zuro-cli 0.0.2-beta.13 → 0.0.2-beta.15

package/dist/index.js

@@ -6,6 +6,13 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
 var __copyProps = (to, from, except, desc) => {
   if (from && typeof from === "object" || typeof from === "function") {
     for (let key of __getOwnPropNames(from))
@@ -23,6 +30,449 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
+// src/utils/code-inject.ts
+function escapeRegex(value) {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function appendImport(source, line) {
+  if (source.includes(line)) {
+    return { source, inserted: true };
+  }
+  const importRegex = /^import .+ from .+;?\s*$/gm;
+  let lastImportIndex = 0;
+  let match;
+  while ((match = importRegex.exec(source)) !== null) {
+    lastImportIndex = match.index + match[0].length;
+  }
+  if (lastImportIndex <= 0) {
+    return { source, inserted: false };
+  }
+  return {
+    source: source.slice(0, lastImportIndex) + `
+${line}` + source.slice(lastImportIndex),
+    inserted: true
+  };
+}
+var init_code_inject = __esm({
+  "src/utils/code-inject.ts"() {
+    "use strict";
+  }
+});
+
+// src/handlers/database.handler.ts
+var database_handler_exports = {};
+__export(database_handler_exports, {
+  DEFAULT_DATABASE_URLS: () => DEFAULT_DATABASE_URLS,
+  backupDatabaseFiles: () => backupDatabaseFiles,
+  databaseLabel: () => databaseLabel,
+  detectInstalledDatabaseDialect: () => detectInstalledDatabaseDialect,
+  ensureSchemaExport: () => ensureSchemaExport,
+  getDatabaseSelection: () => getDatabaseSelection,
+  getDatabaseSetupHint: () => getDatabaseSetupHint,
+  isDatabaseModule: () => isDatabaseModule,
+  isDrizzleDatabaseModule: () => isDrizzleDatabaseModule,
+  parseDatabaseDialect: () => parseDatabaseDialect,
+  printDatabaseHints: () => printDatabaseHints,
+  promptDatabaseConfig: () => promptDatabaseConfig,
+  validateDatabaseUrl: () => validateDatabaseUrl
+});
+function parseDatabaseDialect(value) {
+  const normalized = value?.trim().toLowerCase();
+  if (!normalized) {
+    return null;
+  }
+  if (normalized === "pg" || normalized === "postgres" || normalized === "postgresql" || normalized === "database-pg" || normalized === "drizzle-pg" || normalized === "drizzle-postgres" || normalized === "database-drizzle-pg") {
+    return "database-pg";
+  }
+  if (normalized === "mysql" || normalized === "database-mysql" || normalized === "drizzle-mysql" || normalized === "database-drizzle-mysql") {
+    return "database-mysql";
+  }
+  if (normalized === "database-prisma-pg" || normalized === "prisma-pg" || normalized === "prisma-postgres" || normalized === "prisma-postgresql" || normalized === "database-prisma") {
+    return "database-prisma-pg";
+  }
+  if (normalized === "database-prisma-mysql" || normalized === "prisma-mysql") {
+    return "database-prisma-mysql";
+  }
+  return null;
+}
+function isDatabaseModule(moduleName) {
+  return moduleName === "database-pg" || moduleName === "database-mysql" || moduleName === "database-prisma-pg" || moduleName === "database-prisma-mysql";
+}
+function isDrizzleDatabaseModule(moduleName) {
+  return moduleName === "database-pg" || moduleName === "database-mysql";
+}
+function getDatabaseSelection(moduleName) {
+  if (moduleName === "database-pg") {
+    return { orm: "drizzle", dialect: "postgresql" };
+  }
+  if (moduleName === "database-mysql") {
+    return { orm: "drizzle", dialect: "mysql" };
+  }
+  if (moduleName === "database-prisma-pg") {
+    return { orm: "prisma", dialect: "postgresql" };
+  }
+  return { orm: "prisma", dialect: "mysql" };
+}
+function getDatabaseModule(orm, dialect) {
+  return DATABASE_MODULE_MAP[orm][dialect];
+}
+function parsePrismaProvider(schemaContent) {
+  const match = schemaContent.match(/provider\s*=\s*"([^"]+)"/);
+  if (!match) {
+    return null;
+  }
+  const provider = match[1]?.trim().toLowerCase();
+  if (provider === "mysql") {
+    return "mysql";
+  }
+  if (provider === "postgresql" || provider === "postgres") {
+    return "postgresql";
+  }
+  return null;
+}
+function validateDatabaseUrl(rawUrl, moduleName) {
+  const { dialect } = getDatabaseSelection(moduleName);
+  const dbUrl = rawUrl.trim();
+  if (!dbUrl) {
+    throw new Error("Database URL cannot be empty.");
+  }
+  let parsed;
+  try {
+    parsed = new URL(dbUrl);
+  } catch {
+    throw new Error(`Invalid database URL: '${dbUrl}'.`);
+  }
+  const protocol = parsed.protocol.toLowerCase();
+  if (dialect === "postgresql" && protocol !== "postgresql:" && protocol !== "postgres:") {
+    throw new Error("PostgreSQL URL must start with postgres:// or postgresql://");
+  }
+  if (dialect === "mysql" && protocol !== "mysql:") {
+    throw new Error("MySQL URL must start with mysql://");
+  }
+  return dbUrl;
+}
+async function detectInstalledDatabaseDialect(projectRoot, srcDir) {
+  const dbIndexPath = import_path7.default.join(projectRoot, srcDir, "db", "index.ts");
+  const prismaSchemaPath = import_path7.default.join(projectRoot, "prisma", "schema.prisma");
+  if (import_fs_extra6.default.existsSync(dbIndexPath)) {
+    const content = await import_fs_extra6.default.readFile(dbIndexPath, "utf-8");
+    if (content.includes("drizzle-orm/node-postgres") || content.includes(`from "pg"`)) {
+      return "database-pg";
+    }
+    if (content.includes("drizzle-orm/mysql2") || content.includes(`from "mysql2`)) {
+      return "database-mysql";
+    }
+    if (content.includes(`from "@prisma/client"`)) {
+      if (import_fs_extra6.default.existsSync(prismaSchemaPath)) {
+        const schemaContent = await import_fs_extra6.default.readFile(prismaSchemaPath, "utf-8");
+        const dialect = parsePrismaProvider(schemaContent);
+        if (dialect === "mysql") {
+          return "database-prisma-mysql";
+        }
+      }
+      return "database-prisma-pg";
+    }
+  }
+  if (import_fs_extra6.default.existsSync(prismaSchemaPath)) {
+    const schemaContent = await import_fs_extra6.default.readFile(prismaSchemaPath, "utf-8");
+    const dialect = parsePrismaProvider(schemaContent);
+    if (dialect === "mysql") {
+      return "database-prisma-mysql";
+    }
+    return "database-prisma-pg";
+  }
+  return null;
+}
+async function backupDatabaseFiles(projectRoot, srcDir) {
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+  const backupRoot = import_path7.default.join(projectRoot, ".zuro", "backups", `database-${timestamp}`);
+  const candidates = [
+    import_path7.default.join(projectRoot, srcDir, "db", "index.ts"),
+    import_path7.default.join(projectRoot, "drizzle.config.ts"),
+    import_path7.default.join(projectRoot, "prisma", "schema.prisma")
+  ];
+  let copied = false;
+  for (const filePath of candidates) {
+    if (!import_fs_extra6.default.existsSync(filePath)) {
+      continue;
+    }
+    const relativePath = import_path7.default.relative(projectRoot, filePath);
+    const backupPath = import_path7.default.join(backupRoot, relativePath);
+    await import_fs_extra6.default.ensureDir(import_path7.default.dirname(backupPath));
+    await import_fs_extra6.default.copyFile(filePath, backupPath);
+    copied = true;
+  }
+  return copied ? backupRoot : null;
+}
+function databaseLabel(moduleName) {
+  const selection = getDatabaseSelection(moduleName);
+  const ormLabel = selection.orm === "drizzle" ? "Drizzle" : "Prisma";
+  const dialectLabel = selection.dialect === "postgresql" ? "PostgreSQL" : "MySQL";
+  return `${ormLabel} (${dialectLabel})`;
+}
+function getDatabaseSetupHint(moduleName, dbUrl) {
+  try {
+    const parsed = new URL(dbUrl);
+    const dbName = parsed.pathname.replace(/^\/+/, "") || "mydb";
+    if (moduleName === "database-pg") {
+      return `createdb ${dbName}`;
+    }
+    return `mysql -e "CREATE DATABASE IF NOT EXISTS ${dbName};"`;
+  } catch {
+    return moduleName === "database-pg" ? "createdb <database_name>" : `mysql -e "CREATE DATABASE IF NOT EXISTS <database_name>;"`;
+  }
+}
+async function ensureSchemaExport(projectRoot, srcDir, schemaFileName) {
+  const schemaIndexPath = import_path7.default.join(projectRoot, srcDir, "db", "schema", "index.ts");
+  if (!await import_fs_extra6.default.pathExists(schemaIndexPath)) {
+    return;
+  }
+  const exportLine = `export * from "./${schemaFileName}";`;
+  const content = await import_fs_extra6.default.readFile(schemaIndexPath, "utf-8");
+  const normalized = content.replace(/\r\n/g, "\n");
+  const exportPattern = new RegExp(
+    `^\\s*export\\s*\\*\\s*from\\s*["']\\./${escapeRegex(schemaFileName)}["'];?\\s*$`,
+    "m"
+  );
+  if (exportPattern.test(normalized)) {
+    return;
+  }
+  let next = normalized.replace(/^\s*export\s*\{\s*\};?\s*$/m, "").trimEnd();
+  if (next.length > 0) {
+    next += "\n\n";
+  }
+  next += `${exportLine}
+`;
+  await import_fs_extra6.default.writeFile(schemaIndexPath, next);
+}
+async function promptDatabaseConfig(initialModuleName, projectRoot, srcDir) {
+  let resolvedModuleName;
+  if (initialModuleName === "database") {
+    const ormResponse = await (0, import_prompts2.default)({
+      type: "select",
+      name: "orm",
+      message: "Which ORM?",
+      choices: [
+        { title: "Drizzle", value: "drizzle" },
+        { title: "Prisma", value: "prisma" }
+      ],
+      initial: 0
+    });
+    if (!ormResponse.orm) {
+      console.log(import_chalk4.default.yellow("Operation cancelled."));
+      return null;
+    }
+    const variantResponse = await (0, import_prompts2.default)({
+      type: "select",
+      name: "dialect",
+      message: "Which database dialect?",
+      choices: [
+        { title: "PostgreSQL", value: "postgresql" },
+        { title: "MySQL", value: "mysql" }
+      ]
+    });
+    if (!variantResponse.dialect) {
+      console.log(import_chalk4.default.yellow("Operation cancelled."));
+      return null;
+    }
+    resolvedModuleName = getDatabaseModule(ormResponse.orm, variantResponse.dialect);
+  } else {
+    const parsed = parseDatabaseDialect(initialModuleName);
+    if (!parsed) {
+      throw new Error(`Unsupported database module '${initialModuleName}'.`);
+    }
+    resolvedModuleName = parsed;
+  }
+  const { orm: selectedOrm, dialect: selectedDialect } = getDatabaseSelection(resolvedModuleName);
+  let databaseBackupPath = null;
+  const installedDialect = await detectInstalledDatabaseDialect(projectRoot, srcDir);
+  if (installedDialect && installedDialect !== resolvedModuleName) {
+    console.log(
+      import_chalk4.default.yellow(
+        `
+\u26A0 Existing database setup detected: ${databaseLabel(installedDialect)}.`
+      )
+    );
+    console.log(
+      import_chalk4.default.yellow(
+        `  Switching to ${databaseLabel(resolvedModuleName)} will overwrite db files and drizzle config.
+`
+      )
+    );
+    const switchResponse = await (0, import_prompts2.default)({
+      type: "confirm",
+      name: "proceed",
+      message: "Continue and switch database dialect?",
+      initial: false
+    });
+    if (!switchResponse.proceed) {
+      console.log(import_chalk4.default.yellow("Operation cancelled."));
+      return null;
+    }
+    databaseBackupPath = await backupDatabaseFiles(projectRoot, srcDir);
+  }
+  const defaultUrl = DEFAULT_DATABASE_URLS[resolvedModuleName];
+  console.log(import_chalk4.default.dim(`  Tip: Leave blank to use ${defaultUrl}
+`));
+  const response = await (0, import_prompts2.default)({
+    type: "text",
+    name: "dbUrl",
+    message: "Database URL",
+    initial: ""
+  });
+  if (response.dbUrl === void 0) {
+    console.log(import_chalk4.default.yellow("Operation cancelled."));
+    return null;
+  }
+  const enteredUrl = response.dbUrl?.trim() || "";
+  const usedDefaultDbUrl = enteredUrl.length === 0;
+  const customDbUrl = validateDatabaseUrl(enteredUrl || defaultUrl, resolvedModuleName);
+  return {
+    resolvedModuleName,
+    selectedOrm,
+    selectedDialect,
+    customDbUrl,
+    usedDefaultDbUrl,
+    databaseBackupPath
+  };
+}
+function printDatabaseHints(moduleName, customDbUrl, usedDefaultDbUrl, databaseBackupPath) {
+  if (databaseBackupPath) {
+    console.log(import_chalk4.default.blue(`\u2139 Backup created at: ${databaseBackupPath}
+`));
+  }
+  if (usedDefaultDbUrl) {
+    console.log(import_chalk4.default.yellow("\u2139 Review DATABASE_URL in .env if your local DB config differs."));
+  }
+  const setupHint = getDatabaseSetupHint(
+    moduleName,
+    customDbUrl || DEFAULT_DATABASE_URLS[moduleName]
+  );
+  console.log(import_chalk4.default.yellow(`\u2139 Ensure DB exists: ${setupHint}`));
+  if (isDrizzleDatabaseModule(moduleName)) {
+    console.log(import_chalk4.default.yellow("\u2139 Run migrations: npx drizzle-kit generate && npx drizzle-kit migrate"));
+    return;
+  }
+  console.log(import_chalk4.default.yellow("\u2139 Run migrations: npx prisma migrate dev --name init"));
+  console.log(import_chalk4.default.yellow("\u2139 Generate client: npx prisma generate"));
+}
+var import_path7, import_fs_extra6, import_prompts2, import_chalk4, DATABASE_MODULE_MAP, DEFAULT_DATABASE_URLS;
+var init_database_handler = __esm({
+  "src/handlers/database.handler.ts"() {
+    "use strict";
+    import_path7 = __toESM(require("path"));
+    import_fs_extra6 = __toESM(require("fs-extra"));
+    import_prompts2 = __toESM(require("prompts"));
+    import_chalk4 = __toESM(require("chalk"));
+    init_code_inject();
+    DATABASE_MODULE_MAP = {
+      drizzle: {
+        postgresql: "database-pg",
+        mysql: "database-mysql"
+      },
+      prisma: {
+        postgresql: "database-prisma-pg",
+        mysql: "database-prisma-mysql"
+      }
+    };
+    DEFAULT_DATABASE_URLS = {
+      "database-pg": "postgresql://postgres@localhost:5432/mydb",
+      "database-mysql": "mysql://root@localhost:3306/mydb",
+      "database-prisma-pg": "postgresql://postgres@localhost:5432/mydb",
+      "database-prisma-mysql": "mysql://root@localhost:3306/mydb"
+    };
+  }
+});
+
+// src/handlers/docs.handler.ts
+var docs_handler_exports = {};
+__export(docs_handler_exports, {
+  injectDocsRoutes: () => injectDocsRoutes,
+  isDocsModuleInstalled: () => isDocsModuleInstalled,
+  printDocsHints: () => printDocsHints
+});
+async function isDocsModuleInstalled(projectRoot, srcDir) {
+  return await import_fs_extra7.default.pathExists(import_path8.default.join(projectRoot, srcDir, "lib", "openapi.ts"));
+}
+async function injectDocsRoutes(projectRoot, srcDir) {
+  const routeIndexPath = import_path8.default.join(projectRoot, srcDir, "routes", "index.ts");
+  const routeImport = `import docsRoutes from "./docs.routes";`;
+  const routeMountPattern = /rootRouter\.use\(\s*["']\/docs["']\s*,\s*docsRoutes\s*\)/;
+  if (await import_fs_extra7.default.pathExists(routeIndexPath)) {
+    let routeContent = await import_fs_extra7.default.readFile(routeIndexPath, "utf-8");
+    let routeModified = false;
+    const importResult = appendImport(routeContent, routeImport);
+    if (!importResult.inserted) {
+      return false;
+    }
+    if (importResult.source !== routeContent) {
+      routeContent = importResult.source;
+      routeModified = true;
+    }
+    if (!routeMountPattern.test(routeContent)) {
+      const routeSetup = `
+// API docs
+rootRouter.use("/docs", docsRoutes);
+`;
+      const exportMatch = routeContent.match(/export default rootRouter;?\s*$/m);
+      if (!exportMatch || exportMatch.index === void 0) {
+        return false;
+      }
+      routeContent = routeContent.slice(0, exportMatch.index) + routeSetup + "\n" + routeContent.slice(exportMatch.index);
+      routeModified = true;
+    }
+    if (routeModified) {
+      await import_fs_extra7.default.writeFile(routeIndexPath, routeContent);
+    }
+    return true;
+  }
+  const appPath = import_path8.default.join(projectRoot, srcDir, "app.ts");
+  if (!await import_fs_extra7.default.pathExists(appPath)) {
+    return false;
+  }
+  let appContent = await import_fs_extra7.default.readFile(appPath, "utf-8");
+  let appModified = false;
+  const appImportResult = appendImport(appContent, `import docsRoutes from "./routes/docs.routes";`);
+  if (!appImportResult.inserted) {
+    return false;
+  }
+  if (appImportResult.source !== appContent) {
+    appContent = appImportResult.source;
+    appModified = true;
+  }
+  const hasMount = /app\.use\(\s*["']\/api\/docs["']\s*,\s*docsRoutes\s*\)/.test(appContent);
+  if (!hasMount) {
+    const setup = `
+// API docs
+app.use("/api/docs", docsRoutes);
+`;
+    const exportMatch = appContent.match(/export default app;?\s*$/m);
+    if (!exportMatch || exportMatch.index === void 0) {
+      return false;
+    }
+    appContent = appContent.slice(0, exportMatch.index) + setup + "\n" + appContent.slice(exportMatch.index);
+    appModified = true;
+  }
+  if (appModified) {
+    await import_fs_extra7.default.writeFile(appPath, appContent);
+  }
+  return true;
+}
+function printDocsHints() {
+  const chalk9 = require("chalk");
+  console.log(chalk9.yellow("\u2139 API docs available at: /api/docs"));
+  console.log(chalk9.yellow("\u2139 OpenAPI spec available at: /api/docs/openapi.json"));
+}
+var import_path8, import_fs_extra7;
+var init_docs_handler = __esm({
+  "src/handlers/docs.handler.ts"() {
+    "use strict";
+    import_path8 = __toESM(require("path"));
+    import_fs_extra7 = __toESM(require("fs-extra"));
+    init_code_inject();
+  }
+});
+
 // src/index.ts
 var import_commander = require("commander");
 
@@ -32,6 +482,7 @@ var import_chalk2 = __toESM(require("chalk"));
 var import_fs_extra4 = __toESM(require("fs-extra"));
 var import_path4 = __toESM(require("path"));
 var import_prompts = __toESM(require("prompts"));
+var import_child_process = require("child_process");
 
 // src/utils/registry.ts
 var import_node_crypto = require("crypto");
@@ -348,23 +799,39 @@ var ENV_CONFIGS = {
       { name: "DATABASE_URL", schema: "z.string().url()" }
     ]
   },
-  auth: {
+  "database-prisma-pg": {
     envVars: {
-      BETTER_AUTH_SECRET: "your-secret-key-at-least-32-characters-long",
-      BETTER_AUTH_URL: "http://localhost:3000"
+      DATABASE_URL: "postgresql://postgres@localhost:5432/mydb"
     },
     schemaFields: [
-      { name: "BETTER_AUTH_SECRET", schema: "z.string().min(32)" },
-      { name: "BETTER_AUTH_URL", schema: "z.string().url()" }
+      { name: "DATABASE_URL", schema: "z.string().url()" }
     ]
   },
-  mailer: {
+  "database-prisma-mysql": {
     envVars: {
-      SMTP_HOST: "smtp.example.com",
-      SMTP_PORT: "587",
-      SMTP_USER: "your-email@example.com",
-      SMTP_PASS: "your-password",
-      MAIL_FROM: "noreply@example.com"
+      DATABASE_URL: "mysql://root@localhost:3306/mydb"
+    },
+    schemaFields: [
+      { name: "DATABASE_URL", schema: "z.string().url()" }
+    ]
+  },
+  auth: {
+    envVars: {
+      BETTER_AUTH_SECRET: "your-secret-key-at-least-32-characters-long",
+      BETTER_AUTH_URL: "http://localhost:3000"
+    },
+    schemaFields: [
+      { name: "BETTER_AUTH_SECRET", schema: "z.string().min(32)" },
+      { name: "BETTER_AUTH_URL", schema: "z.string().url()" }
+    ]
+  },
+  mailer: {
+    envVars: {
+      SMTP_HOST: "smtp.example.com",
+      SMTP_PORT: "587",
+      SMTP_USER: "your-email@example.com",
+      SMTP_PASS: "your-password",
+      MAIL_FROM: "noreply@example.com"
     },
     schemaFields: [
       { name: "SMTP_HOST", schema: "z.string().min(1)" },
@@ -383,6 +850,16 @@ var ENV_CONFIGS = {
       { name: "RESEND_API_KEY", schema: "z.string().min(1)" },
       { name: "MAIL_FROM", schema: "z.string().min(1)" }
     ]
+  },
+  "rate-limiter": {
+    envVars: {
+      RATE_LIMIT_WINDOW_MS: "900000",
+      RATE_LIMIT_MAX: "100"
+    },
+    schemaFields: [
+      { name: "RATE_LIMIT_WINDOW_MS", schema: "z.coerce.number().default(900000)" },
+      { name: "RATE_LIMIT_MAX", schema: "z.coerce.number().default(100)" }
+    ]
   }
 };
 
@@ -404,6 +881,19 @@ function sanitizeConfig(input) {
   if (typeof raw.srcDir === "string") {
     config.srcDir = raw.srcDir;
   }
+  if (raw.database && typeof raw.database === "object") {
+    const dbRaw = raw.database;
+    const database = {};
+    if (dbRaw.orm === "drizzle" || dbRaw.orm === "prisma") {
+      database.orm = dbRaw.orm;
+    }
+    if (dbRaw.dialect === "postgresql" || dbRaw.dialect === "mysql") {
+      database.dialect = dbRaw.dialect;
+    }
+    if (database.orm || database.dialect) {
+      config.database = database;
+    }
+  }
   return config;
 }
 function getConfigPath(cwd) {
@@ -496,6 +986,62 @@ bun.lockb
     await import_fs_extra4.default.writeFile(prettierIgnorePath, ignoreContent);
   }
 }
+async function setupGitignore(targetDir) {
+  const gitignorePath = import_path4.default.join(targetDir, ".gitignore");
+  if (await import_fs_extra4.default.pathExists(gitignorePath)) {
+    return;
+  }
+  const gitignoreContent = `# dependencies
+node_modules
+
+# build output
+dist
+build
+
+# environment variables
+.env
+.env.*
+!.env.example
+
+# logs
+*.log
+npm-debug.log*
+pnpm-debug.log*
+
+# coverage
+coverage
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# IDE
+.vscode
+.idea
+*.swp
+*.swo
+`;
+  await import_fs_extra4.default.writeFile(gitignorePath, gitignoreContent);
+}
+function tryGitInit(targetDir) {
+  try {
+    (0, import_child_process.execSync)("git rev-parse --is-inside-work-tree", {
+      cwd: targetDir,
+      stdio: "ignore"
+    });
+    return;
+  } catch {
+  }
+  try {
+    (0, import_child_process.execSync)("git init", { cwd: targetDir, stdio: "ignore" });
+    (0, import_child_process.execSync)("git add -A", { cwd: targetDir, stdio: "ignore" });
+    (0, import_child_process.execSync)('git commit -m "Initial commit from zuro-cli"', {
+      cwd: targetDir,
+      stdio: "ignore"
+    });
+  } catch {
+  }
+}
 async function init() {
   const cwd = process.cwd();
   const isExistingProject = await import_fs_extra4.default.pathExists(import_path4.default.join(cwd, "package.json"));
@@ -647,8 +1193,16 @@ async function init() {
       currentStep = "prettier setup";
       await setupPrettier(targetDir);
     }
+    currentStep = "gitignore setup";
+    spinner.text = "Setting up .gitignore...";
+    await setupGitignore(targetDir);
     currentStep = "config write";
     await writeZuroConfig(targetDir, zuroConfig);
+    if (!isExistingProject) {
+      currentStep = "git init";
+      spinner.text = "Initializing git repository...";
+      tryGitInit(targetDir);
+    }
     spinner.succeed(import_chalk2.default.green("Project initialized successfully!"));
     console.log(`
 ${import_chalk2.default.bold("Next steps:")}`);
@@ -672,10 +1226,9 @@ ${import_chalk2.default.bold("Retry:")}`);
 }
 
 // src/commands/add.ts
-var import_prompts2 = __toESM(require("prompts"));
 var import_ora2 = __toESM(require("ora"));
-var import_path6 = __toESM(require("path"));
-var import_fs_extra6 = __toESM(require("fs-extra"));
+var import_path13 = __toESM(require("path"));
+var import_fs_extra12 = __toESM(require("fs-extra"));
 var import_node_crypto2 = require("crypto");
 
 // src/utils/dependency.ts
@@ -691,7 +1244,8 @@ var BLOCK_SIGNATURES = {
   logger: "lib/logger.ts",
   auth: "lib/auth.ts",
   mailer: "lib/mailer.ts",
-  docs: "lib/openapi.ts"
+  docs: "lib/openapi.ts",
+  "rate-limiter": "middleware/rate-limiter.ts"
 };
 var resolveDependencies = async (moduleDependencies, cwd) => {
   if (!moduleDependencies || moduleDependencies.length === 0) {
@@ -701,9 +1255,17 @@ var resolveDependencies = async (moduleDependencies, cwd) => {
   const srcDir = config?.srcDir || "src";
   for (const dep of moduleDependencies) {
     if (dep === "database") {
+      const configuredOrm = config?.database?.orm;
+      const configuredDialect = config?.database?.dialect;
       const pgExists = import_fs_extra5.default.existsSync(import_path5.default.join(cwd, srcDir, BLOCK_SIGNATURES["database-pg"]));
       const mysqlExists = import_fs_extra5.default.existsSync(import_path5.default.join(cwd, srcDir, BLOCK_SIGNATURES["database-mysql"]));
-      if (pgExists || mysqlExists) {
+      const prismaSchemaExists = import_fs_extra5.default.existsSync(import_path5.default.join(cwd, "prisma", "schema.prisma"));
+      const hasDbFiles = pgExists || mysqlExists || prismaSchemaExists;
+      const hasDbConfig = Boolean(configuredOrm && configuredDialect);
+      if (hasDbConfig && hasDbFiles) {
+        continue;
+      }
+      if (!hasDbConfig && hasDbFiles) {
         continue;
       }
       console.log(import_chalk3.default.blue(`\u2139 Dependency '${dep}' is missing. Triggering install...`));
@@ -722,12 +1284,8 @@ var resolveDependencies = async (moduleDependencies, cwd) => {
   }
 };
 
-// src/commands/add.ts
-var import_chalk4 = __toESM(require("chalk"));
-var DEFAULT_DATABASE_URLS = {
-  "database-pg": "postgresql://postgres@localhost:5432/mydb",
-  "database-mysql": "mysql://root@localhost:3306/mydb"
-};
+// src/utils/paths.ts
+var import_path6 = __toESM(require("path"));
 function resolveSafeTargetPath2(projectRoot, srcDir, file) {
   const targetPath = import_path6.default.resolve(projectRoot, srcDir, file.target);
   const normalizedRoot = import_path6.default.resolve(projectRoot);
@@ -736,231 +1294,27 @@ function resolveSafeTargetPath2(projectRoot, srcDir, file) {
   }
   return targetPath;
 }
-function resolvePackageManager(projectRoot) {
-  if (import_fs_extra6.default.existsSync(import_path6.default.join(projectRoot, "pnpm-lock.yaml"))) {
-    return "pnpm";
-  }
-  if (import_fs_extra6.default.existsSync(import_path6.default.join(projectRoot, "bun.lockb")) || import_fs_extra6.default.existsSync(import_path6.default.join(projectRoot, "bun.lock"))) {
-    return "bun";
-  }
-  if (import_fs_extra6.default.existsSync(import_path6.default.join(projectRoot, "yarn.lock"))) {
-    return "yarn";
-  }
-  return "npm";
-}
-function parseDatabaseDialect(value) {
-  const normalized = value?.trim().toLowerCase();
-  if (!normalized) {
-    return null;
-  }
-  if (normalized === "pg" || normalized === "postgres" || normalized === "postgresql" || normalized === "database-pg") {
-    return "database-pg";
-  }
-  if (normalized === "mysql" || normalized === "database-mysql") {
-    return "database-mysql";
-  }
-  return null;
-}
-function isDatabaseModule(moduleName) {
-  return moduleName === "database-pg" || moduleName === "database-mysql";
-}
-function validateDatabaseUrl(rawUrl, moduleName) {
-  const dbUrl = rawUrl.trim();
-  if (!dbUrl) {
-    throw new Error("Database URL cannot be empty.");
-  }
-  let parsed;
-  try {
-    parsed = new URL(dbUrl);
-  } catch {
-    throw new Error(`Invalid database URL: '${dbUrl}'.`);
-  }
-  const protocol = parsed.protocol.toLowerCase();
-  if (moduleName === "database-pg" && protocol !== "postgresql:" && protocol !== "postgres:") {
-    throw new Error("PostgreSQL URL must start with postgres:// or postgresql://");
-  }
-  if (moduleName === "database-mysql" && protocol !== "mysql:") {
-    throw new Error("MySQL URL must start with mysql://");
-  }
-  return dbUrl;
-}
-async function detectInstalledDatabaseDialect(projectRoot, srcDir) {
-  const dbIndexPath = import_path6.default.join(projectRoot, srcDir, "db", "index.ts");
-  if (!import_fs_extra6.default.existsSync(dbIndexPath)) {
-    return null;
-  }
-  const content = await import_fs_extra6.default.readFile(dbIndexPath, "utf-8");
-  if (content.includes("drizzle-orm/node-postgres") || content.includes(`from "pg"`)) {
-    return "database-pg";
-  }
-  if (content.includes("drizzle-orm/mysql2") || content.includes(`from "mysql2`)) {
-    return "database-mysql";
-  }
-  return null;
-}
-async function backupDatabaseFiles(projectRoot, srcDir) {
-  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-  const backupRoot = import_path6.default.join(projectRoot, ".zuro", "backups", `database-${timestamp}`);
-  const candidates = [
-    import_path6.default.join(projectRoot, srcDir, "db", "index.ts"),
-    import_path6.default.join(projectRoot, "drizzle.config.ts")
-  ];
-  let copied = false;
-  for (const filePath of candidates) {
-    if (!import_fs_extra6.default.existsSync(filePath)) {
-      continue;
-    }
-    const relativePath = import_path6.default.relative(projectRoot, filePath);
-    const backupPath = import_path6.default.join(backupRoot, relativePath);
-    await import_fs_extra6.default.ensureDir(import_path6.default.dirname(backupPath));
-    await import_fs_extra6.default.copyFile(filePath, backupPath);
-    copied = true;
-  }
-  return copied ? backupRoot : null;
-}
-function databaseLabel(moduleName) {
-  return moduleName === "database-pg" ? "PostgreSQL" : "MySQL";
-}
-function getDatabaseSetupHint(moduleName, dbUrl) {
-  try {
-    const parsed = new URL(dbUrl);
-    const dbName = parsed.pathname.replace(/^\/+/, "") || "mydb";
-    if (moduleName === "database-pg") {
-      return `createdb ${dbName}`;
-    }
-    return `mysql -e "CREATE DATABASE IF NOT EXISTS ${dbName};"`;
-  } catch {
-    return moduleName === "database-pg" ? "createdb <database_name>" : `mysql -e "CREATE DATABASE IF NOT EXISTS <database_name>;"`;
-  }
-}
-function getModuleDocsPath(moduleName) {
-  if (isDatabaseModule(moduleName)) {
-    return "database";
-  }
-  return moduleName;
-}
-function escapeRegex(value) {
-  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
-function appendImport(source, line) {
-  if (source.includes(line)) {
-    return { source, inserted: true };
-  }
-  const importRegex = /^import .+ from .+;?\s*$/gm;
-  let lastImportIndex = 0;
-  let match;
-  while ((match = importRegex.exec(source)) !== null) {
-    lastImportIndex = match.index + match[0].length;
-  }
-  if (lastImportIndex <= 0) {
-    return { source, inserted: false };
-  }
-  return {
-    source: source.slice(0, lastImportIndex) + `
-${line}` + source.slice(lastImportIndex),
-    inserted: true
-  };
-}
-async function hasEnvVariable(projectRoot, key) {
-  const envPath = import_path6.default.join(projectRoot, ".env");
-  if (!await import_fs_extra6.default.pathExists(envPath)) {
-    return false;
-  }
-  const content = await import_fs_extra6.default.readFile(envPath, "utf-8");
-  const pattern = new RegExp(`^${escapeRegex(key)}=`, "m");
-  return pattern.test(content);
-}
-async function isLikelyEmptyDirectory(cwd) {
-  const entries = await import_fs_extra6.default.readdir(cwd);
-  const ignored = /* @__PURE__ */ new Set([".ds_store", "thumbs.db"]);
-  return entries.filter((entry) => !ignored.has(entry.toLowerCase())).length === 0;
-}
-async function ensureSchemaExport(projectRoot, srcDir, schemaFileName) {
-  const schemaIndexPath = import_path6.default.join(projectRoot, srcDir, "db", "schema", "index.ts");
-  if (!await import_fs_extra6.default.pathExists(schemaIndexPath)) {
-    return;
-  }
-  const exportLine = `export * from "./${schemaFileName}";`;
-  const content = await import_fs_extra6.default.readFile(schemaIndexPath, "utf-8");
-  const normalized = content.replace(/\r\n/g, "\n");
-  const exportPattern = new RegExp(
-    `^\\s*export\\s*\\*\\s*from\\s*["']\\./${escapeRegex(schemaFileName)}["'];?\\s*$`,
-    "m"
-  );
-  if (exportPattern.test(normalized)) {
-    return;
-  }
-  let next = normalized.replace(/^\s*export\s*\{\s*\};?\s*$/m, "").trimEnd();
-  if (next.length > 0) {
-    next += "\n\n";
-  }
-  next += `${exportLine}
-`;
-  await import_fs_extra6.default.writeFile(schemaIndexPath, next);
-}
-async function isDocsModuleInstalled(projectRoot, srcDir) {
-  return await import_fs_extra6.default.pathExists(import_path6.default.join(projectRoot, srcDir, "lib", "openapi.ts"));
-}
+
+// src/commands/add.ts
+init_code_inject();
+var import_chalk8 = __toESM(require("chalk"));
+init_database_handler();
+
+// src/handlers/auth.handler.ts
+var import_path9 = __toESM(require("path"));
+var import_fs_extra8 = __toESM(require("fs-extra"));
+var import_prompts3 = __toESM(require("prompts"));
+var import_chalk5 = __toESM(require("chalk"));
+init_code_inject();
 async function isAuthModuleInstalled(projectRoot, srcDir) {
-  return await import_fs_extra6.default.pathExists(import_path6.default.join(projectRoot, srcDir, "lib", "auth.ts"));
-}
-async function injectErrorHandler(projectRoot, srcDir) {
-  const appPath = import_path6.default.join(projectRoot, srcDir, "app.ts");
-  if (!import_fs_extra6.default.existsSync(appPath)) {
-    return false;
-  }
-  let content = await import_fs_extra6.default.readFile(appPath, "utf-8");
-  const errorImport = `import { errorHandler, notFoundHandler } from "./middleware/error-handler";`;
-  const hasErrorImport = content.includes(errorImport);
-  const hasNotFoundUse = /app\.use\(\s*notFoundHandler\s*\)/.test(content);
-  const hasErrorUse = /app\.use\(\s*errorHandler\s*\)/.test(content);
-  let modified = false;
-  let importInserted = hasErrorImport;
-  if (!hasErrorImport) {
-    const importRegex = /^import .+ from .+;?\s*$/gm;
-    let lastImportIndex = 0;
-    let match;
-    while ((match = importRegex.exec(content)) !== null) {
-      lastImportIndex = match.index + match[0].length;
-    }
-    if (lastImportIndex > 0) {
-      content = content.slice(0, lastImportIndex) + `
-${errorImport}` + content.slice(lastImportIndex);
-      modified = true;
-      importInserted = true;
-    }
-  }
-  let setupInserted = hasNotFoundUse && hasErrorUse;
-  if (!setupInserted) {
-    const setupLines = [];
-    if (!hasNotFoundUse) {
-      setupLines.push("app.use(notFoundHandler);");
-    }
-    if (!hasErrorUse) {
-      setupLines.push("app.use(errorHandler);");
-    }
-    const errorSetup = `
-// Error handling (must be last)
-${setupLines.join("\n")}
-`;
-    const exportMatch = content.match(/export default app;?\s*$/m);
-    if (exportMatch && exportMatch.index !== void 0) {
-      content = content.slice(0, exportMatch.index) + errorSetup + "\n" + content.slice(exportMatch.index);
-      modified = true;
-      setupInserted = true;
-    }
-  }
-  if (modified) {
-    await import_fs_extra6.default.writeFile(appPath, content);
-  }
-  return importInserted && setupInserted;
+  return await import_fs_extra8.default.pathExists(import_path9.default.join(projectRoot, srcDir, "lib", "auth.ts"));
 }
 async function injectAuthRoutes(projectRoot, srcDir) {
-  const appPath = import_path6.default.join(projectRoot, srcDir, "app.ts");
-  if (!await import_fs_extra6.default.pathExists(appPath)) {
+  const appPath = import_path9.default.join(projectRoot, srcDir, "app.ts");
+  if (!await import_fs_extra8.default.pathExists(appPath)) {
     return false;
   }
-  let appContent = await import_fs_extra6.default.readFile(appPath, "utf-8");
+  let appContent = await import_fs_extra8.default.readFile(appPath, "utf-8");
   const authHandlerImport = `import { toNodeHandler } from "better-auth/node";`;
   const authImport = `import { auth } from "./lib/auth";`;
   const routeIndexUserImport = `import userRoutes from "./user.routes";`;
@@ -995,9 +1349,9 @@ async function injectAuthRoutes(projectRoot, srcDir) {
     appContent = appContent.slice(0, insertionIndex) + authMountLine + appContent.slice(insertionIndex);
     appModified = true;
   }
-  const routeIndexPath = import_path6.default.join(projectRoot, srcDir, "routes", "index.ts");
-  if (await import_fs_extra6.default.pathExists(routeIndexPath)) {
-    let routeContent = await import_fs_extra6.default.readFile(routeIndexPath, "utf-8");
+  const routeIndexPath = import_path9.default.join(projectRoot, srcDir, "routes", "index.ts");
+  if (await import_fs_extra8.default.pathExists(routeIndexPath)) {
+    let routeContent = await import_fs_extra8.default.readFile(routeIndexPath, "utf-8");
     let routeModified = false;
     const userImportResult = appendImport(routeContent, routeIndexUserImport);
     if (!userImportResult.inserted) {
@@ -1021,7 +1375,7 @@ rootRouter.use("/users", userRoutes);
       routeModified = true;
     }
     if (routeModified) {
-      await import_fs_extra6.default.writeFile(routeIndexPath, routeContent);
+      await import_fs_extra8.default.writeFile(routeIndexPath, routeContent);
     }
   } else {
     const hasUserRoute = /app\.use\(\s*["']\/api\/users["']\s*,\s*userRoutes\s*\)/.test(appContent);
@@ -1047,17 +1401,766 @@ app.use("/api/users", userRoutes);
     }
   }
   if (appModified) {
-    await import_fs_extra6.default.writeFile(appPath, appContent);
+    await import_fs_extra8.default.writeFile(appPath, appContent);
   }
   return true;
 }
-async function injectDocsRoutes(projectRoot, srcDir) {
-  const routeIndexPath = import_path6.default.join(projectRoot, srcDir, "routes", "index.ts");
-  const routeImport = `import docsRoutes from "./docs.routes";`;
-  const routeMountPattern = /rootRouter\.use\(\s*["']\/docs["']\s*,\s*docsRoutes\s*\)/;
-  if (await import_fs_extra6.default.pathExists(routeIndexPath)) {
-    let routeContent = await import_fs_extra6.default.readFile(routeIndexPath, "utf-8");
-    let routeModified = false;
+async function injectAuthDocs(projectRoot, srcDir) {
+  const openApiPath = import_path9.default.join(projectRoot, srcDir, "lib", "openapi.ts");
+  if (!await import_fs_extra8.default.pathExists(openApiPath)) {
+    return false;
+  }
+  const authMarker = "// ZURO_AUTH_DOCS";
+  let content = await import_fs_extra8.default.readFile(openApiPath, "utf-8");
+  if (content.includes(authMarker)) {
+    return true;
+  }
+  const moduleDocsEndMarker = "// ZURO_DOCS_MODULES_END";
+  if (!content.includes(moduleDocsEndMarker)) {
+    return false;
+  }
+  const authBlock = `
+const authSignUpSchema = z.object({
+    email: z.string().email().openapi({ example: "dev@company.com" }),
+    password: z.string().min(8).openapi({ example: "strong-password" }),
+    name: z.string().min(1).optional().openapi({ example: "Dev User" }),
+});
+
+const authSignInSchema = z.object({
+    email: z.string().email().openapi({ example: "dev@company.com" }),
+    password: z.string().min(8).openapi({ example: "strong-password" }),
+});
+
+const authUserSchema = z.object({
+    id: z.string().openapi({ example: "user_123" }),
+    email: z.string().email().openapi({ example: "dev@company.com" }),
+    name: z.string().nullable().openapi({ example: "Dev User" }),
+});
+
+${authMarker}
+registry.registerPath({
+    method: "post",
+    path: "/api/auth/sign-up/email",
+    tags: ["Auth"],
+    summary: "Register using email and password",
+    request: {
+        body: {
+            content: {
+                "application/json": {
+                    schema: authSignUpSchema,
+                },
+            },
+        },
+    },
+    responses: {
+        200: { description: "Registration successful" },
+    },
+});
+
+registry.registerPath({
+    method: "post",
+    path: "/api/auth/sign-in/email",
+    tags: ["Auth"],
+    summary: "Sign in using email and password",
+    request: {
+        body: {
+            content: {
+                "application/json": {
+                    schema: authSignInSchema,
+                },
+            },
+        },
+    },
+    responses: {
+        200: { description: "Sign in successful" },
+        401: { description: "Invalid credentials" },
+    },
+});
+
+registry.registerPath({
+    method: "post",
+    path: "/api/auth/sign-out",
+    tags: ["Auth"],
+    summary: "Sign out current user",
+    responses: {
+        200: { description: "Sign out successful" },
+    },
+});
+
+registry.registerPath({
+    method: "get",
+    path: "/api/users/me",
+    tags: ["Auth"],
+    summary: "Get current authenticated user",
+    security: [{ bearerAuth: [] }],
+    responses: {
+        200: {
+            description: "Current user",
+            content: {
+                "application/json": {
+                    schema: z.object({ user: authUserSchema }),
+                },
+            },
+        },
+        401: { description: "Not authenticated" },
+    },
+});
+`;
+  content = content.replace(moduleDocsEndMarker, `${authBlock}
+${moduleDocsEndMarker}`);
+  await import_fs_extra8.default.writeFile(openApiPath, content);
+  return true;
+}
+async function promptAuthConfig(projectRoot, srcDir, options) {
+  const { isDocsModuleInstalled: isDocsModuleInstalled2 } = await Promise.resolve().then(() => (init_docs_handler(), docs_handler_exports));
+  const docsInstalled = await isDocsModuleInstalled2(projectRoot, srcDir);
+  let shouldInstallDocsForAuth = false;
+  if (!docsInstalled) {
+    if (options.yes) {
+      shouldInstallDocsForAuth = true;
+    } else {
+      const docsResponse = await (0, import_prompts3.default)({
+        type: "confirm",
+        name: "installDocs",
+        message: "Install API docs module (Scalar + OpenAPI) too?",
+        initial: true
+      });
+      if (docsResponse.installDocs === void 0) {
+        console.log(import_chalk5.default.yellow("Operation cancelled."));
+        return null;
+      }
+      shouldInstallDocsForAuth = docsResponse.installDocs;
+    }
+  }
+  const { detectInstalledDatabaseDialect: detectInstalledDatabaseDialect2 } = await Promise.resolve().then(() => (init_database_handler(), database_handler_exports));
+  const authDatabaseDialect = await detectInstalledDatabaseDialect2(projectRoot, srcDir);
+  return { shouldInstallDocsForAuth, authDatabaseDialect };
+}
+function printAuthHints(generatedAuthSecret) {
+  if (generatedAuthSecret) {
+    console.log(import_chalk5.default.yellow("\u2139 BETTER_AUTH_SECRET was generated automatically."));
+  } else {
+    console.log(import_chalk5.default.yellow("\u2139 Review BETTER_AUTH_SECRET and BETTER_AUTH_URL in .env."));
+  }
+  console.log(import_chalk5.default.yellow("\u2139 Run migrations: npx drizzle-kit generate && npx drizzle-kit migrate"));
+}
+
+// src/handlers/mailer.handler.ts
+var import_prompts4 = __toESM(require("prompts"));
+var import_chalk6 = __toESM(require("chalk"));
+async function promptMailerConfig() {
+  const providerResponse = await (0, import_prompts4.default)({
+    type: "select",
+    name: "provider",
+    message: "Which email provider?",
+    choices: [
+      { title: "SMTP (Nodemailer)", description: "Gmail, Mailtrap, any SMTP server", value: "smtp" },
+      { title: "Resend", description: "API-based, easiest setup", value: "resend" }
+    ]
+  });
+  if (providerResponse.provider === void 0) {
+    console.log(import_chalk6.default.yellow("Operation cancelled."));
+    return null;
+  }
+  const mailerProvider = providerResponse.provider;
+  let customSmtpVars;
+  let usedDefaultSmtp = false;
+  console.log(import_chalk6.default.dim("  Tip: Leave fields blank to use placeholder values and configure later\n"));
+  if (mailerProvider === "smtp") {
+    const smtpResponse = await (0, import_prompts4.default)([
+      {
+        type: "text",
+        name: "host",
+        message: "SMTP Host",
+        initial: ""
+      },
+      {
+        type: "text",
+        name: "port",
+        message: "SMTP Port",
+        initial: "587"
+      },
+      {
+        type: "text",
+        name: "user",
+        message: "SMTP User",
+        initial: ""
+      },
+      {
+        type: "password",
+        name: "pass",
+        message: "SMTP Password"
+      },
+      {
+        type: "text",
+        name: "from",
+        message: "Mail From address",
+        initial: ""
+      }
+    ]);
+    if (smtpResponse.host === void 0) {
+      console.log(import_chalk6.default.yellow("Operation cancelled."));
+      return null;
+    }
+    const host = smtpResponse.host?.trim() || "";
+    const user = smtpResponse.user?.trim() || "";
+    const pass = smtpResponse.pass?.trim() || "";
+    const from = smtpResponse.from?.trim() || "";
+    const port = smtpResponse.port?.trim() || "587";
+    usedDefaultSmtp = !host && !user;
+    if (!usedDefaultSmtp) {
+      customSmtpVars = {
+        SMTP_HOST: host || "smtp.example.com",
+        SMTP_PORT: port,
+        SMTP_USER: user || "your-email@example.com",
+        SMTP_PASS: pass || "your-password",
+        MAIL_FROM: from || "noreply@example.com"
+      };
+    }
+  } else {
+    const resendResponse = await (0, import_prompts4.default)([
+      {
+        type: "text",
+        name: "apiKey",
+        message: "Resend API Key",
+        initial: ""
+      },
+      {
+        type: "text",
+        name: "from",
+        message: "Mail From address",
+        initial: ""
+      }
+    ]);
+    if (resendResponse.apiKey === void 0) {
+      console.log(import_chalk6.default.yellow("Operation cancelled."));
+      return null;
+    }
+    const apiKey = resendResponse.apiKey?.trim() || "";
+    const from = resendResponse.from?.trim() || "";
+    usedDefaultSmtp = !apiKey;
+    if (!usedDefaultSmtp) {
+      customSmtpVars = {
+        RESEND_API_KEY: apiKey || "re_your_api_key",
+        MAIL_FROM: from || "onboarding@resend.dev"
+      };
+    }
+  }
+  return { mailerProvider, customSmtpVars, usedDefaultSmtp };
+}
+function printMailerHints(usedDefaultSmtp) {
+  if (usedDefaultSmtp) {
+    console.log(import_chalk6.default.yellow("\u2139 Placeholder SMTP values added to .env \u2014 update them before sending emails."));
+  } else {
+    console.log(import_chalk6.default.yellow("\u2139 Review SMTP configuration in .env to ensure values are correct."));
+  }
+}
+
+// src/commands/add.ts
+init_docs_handler();
+
+// src/handlers/error-handler.handler.ts
+var import_path10 = __toESM(require("path"));
+var import_fs_extra9 = __toESM(require("fs-extra"));
+async function injectErrorHandler(projectRoot, srcDir) {
+  const appPath = import_path10.default.join(projectRoot, srcDir, "app.ts");
+  if (!import_fs_extra9.default.existsSync(appPath)) {
+    return false;
+  }
+  let content = await import_fs_extra9.default.readFile(appPath, "utf-8");
+  const errorImport = `import { errorHandler, notFoundHandler } from "./middleware/error-handler";`;
+  const hasErrorImport = content.includes(errorImport);
+  const hasNotFoundUse = /app\.use\(\s*notFoundHandler\s*\)/.test(content);
+  const hasErrorUse = /app\.use\(\s*errorHandler\s*\)/.test(content);
+  let modified = false;
+  let importInserted = hasErrorImport;
+  if (!hasErrorImport) {
+    const importRegex = /^import .+ from .+;?\s*$/gm;
+    let lastImportIndex = 0;
+    let match;
+    while ((match = importRegex.exec(content)) !== null) {
+      lastImportIndex = match.index + match[0].length;
+    }
+    if (lastImportIndex > 0) {
+      content = content.slice(0, lastImportIndex) + `
+${errorImport}` + content.slice(lastImportIndex);
+      modified = true;
+      importInserted = true;
+    }
+  }
+  let setupInserted = hasNotFoundUse && hasErrorUse;
+  if (!setupInserted) {
+    const setupLines = [];
+    if (!hasNotFoundUse) {
+      setupLines.push("app.use(notFoundHandler);");
+    }
+    if (!hasErrorUse) {
+      setupLines.push("app.use(errorHandler);");
+    }
+    const errorSetup = `
+// Error handling (must be last)
+${setupLines.join("\n")}
+`;
+    const exportMatch = content.match(/export default app;?\s*$/m);
+    if (exportMatch && exportMatch.index !== void 0) {
+      content = content.slice(0, exportMatch.index) + errorSetup + "\n" + content.slice(exportMatch.index);
+      modified = true;
+      setupInserted = true;
+    }
+  }
+  if (modified) {
+    await import_fs_extra9.default.writeFile(appPath, content);
+  }
+  return importInserted && setupInserted;
+}
+
+// src/handlers/rate-limiter.handler.ts
+var import_path11 = __toESM(require("path"));
+var import_fs_extra10 = __toESM(require("fs-extra"));
+async function injectRateLimiter(projectRoot, srcDir) {
+  const appPath = import_path11.default.join(projectRoot, srcDir, "app.ts");
+  if (!import_fs_extra10.default.existsSync(appPath)) {
+    return false;
+  }
+  let content = await import_fs_extra10.default.readFile(appPath, "utf-8");
+  const rateLimiterImport = `import { rateLimiter } from "./middleware/rate-limiter";`;
+  const hasImport = content.includes(rateLimiterImport);
+  const hasUse = /app\.use\(\s*rateLimiter\s*\)/.test(content);
+  if (hasImport && hasUse) {
+    return true;
+  }
+  let modified = false;
+  if (!hasImport) {
+    const importRegex = /^import .+ from .+;?\s*$/gm;
+    let lastImportIndex = 0;
+    let match;
+    while ((match = importRegex.exec(content)) !== null) {
+      lastImportIndex = match.index + match[0].length;
+    }
+    if (lastImportIndex > 0) {
+      content = content.slice(0, lastImportIndex) + `
+${rateLimiterImport}` + content.slice(lastImportIndex);
+      modified = true;
+    }
+  }
+  if (!hasUse) {
+    const jsonMiddleware = /^(\s*app\.use\(\s*express\.json\(\)\s*\);?\s*)$/m;
+    const jsonMatch = content.match(jsonMiddleware);
+    if (jsonMatch && jsonMatch.index !== void 0) {
+      const insertAt = jsonMatch.index + jsonMatch[0].length;
+      content = content.slice(0, insertAt) + `
+app.use(rateLimiter);` + content.slice(insertAt);
+      modified = true;
+    } else {
+      const routeMount = /^\s*app\.use\(\s*["']\/api["']/m;
+      const routeMatch = content.match(routeMount);
+      if (routeMatch && routeMatch.index !== void 0) {
+        content = content.slice(0, routeMatch.index) + `app.use(rateLimiter);
+` + content.slice(routeMatch.index);
+        modified = true;
+      }
+    }
+  }
+  if (modified) {
+    await import_fs_extra10.default.writeFile(appPath, content);
+  }
+  return true;
+}
+
+// src/handlers/uploads.handler.ts
+var import_path12 = __toESM(require("path"));
+var import_fs_extra11 = __toESM(require("fs-extra"));
+var import_prompts5 = __toESM(require("prompts"));
+var import_chalk7 = __toESM(require("chalk"));
+init_code_inject();
+var UPLOAD_PRESETS = {
+  image: {
+    mimeTypes: ["image/jpeg", "image/png", "image/webp", "image/gif"],
+    maxFileSize: 5 * 1024 * 1024,
+    maxFiles: 1
+  },
+  document: {
+    mimeTypes: [
+      "application/pdf",
+      "text/plain",
+      "application/msword",
+      "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
+    ],
+    maxFileSize: 10 * 1024 * 1024,
+    maxFiles: 3
+  },
+  video: {
+    mimeTypes: ["video/mp4", "video/quicktime", "video/webm"],
+    maxFileSize: 100 * 1024 * 1024,
+    maxFiles: 1
+  },
+  mixed: {
+    mimeTypes: [
+      "image/jpeg",
+      "image/png",
+      "image/webp",
+      "application/pdf",
+      "text/plain",
+      "video/mp4"
+    ],
+    maxFileSize: 25 * 1024 * 1024,
+    maxFiles: 5
+  }
+};
+function getUploadEnvSchemaFields(provider) {
+  const shared = [
+    { name: "UPLOAD_PROVIDER", schema: `z.enum(["s3", "r2", "cloudinary"])` },
+    { name: "UPLOAD_MODE", schema: `z.enum(["proxy", "direct", "large"])` },
+    { name: "UPLOAD_AUTH_MODE", schema: `z.enum(["required", "optional", "none"])` },
+    { name: "UPLOAD_FILE_ACCESS", schema: `z.enum(["private", "public"])` },
+    { name: "UPLOAD_FILE_PRESET", schema: `z.enum(["image", "document", "video", "mixed"])` },
+    { name: "UPLOAD_KEY_PREFIX", schema: "z.string().min(1)" },
+    { name: "UPLOAD_ALLOWED_MIME", schema: "z.string().min(1)" },
+    { name: "UPLOAD_MAX_FILE_SIZE", schema: "z.coerce.number().positive()" },
+    { name: "UPLOAD_MAX_FILES", schema: "z.coerce.number().int().positive()" },
+    { name: "UPLOAD_DIRECT_URL_TTL_SECONDS", schema: "z.coerce.number().int().positive().default(900)" },
+    { name: "UPLOAD_ACCESS_URL_TTL_SECONDS", schema: "z.coerce.number().int().positive().default(300)" },
+    { name: "UPLOAD_MULTIPART_PART_SIZE", schema: "z.coerce.number().int().positive().default(5242880)" }
+  ];
+  if (provider === "cloudinary") {
+    return [
+      ...shared,
+      { name: "CLOUDINARY_CLOUD_NAME", schema: "z.string().min(1)" },
+      { name: "CLOUDINARY_API_KEY", schema: "z.string().min(1)" },
+      { name: "CLOUDINARY_API_SECRET", schema: "z.string().min(1)" },
+      { name: "CLOUDINARY_FOLDER", schema: 'z.string().min(1).default("uploads")' },
+      { name: "CLOUDINARY_UPLOAD_PRESET", schema: 'z.string().default("")' }
+    ];
+  }
+  return [
+    ...shared,
+    { name: "UPLOAD_BUCKET", schema: "z.string().min(1)" },
+    { name: "UPLOAD_REGION", schema: "z.string().min(1)" },
+    { name: "UPLOAD_ENDPOINT", schema: 'z.string().default("")' },
+    { name: "UPLOAD_ACCESS_KEY_ID", schema: "z.string().min(1)" },
+    { name: "UPLOAD_SECRET_ACCESS_KEY", schema: "z.string().min(1)" },
+    { name: "UPLOAD_PUBLIC_BASE_URL", schema: 'z.string().default("")' }
+  ];
+}
+async function isAuthInstalled(projectRoot, srcDir) {
+  return import_fs_extra11.default.pathExists(import_path12.default.join(projectRoot, srcDir, "lib", "auth.ts"));
+}
+function hasDrizzleDatabase(config) {
+  return config?.database?.orm === "drizzle";
+}
+async function promptCredentials(provider) {
+  console.log(import_chalk7.default.dim("  Tip: Leave fields blank to use placeholders and configure later.\n"));
+  if (provider === "cloudinary") {
+    const response2 = await (0, import_prompts5.default)([
+      {
+        type: "text",
+        name: "cloudName",
+        message: "Cloudinary cloud name",
+        initial: ""
+      },
+      {
+        type: "text",
+        name: "apiKey",
+        message: "Cloudinary API key",
+        initial: ""
+      },
+      {
+        type: "password",
+        name: "apiSecret",
+        message: "Cloudinary API secret"
+      },
+      {
+        type: "text",
+        name: "folder",
+        message: "Cloudinary folder",
+        initial: "uploads"
+      },
+      {
+        type: "text",
+        name: "uploadPreset",
+        message: "Cloudinary upload preset (optional)",
+        initial: ""
+      }
+    ]);
+    if (response2.cloudName === void 0) {
+      console.log(import_chalk7.default.yellow("Operation cancelled."));
+      return null;
+    }
+    const values2 = {
+      CLOUDINARY_CLOUD_NAME: response2.cloudName?.trim() || "your-cloud-name",
+      CLOUDINARY_API_KEY: response2.apiKey?.trim() || "your-api-key",
+      CLOUDINARY_API_SECRET: response2.apiSecret?.trim() || "your-api-secret",
+      CLOUDINARY_FOLDER: response2.folder?.trim() || "uploads",
+      CLOUDINARY_UPLOAD_PRESET: response2.uploadPreset?.trim() || ""
+    };
+    return values2;
+  }
+  const response = await (0, import_prompts5.default)([
+    {
+      type: "text",
+      name: "bucket",
+      message: `${provider.toUpperCase()} bucket name`,
+      initial: ""
+    },
+    {
+      type: "text",
+      name: "region",
+      message: `${provider.toUpperCase()} region`,
+      initial: provider === "r2" ? "auto" : "us-east-1"
+    },
+    {
+      type: "text",
+      name: "endpoint",
+      message: provider === "r2" ? "R2 S3 endpoint" : "Custom S3 endpoint (optional)",
+      initial: provider === "r2" ? "https://<account-id>.r2.cloudflarestorage.com" : ""
+    },
+    {
+      type: "text",
+      name: "accessKeyId",
+      message: "Access key ID",
+      initial: ""
+    },
+    {
+      type: "password",
+      name: "secretAccessKey",
+      message: "Secret access key"
+    },
+    {
+      type: "text",
+      name: "publicBaseUrl",
+      message: "Public base URL (optional)",
+      initial: ""
+    }
+  ]);
+  if (response.bucket === void 0) {
+    console.log(import_chalk7.default.yellow("Operation cancelled."));
+    return null;
+  }
+  const values = {
+    UPLOAD_BUCKET: response.bucket?.trim() || `your-${provider}-bucket`,
+    UPLOAD_REGION: response.region?.trim() || (provider === "r2" ? "auto" : "us-east-1"),
+    UPLOAD_ENDPOINT: response.endpoint?.trim() || (provider === "r2" ? "https://<account-id>.r2.cloudflarestorage.com" : ""),
+    UPLOAD_ACCESS_KEY_ID: response.accessKeyId?.trim() || "your-access-key-id",
+    UPLOAD_SECRET_ACCESS_KEY: response.secretAccessKey?.trim() || "your-secret-access-key",
+    UPLOAD_PUBLIC_BASE_URL: response.publicBaseUrl?.trim() || ""
+  };
+  return values;
+}
+function buildSharedEnvVars(provider, mode, authMode, access, preset, maxFileSize, maxFiles) {
+  return {
+    UPLOAD_PROVIDER: provider,
+    UPLOAD_MODE: mode,
+    UPLOAD_AUTH_MODE: authMode,
+    UPLOAD_FILE_ACCESS: access,
+    UPLOAD_FILE_PRESET: preset,
+    UPLOAD_KEY_PREFIX: "uploads",
+    UPLOAD_ALLOWED_MIME: UPLOAD_PRESETS[preset].mimeTypes.join(","),
+    UPLOAD_MAX_FILE_SIZE: String(maxFileSize),
+    UPLOAD_MAX_FILES: String(maxFiles),
+    UPLOAD_DIRECT_URL_TTL_SECONDS: "900",
+    UPLOAD_ACCESS_URL_TTL_SECONDS: "300",
+    UPLOAD_MULTIPART_PART_SIZE: "5242880"
+  };
+}
+async function promptUploadsConfig(projectRoot, srcDir) {
+  const projectConfig = await readZuroConfig(projectRoot);
+  const authInstalled = await isAuthInstalled(projectRoot, srcDir);
+  const drizzleInstalled = hasDrizzleDatabase(projectConfig);
+  const initial = await (0, import_prompts5.default)([
+    {
+      type: "select",
+      name: "provider",
+      message: "Which upload provider?",
+      choices: [
+        { title: "S3", value: "s3" },
+        { title: "R2", value: "r2" },
+        { title: "Cloudinary", value: "cloudinary" }
+      ],
+      initial: 0
+    },
+    {
+      type: "select",
+      name: "mode",
+      message: "Which upload mode?",
+      choices: [
+        { title: "Proxy", description: "API server receives the file and uploads it", value: "proxy" },
+        { title: "Direct", description: "Client uploads directly with signed params/URLs", value: "direct" },
+        { title: "Large", description: "Multipart upload flow for large files", value: "large" }
+      ],
+      initial: 1
+    },
+    {
+      type: "select",
+      name: "authMode",
+      message: "Who can upload?",
+      choices: [
+        { title: "Authenticated only", value: "required" },
+        { title: "Optional auth", value: "optional" },
+        { title: "Public", value: "none" }
+      ],
+      initial: authInstalled ? 0 : 2
+    },
+    {
+      type: "select",
+      name: "access",
+      message: "How should uploaded files be accessed?",
+      choices: [
+        { title: "Private", value: "private" },
+        { title: "Public", value: "public" }
+      ],
+      initial: 0
+    },
+    {
+      type: "select",
+      name: "preset",
+      message: "Which file preset?",
+      choices: [
+        { title: "Image", value: "image" },
+        { title: "Document", value: "document" },
+        { title: "Video", value: "video" },
+        { title: "Mixed", value: "mixed" }
+      ],
+      initial: 0
+    },
+    {
+      type: "confirm",
+      name: "useDefaults",
+      message: "Use recommended upload limits for this preset?",
+      initial: true
+    }
+  ]);
+  if (initial.provider === void 0) {
+    console.log(import_chalk7.default.yellow("Operation cancelled."));
+    return null;
+  }
+  const provider = initial.provider;
+  const mode = initial.mode;
+  const authMode = initial.authMode;
+  const access = initial.access;
+  const preset = initial.preset;
+  if (provider === "cloudinary" && mode === "large") {
+    console.log(import_chalk7.default.yellow("\nCloudinary large multipart scaffolding is not available in this module yet."));
+    console.log(import_chalk7.default.yellow("Use S3 or R2 for large uploads, or pick Proxy/Direct for Cloudinary.\n"));
+    return null;
+  }
+  if (provider === "cloudinary" && (preset === "document" || preset === "mixed")) {
+    const warning = await (0, import_prompts5.default)({
+      type: "confirm",
+      name: "continue",
+      message: "Cloudinary is media-first. Continue with Cloudinary for non-media/general files?",
+      initial: false
+    });
+    if (!warning.continue) {
+      console.log(import_chalk7.default.yellow("Operation cancelled."));
+      return null;
+    }
+  }
+  const presetDefaults = UPLOAD_PRESETS[preset];
+  let maxFileSize = presetDefaults.maxFileSize;
+  let maxFiles = presetDefaults.maxFiles;
+  if (!initial.useDefaults) {
+    const custom = await (0, import_prompts5.default)([
+      {
+        type: "number",
+        name: "maxFileSizeMb",
+        message: "Max file size (MB)",
+        initial: Math.max(1, Math.round(presetDefaults.maxFileSize / (1024 * 1024))),
+        min: 1
+      },
+      {
+        type: "number",
+        name: "maxFiles",
+        message: "Max files per request",
+        initial: presetDefaults.maxFiles,
+        min: 1,
+        max: 20
+      }
+    ]);
+    if (custom.maxFileSizeMb === void 0) {
+      console.log(import_chalk7.default.yellow("Operation cancelled."));
+      return null;
+    }
+    maxFileSize = Number(custom.maxFileSizeMb) * 1024 * 1024;
+    maxFiles = Number(custom.maxFiles);
+  }
+  let useDatabaseMetadata = false;
+  let shouldInstallDatabase = false;
+  const metadataPrompt = await (0, import_prompts5.default)({
+    type: "select",
+    name: "metadata",
+    message: "Upload metadata storage?",
+    choices: [
+      { title: drizzleInstalled ? "Database" : "Install database + track uploads", value: "db" },
+      { title: "No metadata", value: "none" }
+    ],
+    initial: 0
+  });
+  if (metadataPrompt.metadata === void 0) {
+    console.log(import_chalk7.default.yellow("Operation cancelled."));
+    return null;
+  }
+  if (metadataPrompt.metadata === "db") {
+    useDatabaseMetadata = true;
+    if (!projectConfig?.database) {
+      shouldInstallDatabase = true;
+    } else if (!drizzleInstalled) {
+      console.log(import_chalk7.default.yellow("\nUploads metadata currently supports Drizzle-based database setups only."));
+      console.log(import_chalk7.default.yellow("Install or switch to a Drizzle database, or continue without metadata.\n"));
+      return null;
+    }
+  }
+  if (access === "private" && !useDatabaseMetadata) {
+    const warning = await (0, import_prompts5.default)({
+      type: "confirm",
+      name: "continue",
+      message: "Private uploads work best with metadata. Continue without database tracking?",
+      initial: false
+    });
+    if (!warning.continue) {
+      console.log(import_chalk7.default.yellow("Operation cancelled."));
+      return null;
+    }
+  }
+  let shouldInstallAuth = false;
+  if (authMode !== "none" && !authInstalled) {
+    const authPrompt = await (0, import_prompts5.default)({
+      type: "confirm",
+      name: "installAuth",
+      message: "Uploads auth requires the auth module. Install auth now?",
+      initial: true
+    });
+    if (!authPrompt.installAuth) {
+      console.log(import_chalk7.default.yellow("Operation cancelled."));
+      return null;
+    }
+    shouldInstallAuth = true;
+  }
+  const providerEnv = await promptCredentials(provider);
+  if (!providerEnv) {
+    return null;
+  }
+  return {
+    provider,
+    mode,
+    authMode,
+    access,
+    preset,
+    useDatabaseMetadata,
+    shouldInstallAuth,
+    shouldInstallDatabase,
+    envVars: {
+      ...buildSharedEnvVars(provider, mode, authMode, access, preset, maxFileSize, maxFiles),
+      ...providerEnv
+    }
+  };
+}
+async function injectUploadsRoutes(projectRoot, srcDir) {
+  const routeIndexPath = import_path12.default.join(projectRoot, srcDir, "routes", "index.ts");
+  const routeImport = `import uploadsRoutes from "./uploads.routes";`;
+  const routeMountPattern = /rootRouter\.use\(\s*["']\/uploads["']\s*,\s*uploadsRoutes\s*\)/;
+  if (await import_fs_extra11.default.pathExists(routeIndexPath)) {
+    let routeContent = await import_fs_extra11.default.readFile(routeIndexPath, "utf-8");
+    let routeModified = false;
     const importResult = appendImport(routeContent, routeImport);
     if (!importResult.inserted) {
       return false;
@@ -1068,8 +2171,8 @@ async function injectDocsRoutes(projectRoot, srcDir) {
     }
     if (!routeMountPattern.test(routeContent)) {
       const routeSetup = `
-// API docs
-rootRouter.use("/docs", docsRoutes);
+// Upload routes
+rootRouter.use("/uploads", uploadsRoutes);
 `;
       const exportMatch = routeContent.match(/export default rootRouter;?\s*$/m);
       if (!exportMatch || exportMatch.index === void 0) {
@@ -1079,17 +2182,17 @@ rootRouter.use("/docs", docsRoutes);
       routeModified = true;
     }
     if (routeModified) {
-      await import_fs_extra6.default.writeFile(routeIndexPath, routeContent);
+      await import_fs_extra11.default.writeFile(routeIndexPath, routeContent);
     }
     return true;
   }
-  const appPath = import_path6.default.join(projectRoot, srcDir, "app.ts");
-  if (!await import_fs_extra6.default.pathExists(appPath)) {
+  const appPath = import_path12.default.join(projectRoot, srcDir, "app.ts");
+  if (!await import_fs_extra11.default.pathExists(appPath)) {
     return false;
   }
-  let appContent = await import_fs_extra6.default.readFile(appPath, "utf-8");
+  let appContent = await import_fs_extra11.default.readFile(appPath, "utf-8");
   let appModified = false;
-  const appImportResult = appendImport(appContent, `import docsRoutes from "./routes/docs.routes";`);
+  const appImportResult = appendImport(appContent, `import uploadsRoutes from "./routes/uploads.routes";`);
   if (!appImportResult.inserted) {
     return false;
   }
@@ -1097,11 +2200,11 @@ rootRouter.use("/docs", docsRoutes);
     appContent = appImportResult.source;
     appModified = true;
   }
-  const hasMount = /app\.use\(\s*["']\/api\/docs["']\s*,\s*docsRoutes\s*\)/.test(appContent);
+  const hasMount = /app\.use\(\s*["']\/api\/uploads["']\s*,\s*uploadsRoutes\s*\)/.test(appContent);
   if (!hasMount) {
     const setup = `
-// API docs
-app.use("/api/docs", docsRoutes);
+// Upload routes
+app.use("/api/uploads", uploadsRoutes);
 `;
     const exportMatch = appContent.match(/export default app;?\s*$/m);
     if (!exportMatch || exportMatch.index === void 0) {
@@ -1111,116 +2214,224 @@ app.use("/api/docs", docsRoutes);
     appModified = true;
   }
   if (appModified) {
-    await import_fs_extra6.default.writeFile(appPath, appContent);
+    await import_fs_extra11.default.writeFile(appPath, appContent);
   }
   return true;
 }
-async function injectAuthDocs(projectRoot, srcDir) {
-  const openApiPath = import_path6.default.join(projectRoot, srcDir, "lib", "openapi.ts");
-  if (!await import_fs_extra6.default.pathExists(openApiPath)) {
+async function isUploadsModuleInstalled(projectRoot, srcDir) {
+  return import_fs_extra11.default.pathExists(import_path12.default.join(projectRoot, srcDir, "routes", "uploads.routes.ts"));
+}
+async function detectInstalledUploadsMode(projectRoot) {
+  const envPath = import_path12.default.join(projectRoot, ".env");
+  if (!await import_fs_extra11.default.pathExists(envPath)) {
+    return null;
+  }
+  const content = await import_fs_extra11.default.readFile(envPath, "utf-8");
+  const match = content.match(/^UPLOAD_MODE=(proxy|direct|large)$/m);
+  if (!match) {
+    return null;
+  }
+  return match[1];
+}
+async function injectUploadsDocs(projectRoot, srcDir, mode) {
+  const openApiPath = import_path12.default.join(projectRoot, srcDir, "lib", "openapi.ts");
+  if (!await import_fs_extra11.default.pathExists(openApiPath)) {
     return false;
   }
-  const authMarker = "// ZURO_AUTH_DOCS";
-  let content = await import_fs_extra6.default.readFile(openApiPath, "utf-8");
-  if (content.includes(authMarker)) {
+  const marker = "// ZURO_UPLOADS_DOCS";
+  let content = await import_fs_extra11.default.readFile(openApiPath, "utf-8");
+  if (content.includes(marker)) {
     return true;
   }
   const moduleDocsEndMarker = "// ZURO_DOCS_MODULES_END";
   if (!content.includes(moduleDocsEndMarker)) {
     return false;
   }
-  const authBlock = `
-const authSignUpSchema = z.object({
-    email: z.string().email().openapi({ example: "dev@company.com" }),
-    password: z.string().min(8).openapi({ example: "strong-password" }),
-    name: z.string().min(1).optional().openapi({ example: "Dev User" }),
-});
-
-const authSignInSchema = z.object({
-    email: z.string().email().openapi({ example: "dev@company.com" }),
-    password: z.string().min(8).openapi({ example: "strong-password" }),
+  const commonBlock = `
+const uploadAccessSchema = z.object({
+    key: z.string().openapi({ example: "uploads/users/user_123/2026/03/06/example.png" }),
+    resourceType: z.string().optional().openapi({ example: "image" }),
+    providerAssetId: z.string().optional().openapi({ example: "uploads/users/user_123/example" }),
 });
 
-const authUserSchema = z.object({
-    id: z.string().openapi({ example: "user_123" }),
-    email: z.string().email().openapi({ example: "dev@company.com" }),
-    name: z.string().nullable().openapi({ example: "Dev User" }),
-});
-
-${authMarker}
-registry.registerPath({
+`;
+  const directBlock = mode === "direct" ? `registry.registerPath({
     method: "post",
-    path: "/api/auth/sign-up/email",
-    tags: ["Auth"],
-    summary: "Register using email and password",
+    path: "/api/uploads/presign",
+    tags: ["Uploads"],
+    summary: "Create a signed direct upload request",
     request: {
         body: {
             content: {
                 "application/json": {
-                    schema: authSignUpSchema,
+                    schema: z.object({
+                        originalName: z.string().min(1),
+                        mimeType: z.string().min(1),
+                        bytes: z.number().positive(),
+                    }),
                 },
             },
         },
     },
     responses: {
-        200: { description: "Registration successful" },
+        200: { description: "Signed upload created" },
     },
 });
 
 registry.registerPath({
     method: "post",
-    path: "/api/auth/sign-in/email",
-    tags: ["Auth"],
-    summary: "Sign in using email and password",
-    request: {
-        body: {
-            content: {
-                "application/json": {
-                    schema: authSignInSchema,
-                },
-            },
-        },
+    path: "/api/uploads/complete",
+    tags: ["Uploads"],
+    summary: "Finalize a direct upload and persist metadata",
+    responses: {
+        201: { description: "Upload finalized" },
     },
+});
+` : "";
+  const proxyBlock = mode === "proxy" ? `registry.registerPath({
+    method: "post",
+    path: "/api/uploads",
+    tags: ["Uploads"],
+    summary: "Upload a file through the API server",
     responses: {
-        200: { description: "Sign in successful" },
-        401: { description: "Invalid credentials" },
+        201: { description: "File uploaded" },
+    },
+});
+` : "";
+  const largeBlock = mode === "large" ? `registry.registerPath({
+    method: "post",
+    path: "/api/uploads/multipart/init",
+    tags: ["Uploads"],
+    summary: "Start a multipart upload session",
+    responses: {
+        200: { description: "Multipart upload initialized" },
     },
 });
 
 registry.registerPath({
     method: "post",
-    path: "/api/auth/sign-out",
-    tags: ["Auth"],
-    summary: "Sign out current user",
+    path: "/api/uploads/multipart/complete",
+    tags: ["Uploads"],
+    summary: "Complete a multipart upload",
     responses: {
-        200: { description: "Sign out successful" },
+        201: { description: "Multipart upload completed" },
     },
 });
 
 registry.registerPath({
-    method: "get",
-    path: "/api/users/me",
-    tags: ["Auth"],
-    summary: "Get current authenticated user",
-    security: [{ bearerAuth: [] }],
+    method: "post",
+    path: "/api/uploads/multipart/abort",
+    tags: ["Uploads"],
+    summary: "Abort a multipart upload",
     responses: {
-        200: {
-            description: "Current user",
+        204: { description: "Multipart upload aborted" },
+    },
+});
+` : "";
+  const sharedOps = `registry.registerPath({
+    method: "post",
+    path: "/api/uploads/access-url",
+    tags: ["Uploads"],
+    summary: "Create an access URL for an uploaded file",
+    request: {
+        body: {
             content: {
                 "application/json": {
-                    schema: z.object({ user: authUserSchema }),
+                    schema: uploadAccessSchema,
                 },
             },
         },
-        401: { description: "Not authenticated" },
+    },
+    responses: {
+        200: { description: "Access URL generated" },
+    },
+});
+
+registry.registerPath({
+    method: "delete",
+    path: "/api/uploads",
+    tags: ["Uploads"],
+    summary: "Delete an uploaded file",
+    request: {
+        body: {
+            content: {
+                "application/json": {
+                    schema: uploadAccessSchema,
+                },
+            },
+        },
+    },
+    responses: {
+        204: { description: "Upload deleted" },
     },
 });
 `;
-  content = content.replace(moduleDocsEndMarker, `${authBlock}
+  const block = `
+${commonBlock}${marker}
+${proxyBlock}${directBlock}${largeBlock}${sharedOps}`;
+  content = content.replace(moduleDocsEndMarker, `${block}
 ${moduleDocsEndMarker}`);
-  await import_fs_extra6.default.writeFile(openApiPath, content);
+  const tagInsert = /(\{\s*name:\s*"Auth".+\},\s*\n\s*\],)/;
+  if (tagInsert.test(content) && !content.includes(`{ name: "Uploads", description: "File uploads and asset access" }`)) {
+    content = content.replace(
+      tagInsert,
+      `{ name: "Auth", description: "Authentication and session endpoints" },
+            { name: "Uploads", description: "File uploads and asset access" },
+        ],`
+    );
+  }
+  await import_fs_extra11.default.writeFile(openApiPath, content);
   return true;
 }
+function printUploadHints(result) {
+  console.log(import_chalk7.default.yellow("\u2139 Upload routes are mounted at: /api/uploads"));
+  console.log(import_chalk7.default.yellow(`\u2139 Provider: ${result.provider} \xB7 Mode: ${result.mode} \xB7 Access: ${result.access}`));
+  if (result.mode === "proxy") {
+    console.log(import_chalk7.default.yellow("\u2139 Reuse uploadSingle()/uploadArray() from src/lib/uploads/proxy.ts in your own form + file routes."));
+  }
+  if (result.provider === "r2") {
+    console.log(import_chalk7.default.yellow("\u2139 R2 presigned URLs use the R2 S3 API endpoint, not your custom domain."));
+  }
+  if (result.useDatabaseMetadata) {
+    console.log(import_chalk7.default.yellow("\u2139 Upload metadata is stored in db/schema/uploads.ts."));
+  } else {
+    console.log(import_chalk7.default.yellow("\u2139 No upload metadata table was added. Private file ownership checks fall back to key prefixes."));
+  }
+}
+
+// src/commands/add.ts
+function resolvePackageManager(projectRoot) {
+  if (import_fs_extra12.default.existsSync(import_path13.default.join(projectRoot, "pnpm-lock.yaml"))) {
+    return "pnpm";
+  }
+  if (import_fs_extra12.default.existsSync(import_path13.default.join(projectRoot, "bun.lockb")) || import_fs_extra12.default.existsSync(import_path13.default.join(projectRoot, "bun.lock"))) {
+    return "bun";
+  }
+  if (import_fs_extra12.default.existsSync(import_path13.default.join(projectRoot, "yarn.lock"))) {
+    return "yarn";
+  }
+  return "npm";
+}
+function getModuleDocsPath(moduleName) {
+  if (isDatabaseModule(moduleName)) {
+    return "database";
+  }
+  return moduleName;
+}
+async function hasEnvVariable(projectRoot, key) {
+  const envPath = import_path13.default.join(projectRoot, ".env");
+  if (!await import_fs_extra12.default.pathExists(envPath)) {
+    return false;
+  }
+  const content = await import_fs_extra12.default.readFile(envPath, "utf-8");
+  const pattern = new RegExp(`^${escapeRegex(key)}=`, "m");
+  return pattern.test(content);
+}
+async function isLikelyEmptyDirectory(cwd) {
+  const entries = await import_fs_extra12.default.readdir(cwd);
+  const ignored = /* @__PURE__ */ new Set([".ds_store", "thumbs.db"]);
+  return entries.filter((entry) => !ignored.has(entry.toLowerCase())).length === 0;
+}
 var add = async (moduleName, options = {}) => {
   const projectRoot = process.cwd();
   const projectConfig = await readZuroConfig(projectRoot);
@@ -1241,188 +2452,42 @@ var add = async (moduleName, options = {}) => {
   let customDbUrl;
   let usedDefaultDbUrl = false;
   let databaseBackupPath = null;
+  let selectedDatabaseOrm = null;
+  let selectedDatabaseDialect = null;
   let generatedAuthSecret = false;
   let authDatabaseDialect = null;
   let customSmtpVars;
   let usedDefaultSmtp = false;
   let mailerProvider = "smtp";
   let shouldInstallDocsForAuth = false;
-  if (resolvedModuleName === "database") {
-    const variantResponse = await (0, import_prompts2.default)({
-      type: "select",
-      name: "variant",
-      message: "Which database dialect?",
-      choices: [
-        { title: "PostgreSQL", value: "database-pg" },
-        { title: "MySQL", value: "database-mysql" }
-      ]
-    });
-    if (!variantResponse.variant) {
-      console.log(import_chalk4.default.yellow("Operation cancelled."));
-      return;
-    }
-    resolvedModuleName = variantResponse.variant;
-  }
-  if (isDatabaseModule(resolvedModuleName)) {
-    const installedDialect = await detectInstalledDatabaseDialect(projectRoot, srcDir);
-    if (installedDialect && installedDialect !== resolvedModuleName) {
-      console.log(
-        import_chalk4.default.yellow(
-          `
-\u26A0 Existing database setup detected: ${databaseLabel(installedDialect)}.`
-        )
-      );
-      console.log(
-        import_chalk4.default.yellow(
-          `  Switching to ${databaseLabel(resolvedModuleName)} will overwrite db files and drizzle config.
-`
-        )
-      );
-      const switchResponse = await (0, import_prompts2.default)({
-        type: "confirm",
-        name: "proceed",
-        message: "Continue and switch database dialect?",
-        initial: false
-      });
-      if (!switchResponse.proceed) {
-        console.log(import_chalk4.default.yellow("Operation cancelled."));
-        return;
-      }
-      databaseBackupPath = await backupDatabaseFiles(projectRoot, srcDir);
-    }
-    const defaultUrl = DEFAULT_DATABASE_URLS[resolvedModuleName];
-    console.log(import_chalk4.default.dim(`  Tip: Leave blank to use ${defaultUrl}
-`));
-    const response = await (0, import_prompts2.default)({
-      type: "text",
-      name: "dbUrl",
-      message: "Database URL",
-      initial: ""
-    });
-    if (response.dbUrl === void 0) {
-      console.log(import_chalk4.default.yellow("Operation cancelled."));
-      return;
-    }
-    const enteredUrl = response.dbUrl?.trim() || "";
-    usedDefaultDbUrl = enteredUrl.length === 0;
-    customDbUrl = validateDatabaseUrl(enteredUrl || defaultUrl, resolvedModuleName);
+  let uploadConfig = null;
+  let uploadDatabaseDialect = null;
+  if (resolvedModuleName === "database" || isDatabaseModule(resolvedModuleName)) {
+    const result = await promptDatabaseConfig(resolvedModuleName, projectRoot, srcDir);
+    if (!result) return;
+    resolvedModuleName = result.resolvedModuleName;
+    selectedDatabaseOrm = result.selectedOrm;
+    selectedDatabaseDialect = result.selectedDialect;
+    customDbUrl = result.customDbUrl;
+    usedDefaultDbUrl = result.usedDefaultDbUrl;
+    databaseBackupPath = result.databaseBackupPath;
   }
   if (resolvedModuleName === "mailer") {
-    const providerResponse = await (0, import_prompts2.default)({
-      type: "select",
-      name: "provider",
-      message: "Which email provider?",
-      choices: [
-        { title: "SMTP (Nodemailer)", description: "Gmail, Mailtrap, any SMTP server", value: "smtp" },
-        { title: "Resend", description: "API-based, easiest setup", value: "resend" }
-      ]
-    });
-    if (providerResponse.provider === void 0) {
-      console.log(import_chalk4.default.yellow("Operation cancelled."));
-      return;
-    }
-    mailerProvider = providerResponse.provider;
-    console.log(import_chalk4.default.dim("  Tip: Leave fields blank to use placeholder values and configure later\n"));
-    if (mailerProvider === "smtp") {
-      const smtpResponse = await (0, import_prompts2.default)([
-        {
-          type: "text",
-          name: "host",
-          message: "SMTP Host",
-          initial: ""
-        },
-        {
-          type: "text",
-          name: "port",
-          message: "SMTP Port",
-          initial: "587"
-        },
-        {
-          type: "text",
-          name: "user",
-          message: "SMTP User",
-          initial: ""
-        },
-        {
-          type: "password",
-          name: "pass",
-          message: "SMTP Password"
-        },
-        {
-          type: "text",
-          name: "from",
-          message: "Mail From address",
-          initial: ""
-        }
-      ]);
-      if (smtpResponse.host === void 0) {
-        console.log(import_chalk4.default.yellow("Operation cancelled."));
-        return;
-      }
-      const host = smtpResponse.host?.trim() || "";
-      const user = smtpResponse.user?.trim() || "";
-      const pass = smtpResponse.pass?.trim() || "";
-      const from = smtpResponse.from?.trim() || "";
-      const port = smtpResponse.port?.trim() || "587";
-      usedDefaultSmtp = !host && !user;
-      if (!usedDefaultSmtp) {
-        customSmtpVars = {
-          SMTP_HOST: host || "smtp.example.com",
-          SMTP_PORT: port,
-          SMTP_USER: user || "your-email@example.com",
-          SMTP_PASS: pass || "your-password",
-          MAIL_FROM: from || "noreply@example.com"
-        };
-      }
-    } else {
-      const resendResponse = await (0, import_prompts2.default)([
-        {
-          type: "text",
-          name: "apiKey",
-          message: "Resend API Key",
-          initial: ""
-        },
-        {
-          type: "text",
-          name: "from",
-          message: "Mail From address",
-          initial: ""
-        }
-      ]);
-      if (resendResponse.apiKey === void 0) {
-        console.log(import_chalk4.default.yellow("Operation cancelled."));
-        return;
-      }
-      const apiKey = resendResponse.apiKey?.trim() || "";
-      const from = resendResponse.from?.trim() || "";
-      usedDefaultSmtp = !apiKey;
-      if (!usedDefaultSmtp) {
-        customSmtpVars = {
-          RESEND_API_KEY: apiKey || "re_your_api_key",
-          MAIL_FROM: from || "onboarding@resend.dev"
-        };
-      }
-    }
+    const result = await promptMailerConfig();
+    if (!result) return;
+    mailerProvider = result.mailerProvider;
+    customSmtpVars = result.customSmtpVars;
+    usedDefaultSmtp = result.usedDefaultSmtp;
   }
   if (resolvedModuleName === "auth") {
-    const docsInstalled = await isDocsModuleInstalled(projectRoot, srcDir);
-    if (!docsInstalled) {
-      if (options.yes) {
-        shouldInstallDocsForAuth = true;
-      } else {
-        const docsResponse = await (0, import_prompts2.default)({
-          type: "confirm",
-          name: "installDocs",
-          message: "Install API docs module (Scalar + OpenAPI) too?",
-          initial: true
-        });
-        if (docsResponse.installDocs === void 0) {
-          console.log(import_chalk4.default.yellow("Operation cancelled."));
-          return;
-        }
-        shouldInstallDocsForAuth = docsResponse.installDocs;
-      }
-    }
+    const result = await promptAuthConfig(projectRoot, srcDir, options);
+    if (!result) return;
+    shouldInstallDocsForAuth = result.shouldInstallDocsForAuth;
+    authDatabaseDialect = result.authDatabaseDialect;
+  }
+  if (resolvedModuleName === "uploads") {
+    uploadConfig = await promptUploadsConfig(projectRoot, srcDir);
+    if (!uploadConfig) return;
   }
   const pm = resolvePackageManager(projectRoot);
   const spinner = (0, import_ora2.default)(`Checking registry for ${resolvedModuleName}...`).start();
@@ -1438,10 +2503,41 @@ var add = async (moduleName, options = {}) => {
       spinner.fail(`Module '${resolvedModuleName}' not found.`);
       return;
     }
-    spinner.succeed(`Found module: ${import_chalk4.default.cyan(resolvedModuleName)}`);
+    spinner.succeed(`Found module: ${import_chalk8.default.cyan(resolvedModuleName)}`);
     const moduleDeps = module2.moduleDependencies || [];
     currentStep = "module dependency resolution";
     await resolveDependencies(moduleDeps, projectRoot);
+    if (resolvedModuleName === "uploads" && uploadConfig) {
+      if (uploadConfig.shouldInstallDatabase) {
+        console.log(import_chalk8.default.blue("\n\u2139 Upload metadata needs a Drizzle database. Installing database module..."));
+        await add("database");
+      }
+      if (uploadConfig.shouldInstallAuth) {
+        console.log(import_chalk8.default.blue("\n\u2139 Upload auth needs the auth module. Installing auth module..."));
+        await add("auth", { yes: true });
+      }
+      uploadDatabaseDialect = await detectInstalledDatabaseDialect(projectRoot, srcDir);
+      if (uploadConfig.useDatabaseMetadata) {
+        if (uploadDatabaseDialect === "database-prisma-pg" || uploadDatabaseDialect === "database-prisma-mysql") {
+          spinner.fail("Uploads metadata currently supports Drizzle-based database setup only.");
+          console.log(import_chalk8.default.yellow("\u2139 Install a Drizzle database, or rerun uploads without metadata."));
+          return;
+        }
+        if (!uploadDatabaseDialect) {
+          spinner.fail("Could not detect a database setup for uploads metadata.");
+          console.log(import_chalk8.default.yellow("\u2139 Install the database module first, then rerun uploads."));
+          return;
+        }
+      }
+    }
+    if (resolvedModuleName === "auth") {
+      authDatabaseDialect = await detectInstalledDatabaseDialect(projectRoot, srcDir);
+      if (authDatabaseDialect === "database-prisma-pg" || authDatabaseDialect === "database-prisma-mysql") {
+        spinner.fail("Auth module currently supports Drizzle-based database setup only.");
+        console.log(import_chalk8.default.yellow("\u2139 Install auth after switching database ORM to Drizzle."));
+        return;
+      }
+    }
     currentStep = "dependency installation";
     spinner.start("Installing dependencies...");
     let runtimeDeps = module2.dependencies || [];
@@ -1455,14 +2551,20 @@ var add = async (moduleName, options = {}) => {
         devDeps = ["@types/nodemailer"];
       }
     }
+    if (resolvedModuleName === "uploads" && uploadConfig) {
+      runtimeDeps = ["multer"];
+      devDeps = ["@types/multer"];
+      if (uploadConfig.provider === "cloudinary") {
+        runtimeDeps.push("cloudinary");
+      } else {
+        runtimeDeps.push("@aws-sdk/client-s3", "@aws-sdk/s3-request-presigner");
+      }
+    }
     await installDependencies(pm, runtimeDeps, projectRoot);
     await installDependencies(pm, devDeps, projectRoot, { dev: true });
     spinner.succeed("Dependencies installed");
     currentStep = "module scaffolding";
     spinner.start("Scaffolding files...");
-    if (resolvedModuleName === "auth") {
-      authDatabaseDialect = await detectInstalledDatabaseDialect(projectRoot, srcDir);
-    }
     for (const file of module2.files) {
       let fetchPath = file.path;
       let expectedSha256 = file.sha256;
@@ -1477,12 +2579,37 @@ var add = async (moduleName, options = {}) => {
         expectedSha256 = void 0;
         expectedSize = void 0;
       }
+      if (resolvedModuleName === "uploads" && uploadConfig) {
+        if (file.target === "lib/uploads/provider.ts") {
+          fetchPath = uploadConfig.provider === "cloudinary" ? "express/lib/uploads/provider.cloudinary.ts" : "express/lib/uploads/provider.s3.ts";
+          expectedSha256 = void 0;
+          expectedSize = void 0;
+        }
+        if (file.target === "lib/uploads/metadata.ts") {
+          fetchPath = uploadConfig.useDatabaseMetadata ? "express/lib/uploads/metadata.db.ts" : "express/lib/uploads/metadata.noop.ts";
+          expectedSha256 = void 0;
+          expectedSize = void 0;
+        }
+        if (file.target === "middleware/upload-auth.ts") {
+          fetchPath = `express/middleware/upload-auth.${uploadConfig.authMode}.ts`;
+          expectedSha256 = void 0;
+          expectedSize = void 0;
+        }
+        if (file.target === "db/schema/uploads.ts") {
+          if (!uploadConfig.useDatabaseMetadata) {
+            continue;
+          }
+          fetchPath = uploadDatabaseDialect === "database-mysql" ? "express/db/schema/uploads.mysql.ts" : "express/db/schema/uploads.ts";
+          expectedSha256 = void 0;
+          expectedSize = void 0;
+        }
+      }
       let content = await fetchFile(fetchPath, {
         baseUrl: registryContext.fileBaseUrl,
         expectedSha256,
         expectedSize
       });
-      if (isDatabaseModule(resolvedModuleName) && file.target === "../drizzle.config.ts") {
+      if (isDrizzleDatabaseModule(resolvedModuleName) && file.target === "../drizzle.config.ts") {
         const normalizedSrcDir = srcDir.replace(/\\/g, "/");
         content = content.replace(
           /schema:\s*["'][^"']+["']/,
@@ -1490,10 +2617,10 @@ var add = async (moduleName, options = {}) => {
         );
       }
       const targetPath = resolveSafeTargetPath2(projectRoot, srcDir, file);
-      await import_fs_extra6.default.ensureDir(import_path6.default.dirname(targetPath));
-      await import_fs_extra6.default.writeFile(targetPath, content);
+      await import_fs_extra12.default.ensureDir(import_path13.default.dirname(targetPath));
+      await import_fs_extra12.default.writeFile(targetPath, content);
     }
-    const schemaExports = module2.files.map((file) => file.target.replace(/\\/g, "/")).filter((target) => /^db\/schema\/[^/]+\.ts$/.test(target)).map((target) => import_path6.default.posix.basename(target, ".ts")).filter((name) => name !== "index");
+    const schemaExports = module2.files.map((file) => file.target.replace(/\\/g, "/")).filter((target) => /^db\/schema\/[^/]+\.ts$/.test(target)).map((target) => import_path13.default.posix.basename(target, ".ts")).filter((name) => name !== "index");
     for (const schemaFileName of schemaExports) {
       await ensureSchemaExport(projectRoot, srcDir, schemaFileName);
     }
@@ -1526,6 +2653,15 @@ var add = async (moduleName, options = {}) => {
         spinner.warn("Could not find app.ts - error handler needs manual setup");
       }
     }
+    if (resolvedModuleName === "rate-limiter") {
+      spinner.start("Configuring rate limiter in app.ts...");
+      const injected = await injectRateLimiter(projectRoot, srcDir);
+      if (injected) {
+        spinner.succeed("Rate limiter configured in app.ts");
+      } else {
+        spinner.warn("Could not find app.ts - rate limiter needs manual setup");
+      }
+    }
     if (resolvedModuleName === "docs") {
       spinner.start("Configuring docs routes...");
       const injected = await injectDocsRoutes(projectRoot, srcDir);
@@ -1544,6 +2680,38 @@ var add = async (moduleName, options = {}) => {
           spinner.warn("Could not update API docs automatically");
         }
       }
+      const uploadsInstalled = await isUploadsModuleInstalled(projectRoot, srcDir);
+      if (uploadsInstalled) {
+        const uploadMode = await detectInstalledUploadsMode(projectRoot);
+        if (uploadMode) {
+          spinner.start("Adding uploads endpoints to API docs...");
+          const uploadsDocsInjected = await injectUploadsDocs(projectRoot, srcDir, uploadMode);
+          if (uploadsDocsInjected) {
+            spinner.succeed("Uploads endpoints added to API docs");
+          } else {
+            spinner.warn("Could not update API docs automatically");
+          }
+        }
+      }
+    }
+    if (resolvedModuleName === "uploads" && uploadConfig) {
+      spinner.start("Configuring upload routes...");
+      const injected = await injectUploadsRoutes(projectRoot, srcDir);
+      if (injected) {
+        spinner.succeed("Upload routes configured");
+      } else {
+        spinner.warn("Could not configure upload routes automatically");
+      }
+      const docsInstalled = await isDocsModuleInstalled(projectRoot, srcDir);
+      if (docsInstalled) {
+        spinner.start("Adding uploads endpoints to API docs...");
+        const docsInjected = await injectUploadsDocs(projectRoot, srcDir, uploadConfig.mode);
+        if (docsInjected) {
+          spinner.succeed("Uploads endpoints added to API docs");
+        } else {
+          spinner.warn("Could not update API docs automatically");
+        }
+      }
     }
     let envConfigKey = resolvedModuleName;
     if (resolvedModuleName === "mailer" && mailerProvider === "resend") {
@@ -1573,57 +2741,60 @@ var add = async (moduleName, options = {}) => {
       await updateEnvSchema(projectRoot, srcDir, envConfig.schemaFields);
       spinner.succeed("Environment configured");
     }
-    console.log(import_chalk4.default.green(`
+    if (resolvedModuleName === "uploads" && uploadConfig) {
+      currentStep = "environment configuration";
+      spinner.start("Updating environment configuration...");
+      await updateEnvFile(projectRoot, uploadConfig.envVars, true);
+      await updateEnvSchema(projectRoot, srcDir, getUploadEnvSchemaFields(uploadConfig.provider));
+      spinner.succeed("Environment configured");
+    }
+    if (isDatabaseModule(resolvedModuleName)) {
+      const selected = getDatabaseSelection(resolvedModuleName);
+      const orm = selectedDatabaseOrm ?? selected.orm;
+      const dialect = selectedDatabaseDialect ?? selected.dialect;
+      const latestConfig = await readZuroConfig(projectRoot);
+      if (latestConfig) {
+        await writeZuroConfig(projectRoot, {
+          ...latestConfig,
+          database: {
+            orm,
+            dialect
+          }
+        });
+      }
+    }
+    console.log(import_chalk8.default.green(`
 \u2714 ${resolvedModuleName} added successfully!
 `));
-    if (databaseBackupPath) {
-      console.log(import_chalk4.default.blue(`\u2139 Backup created at: ${databaseBackupPath}
-`));
-    }
     const docsPath = getModuleDocsPath(resolvedModuleName);
     const docsUrl = `https://zuro-cli.devbybriyan.com/docs/${docsPath}`;
-    console.log(import_chalk4.default.blue(`\u2139 Docs: ${docsUrl}`));
+    console.log(import_chalk8.default.blue(`\u2139 Docs: ${docsUrl}`));
     if (isDatabaseModule(resolvedModuleName)) {
-      if (usedDefaultDbUrl) {
-        console.log(import_chalk4.default.yellow("\u2139 Review DATABASE_URL in .env if your local DB config differs."));
-      }
-      const setupHint = getDatabaseSetupHint(
-        resolvedModuleName,
-        customDbUrl || DEFAULT_DATABASE_URLS[resolvedModuleName]
-      );
-      console.log(import_chalk4.default.yellow(`\u2139 Ensure DB exists: ${setupHint}`));
-      console.log(import_chalk4.default.yellow("\u2139 Run migrations: npx drizzle-kit generate && npx drizzle-kit migrate"));
+      printDatabaseHints(resolvedModuleName, customDbUrl, usedDefaultDbUrl, databaseBackupPath);
     }
     if (resolvedModuleName === "auth") {
-      if (generatedAuthSecret) {
-        console.log(import_chalk4.default.yellow("\u2139 BETTER_AUTH_SECRET was generated automatically."));
-      } else {
-        console.log(import_chalk4.default.yellow("\u2139 Review BETTER_AUTH_SECRET and BETTER_AUTH_URL in .env."));
-      }
-      console.log(import_chalk4.default.yellow("\u2139 Run migrations: npx drizzle-kit generate && npx drizzle-kit migrate"));
+      printAuthHints(generatedAuthSecret);
     }
     if (resolvedModuleName === "mailer") {
-      if (usedDefaultSmtp) {
-        console.log(import_chalk4.default.yellow("\u2139 Placeholder SMTP values added to .env \u2014 update them before sending emails."));
-      } else {
-        console.log(import_chalk4.default.yellow("\u2139 Review SMTP configuration in .env to ensure values are correct."));
-      }
+      printMailerHints(usedDefaultSmtp);
     }
     if (resolvedModuleName === "docs") {
-      console.log(import_chalk4.default.yellow("\u2139 API docs available at: /api/docs"));
-      console.log(import_chalk4.default.yellow("\u2139 OpenAPI spec available at: /api/docs/openapi.json"));
+      printDocsHints();
+    }
+    if (resolvedModuleName === "uploads" && uploadConfig) {
+      printUploadHints(uploadConfig);
     }
     if (resolvedModuleName === "auth" && shouldInstallDocsForAuth) {
-      console.log(import_chalk4.default.blue("\n\u2139 Installing API docs module..."));
+      console.log(import_chalk8.default.blue("\n\u2139 Installing API docs module..."));
       await add("docs", { yes: true });
     }
   } catch (error) {
-    spinner.fail(import_chalk4.default.red(`Failed during ${currentStep}.`));
+    spinner.fail(import_chalk8.default.red(`Failed during ${currentStep}.`));
     const errorMessage = error instanceof Error ? error.message : String(error);
-    console.error(import_chalk4.default.red(errorMessage));
+    console.error(import_chalk8.default.red(errorMessage));
     console.log(`
-${import_chalk4.default.bold("Retry:")}`);
-    console.log(import_chalk4.default.cyan(`  npx zuro-cli add ${resolvedModuleName}`));
+${import_chalk8.default.bold("Retry:")}`);
+    console.log(import_chalk8.default.cyan(`  npx zuro-cli add ${resolvedModuleName}`));
   }
 };