
+var dateSchema = import_zod3.z.coerce.date();
+var futureDateSchema = import_zod3.z.coerce.date().refine((date) => date > /* @__PURE__ */ new Date(), "Date must be in the future");
+var pastDateSchema = import_zod3.z.coerce.date().refine((date) => date < /* @__PURE__ */ new Date(), "Date must be in the past");
+
+// src/modules/auth/auth.controller.ts
+var AuthController = class {
+  constructor(authService, userService) {
+    this.authService = authService;
+    this.userService = userService;
+  }
+  async register(request, reply) {
+    const data = validateBody(registerSchema, request.body);
+    const existingUser = await this.userService.findByEmail(data.email);
+    if (existingUser) {
+      throw new BadRequestError("Email already registered");
+    }
+    const hashedPassword = await this.authService.hashPassword(data.password);
+    const user = await this.userService.create({
+      email: data.email,
+      password: hashedPassword,
+      name: data.name
+    });
+    const tokens = this.authService.generateTokenPair({
+      id: user.id,
+      email: user.email,
+      role: user.role
+    });
+    created(reply, {
+      user: {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        role: user.role
+      },
+      ...tokens
+    });
+  }
+  async login(request, reply) {
+    const data = validateBody(loginSchema, request.body);
+    const user = await this.userService.findByEmail(data.email);
+    if (!user) {
+      throw new UnauthorizedError("Invalid credentials");
+    }
+    if (user.status !== "active") {
+      throw new UnauthorizedError("Account is not active");
+    }
+    const isValidPassword = await this.authService.verifyPassword(data.password, user.password);
+    if (!isValidPassword) {
+      throw new UnauthorizedError("Invalid credentials");
+    }
+    await this.userService.updateLastLogin(user.id);
+    const tokens = this.authService.generateTokenPair({
+      id: user.id,
+      email: user.email,
+      role: user.role
+    });
+    success2(reply, {
+      user: {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        role: user.role
+      },
+      ...tokens
+    });
+  }
+  async refresh(request, reply) {
+    const data = validateBody(refreshTokenSchema, request.body);
+    const payload = await this.authService.verifyRefreshToken(data.refreshToken);
+    const user = await this.userService.findById(payload.sub);
+    if (!user || user.status !== "active") {
+      throw new UnauthorizedError("User not found or inactive");
+    }
+    await this.authService.blacklistToken(data.refreshToken);
+    const tokens = this.authService.generateTokenPair({
+      id: user.id,
+      email: user.email,
+      role: user.role
+    });
+    success2(reply, tokens);
+  }
+  async logout(request, reply) {
+    const authHeader = request.headers.authorization;
+    if (authHeader?.startsWith("Bearer ")) {
+      const token = authHeader.substring(7);
+      await this.authService.blacklistToken(token);
+    }
+    success2(reply, { message: "Logged out successfully" });
+  }
+  async me(request, reply) {
+    const authRequest = request;
+    const user = await this.userService.findById(authRequest.user.id);
+    if (!user) {
+      throw new UnauthorizedError("User not found");
+    }
+    success2(reply, {
+      id: user.id,
+      email: user.email,
+      name: user.name,
+      role: user.role,
+      status: user.status,
+      createdAt: user.createdAt
+    });
+  }
+  async changePassword(request, reply) {
+    const authRequest = request;
+    const data = validateBody(changePasswordSchema, request.body);
+    const user = await this.userService.findById(authRequest.user.id);
+    if (!user) {
+      throw new UnauthorizedError("User not found");
+    }
+    const isValidPassword = await this.authService.verifyPassword(
+      data.currentPassword,
+      user.password
+    );
+    if (!isValidPassword) {
+      throw new BadRequestError("Current password is incorrect");
+    }
+    const hashedPassword = await this.authService.hashPassword(data.newPassword);
+    await this.userService.updatePassword(user.id, hashedPassword);
+    success2(reply, { message: "Password changed successfully" });
+  }
+};
+function createAuthController(authService, userService) {
+  return new AuthController(authService, userService);
+}
+
+// src/modules/auth/auth.middleware.ts
+function createAuthMiddleware(authService) {
+  return async function authenticate(request, _reply) {
+    const authHeader = request.headers.authorization;
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+      throw new UnauthorizedError("Missing or invalid authorization header");
+    }
+    const token = authHeader.substring(7);
+    const payload = await authService.verifyAccessToken(token);
+    request.user = {
+      id: payload.sub,
+      email: payload.email,
+      role: payload.role
+    };
+  };
+}
+function createRoleMiddleware(allowedRoles) {
+  return async function authorize(request, _reply) {
+    const user = request.user;
+    if (!user) {
+      throw new UnauthorizedError("Authentication required");
+    }
+    if (!allowedRoles.includes(user.role)) {
+      throw new ForbiddenError("Insufficient permissions");
+    }
+  };
+}
+
+// src/modules/auth/auth.routes.ts
+function registerAuthRoutes(app, controller, authService) {
+  const authenticate = createAuthMiddleware(authService);
+  app.post("/auth/register", controller.register.bind(controller));
+  app.post("/auth/login", controller.login.bind(controller));
+  app.post("/auth/refresh", controller.refresh.bind(controller));
+  app.post("/auth/logout", { preHandler: [authenticate] }, controller.logout.bind(controller));
+  app.get("/auth/me", { preHandler: [authenticate] }, controller.me.bind(controller));
+  app.post(
+    "/auth/change-password",
+    { preHandler: [authenticate] },
+    controller.changePassword.bind(controller)
+  );
+}
+
+// src/database/prisma.ts
+var import_client = require("@prisma/client");
+var prismaClientSingleton = () => {
+  return new import_client.PrismaClient({
+    log: isProduction() ? ["error"] : ["query", "info", "warn", "error"],
+    errorFormat: isProduction() ? "minimal" : "pretty"
+  });
+};
+var prisma = globalThis.__prisma ?? prismaClientSingleton();
+if (!isProduction()) {
+  globalThis.__prisma = prisma;
+}
+
+// src/utils/pagination.ts
+var DEFAULT_PAGE = 1;
+var DEFAULT_LIMIT = 20;
+var MAX_LIMIT = 100;
+function parsePaginationParams(query) {
+  const page = Math.max(1, parseInt(String(query.page || DEFAULT_PAGE), 10));
+  const limit = Math.min(
+    MAX_LIMIT,
+    Math.max(1, parseInt(String(query.limit || DEFAULT_LIMIT), 10))
+  );
+  const sortBy = typeof query.sortBy === "string" ? query.sortBy : void 0;
+  const sortOrder = query.sortOrder === "desc" ? "desc" : "asc";
+  return { page, limit, sortBy, sortOrder };
+}
+function createPaginatedResult(data, total, params) {
+  const totalPages = Math.ceil(total / params.limit);
+  return {
+    data,
+    meta: {
+      total,
+      page: params.page,
+      limit: params.limit,
+      totalPages,
+      hasNextPage: params.page < totalPages,
+      hasPrevPage: params.page > 1
+    }
+  };
+}
+function getSkip(params) {
+  return (params.page - 1) * params.limit;
+}
+
+// src/modules/user/user.repository.ts
+var import_client2 = require("@prisma/client");
+var UserRepository = class {
+  /**
+   * Find user by ID
+   */
+  async findById(id) {
+    const user = await prisma.user.findUnique({
+      where: { id }
+    });
+    if (!user) return null;
+    return this.mapPrismaUserToUser(user);
+  }
+  /**
+   * Find user by email (case-insensitive)
+   */
+  async findByEmail(email) {
+    const user = await prisma.user.findUnique({
+      where: { email: email.toLowerCase() }
+    });
+    if (!user) return null;
+    return this.mapPrismaUserToUser(user);
+  }
+  /**
+   * Find multiple users with pagination and filters
+   */
+  async findMany(params, filters) {
+    const where = this.buildWhereClause(filters);
+    const orderBy = this.buildOrderBy(params);
+    const [data, total] = await Promise.all([
+      prisma.user.findMany({
+        where,
+        orderBy,
+        skip: getSkip(params),
+        take: params.limit
+      }),
+      prisma.user.count({ where })
+    ]);
+    const mappedUsers = data.map((user) => this.mapPrismaUserToUser(user));
+    return createPaginatedResult(mappedUsers, total, params);
+  }
+  /**
+   * Create a new user
+   */
+  async create(data) {
+    const user = await prisma.user.create({
+      data: {
+        email: data.email.toLowerCase(),
+        password: data.password,
+        name: data.name,
+        role: this.mapRoleToEnum(data.role || "user"),
+        status: import_client2.UserStatus.ACTIVE,
+        emailVerified: false
+      }
+    });
+    return this.mapPrismaUserToUser(user);
+  }
+  /**
+   * Update user data
+   */
+  async update(id, data) {
+    try {
+      const user = await prisma.user.update({
+        where: { id },
+        data: {
+          ...data.email && { email: data.email.toLowerCase() },
+          ...data.name !== void 0 && { name: data.name },
+          ...data.role && { role: this.mapRoleToEnum(data.role) },
+          ...data.status && { status: this.mapStatusToEnum(data.status) },
+          ...data.emailVerified !== void 0 && { emailVerified: data.emailVerified },
+          ...data.metadata && { metadata: data.metadata }
+        }
+      });
+      return this.mapPrismaUserToUser(user);
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Update user password
+   */
+  async updatePassword(id, password) {
+    try {
+      const user = await prisma.user.update({
+        where: { id },
+        data: { password }
+      });
+      return this.mapPrismaUserToUser(user);
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Update last login timestamp
+   */
+  async updateLastLogin(id) {
+    try {
+      const user = await prisma.user.update({
+        where: { id },
+        data: { lastLoginAt: /* @__PURE__ */ new Date() }
+      });
+      return this.mapPrismaUserToUser(user);
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Delete user by ID
+   */
+  async delete(id) {
+    try {
+      await prisma.user.delete({
+        where: { id }
+      });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Count users with optional filters
+   */
+  async count(filters) {
+    const where = this.buildWhereClause(filters);
+    return prisma.user.count({ where });
+  }
+  /**
+   * Helper to clear all users (for testing only)
+   * WARNING: This deletes all users from the database
+   */
+  async clear() {
+    await prisma.user.deleteMany();
+  }
+  /**
+   * Build Prisma where clause from filters
+   */
+  buildWhereClause(filters) {
+    if (!filters) return {};
+    return {
+      ...filters.status && { status: this.mapStatusToEnum(filters.status) },
+      ...filters.role && { role: this.mapRoleToEnum(filters.role) },
+      ...filters.emailVerified !== void 0 && { emailVerified: filters.emailVerified },
+      ...filters.search && {
+        OR: [
+          { email: { contains: filters.search, mode: "insensitive" } },
+          { name: { contains: filters.search, mode: "insensitive" } }
+        ]
+      }
+    };
+  }
+  /**
+   * Build Prisma orderBy clause from pagination params
+   */
+  buildOrderBy(params) {
+    if (!params.sortBy) {
+      return { createdAt: "desc" };
+    }
+    return {
+      [params.sortBy]: params.sortOrder || "asc"
+    };
+  }
+  /**
+   * Map Prisma User to application User type
+   */
+  mapPrismaUserToUser(prismaUser) {
+    return {
+      id: prismaUser.id,
+      email: prismaUser.email,
+      password: prismaUser.password,
+      name: prismaUser.name ?? void 0,
+      role: this.mapEnumToRole(prismaUser.role),
+      status: this.mapEnumToStatus(prismaUser.status),
+      emailVerified: prismaUser.emailVerified,
+      lastLoginAt: prismaUser.lastLoginAt ?? void 0,
+      metadata: prismaUser.metadata,
+      createdAt: prismaUser.createdAt,
+      updatedAt: prismaUser.updatedAt
+    };
+  }
+  /**
+   * Map application role to Prisma enum
+   */
+  mapRoleToEnum(role) {
+    const roleMap = {
+      user: import_client2.UserRole.USER,
+      moderator: import_client2.UserRole.MODERATOR,
+      admin: import_client2.UserRole.ADMIN,
+      super_admin: import_client2.UserRole.SUPER_ADMIN
+    };
+    return roleMap[role] || import_client2.UserRole.USER;
+  }
+  /**
+   * Map Prisma enum to application role
+   */
+  mapEnumToRole(role) {
+    const roleMap = {
+      [import_client2.UserRole.USER]: "user",
+      [import_client2.UserRole.MODERATOR]: "moderator",
+      [import_client2.UserRole.ADMIN]: "admin",
+      [import_client2.UserRole.SUPER_ADMIN]: "super_admin"
+    };
+    return roleMap[role];
+  }
+  /**
+   * Map application status to Prisma enum
+   */
+  mapStatusToEnum(status) {
+    const statusMap = {
+      active: import_client2.UserStatus.ACTIVE,
+      inactive: import_client2.UserStatus.INACTIVE,
+      suspended: import_client2.UserStatus.SUSPENDED,
+      banned: import_client2.UserStatus.BANNED
+    };
+    return statusMap[status] || import_client2.UserStatus.ACTIVE;
+  }
+  /**
+   * Map Prisma enum to application status
+   */
+  mapEnumToStatus(status) {
+    const statusMap = {
+      [import_client2.UserStatus.ACTIVE]: "active",
+      [import_client2.UserStatus.INACTIVE]: "inactive",
+      [import_client2.UserStatus.SUSPENDED]: "suspended",
+      [import_client2.UserStatus.BANNED]: "banned"
+    };
+    return statusMap[status];
+  }
+};
+function createUserRepository() {
+  return new UserRepository();
+}
+
+// src/modules/user/types.ts
+var DEFAULT_ROLE_PERMISSIONS = {
+  user: ["profile:read", "profile:update"],
+  moderator: [
+    "profile:read",
+    "profile:update",
+    "users:read",
+    "content:read",
+    "content:update",
+    "content:delete"
+  ],
+  admin: [
+    "profile:read",
+    "profile:update",
+    "users:read",
+    "users:update",
+    "users:delete",
+    "content:manage",
+    "settings:read"
+  ],
+  super_admin: ["*:manage"]
+  // All permissions
+};
+
+// src/modules/user/user.service.ts
+var UserService = class {
+  constructor(repository) {
+    this.repository = repository;
+  }
+  async findById(id) {
+    return this.repository.findById(id);
+  }
+  async findByEmail(email) {
+    return this.repository.findByEmail(email);
+  }
+  async findMany(params, filters) {
+    const result = await this.repository.findMany(params, filters);
+    return {
+      ...result,
+      data: result.data.map(({ password: _password, ...user }) => user)
+    };
+  }
+  async create(data) {
+    const existing = await this.repository.findByEmail(data.email);
+    if (existing) {
+      throw new ConflictError("User with this email already exists");
+    }
+    const user = await this.repository.create(data);
+    logger.info({ userId: user.id, email: user.email }, "User created");
+    return user;
+  }
+  async update(id, data) {
+    const user = await this.repository.findById(id);
+    if (!user) {
+      throw new NotFoundError("User");
+    }
+    if (data.email && data.email !== user.email) {
+      const existing = await this.repository.findByEmail(data.email);
+      if (existing) {
+        throw new ConflictError("Email already in use");
+      }
+    }
+    const updatedUser = await this.repository.update(id, data);
+    if (!updatedUser) {
+      throw new NotFoundError("User");
+    }
+    logger.info({ userId: id }, "User updated");
+    return updatedUser;
+  }
+  async updatePassword(id, hashedPassword) {
+    const user = await this.repository.updatePassword(id, hashedPassword);
+    if (!user) {
+      throw new NotFoundError("User");
+    }
+    logger.info({ userId: id }, "User password updated");
+    return user;
+  }
+  async updateLastLogin(id) {
+    const user = await this.repository.updateLastLogin(id);
+    if (!user) {
+      throw new NotFoundError("User");
+    }
+    return user;
+  }
+  async delete(id) {
+    const user = await this.repository.findById(id);
+    if (!user) {
+      throw new NotFoundError("User");
+    }
+    await this.repository.delete(id);
+    logger.info({ userId: id }, "User deleted");
+  }
+  async suspend(id) {
+    return this.update(id, { status: "suspended" });
+  }
+  async ban(id) {
+    return this.update(id, { status: "banned" });
+  }
+  async activate(id) {
+    return this.update(id, { status: "active" });
+  }
+  async verifyEmail(id) {
+    return this.update(id, { emailVerified: true });
+  }
+  async changeRole(id, role) {
+    return this.update(id, { role });
+  }
+  // RBAC helpers
+  hasPermission(role, permission) {
+    const permissions = DEFAULT_ROLE_PERMISSIONS[role] || [];
+    if (permissions.includes("*:manage")) {
+      return true;
+    }
+    if (permissions.includes(permission)) {
+      return true;
+    }
+    const [resource] = permission.split(":");
+    const managePermission = `${resource}:manage`;
+    if (permissions.includes(managePermission)) {
+      return true;
+    }
+    return false;
+  }
+  getPermissions(role) {
+    return DEFAULT_ROLE_PERMISSIONS[role] || [];
+  }
+};
+function createUserService(repository) {
+  return new UserService(repository || createUserRepository());
+}
+
+// src/modules/auth/index.ts
+async function registerAuthModule(app) {
+  await app.register(import_jwt.default, {
+    secret: config.jwt.secret,
+    sign: {
+      algorithm: "HS256"
+    }
+  });
+  await app.register(import_cookie.default, {
+    secret: config.jwt.secret,
+    hook: "onRequest"
+  });
+  const authService = createAuthService(app);
+  const userService = createUserService();
+  const authController = createAuthController(authService, userService);
+  registerAuthRoutes(app, authController, authService);
+  logger.info("Auth module registered");
+}
+
+// src/modules/user/schemas.ts
+var import_zod4 = require("zod");
+var userStatusEnum = import_zod4.z.enum(["active", "inactive", "suspended", "banned"]);
+var userRoleEnum = import_zod4.z.enum(["user", "admin", "moderator", "super_admin"]);
+var createUserSchema = import_zod4.z.object({
+  email: import_zod4.z.string().email("Invalid email address"),
+  password: import_zod4.z.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number"),
+  name: import_zod4.z.string().min(2, "Name must be at least 2 characters").optional(),
+  role: userRoleEnum.optional().default("user")
+});
+var updateUserSchema = import_zod4.z.object({
+  email: import_zod4.z.string().email("Invalid email address").optional(),
+  name: import_zod4.z.string().min(2, "Name must be at least 2 characters").optional(),
+  role: userRoleEnum.optional(),
+  status: userStatusEnum.optional(),
+  emailVerified: import_zod4.z.boolean().optional(),
+  metadata: import_zod4.z.record(import_zod4.z.unknown()).optional()
+});
+var updateProfileSchema = import_zod4.z.object({
+  name: import_zod4.z.string().min(2, "Name must be at least 2 characters").optional(),
+  metadata: import_zod4.z.record(import_zod4.z.unknown()).optional()
+});
+var userQuerySchema = import_zod4.z.object({
+  page: import_zod4.z.string().transform(Number).optional(),
+  limit: import_zod4.z.string().transform(Number).optional(),
+  sortBy: import_zod4.z.string().optional(),
+  sortOrder: import_zod4.z.enum(["asc", "desc"]).optional(),
+  status: userStatusEnum.optional(),
+  role: userRoleEnum.optional(),
+  search: import_zod4.z.string().optional(),
+  emailVerified: import_zod4.z.string().transform((val) => val === "true").optional()
+});
+
+// src/modules/user/user.controller.ts
+function omitPassword(user) {
+  const { password, ...userData } = user;
+  void password;
+  return userData;
+}
+var UserController = class {
+  constructor(userService) {
+    this.userService = userService;
+  }
+  async list(request, reply) {
+    const query = validateQuery(userQuerySchema, request.query);
+    const pagination = parsePaginationParams(query);
+    const filters = {
+      status: query.status,
+      role: query.role,
+      search: query.search,
+      emailVerified: query.emailVerified
+    };
+    const result = await this.userService.findMany(pagination, filters);
+    success2(reply, result);
+  }
+  async getById(request, reply) {
+    const user = await this.userService.findById(request.params.id);
+    if (!user) {
+      return reply.status(404).send({
+        success: false,
+        message: "User not found"
+      });
+    }
+    success2(reply, omitPassword(user));
+  }
+  async update(request, reply) {
+    const data = validateBody(updateUserSchema, request.body);
+    const user = await this.userService.update(request.params.id, data);
+    success2(reply, omitPassword(user));
+  }
+  async delete(request, reply) {
+    const authRequest = request;
+    if (authRequest.user.id === request.params.id) {
+      throw new ForbiddenError("Cannot delete your own account");
+    }
+    await this.userService.delete(request.params.id);
+    noContent(reply);
+  }
+  async suspend(request, reply) {
+    const authRequest = request;
+    if (authRequest.user.id === request.params.id) {
+      throw new ForbiddenError("Cannot suspend your own account");
+    }
+    const user = await this.userService.suspend(request.params.id);
+    const userData = omitPassword(user);
+    success2(reply, userData);
+  }
+  async ban(request, reply) {
+    const authRequest = request;
+    if (authRequest.user.id === request.params.id) {
+      throw new ForbiddenError("Cannot ban your own account");
+    }
+    const user = await this.userService.ban(request.params.id);
+    const userData = omitPassword(user);
+    success2(reply, userData);
+  }
+  async activate(request, reply) {
+    const user = await this.userService.activate(request.params.id);
+    const userData = omitPassword(user);
+    success2(reply, userData);
+  }
+  // Profile routes (for authenticated user)
+  async getProfile(request, reply) {
+    const authRequest = request;
+    const user = await this.userService.findById(authRequest.user.id);
+    if (!user) {
+      return reply.status(404).send({
+        success: false,
+        message: "User not found"
+      });
+    }
+    const userData = omitPassword(user);
+    success2(reply, userData);
+  }
+  async updateProfile(request, reply) {
+    const authRequest = request;
+    const data = validateBody(updateProfileSchema, request.body);
+    const user = await this.userService.update(authRequest.user.id, data);
+    const userData = omitPassword(user);
+    success2(reply, userData);
+  }
+};
+function createUserController(userService) {
+  return new UserController(userService);
+}
+
+// src/modules/user/user.routes.ts
+var idParamsSchema = {
+  type: "object",
+  properties: {
+    id: { type: "string" }
+  },
+  required: ["id"]
+};
+function registerUserRoutes(app, controller, authService) {
+  const authenticate = createAuthMiddleware(authService);
+  const isAdmin = createRoleMiddleware(["admin", "super_admin"]);
+  const isModerator = createRoleMiddleware(["moderator", "admin", "super_admin"]);
+  app.get("/profile", { preHandler: [authenticate] }, controller.getProfile.bind(controller));
+  app.patch("/profile", { preHandler: [authenticate] }, controller.updateProfile.bind(controller));
+  app.get("/users", { preHandler: [authenticate, isModerator] }, controller.list.bind(controller));
+  app.get(
+    "/users/:id",
+    { preHandler: [authenticate, isModerator], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.getById(request, reply);
+    }
+  );
+  app.patch(
+    "/users/:id",
+    { preHandler: [authenticate, isAdmin], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.update(request, reply);
+    }
+  );
+  app.delete(
+    "/users/:id",
+    { preHandler: [authenticate, isAdmin], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.delete(request, reply);
+    }
+  );
+  app.post(
+    "/users/:id/suspend",
+    { preHandler: [authenticate, isAdmin], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.suspend(request, reply);
+    }
+  );
+  app.post(
+    "/users/:id/ban",
+    { preHandler: [authenticate, isAdmin], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.ban(request, reply);
+    }
+  );
+  app.post(
+    "/users/:id/activate",
+    { preHandler: [authenticate, isAdmin], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.activate(request, reply);
+    }
+  );
+}
+
+// src/modules/user/index.ts
+async function registerUserModule(app, authService) {
+  const repository = createUserRepository();
+  const userService = createUserService(repository);
+  const userController = createUserController(userService);
+  registerUserRoutes(app, userController, authService);
+  logger.info("User module registered");
+}
+
+// src/cli/utils/docs-generator.ts
+async function generateDocs(outputPath = "openapi.json", silent = false) {
+  const spinner = silent ? null : (0, import_ora5.default)("Generating OpenAPI documentation...").start();
+  try {
+    const server = createServer({
+      port: config.server.port,
+      host: config.server.host
+    });
+    const app = server.instance;
+    registerErrorHandler(app);
+    await registerSecurity(app);
+    await registerSwagger(app, {
+      title: "Servcraft API",
+      description: "API documentation generated by Servcraft",
+      version: "1.0.0"
+    });
+    await registerAuthModule(app);
+    const authService = createAuthService(app);
+    await registerUserModule(app, authService);
+    await app.ready();
+    const spec = app.swagger();
+    const absoluteOutput = import_path5.default.resolve(outputPath);
+    await import_promises3.default.mkdir(import_path5.default.dirname(absoluteOutput), { recursive: true });
+    await import_promises3.default.writeFile(absoluteOutput, JSON.stringify(spec, null, 2), "utf8");
+    spinner?.succeed(`OpenAPI spec generated at ${absoluteOutput}`);
+    await app.close();
+    return absoluteOutput;
+  } catch (error2) {
+    spinner?.fail("Failed to generate OpenAPI documentation");
+    throw error2;
+  }
+}
+
+// src/cli/commands/docs.ts
+var docsCommand = new import_commander5.Command("docs").description("API documentation commands");
+docsCommand.command("generate").alias("gen").description("Generate OpenAPI/Swagger documentation").option("-o, --output <file>", "Output file path", "openapi.json").option("-f, --format <format>", "Output format: json, yaml", "json").action(async (options) => {
+  try {
+    const outputPath = await generateDocs(options.output, false);
+    if (options.format === "yaml") {
+      const jsonContent = await import_promises4.default.readFile(outputPath, "utf-8");
+      const spec = JSON.parse(jsonContent);
+      const yamlPath = outputPath.replace(".json", ".yaml");
+      await import_promises4.default.writeFile(yamlPath, jsonToYaml(spec));
+      success(`YAML documentation generated: ${yamlPath}`);
+    }
+    console.log("\n\u{1F4DA} Documentation URLs:");
+    info("  Swagger UI: http://localhost:3000/docs");
+    info("  OpenAPI JSON: http://localhost:3000/docs/json");
+  } catch (err) {
+    error(err instanceof Error ? err.message : String(err));
+  }
+});
+docsCommand.option("-o, --output <path>", "Output file path", "openapi.json").action(async (options) => {
+  if (options.output) {
+    try {
+      const outputPath = await generateDocs(options.output);
+      success(`Documentation written to ${outputPath}`);
+    } catch (err) {
+      error(err instanceof Error ? err.message : String(err));
+      process.exitCode = 1;
+    }
+  }
+});
+docsCommand.command("export").description("Export documentation to Postman, Insomnia, or YAML").option("-f, --format <format>", "Export format: postman, insomnia, yaml", "postman").option("-o, --output <file>", "Output file path").action(async (options) => {
+  const spinner = (0, import_ora6.default)("Exporting documentation...").start();
+  try {
+    const projectRoot = getProjectRoot();
+    const specPath = import_path6.default.join(projectRoot, "openapi.json");
+    try {
+      await import_promises4.default.access(specPath);
+    } catch {
+      spinner.text = "Generating OpenAPI spec first...";
+      await generateDocs("openapi.json", true);
+    }
+    const specContent = await import_promises4.default.readFile(specPath, "utf-8");
+    const spec = JSON.parse(specContent);
+    let output;
+    let defaultName;
+    switch (options.format) {
+      case "postman":
+        output = JSON.stringify(convertToPostman(spec), null, 2);
+        defaultName = "postman_collection.json";
+        break;
+      case "insomnia":
+        output = JSON.stringify(convertToInsomnia(spec), null, 2);
+        defaultName = "insomnia_collection.json";
+        break;
+      case "yaml":
+        output = jsonToYaml(spec);
+        defaultName = "openapi.yaml";
+        break;
+      default:
+        throw new Error(`Unknown format: ${options.format}`);
+    }
+    const outPath = import_path6.default.join(projectRoot, options.output || defaultName);
+    await import_promises4.default.writeFile(outPath, output);
+    spinner.succeed(`Exported to: ${options.output || defaultName}`);
+    if (options.format === "postman") {
+      info("\n  Import in Postman: File > Import > Select file");
+    }
+  } catch (err) {
+    spinner.fail("Export failed");
+    error(err instanceof Error ? err.message : String(err));
+  }
+});
+docsCommand.command("status").description("Show documentation status").action(async () => {
+  const projectRoot = getProjectRoot();
+  console.log(import_chalk6.default.bold("\n\u{1F4CA} Documentation Status\n"));
+  const specPath = import_path6.default.join(projectRoot, "openapi.json");
+  try {
+    const stat2 = await import_promises4.default.stat(specPath);
+    success(
+      `openapi.json exists (${formatBytes(stat2.size)}, modified ${formatDate(stat2.mtime)})`
+    );
+    const content = await import_promises4.default.readFile(specPath, "utf-8");
+    const spec = JSON.parse(content);
+    const pathCount = Object.keys(spec.paths || {}).length;
+    info(`  ${pathCount} endpoints documented`);
+  } catch {
+    warn('openapi.json not found - run "servcraft docs generate"');
+  }
+  console.log("\n\u{1F4CC} Commands:");
+  info("  servcraft docs generate    Generate OpenAPI spec");
+  info("  servcraft docs export      Export to Postman/Insomnia");
+});
+function jsonToYaml(obj, indent = 0) {
+  const spaces = "  ".repeat(indent);
+  if (obj === null || obj === void 0) return "null";
+  if (typeof obj === "string") {
+    if (obj.includes("\n") || obj.includes(":") || obj.includes("#")) {
+      return `"${obj.replace(/"/g, '\\"')}"`;
+    }
+    return obj || '""';
+  }
+  if (typeof obj === "number" || typeof obj === "boolean") return String(obj);
+  if (Array.isArray(obj)) {
+    if (obj.length === 0) return "[]";
+    return obj.map((item) => `${spaces}- ${jsonToYaml(item, indent + 1).trimStart()}`).join("\n");
+  }
+  if (typeof obj === "object") {
+    const entries = Object.entries(obj);
+    if (entries.length === 0) return "{}";
+    return entries.map(([key, value]) => {
+      const valueStr = jsonToYaml(value, indent + 1);
+      if (typeof value === "object" && value !== null && !Array.isArray(value) && Object.keys(value).length > 0) {
+        return `${spaces}${key}:
+${valueStr}`;
+      }
+      return `${spaces}${key}: ${valueStr}`;
+    }).join("\n");
+  }
+  return String(obj);
+}
+function convertToPostman(spec) {
+  const baseUrl = spec.servers?.[0]?.url || "http://localhost:3000";
+  const items = [];
+  for (const [pathUrl, methods] of Object.entries(spec.paths || {})) {
+    for (const [method, details] of Object.entries(methods)) {
+      items.push({
+        name: details.summary || `${method.toUpperCase()} ${pathUrl}`,
+        request: {
+          method: method.toUpperCase(),
+          header: [
+            { key: "Content-Type", value: "application/json" },
+            { key: "Authorization", value: "Bearer {{token}}" }
+          ],
+          url: {
+            raw: `{{baseUrl}}${pathUrl}`,
+            host: ["{{baseUrl}}"],
+            path: pathUrl.split("/").filter(Boolean)
+          },
+          ...details.requestBody ? { body: { mode: "raw", raw: "{}" } } : {}
+        }
+      });
+    }
+  }
+  return {
+    info: {
+      name: spec.info.title,
+      schema: "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+    },
+    item: items,
+    variable: [
+      { key: "baseUrl", value: baseUrl },
+      { key: "token", value: "" }
+    ]
+  };
+}
+function convertToInsomnia(spec) {
+  const baseUrl = spec.servers?.[0]?.url || "http://localhost:3000";
+  const resources = [
+    { _type: "environment", name: "Base Environment", data: { baseUrl, token: "" } }
+  ];
+  for (const [pathUrl, methods] of Object.entries(spec.paths || {})) {
+    for (const [method, details] of Object.entries(methods)) {
+      resources.push({
+        _type: "request",
+        name: details.summary || `${method.toUpperCase()} ${pathUrl}`,
+        method: method.toUpperCase(),
+        url: `{{ baseUrl }}${pathUrl}`,
+        headers: [
+          { name: "Content-Type", value: "application/json" },
+          { name: "Authorization", value: "Bearer {{ token }}" }
+        ]
+      });
+    }
+  }
+  return { _type: "export", __export_format: 4, resources };
+}
+function formatBytes(bytes) {
+  if (bytes < 1024) return `${bytes} B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
+}
+function formatDate(date) {
+  return date.toLocaleDateString("en-US", {
+    month: "short",
+    day: "numeric",
+    hour: "2-digit",
+    minute: "2-digit"
+  });
+}
+
 // src/cli/index.ts
-var program = new import_commander5.Command();
+var program = new import_commander6.Command();
 program.name("servcraft").description("Servcraft - A modular Node.js backend framework CLI").version("0.1.0");
 program.addCommand(initCommand);
 program.addCommand(generateCommand);
 program.addCommand(addModuleCommand);
 program.addCommand(dbCommand);
+program.addCommand(docsCommand);
 program.parse();
 //# sourceMappingURL=index.cjs.map