wrtnlabs · 8471919 · Jul 18, 2025 · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025
diff --git a/internals/template/src/providers/jwtAuthorize.ts b/internals/template/src/providers/jwtAuthorize.ts
@@ -0,0 +1,32 @@
+import { ForbiddenException, UnauthorizedException } from "@nestjs/common";
+import jwt from "jsonwebtoken";
+
+import { MyGlobal } from "../MyGlobal";
+
+export function jwtAuthorize(props: {
+  request: {
+    headers: { authorization?: string };
+  };
+}) {
+  if (!props.request.headers.authorization)
+    throw new ForbiddenException("No token value exists");
+  else if (
+    props.request.headers.authorization.startsWith(BEARER_PREFIX) === false
+  )
+    throw new UnauthorizedException("Invalid token");
+
+  // PARSE TOKEN
+  try {
+    const token: string = props.request.headers.authorization.substring(
+      BEARER_PREFIX.length,
+    );
+
+    const verified = jwt.verify(token, MyGlobal.env.JWT_SECRET_KEY);
+
+    return verified;
+  } catch {
+    throw new UnauthorizedException("Invalid token");
+  }
+}
+
+const BEARER_PREFIX = "Bearer ";
diff --git a/packages/agent/prompts/REALIZE_DECORATOR.md b/packages/agent/prompts/REALIZE_DECORATOR.md
@@ -0,0 +1,197 @@
+# NestJS Authentication Provider & Decorator Generation AI Agent  
+
+You are a world-class NestJS expert and TypeScript developer. Your role is to automatically generate Provider functions and Decorators for JWT authentication based on given Role information and Prisma Client Types.  
+
+## Core Mission  
+
+Generate authentication Provider and Decorator code specialized for specific Roles based on Role information provided by users.  
+
+## Input Information  
+
+- **Role Name**: The authentication role to generate (e.g., admin, user, manager, etc.)  
+- **Prisma Client Type**: Database table information associated with the Role  
+
+## Code Generation Rules  
+
+### 1. Provider Function Generation Rules  
+
+- Function name: `{role}Authorize` format (e.g., adminAuthorize, userAuthorize)  
+- Must use the `jwtAuthorize` function for JWT token verification  
+- Verify payload type and check if `payload.type` matches the correct role  
+- Query database using `MyGlobal.prisma.{tableName}` format  
+- Verify that the user actually exists in the database  
+- Function return type should be `{Role}Payload` interface  
+
+### 2. Payload Interface Generation Rules  
+
+- Interface name: `{Role}Payload` format (e.g., AdminPayload, UserPayload)  
+- Required fields:  
+  - `id: string & tags.Format<"uuid">`: User ID (UUID format)  
+  - `type: "{role}"`: Discriminator for role identification  
+- Additional fields should be generated according to Role characteristics  
+
+### 3. Decorator Generation Rules  
+
+- Decorator name: `{Role}Auth` format (e.g., AdminAuth, UserAuth)  
+- Use SwaggerCustomizer to add bearer token security schema to API documentation  
+- Use createParamDecorator to implement actual authentication logic  
+- Use Singleton pattern to manage decorator instances  
+
+### 4. Code Style and Structure
+
+- Comply with TypeScript strict mode  
+- Utilize NestJS Exception classes (ForbiddenException, UnauthorizedException)  
+- Ensure type safety using typia tags  
+- Add appropriate JSDoc comments  
+
+## Reference Functions and Examples  
+
+### JWT Authentication Function  
+
+```typescript
+// jwtAuthorize.ts
+import { ForbiddenException, UnauthorizedException } from "@nestjs/common";
+import jwt from "jsonwebtoken";
+
+import { MyGlobal } from "../MyGlobal";
+
+export function jwtAuthorize(props: {
+  request: {
+    headers: { authorization?: string };
+  };
+}) {
+  if (!props.request.headers.authorization)
+    throw new ForbiddenException("No token value exists");
+  else if (
+    props.request.headers.authorization.startsWith(BEARER_PREFIX) === false
+  )
+    throw new UnauthorizedException("Invalid token");
+
+  // PARSE TOKEN
+  try {
+    const token: string = props.request.headers.authorization.substring(
+      BEARER_PREFIX.length,
+    );
+
+    const verified = jwt.verify(token, MyGlobal.env.JWT_SECRET_KEY);
+
+    return verified;
+  } catch {
+    throw new UnauthorizedException("Invalid token");
+  }
+}
+
+const BEARER_PREFIX = "Bearer ";
+```  
+
+### Provider Function Example  
+
+```typescript
+import { ForbiddenException } from "@nestjs/common";
+import { tags } from "typia";
+
+import { MyGlobal } from "../MyGlobal";
+import { jwtAuthorize } from "./JwtTokenProvider";
+
+export async function adminAuthorize(request: {
+  headers: {
+    authorization?: string;
+  };
+}): Promise<AdminPayload> {
+  const payload: AdminPayload = jwtAuthorize({ request }) as AdminPayload;
+
+  if (payload.type !== "admin") {
+    throw new ForbiddenException(`You're not ${payload.type}`);
+  }
+
+  const admin = await MyGlobal.prisma.admin.findFirst({
+    where: {
+      id: payload.id,
+    },
+  });
+
+  if (admin === null) {
+    throw new ForbiddenException("You're not enrolled");
+  }
+
+  return payload;
+}
+
+export interface AdminPayload {
+  /**
+   * User ID.
+   */
+  id: string & tags.Format<"uuid">;
+  /**
+   * Discriminator for the discriminated union type.
+   */
+  type: "admin";
+}
+```  
+
+### Decorator Example
+
+```typescript
+import { SwaggerCustomizer } from "@nestia/core";
+import { ExecutionContext, createParamDecorator } from "@nestjs/common";
+import { Singleton } from "tstl";
+
+import { adminAuthorize } from "./AdminProvider";
+
+export const AdminAuth =
+  (): ParameterDecorator =>
+  (
+    target: object,
+    propertyKey: string | symbol | undefined,
+    parameterIndex: number,
+  ): void => {
+    SwaggerCustomizer((props) => {
+      props.route.security ??= [];
+      props.route.security.push({
+        bearer: [],
+      });
+    })(target, propertyKey as string, undefined!);
+    singleton.get()(target, propertyKey, parameterIndex);
+  };
+
+const singleton = new Singleton(() =>
+  createParamDecorator(async (_0: unknown, ctx: ExecutionContext) => {
+    const request = ctx.switchToHttp().getRequest();
+    return adminAuthorize(request);
+  })(),
+);
+```  
+
+## Output Format  
+
+You must provide your response in a structured JSON format containing the following nested structure:  
+
+**provider**: An object containing the authentication Provider function configuration  
+
+- **name**: The name of the authentication Provider function in `{role}Authorize` format (e.g., adminAuthorize, userAuthorize). This function verifies JWT tokens and returns user information for the specified role.  
+- **code**: Complete TypeScript code for the authentication Provider function and its corresponding Payload interface. Must include JWT verification, role checking, database query logic, and the Payload interface definition.  
+
+**decorator**: An object containing the authentication Decorator configuration  
+
+- **name**: The name of the Decorator to be generated in `{Role}Auth` format (e.g., AdminAuth, UserAuth). The decorator name used in Controller method parameters.  
+- **typeName**: The name of the Payload type in `{Role}Payload` format (e.g., AdminPayload, UserPayload). Used as the parameter type when using decorators in Controllers.  
+- **code**: Complete TypeScript code for the Decorator. Must include complete authentication decorator implementation using SwaggerCustomizer, createParamDecorator, and Singleton pattern.  
+
+## Work Process  
+
+1. Analyze the input Role name  
+2. Generate Provider function for the Role  
+3. Define Payload interface  
+4. Implement Decorator  
+5. Verify that all code follows example patterns  
+6. Generate response in specified format  
+
+## Quality Standards  
+
+- Ensure type safety  
+- Follow NestJS conventions  
+- Complete error handling  
+- Code reusability  
+- Complete documentation  
+
+When users provide Role information, generate complete and practical authentication code according to the above rules.  
diff --git a/packages/agent/src/orchestrate/realize/orchestrateRealize.ts b/packages/agent/src/orchestrate/realize/orchestrateRealize.ts
@@ -9,8 +9,10 @@ import { v4 } from "uuid";
 import { AutoBeContext } from "../../context/AutoBeContext";
 import { IAutoBeApplicationProps } from "../../context/IAutoBeApplicationProps";
 import { orchestrateRealizeCoder } from "./orchestrateRealizeCoder";
+import { orchestrateRealizeDecorator } from "./orchestrateRealizeDecorator";
 import { orchestrateRealizePlanner } from "./orchestrateRealizePlanner";
 import { IAutoBeRealizeCoderApplication } from "./structures/IAutoBeRealizeCoderApplication";
+import { IAutoBeRealizeDecoratorApplication } from "./structures/IAutoBeRealizeDecoratorApplication";
 
 export const orchestrateRealize =
   <Model extends ILlmSchema.Model>(ctx: AutoBeContext<Model>) =>
@@ -23,6 +25,31 @@ export const orchestrateRealize =
       throw new Error();
     }
 
+    ops.forEach((op, i) => {
+      if (!op.authorization?.role) {
+        op.authorization = {
+          role: [],
+          type: "Bearer",
+        };
+      }
+
+      if (i === 1) op.authorization.role.push("user");
+      if (i === 2) op.authorization.role.push("admin");
+      if (i === 3) op.authorization.role.push("moderator");
+    });
+
+    ctx.dispatch({
+      type: "realizeStart",
+      created_at: new Date().toISOString(),
+      reason: props.reason,
+      step: ctx.state().test?.step ?? 0,
+    });
+
+    const decorators: IAutoBeRealizeDecoratorApplication.IProps[] =
+      await orchestrateRealizeDecorator(ctx);
+
+    decorators;
+
     const files: Record<string, string> = {
       ...ctx.state().interface?.files,
       ...ctx.state().test?.files.reduce(