stackloom-cli 1.0.0

package/src/templates/resource/service.js.ejs

@@ -0,0 +1,132 @@
+const <%= resource.pascalName %>Model = require('../models/<%= resource.name %>');
+const ApiError = require('../../../utils/ApiError');
+<% if (options.architecture === 'advanced') { -%>
+const mongoose = require('mongoose');
+<% } -%>
+
+// ── Create ───────────────────────────────────────────────────────────────────
+const create<%= resource.pascalName %> = async (payload) => {
+<% resource.fields.forEach(function(f) { -%>
+<% if (['email', 'phone', 'url', 'string', 'text'].includes(f.type)) { -%>
+  if (payload.<%= f.name %>) {
+<% if (f.type === 'email') { -%>
+    payload.<%= f.name %> = payload.<%= f.name %>.toLowerCase().trim();
+<% } else if (f.type === 'phone') { -%>
+    payload.<%= f.name %> = payload.<%= f.name %>.replace(/[^+0-9]/g, '');
+<% } else { -%>
+    payload.<%= f.name %> = payload.<%= f.name %>.trim();
+<% } -%>
+  }
+<% } -%>
+<% }); -%>
+<% var slugField = resource.fields.find(function(f) { return ['slug', 'code', 'sku'].includes(f.name); }); -%>
+<% if (slugField) { -%>
+  if (!payload.<%= slugField.name %> && payload.name) {
+    const slugify = require('slugify');
+    payload.<%= slugField.name %> = slugify(payload.name, { lower: true, strict: true });
+  }
+<% } -%>
+  return <%= resource.pascalName %>Model.create(payload);
+};
+
+// ── List (filters, pagination, sorting) ──────────────────────────────────────
+const getAll<%= resource.pascalName %>s = async (filters = {}) => {
+  let query = <%= resource.pascalName %>Model.find({});
+<% resource.fields.forEach(function(f) { -%>
+<% if (['number', 'date', 'datetime', 'range'].includes(f.type)) { -%>
+  if (filters.<%= f.name %>Min) query = query.where('<%= f.name %>').gte(filters.<%= f.name %>Min);
+  if (filters.<%= f.name %>Max) query = query.where('<%= f.name %>').lte(filters.<%= f.name %>Max);
+<% } else { -%>
+  if (filters.<%= f.name %> !== undefined) query = query.where('<%= f.name %>').equals(filters.<%= f.name %>);
+<% } -%>
+<% }); -%>
+  const page = parseInt(filters.page, 10) || 1;
+  const limit = parseInt(filters.limit, 10) || 20;
+  if (filters.sort) {
+    query = query.sort({ [filters.sort]: filters.order === 'asc' ? 1 : -1 });
+  }
+
+  // Count before pagination so callers can build pagination UI.
+  const total = await <%= resource.pascalName %>Model.countDocuments(query.getFilter());
+  // .lean() — plain objects, not Mongoose documents, for fast list reads.
+  const data = await query.skip((page - 1) * limit).limit(limit).lean().exec();
+  return { data, total, page, limit, pages: Math.ceil(total / limit) };
+};
+
+// ── Get One ──────────────────────────────────────────────────────────────────
+const get<%= resource.pascalName %>ById = async (id) => {
+  const doc = await <%= resource.pascalName %>Model.findById(id);
+  if (!doc) throw new ApiError(404, '<%= resource.name %> not found');
+  return doc;
+};
+
+// ── Update ───────────────────────────────────────────────────────────────────
+const update<%= resource.pascalName %> = async (id, updates) => {
+<% resource.fields.forEach(function(f) { -%>
+<% if (['email', 'phone', 'url', 'string', 'text'].includes(f.type)) { -%>
+  if (updates.<%= f.name %>) {
+<% if (f.type === 'email') { -%>
+    updates.<%= f.name %> = updates.<%= f.name %>.toLowerCase().trim();
+<% } else if (f.type === 'phone') { -%>
+    updates.<%= f.name %> = updates.<%= f.name %>.replace(/[^+0-9]/g, '');
+<% } else { -%>
+    updates.<%= f.name %> = updates.<%= f.name %>.trim();
+<% } -%>
+  }
+<% } -%>
+<% }); -%>
+  const doc = await <%= resource.pascalName %>Model.findByIdAndUpdate(id, updates, {
+    new: true,
+    runValidators: true,
+  });
+  if (!doc) throw new ApiError(404, '<%= resource.name %> not found');
+  return doc;
+};
+
+// ── Delete ───────────────────────────────────────────────────────────────────
+const delete<%= resource.pascalName %> = async (id) => {
+<% if (resource.features && resource.features.softDelete) { -%>
+  const doc = await <%= resource.pascalName %>Model.findByIdAndUpdate(id, { deletedAt: new Date() }, { new: true });
+<% } else { -%>
+  const doc = await <%= resource.pascalName %>Model.findByIdAndDelete(id);
+<% } -%>
+  if (!doc) throw new ApiError(404, '<%= resource.name %> not found');
+  return doc;
+};
+<% if (options.architecture === 'advanced') { -%>
+
+// ── Advanced: batch operations ───────────────────────────────────────────────
+const bulkCreate<%= resource.pascalName %>s = async (items) => {
+  if (!Array.isArray(items)) throw new ApiError(400, 'Items must be an array');
+  return <%= resource.pascalName %>Model.insertMany(items);
+};
+
+const bulkUpdate<%= resource.pascalName %>s = async (updates) => {
+  const session = await mongoose.startSession();
+  session.startTransaction();
+  try {
+    for (const update of updates) {
+      await <%= resource.pascalName %>Model.findByIdAndUpdate(update.id, update.changes, { session });
+    }
+    await session.commitTransaction();
+    return updates.length;
+  } catch (err) {
+    await session.abortTransaction();
+    throw err;
+  } finally {
+    session.endSession();
+  }
+};
+<% } -%>
+
+module.exports = {
+  create<%= resource.pascalName %>,
+  getAll<%= resource.pascalName %>s,
+  get<%= resource.pascalName %>ById,
+  update<%= resource.pascalName %>,
+  delete<%= resource.pascalName %>,
+<% if (options.architecture === 'advanced') { -%>
+  bulkCreate<%= resource.pascalName %>s,
+  bulkUpdate<%= resource.pascalName %>s,
+<% } -%>
+};

package/src/templates/resource/test.ejs

@@ -0,0 +1,71 @@
+const request = require('supertest');
+const app = require('../../../app'); // Correct path: up to tests, kebabDir, modules, src/app
+const mongoose = require('mongoose');
+const <%= resource.pascalName %>Model = require('../models/<%= resource.name %>');
+
+describe('<%= resource.pascalName %> API', () => {
+  let testId;
+
+  beforeAll(async () => {
+    // Ensure DB connection if needed
+  });
+
+  afterAll(async () => {
+    await <%= resource.pascalName %>Model.deleteMany({});
+  });
+
+  test('POST /api/<%= resource.pluralKebab %> - should create <%= resource.name.toLowerCase() %>', async () => {
+    const payload = { 
+      <% resource.fields.filter(f => !['createdAt', 'updatedAt', '_id'].includes(f.name)).forEach(f => { %>
+      <%= f.name %>: <% if (f.type === 'number') { %>100<% } else if (f.type === 'boolean') { %>true<% } else if (f.type === 'date') { %>new Date()<% } else { %>'test-<%= f.name %>'<% } %>,
+      <% }); %>
+    };
+
+    const res = await request(app)
+      .post('/api/<%= resource.pluralKebab %>')
+      .send(payload)
+      .expect(201);
+
+    expect(res.body.data).toHaveProperty('_id');
+    testId = res.body.data._id;
+  });
+
+  test('GET /api/<%= resource.pluralKebab %> - should list <%= resource.pluralKebab %>', async () => {
+    const res = await request(app)
+      .get('/api/<%= resource.pluralKebab %>')
+      .expect(200);
+
+    expect(Array.isArray(res.body.data)).toBe(true);
+    expect(res.body.data.length).toBeGreaterThan(0);
+  });
+
+  test('GET /api/<%= resource.pluralKebab %>/:id - should get one <%= resource.name.toLowerCase() %>', async () => {
+    const res = await request(app)
+      .get(`/api/<%= resource.pluralKebab %>/${testId}`)
+      .expect(200);
+
+    expect(res.body.data).toHaveProperty('_id', testId);
+  });
+
+  test('PUT /api/<%= resource.pluralKebab %>/:id - should update <%= resource.name.toLowerCase() %>', async () => {
+    const res = await request(app)
+      .put(`/api/<%= resource.pluralKebab %>/${testId}`)
+      .send({ 
+        <% if (resource.fields[0]) { %>
+        <%= resource.fields[0].name %>: 'updated-value'
+        <% } %>
+      })
+      .expect(200);
+
+    expect(res.body.status).toBe('success');
+  });
+
+  test('DELETE /api/<%= resource.pluralKebab %>/:id - should delete <%= resource.name.toLowerCase() %>', async () => {
+    await request(app)
+      .delete(`/api/<%= resource.pluralKebab %>/${testId}`)
+      .expect(200);
+
+    const check = await <%= resource.pascalName %>Model.findById(testId);
+    expect(check).toBeNull();
+  });
+});

package/src/templates/resource/types.ts.ejs

@@ -0,0 +1,17 @@
+/**
+ * <%= resource.pascalName %> Types
+ * Auto-generated by Stackloom CLI
+ */
+
+ export interface <%= resource.pascalName %> {
+   _id?: string;
+   <% resource.fields.forEach(function(field) { %>
+   <%- field.name %>: <%- field.type === 'number' ? 'number' : field.type === 'boolean' ? 'boolean' : 'string' %>;
+   <% }); %>
+   createdAt?: string;
+   updatedAt?: string;
+ }
+
+export interface Create<%= resource.pascalName %>Input extends Omit<<%= resource.pascalName %>, '_id' | 'createdAt' | 'updatedAt'> {}
+
+export interface Update<%= resource.pascalName %>Input extends Partial<Create<%= resource.pascalName %>Input> {}

package/src/templates/resource/validator.js.ejs

@@ -0,0 +1,26 @@
+const Joi = require('joi');
+
+/**
+ * <%= resource.pascalName %> Validation Schemas
+ */
+
+// ── Create Schema ────────────────────────────────────────────────────────────
+ const create<%= resource.pascalName %>Schema = Joi.object({
+   <% resource.fields.forEach(function(field) { %>
+   <%- field.name %>: <%- field.joiRule %>,
+   <% }); %>
+ });
+
+ // ── Update Schema ────────────────────────────────────────────────────────────
+ // Update = Create schema, but fields that aren't required become optional>
+ <% const optionalFields = resource.fields.filter(f => !(f.validation && f.validation.required)); %>
+ const update<%= resource.pascalName %>Schema = create<%= resource.pascalName %>Schema<% if (optionalFields.length > 0) { %>.fork(
+   [<%- optionalFields.map(f => `'${f.name}'`).join(', ') %>],
+   (schema) => schema.optional()
+ )<% } else { %>; // no optional fields: update schema is same as create<% } %>
+
+module.exports = {
+  create<%= resource.pascalName %>Schema,
+  update<%= resource.pascalName %>Schema,
+};
+

package/src/templates/snippets/lazy-import.ejs

@@ -0,0 +1 @@
+const <%= resource.pascalName %>List = lazy(() => import("@/pages/admin/<%= resource.kebabName %>/ListPage"));

package/src/templates/snippets/nav-entry.ejs

@@ -0,0 +1 @@
+{ label: "<%= resource.name.replace(/([A-Z])/g, ' $1').trim() %>", href: "/admin/<%= resource.kebabName %>", icon: "layout" },

package/src/templates/snippets/route-entry.ejs

@@ -0,0 +1,5 @@
+{/* <%= resource.pascalName %> */}
+<Route
+  path="/admin/<%= resource.kebabName %>"
+  element={<AppShell secure><<%= resource.pascalName %>List /></AppShell>}
+/>

package/src/templates/snippets/route-mount.ejs

@@ -0,0 +1 @@
+router.use("/<%= resource.kebabName %>", require("../modules/<%= resource.kebabName %>/routes/<%= resource.name %>.routes"));

package/src/utils/fieldValidators.js

@@ -0,0 +1,371 @@
+#!/usr/bin/env node
+/**
+ * Input Validation Utility for Form/Module Field Definitions
+ * Provides comprehensive validation and sanitization helpers for CLI field specs
+ */
+
+export const AVAILABLE_TYPES = [
+  // Frontend form input types
+  "text", "textarea", "email", "password", "number", "tel", "url", 
+  "date", "datetime-local", "time", "color", "file", "range", "select", "hidden", "boolean",
+  // Backend schema types (alias/extra)
+  "string", "datetime"
+];
+
+export const VALIDATION_RULES = {
+  required: { type: "flag", description: "Field must be filled" },
+  unique: { type: "flag", description: "Value must be unique in database" },
+  min: { type: "number", description: "Minimum numeric/date value" },
+  max: { type: "number", description: "Maximum numeric/date value" },
+  minLength: { type: "integer", description: "Minimum string length" },
+  maxLength: { type: "integer", description: "Maximum string length" },
+  step: { type: "number", description: "Step size for number/range inputs" },
+  pattern: { type: "regex", description: "Regex pattern (format: /^[A-Z]+$/)" },
+  default: { type: "any", description: "Default value" },
+  accept: { type: "string", description: "File accept types (comma-separated MIME types)" },
+  multiple: { type: "flag", description: "Allow multiple file selection" },
+  options: { type: "array", description: "Dropdown options for select fields" },
+};
+
+const TYPE_VALIDATORS = {
+  text: (value) => typeof value === "string",
+  textarea: (value) => typeof value === "string",
+  email: (value) => /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(value),
+  password: (value) => typeof value === "string" && value.length >= 8,
+  number: (value) => !isNaN(parseFloat(value)),
+  tel: (value) => /^[+]?[1-9]\d{1,14}$/.test(value.replace(/[^+0-9]/g, "")),
+  url: (value) => /^https?:\/\/.+\..+/.test(value),
+  date: (value) => !isNaN(Date.parse(value)),
+  "datetime-local": (value) => !isNaN(Date.parse(value)),
+  time: (value) => /^([01]\d|2[0-3]):[0-5]\d$/.test(value),
+  color: (value) => /^#([0-9A-F]{3}){1,2}$/i.test(value),
+  range: (value) => !isNaN(parseFloat(value)),
+  boolean: (value) => typeof value === "boolean" || value === "true" || value === "false",
+  file: (value) => value instanceof File || typeof value === "string",
+};
+
+const TYPE_SANITIZERS = {
+  text: (value) => String(value).trim(),
+  textarea: (value) => String(value).trim(),
+  email: (value) => String(value).toLowerCase().trim(),
+  password: (value) => String(value),
+  number: (value) => parseFloat(value) || 0,
+  tel: (value) => String(value).replace(/[^+0-9]/g, ""),
+  url: (value) => String(value).trim(),
+  date: (value) => String(value).split("T")[0],
+  "datetime-local": (value) => String(value),
+  time: (value) => String(value),
+  color: (value) => String(value).toUpperCase(),
+  range: (value) => parseFloat(value) || 0,
+  boolean: (value) => value === true || value === "true",
+  file: (value) => value,
+};
+
+/**
+ * Parse field specification string into structured object
+ * Format: "name:type:rule1,rule2,rule3" or object input
+ * 
+ * @param {string|object} input - Field specification
+ * @returns {object|null} Parsed field object or null if invalid
+ */
+export function parseFieldSpec(input) {
+  if (typeof input === "object" && input.name && input.type) {
+    return validateFieldObject(input);
+  }
+  
+  if (typeof input !== "string") return null;
+  
+  const parts = input.split(":");
+  if (parts.length < 2) return null;
+  
+  const name = parts[0].trim();
+  const type = parts[1].trim();
+  
+  if (!/^[a-zA-Z_$][a-zA-Z0-9_$]*$/.test(name)) {
+    console.error(`✖  Invalid field name "${name}". Must be valid JS identifier.`);
+    return null;
+  }
+  
+  if (!AVAILABLE_TYPES.includes(type)) {
+    console.error(`✖  Invalid type "${type}". Available: ${AVAILABLE_TYPES.join(", ")}`);
+    return null;
+  }
+  
+  const field = { name, type, validation: { required: false } };
+  
+  // Parse rules (pipe-separated: rule1|rule2|key=value)
+  if (parts[2]) {
+    const rules = parts[2].split("|");
+    for (const rule of rules) {
+      const trimmed = rule.trim();
+      if (trimmed === "required") {
+        field.validation.required = true;
+      } else if (trimmed === "unique") {
+        field.validation.unique = true;
+      } else if (trimmed.startsWith("min=")) {
+        const val = parseFloat(trimmed.split("=")[1]);
+        if (!isNaN(val)) field.validation.min = val;
+      } else if (trimmed.startsWith("max=")) {
+        const val = parseFloat(trimmed.split("=")[1]);
+        if (!isNaN(val)) field.validation.max = val;
+      } else if (trimmed.startsWith("minLength=")) {
+        const val = parseInt(trimmed.split("=")[1], 10);
+        if (!isNaN(val)) field.validation.minLength = val;
+      } else if (trimmed.startsWith("maxLength=")) {
+        const val = parseInt(trimmed.split("=")[1], 10);
+        if (!isNaN(val)) field.validation.maxLength = val;
+      } else if (trimmed.startsWith("step=")) {
+        const val = parseFloat(trimmed.split("=")[1]);
+        if (!isNaN(val)) field.validation.step = val;
+      } else if (trimmed.startsWith("pattern=")) {
+        const pattern = trimmed.split("=")[1];
+        try {
+          new RegExp(pattern);
+          field.validation.pattern = pattern;
+        } catch {
+          console.warn(`⚠  Invalid regex pattern for ${name}: ${pattern}`);
+        }
+      } else if (trimmed.startsWith("default=")) {
+        field.validation.default = trimmed.split("=")[1];
+      } else if (trimmed.startsWith("accept=")) {
+        field.validation.accept = trimmed.split("=")[1].split(",");
+      } else if (trimmed === "multiple") {
+        field.validation.multiple = true;
+      }
+    }
+  }
+  
+  // Cross-validate constraints
+  if (field.validation.min !== undefined && field.validation.max !== undefined) {
+    if (field.validation.min > field.validation.max) {
+      console.error(`✖  min (${field.validation.min}) > max (${field.validation.max}) for field "${name}"`);
+      return null;
+    }
+  }
+  if (field.validation.minLength !== undefined && field.validation.maxLength !== undefined) {
+    if (field.validation.minLength > field.validation.maxLength) {
+      console.error(`✖  minLength > maxLength for field "${name}"`);
+      return null;
+    }
+  }
+  
+  return validateFieldObject(field);
+}
+
+/**
+ * Validate field object structure and constraints
+ */
+function validateFieldObject(field) {
+  if (!field.name || !field.type) return null;
+  
+  if (!AVAILABLE_TYPES.includes(field.type)) {
+    console.error(`✖  Type "${field.type}" not supported`);
+    return null;
+  }
+  
+  // Type-specific validation checks
+  const validator = TYPE_VALIDATORS[field.type];
+  if (field.validation.default !== undefined && !validator(field.validation.default)) {
+    console.warn(`⚠  Default value for ${field.name} may not match type ${field.type}`);
+  }
+  
+  if (field.validation.min !== undefined && !validator(field.validation.min)) {
+    console.warn(`⚠  min value for ${field.name} is invalid`);
+    delete field.validation.min;
+  }
+  
+  if (field.validation.max !== undefined && !validator(field.validation.max)) {
+    console.warn(`⚠  max value for ${field.name} is invalid`);
+    delete field.validation.max;
+  }
+  
+  // Cross-validation: min <= max
+  if (field.validation.min !== undefined && field.validation.max !== undefined) {
+    if (field.validation.min > field.validation.max) {
+      console.error(`✖  min (${field.validation.min}) > max (${field.validation.max}) for ${field.name}`);
+      return null;
+    }
+  }
+  
+  return field;
+}
+
+/**
+ * Generate sanitized input handler code
+ */
+export function generateSanitizationCode(fields) {
+  const sanitizers = [];
+  
+  fields.forEach(f => {
+    const sanitizer = TYPE_SANITIZERS[f.type];
+    if (sanitizer && f.type !== "file") {
+      sanitizers.push(`    sanitized.${f.name} = sanitize${f.type.charAt(0).toUpperCase() + f.type.slice(1)}(values.${f.name});`);
+    }
+  });
+  
+  return sanitizers.join('\n');
+}
+
+/**
+ * Generate validation code for frontend
+ */
+export function generateValidationCode(fields, useZod = false) {
+  if (useZod) {
+    return fields.map(f => {
+      let zodType = "z.string()";
+      if (f.type === "number") zodType = "z.number()";
+      if (f.type === "boolean") zodType = "z.boolean()";
+      if (f.type === "date") zodType = "z.string().datetime()";
+      
+      let refinements = [];
+      if (f.validation.required) refinements.push(".min(1, 'Required')");
+      else zodType += ".optional()";
+      if (f.minLength) refinements.push(`.min(${f.minLength}, "Min ${f.minLength} chars")`);
+      if (f.maxLength) refinements.push(`.max(${f.maxLength}, "Max ${f.maxLength} chars")`);
+      if (f.pattern) refinements.push(`.regex(${f.pattern})`);
+      
+      return `    ${f.name}: ${zodType}${refinements.join('')}`;
+    }).join(',\n');
+  }
+  
+  // Inline validation function
+  const checks = [];
+  fields.forEach(f => {
+    if (f.validation.required) {
+      checks.push(`    if (!values.${f.name}) errors.push("${f.label || f.name} is required");`);
+    }
+    if (f.validation.min !== undefined) {
+      checks.push(`    if (values.${f.name} < ${f.validation.min}) errors.push("Minimum ${f.validation.min}");`);
+    }
+    if (f.validation.max !== undefined) {
+      checks.push(`    if (values.${f.name} > ${f.validation.max}) errors.push("Maximum ${f.validation.max}");`);
+    }
+    if (f.minLength) {
+      checks.push(`    if (values.${f.name}.length < ${f.minLength}) errors.push("Min ${f.minLength} characters");`);
+    }
+    if (f.maxLength) {
+      checks.push(`    if (values.${f.name}.length > ${f.maxLength}) errors.push("Max ${f.maxLength} characters");`);
+    }
+  });
+  
+  return checks.join('\n');
+}
+
+/**
+ * Check if any field requires file upload handling
+ */
+export function hasFileUpload(fields) {
+  return fields.some(f => f.type === "file");
+}
+
+/**
+ * Check if any field requires rich text (WYSIWYG)
+ */
+export function hasRichText(fields) {
+  return fields.some(f => f.type === "textarea" && (f.validation.maxLength > 500 || f.richText));
+}
+
+/**
+ * Generate backend validator (Joi)
+ */
+export function generateJoiValidator(fields) {
+  const rules = fields.map(f => {
+    let rule = `  ${f.name}: `;
+    
+    switch (f.type) {
+      case "string":
+      case "text":
+      case "email":
+      case "url":
+      case "tel":
+      case "password":
+        rule += "Joi.string().trim()";
+        if (f.minLength) rule += `.min(${f.minLength})`;
+        if (f.maxLength) rule += `.max(${f.maxLength})`;
+        if (f.type === "email") rule += ".email()";
+        if (f.type === "url") rule += ".uri()";
+        if (f.type === "tel") rule += ".pattern(/^[+]?[1-9]\\d{1,14}$/)";
+        if (f.type === "password") rule += ".min(8).pattern(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)/)";
+        break;
+      case "number":
+      case "range":
+        rule += "Joi.number().integer()";
+        if (f.validation.min !== undefined) rule += `.min(${f.validation.min})`;
+        if (f.validation.max !== undefined) rule += `.max(${f.validation.max})`;
+        break;
+      case "boolean":
+        rule += "Joi.boolean()";
+        break;
+      case "date":
+      case "datetime":
+        rule += "Joi.date().iso()";
+        break;
+      case "color":
+        rule += "Joi.string().hexColor()";
+        break;
+      case "file":
+        rule += "Joi.any()";
+        break;
+      default:
+        rule += "Joi.any()";
+    }
+    
+    if (f.validation.required) {
+      rule += ".required()";
+    }
+    
+    if (f.validation.unique) {
+      // Comment for server-side unique check
+      rule += ` // TODO: Add unique validation in controller`;
+    }
+    
+    return rule;
+  });
+  
+  return `const Joi = require("joi");
+
+const schema = Joi.object({
+${rules.join(",\n")}
+});
+
+module.exports = schema;`;
+}
+
+/**
+ * Sanitize utilities (exported for use in generated code)
+ */
+export const sanitizers = {
+  text: (value) => {
+    if (typeof value !== "string") return value;
+    // Remove HTML tags and trim
+    return value.replace(/<[^>]*>?/gm, '').trim();
+  },
+  
+  textarea: (value) => {
+    if (typeof value !== "string") return value;
+    // Preserve line breaks but remove dangerous tags
+    return value.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '').trim();
+  },
+  
+  email: (value) => {
+    if (typeof value !== "string") return value;
+    return value.toLowerCase().trim();
+  },
+  
+  url: (value) => {
+    if (typeof value !== "string") return value;
+    return value.trim();
+  },
+  
+  phone: (value) => {
+    if (typeof value !== "string") return value;
+    // E.164 format: +[country code][number]
+    return value.replace(/[^+0-9]/g, '');
+  },
+  
+  number: (value) => {
+    return parseFloat(value) || 0;
+  },
+  
+  default: (value) => value,
+};

package/src/utils/logging/logger.js

@@ -0,0 +1,47 @@
+// Logger utility for consistent logging across CLI commands
+import chalk from 'chalk';
+
+export class Logger {
+  static info(message) {
+    console.log(chalk.blue(`ℹ ${message}`));
+  }
+
+  static success(message) {
+    console.log(chalk.green(`✓ ${message}`));
+  }
+
+  static warning(message) {
+    console.log(chalk.yellow(`⚠ ${message}`));
+  }
+
+  static error(message) {
+    console.error(chalk.red(`✗ ${message}`));
+  }
+
+  static debug(message) {
+    if (process.env.LOOM_DEBUG === 'true') {
+      console.log(chalk.gray(`[DEBUG] ${message}`));
+    }
+  }
+
+  static gray(message) {
+    console.log(chalk.gray(message));
+  }
+
+  static cyan(message) {
+    console.log(chalk.cyan(message));
+  }
+
+  static progress(message) {
+    // For use with ora or similar spinners
+    process.stdout.write(`\r${chalk.cyan(`⟳ ${message}`)}`);
+  }
+
+  static clearProgress() {
+    // Clear progress line
+    process.stdout.clearLine();
+    process.stdout.cursorTo(0);
+  }
+}
+
+export default Logger;