vasp-cli 0.4.0 → 0.9.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vasp-cli",
-  "version": "0.4.0",
+  "version": "0.9.0",
   "description": "The Vasp CLI — declarative full-stack framework for Vue developers",
   "license": "Apache-2.0",
   "type": "module",
@@ -14,7 +14,7 @@
     "README.md"
   ],
   "scripts": {
-    "build": "bun build ./bin/vasp.ts --target=bun --outfile=dist/vasp --minify --banner='#!/usr/bin/env bun' && chmod +x dist/vasp && cp -r ../../templates ./templates",
+    "build": "rm -rf dist templates starters && bun build ./bin/vasp.ts --target=bun --outfile=dist/vasp --minify --banner='#!/usr/bin/env bun' && chmod +x dist/vasp && mkdir -p templates starters && cp -R ../../templates/. ./templates && cp -R ../../templates/starters/. ./starters",
     "test": "vitest run"
   },
   "dependencies": {

package/starters/minimal.vasp

@@ -1,5 +1,5 @@
 app MinimalApp {
-  title: "My Vasp App"
+  title: "Minimal App"
   db: Drizzle
   ssr: false
   typescript: false

package/starters/recipe.vasp

@@ -10,23 +10,13 @@ auth RecipeAuth {
   methods: [usernameAndPassword]
 }
 
-entity User {
-  id: Int @id
-  username: String @unique
-  password: String
-  createdAt: DateTime @default(now)
-}
-
 entity Recipe {
   id: Int @id
   title: String
   description: String
   ingredients: String
   instructions: String
-  cookTime: Int
-  servings: Int
-  imageUrl: String
-  createdAt: DateTime @default(now)
+  author: String
 }
 
 route HomeRoute {
@@ -40,30 +30,26 @@ route RecipesRoute {
 }
 
 route AddRecipeRoute {
-  path: "/recipes/add"
+  path: "/recipes/new"
   to: AddRecipePage
 }
 
 page HomePage {
-  component: import Home from "@src/pages/Home.vue"
+  component: import HomePage from "@src/pages/HomePage.vue"
 }
 
 page RecipesPage {
-  component: import Recipes from "@src/pages/Recipes.vue"
+  component: import RecipesPage from "@src/pages/RecipesPage.vue"
 }
 
 page AddRecipePage {
-  component: import AddRecipe from "@src/pages/AddRecipe.vue"
-}
-
-crud Recipe {
-  entity: Recipe
-  operations: [list, create, update, delete]
+  component: import AddRecipePage from "@src/pages/AddRecipePage.vue"
 }
 
 query getRecipes {
   fn: import { getRecipes } from "@src/queries.js"
   entities: [Recipe]
+  auth: true
 }
 
 action createRecipe {
@@ -77,3 +63,8 @@ action deleteRecipe {
   entities: [Recipe]
   auth: true
 }
+
+crud Recipe {
+  entity: Recipe
+  operations: [list, create, update, delete]
+}

package/starters/todo-auth-ssr.vasp

@@ -1,52 +1,65 @@
-app TodoSsrApp {
-  title: "Todo App (SSR + Auth)"
+app TodoAuthSsrApp {
+  title: "Todo App"
   db: Drizzle
   ssr: true
-  typescript: true
+  typescript: false
 }
 
-auth UserAuth {
+auth TodoAuth {
   userEntity: User
   methods: [usernameAndPassword]
 }
 
-route HomeRoute {
-  path: "/"
-  to: TodoPage
+entity User {
+  id: Int @id
+  username: String @unique
+  email: String @unique
 }
 
-route DashboardRoute {
-  path: "/dashboard"
-  to: DashboardPage
+entity Todo {
+  id: Int @id
+  title: String
+  done: Boolean
+  createdAt: DateTime @default(now)
 }
 
-page TodoPage {
-  component: import TodoPage from "@src/pages/TodoPage.vue"
+route HomeRoute {
+  path: "/"
+  to: HomePage
 }
 
-page DashboardPage {
-  component: import DashboardPage from "@src/pages/DashboardPage.vue"
+route TodoRoute {
+  path: "/todos"
+  to: TodoPage
 }
 
-crud Todo {
-  entity: Todo
-  operations: [list, create, update, delete]
+page HomePage {
+  component: import Home from "@src/pages/Home.vue"
+}
+
+page TodoPage {
+  component: import TodoList from "@src/pages/TodoList.vue"
 }
 
 query getTodos {
-  fn: import { getTodos } from "@src/queries.ts"
+  fn: import { getTodos } from "@src/queries.js"
   entities: [Todo]
   auth: true
 }
 
 action createTodo {
-  fn: import { createTodo } from "@src/actions.ts"
+  fn: import { createTodo } from "@src/actions.js"
   entities: [Todo]
   auth: true
 }
 
 action deleteTodo {
-  fn: import { deleteTodo } from "@src/actions.ts"
+  fn: import { deleteTodo } from "@src/actions.js"
   entities: [Todo]
   auth: true
 }
+
+crud Todo {
+  entity: Todo
+  operations: [list, create, update, delete]
+}

package/starters/todo.vasp

@@ -5,18 +5,20 @@ app TodoApp {
   typescript: false
 }
 
-route HomeRoute {
-  path: "/"
-  to: TodoPage
+entity Todo {
+  id: Int @id
+  title: String
+  done: Boolean
+  createdAt: DateTime @default(now)
 }
 
-page TodoPage {
-  component: import TodoPage from "@src/pages/TodoPage.vue"
+route HomeRoute {
+  path: "/"
+  to: HomePage
 }
 
-crud Todo {
-  entity: Todo
-  operations: [list, create, update, delete]
+page HomePage {
+  component: import Home from "@src/pages/Home.vue"
 }
 
 query getTodos {
@@ -33,3 +35,8 @@ action deleteTodo {
   fn: import { deleteTodo } from "@src/actions.js"
   entities: [Todo]
 }
+
+crud Todo {
+  entity: Todo
+  operations: [list, create, update, delete]
+}

package/templates/shared/.gitignore.hbs

@@ -2,6 +2,7 @@ node_modules
 dist
 .output
 .nuxt
+.vasp
 .vasp-gen
 .env
 .env.local

package/templates/shared/auth/server/index.hbs

@@ -1,9 +1,9 @@
 import { Elysia } from 'elysia'
-import { jwt } from '@elysiajs/jwt'
-import { cookie } from '@elysiajs/cookie'
 import { db } from '../db/client.{{ext}}'
 import { users } from '../../drizzle/schema.{{ext}}'
 import { eq } from 'drizzle-orm'
+import { authPlugin } from './plugin.{{ext}}'
+import { VaspError } from '../middleware/errorHandler.{{ext}}'
 {{#if (includes authMethods "usernameAndPassword")}}
 import { usernameAndPasswordRoutes } from './providers/usernameAndPassword.{{ext}}'
 {{/if}}
@@ -14,13 +14,9 @@ import { googleRoutes } from './providers/google.{{ext}}'
 import { githubRoutes } from './providers/github.{{ext}}'
 {{/if}}
 
-const JWT_SECRET = process.env.JWT_SECRET || 'change-me-in-production'
+export { authPlugin } from './plugin.{{ext}}'
 
-export const authPlugin = new Elysia({ name: 'auth-plugin' })
-  .use(jwt({ name: 'jwt', secret: JWT_SECRET }))
-  .use(cookie())
-
-export const authRoutes = new Elysia({ prefix: '/auth' })
+export const authRoutes = new Elysia({ prefix: '/api/auth' })
   .use(authPlugin)
 {{#if (includes authMethods "usernameAndPassword")}}
   .use(usernameAndPasswordRoutes)

package/templates/shared/auth/server/middleware.hbs

@@ -1,11 +1,11 @@
 import { Elysia } from 'elysia'
-import { jwt } from '@elysiajs/jwt'
-import { cookie } from '@elysiajs/cookie'
+import { jwtVerify } from 'jose'
 import { db } from '../db/client.{{ext}}'
 import { users } from '../../drizzle/schema.{{ext}}'
 import { eq } from 'drizzle-orm'
+import { VaspError } from '../middleware/errorHandler.{{ext}}'
 
-const JWT_SECRET = process.env.JWT_SECRET || 'change-me-in-production'
+const JWT_SECRET = new TextEncoder().encode(process.env.JWT_SECRET || 'change-me-in-production')
 
 /**
  * requireAuth — Elysia plugin that verifies the JWT cookie and injects `user` into the context.
@@ -15,19 +15,37 @@ const JWT_SECRET = process.env.JWT_SECRET || 'change-me-in-production'
  * new Elysia().use(requireAuth).get('/protected', ({ user }) => user)
  */
 export const requireAuth = new Elysia({ name: 'require-auth' })
-  .use(jwt({ name: 'jwt', secret: JWT_SECRET }))
-  .use(cookie())
-  .derive(async ({ jwt, cookie: { token }, set }) => {
-    const payload = await jwt.verify(token?.value ?? '')
-    if (!payload || typeof payload.userId !== 'number') {
-      set.status = 401
-      throw new Error('Unauthorized')
+  .resolve({ as: 'scoped' }, async ({ cookie }) => {
+    const tokenValue = cookie?.token?.value ?? ''
+    if (!tokenValue) return { user: null }
+    try {
+      const { payload } = await jwtVerify(tokenValue, JWT_SECRET)
+      if (!payload || typeof payload.userId !== 'number') {
+        return { user: null }
+      }
+      const [user] = await db.select().from(users).where(eq(users.id, payload.userId)).limit(1)
+      if (!user) {
+        return { user: null }
+      }
+      const { passwordHash: _ph, ...safeUser } = user
+      return { user: safeUser }
+    } catch {
+      return { user: null }
     }
-    const [user] = await db.select().from(users).where(eq(users.id, payload.userId)).limit(1)
+  })
+  .onBeforeHandle({ as: 'scoped' }, ({ user }) => {
     if (!user) {
-      set.status = 401
-      throw new Error('User not found')
+      throw new VaspError('AUTH_REQUIRED', 'Authentication required', 401)
     }
-    const { passwordHash: _ph, ...safeUser } = user
-    return { user: safeUser }
   })
+
+export function requireRole(roles{{#if isTypeScript}}: string[]{{/if}}) {
+  return new Elysia({ name: 'require-role' })
+    .use(requireAuth)
+    .onBeforeHandle({ as: 'scoped' }, ({ user }) => {
+      const userRole = typeof user?.role === 'string' ? user.role : ''
+      if (!roles.includes(userRole)) {
+        throw new VaspError('AUTH_FORBIDDEN', 'Insufficient permissions', 403)
+      }
+    })
+}

package/templates/{templates/shared → shared}/auth/server/plugin.hbs

@@ -1,9 +1,7 @@
 import { Elysia } from 'elysia'
 import { jwt } from '@elysiajs/jwt'
-import { cookie } from '@elysiajs/cookie'
 
 const JWT_SECRET = process.env.JWT_SECRET || 'change-me-in-production'
 
 export const authPlugin = new Elysia({ name: 'auth-plugin' })
   .use(jwt({ name: 'jwt', secret: JWT_SECRET }))
-  .use(cookie())

package/templates/shared/auth/server/providers/github.hbs

@@ -2,7 +2,7 @@ import { Elysia } from 'elysia'
 import { db } from '../../db/client.{{ext}}'
 import { users } from '../../../drizzle/schema.{{ext}}'
 import { eq } from 'drizzle-orm'
-import { authPlugin } from '../index.{{ext}}'
+import { authPlugin } from '../plugin.{{ext}}'
 
 const GITHUB_CLIENT_ID = process.env.GITHUB_CLIENT_ID || ''
 const GITHUB_CLIENT_SECRET = process.env.GITHUB_CLIENT_SECRET || ''

package/templates/shared/auth/server/providers/google.hbs

@@ -2,7 +2,7 @@ import { Elysia } from 'elysia'
 import { db } from '../../db/client.{{ext}}'
 import { users } from '../../../drizzle/schema.{{ext}}'
 import { eq } from 'drizzle-orm'
-import { authPlugin } from '../index.{{ext}}'
+import { authPlugin } from '../plugin.{{ext}}'
 
 const GOOGLE_CLIENT_ID = process.env.GOOGLE_CLIENT_ID || ''
 const GOOGLE_CLIENT_SECRET = process.env.GOOGLE_CLIENT_SECRET || ''

package/templates/shared/auth/server/providers/usernameAndPassword.hbs

@@ -2,17 +2,14 @@ import { Elysia, t } from 'elysia'
 import { db } from '../../db/client.{{ext}}'
 import { users } from '../../../drizzle/schema.{{ext}}'
 import { eq } from 'drizzle-orm'
-import { authPlugin } from '../index.{{ext}}'
+import { authPlugin } from '../plugin.{{ext}}'
 
 async function hashPassword(password{{#if isTypeScript}}: string{{/if}}) {
-  const encoder = new TextEncoder()
-  const data = encoder.encode(password)
-  const hash = await crypto.subtle.digest('SHA-256', data)
-  return Buffer.from(hash).toString('hex')
+  return Bun.password.hash(password, 'argon2id')
 }
 
 async function verifyPassword(password{{#if isTypeScript}}: string{{/if}}, hash{{#if isTypeScript}}: string{{/if}}) {
-  return (await hashPassword(password)) === hash
+  return Bun.password.verify(password, hash)
 }
 
 export const usernameAndPasswordRoutes = new Elysia()

package/templates/shared/bunfig.toml.hbs

@@ -1,2 +1,5 @@
 [install]
 exact = false
+
+[resolve]
+"@src" = "./src"

package/templates/shared/drizzle/schema.hbs

@@ -1,17 +1,25 @@
-import { pgTable, serial, text, integer, boolean, timestamp, doublePrecision } from 'drizzle-orm/pg-core'
+import { pgTable, text, integer, boolean, timestamp, doublePrecision, jsonb{{#if hasAnyRelations}}, relations{{/if}}{{#if hasEnums}}, pgEnum{{/if}} } from 'drizzle-orm/pg-core'
 {{#if isTypeScript}}
 import type { InferSelectModel, InferInsertModel } from 'drizzle-orm'
 {{/if}}
 
+{{#if hasEnums}}
+{{#each enumDeclarations}}
+export const {{fnName}} = pgEnum('{{dbName}}', [{{#each values}}'{{this}}'{{#unless @last}}, {{/unless}}{{/each}}])
+{{/each}}
+{{/if}}
 {{#if hasAuth}}
 // Users table — generated by Vasp auth system
 export const users = pgTable('users', {
-  id: serial('id').primaryKey(),
+  id: integer('id').primaryKey().generatedByDefaultAsIdentity(),
   username: text('username').notNull().unique(),
   email: text('email').unique(),
   passwordHash: text('password_hash'),
   googleId: text('google_id').unique(),
   githubId: text('github_id').unique(),
+{{#each authUserExtraFields}}
+  {{camelCase name}}: {{{drizzleColumn name type modifiers nullable defaultValue isUpdatedAt}}},
+{{/each}}
   createdAt: timestamp('created_at').defaultNow().notNull(),
   updatedAt: timestamp('updated_at').defaultNow().notNull(),
 })
@@ -21,28 +29,39 @@ export type NewUser = InferInsertModel<typeof users>
 {{/if}}
 
 {{/if}}
-{{#each crudsWithFields}}
-{{#if hasEntity}}
-// {{entity}} table — generated from entity block
-export const {{camelCase entity}}s = pgTable('{{camelCase entity}}s', {
-{{#each fields}}
-  {{camelCase name}}: {{{drizzleColumn name type modifiers}}},
-{{/each}}
-  createdAt: timestamp('created_at').defaultNow().notNull(),
-  updatedAt: timestamp('updated_at').defaultNow().notNull(),
-})
+{{#each entitiesWithSchema}}
+// {{name}} table — generated from entity block
+export const {{camelCase name}}s = pgTable('{{camelCase name}}s', {
+{{#each scalarFields}}
+{{#if isForeignKey}}
+  {{camelCase name}}: integer('{{camelCase name}}').notNull().references(() => {{referencedTable}}.id, { onDelete: '{{onDelete}}' }),
 {{else}}
-// {{entity}} table — no entity block found, add your columns below
-export const {{camelCase entity}}s = pgTable('{{camelCase entity}}s', {
-  id: serial('id').primaryKey(),
-  // TODO: Add your {{entity}} columns here
+{{#if isEnum}}
+  {{camelCase name}}: {{enumFnName}}('{{camelCase name}}'){{#unless nullable}}.notNull(){{/unless}},
+{{else}}
+  {{camelCase name}}: {{{drizzleColumn name type modifiers nullable defaultValue isUpdatedAt}}},
+{{/if}}
+{{/if}}
+{{/each}}
   createdAt: timestamp('created_at').defaultNow().notNull(),
   updatedAt: timestamp('updated_at').defaultNow().notNull(),
 })
-{{/if}}
 {{#if ../isTypeScript}}
-export type {{pascalCase entity}} = InferSelectModel<typeof {{camelCase entity}}s>
-export type New{{pascalCase entity}} = InferInsertModel<typeof {{camelCase entity}}s>
+export type {{pascalCase name}} = InferSelectModel<typeof {{camelCase name}}s>
+export type New{{pascalCase name}} = InferInsertModel<typeof {{camelCase name}}s>
 {{/if}}
 
 {{/each}}
+{{#each entitiesWithSchema}}
+{{#if hasRelations}}
+export const {{camelCase name}}sRelations = relations({{camelCase name}}s, ({ one, many }) => ({
+{{#each manyToOne}}
+  {{camelCase name}}: one({{relatedTable}}, { fields: [{{camelCase ../name}}s.{{camelCase localField}}], references: [{{relatedTable}}.id] }),
+{{/each}}
+{{#each oneToMany}}
+  {{camelCase fieldName}}: many({{relatedTable}}),
+{{/each}}
+}))
+
+{{/if}}
+{{/each}}

package/templates/shared/package.json.hbs

@@ -6,17 +6,23 @@
   "scripts": {
     "dev": "vasp start",
     "build": "vasp build",
+    "test": "vitest run",
     "dev:server": "bun --hot server/index.{{ext}}",
     "dev:client": "{{#if isSpa}}vite{{else}}nuxt dev{{/if}}",
     "db:generate": "bunx drizzle-kit generate",
     "db:migrate": "bunx drizzle-kit migrate",
-    "db:studio": "bunx drizzle-kit studio"
+    "db:push": "bunx drizzle-kit push",
+    "db:studio": "bunx drizzle-kit studio"{{#if seed}},
+    "db:seed": "bun server/db/seed.{{ext}}"{{/if}}
   },
   "dependencies": {
-    "@vasp-framework/runtime": "^0.1.0",
+    "@vasp-framework/runtime": "^0.4.0",
     "elysia": "^1.1.0",
     "@elysiajs/cors": "^1.1.0",
-    "@elysiajs/static": "^1.1.0",
+    "@elysiajs/static": "^1.1.0",{{#if auth}}
+    "@elysiajs/jwt": "^1.1.0",
+    "jose": "^5.0.0",{{/if}}
+    "valibot": "^1.0.0",
     "drizzle-orm": "^0.36.0",
     "postgres": "^3.4.0",
     "ofetch": "^1.3.4",
@@ -26,7 +32,8 @@
     "pg-boss": "^10.0.0"{{/if}}
   },
   "devDependencies": {
-    "drizzle-kit": "^0.28.0"{{#if isSpa}},
+    "drizzle-kit": "^0.28.0",
+    "vitest": "^2.1.9"{{#if isSpa}},
     "@vitejs/plugin-vue": "^5.2.0",
     "vite": "^6.0.0"{{/if}}{{#if isTypeScript}},
     "typescript": "^5.6.0",

package/templates/shared/server/db/client.hbs

@@ -5,8 +5,26 @@ import * as schema from '../../drizzle/schema.{{ext}}'
 const connectionString = process.env.DATABASE_URL
 
 if (!connectionString) {
-  throw new Error('DATABASE_URL environment variable is required')
+  console.error('\n✗ DATABASE_URL environment variable is required. Set it in .env\n')
+  process.exit(1)
+}
+
+if (connectionString.startsWith('postgres://user:password@localhost')) {
+  console.warn(
+    '\n⚠  DATABASE_URL looks like a placeholder. Edit .env to set your real database credentials.\n'
+  )
 }
 
 const client = postgres(connectionString)
+
+// Verify database connectivity at startup
+try {
+  await client`SELECT 1`
+} catch (err) {
+  const message = err instanceof Error ? err.message : String(err)
+  console.error('\n✗ Cannot connect to database. Verify DATABASE_URL in .env')
+  console.error(`  ${message}\n`)
+  process.exit(1)
+}
+
 export const db = drizzle(client, { schema })

package/templates/shared/server/db/seed.hbs

@@ -0,0 +1,16 @@
+import { db } from './client.{{ext}}'
+{{#if (eq seedImportKind "default")}}
+import {{seedImportName}} from '{{importPath fnSource ext}}'
+{{else}}
+import { {{seedImportName}} } from '{{importPath fnSource ext}}'
+{{/if}}
+
+async function runSeed() {
+  await {{seedImportName}}({ db })
+  console.log('✅ Seed completed')
+}
+
+runSeed().catch((error) => {
+  console.error('❌ Seed failed', error)
+  process.exit(1)
+})

package/templates/shared/server/index.hbs

@@ -2,19 +2,34 @@ import { Elysia } from 'elysia'
 import { cors } from '@elysiajs/cors'
 import { staticPlugin } from '@elysiajs/static'
 import { db } from './db/client.{{ext}}'
+import { logger } from './middleware/logger.{{ext}}'
 import { rateLimit } from './middleware/rateLimit.{{ext}}'
+import { errorHandler } from './middleware/errorHandler.{{ext}}'
+import { vaspDiagnosticRoutes } from './routes/_vasp.{{ext}}'
 {{#if isSsr}}
 import { csrfProtection } from './middleware/csrf.{{ext}}'
 {{/if}}
 {{#if hasAuth}}
 import { authRoutes } from './auth/index.{{ext}}'
 {{/if}}
+{{#each middlewares}}
+{{#if (eq scope "global")}}
+{{#if (eq fn.kind "default")}}
+import {{importAlias}} from '{{importPath fnSource ../ext}}'
+{{else}}
+import { {{importName fn}} as {{importAlias}} } from '{{importPath fnSource ../ext}}'
+{{/if}}
+{{/if}}
+{{/each}}
 {{#each queries}}
 import { {{camelCase name}}Route } from './routes/queries/{{camelCase name}}.{{../ext}}'
 {{/each}}
 {{#each actions}}
 import { {{camelCase name}}Route } from './routes/actions/{{camelCase name}}.{{../ext}}'
 {{/each}}
+{{#each apis}}
+import { {{camelCase name}}ApiRoute } from './routes/api/{{camelCase name}}.{{../ext}}'
+{{/each}}
 {{#each cruds}}
 import { {{camelCase entity}}CrudRoutes } from './routes/crud/{{camelCase entity}}.{{../ext}}'
 {{/each}}
@@ -27,7 +42,23 @@ import { {{camelCase name}}ScheduleRoute } from './routes/jobs/{{camelCase name}
 
 const PORT = Number(process.env.PORT) || {{backendPort}}
 
+const REQUIRED_ENV_VARS = [{{#each requiredEnvVars}}'{{this}}'{{#unless @last}}, {{/unless}}{{/each}}]
+const missingEnvVars = REQUIRED_ENV_VARS.filter((name) => {
+  const value = process.env[name]
+  return typeof value !== 'string' || value.trim() === ''
+})
+
+if (missingEnvVars.length > 0) {
+  console.error('❌ Missing required environment variables:')
+  for (const key of missingEnvVars) {
+    console.error(`  - ${key}`)
+  }
+  process.exit(1)
+}
+
 const app = new Elysia()
+  .use(logger())
+  .use(errorHandler())
   .use(cors({
     origin: process.env.CORS_ORIGIN || 'http://localhost:{{frontendPort}}',
     credentials: true,
@@ -37,15 +68,24 @@ const app = new Elysia()
   .use(csrfProtection())
 {{/if}}
   .get('/api/health', () => ({ status: 'ok', version: '{{vaspVersion}}' }))
+  .use(vaspDiagnosticRoutes)
 {{#if hasAuth}}
   .use(authRoutes)
 {{/if}}
+{{#each middlewares}}
+{{#if (eq scope "global")}}
+  .use({{importAlias}})
+{{/if}}
+{{/each}}
 {{#each queries}}
   .use({{camelCase name}}Route)
 {{/each}}
 {{#each actions}}
   .use({{camelCase name}}Route)
 {{/each}}
+{{#each apis}}
+  .use({{camelCase name}}ApiRoute)
+{{/each}}
 {{#each cruds}}
   .use({{camelCase entity}}CrudRoutes)
 {{/each}}