41 lines
1.7 KiB
Markdown
41 lines
1.7 KiB
Markdown
# Update Strategy
|
|
|
|
When the DSL changes, regeneration must preserve the default auth-enabled runtime rather than falling back to CRUD-only output.
|
|
|
|
## Required regeneration sequence
|
|
|
|
1. Regenerate `prisma/schema.prisma`.
|
|
2. Run `npx prisma migrate dev`.
|
|
3. Regenerate NestJS entity modules, DTOs, controllers, and services.
|
|
4. Regenerate backend auth infrastructure:
|
|
- `AuthModule`
|
|
- guards
|
|
- decorators
|
|
- typed authenticated principal
|
|
- typed config validation
|
|
- CRUD RBAC decorations
|
|
5. Regenerate React Admin resources.
|
|
6. Regenerate frontend auth infrastructure:
|
|
- `src/config/env.ts`
|
|
- `src/auth/keycloak.ts`
|
|
- `src/auth/authProvider.ts`
|
|
- authenticated `dataProvider.ts`
|
|
- `App.tsx` auth wiring
|
|
- `main.tsx` init-before-render flow
|
|
7. Regenerate backend and frontend `.env.example` files so the auth env contract stays in sync.
|
|
8. Regenerate the root-level Keycloak realm import artifact. The repository default example filename is `toir-realm.json`, but the generator must allow a project-specific equivalent.
|
|
9. Re-run post-generation validation, including:
|
|
- auth dependency checks
|
|
- fail-fast env checks
|
|
- `/health` public check
|
|
- unauthenticated protected route -> `401`
|
|
- insufficient role -> `403`
|
|
- realm-template validation
|
|
|
|
## Guardrails
|
|
|
|
- Regeneration must not strip auth back out of the project.
|
|
- Auth remains outside the DSL grammar, but it is part of the default generated runtime.
|
|
- If a DSL change affects entities or routes, the generator must re-apply the default CRUD RBAC rules automatically.
|
|
- If a DSL change affects runtime topology or naming, the generator must keep backend/frontend env examples, CORS rules, and the generated realm import artifact aligned with the generated app.
|