StrictPath CLI is an opinionated NestJS + Fastify generator for backend services that need strict TypeScript, hexagonal architecture, OpenAPI, observability, security checks and CI gates from day one.
It is not a generic template runner. It generates a production-oriented backend service baseline with code, tests, docs, Helm, policies, event schemas and quality gates in one command.
Most backend CLIs create a project skeleton. The expensive part starts after that: architecture boundaries, strict TypeScript, OpenAPI discipline, Problem+JSON, request context, idempotency, contract tests, SBOM, DLP, IaC checks, observability and release evidence.
StrictPath turns those concerns into a repeatable golden path.
pnpm add -g @strictpath/cli
strictpath doctorRun without global install:
pnpm dlx @strictpath/cli doctorLocal repository development:
git clone https://github.com/NoPanicCom/strictpath-cli.git
cd strictpath-cli
pnpm install
pnpm run build
node ./bin/strictpath.mjs doctorDemo assets and terminal recordings live in docs/assets/.
pnpm run demo:terminalFor the full generated-service gate:
pnpm run demo:terminal -- --fullFor the heavier local quality pass, opt in explicitly:
pnpm run demo:terminal -- --full --qualitySee docs/demo/terminal-demo.md and examples/generated-service/README.md.
strictpath domain create order-management \
--tier core \
--type backend \
--template svc-golden-path \
--path ./services \
--dbmrGenerated output:
services/
└─ svc-order-management/
├─ src/
├─ tests/
├─ docs/
├─ openapi/
├─ schemas/events/
├─ helm/
├─ policies/
├─ observability/
├─ prisma/
├─ scripts/
├─ Dockerfile
├─ package.json
├─ tsconfig.json
└─ eslint.config.mjs
Validate the generated service:
cd services/svc-order-management
pnpm install
pnpm run ci:all- Node.js 22+, ESM and TypeScript strict mode
- NestJS 11 + Fastify 5
- Hexagonal architecture with domain/application/adapters/infrastructure boundaries
- Prisma + PostgreSQL scaffold
- OpenAPI 3 contract and contract validation scripts
- RFC7807 Problem+JSON error model
- Jest unit, integration, e2e, contract and domain-event test scaffolds
- Event schema manifest, compatibility checks and outbox/saga runbooks
- OpenTelemetry, Pino JSON logging, dashboards and alerts
- Dockerfile, Helm chart, Kubernetes probes, limits and policies
- CI gates for lint, typecheck, tests, coverage, OpenAPI, contracts, SBOM, DLP, IaC and policy checks
strictpath doctor
strictpath domain create order-management --tier core --type backend --template svc-golden-path
strictpath domain list --path ./services
strictpath service add orders --database --events --cqrs
strictpath resource add Order --crud --events --tests
strictpath event schema create OrderPlaced --domain orders
strictpath validate project --report
strictpath governance setup --domain ./services/svc-orders
strictpath governance audit --framework soc2 --report
strictpath template list --validate --golden-path
strictpath template version svc-golden-path
strictpath telemetry status
strictpath telemetry enable
strictpath telemetry disableThe public beta command surface is intentionally narrow. Stub, experimental and platform-lifecycle commands are hidden until their implementation, tests and generated-output gates are release-grade.
Telemetry is disabled by default and no network request is made unless you explicitly opt in.
strictpath telemetry status
strictpath telemetry enable
strictpath telemetry disable
STRICTPATH_TELEMETRY=0 strictpath doctor
strictpath --no-telemetry doctorWhen enabled, telemetry sends only privacy-safe command usage metadata: command path, CLI version, timestamp, Node.js version, OS platform, CPU architecture and CI flag. It does not send command arguments, file paths, project names, generated code, source files, environment variables or secrets.
Network failures are ignored and never change a CLI command exit code. See docs/privacy/TELEMETRY.md for details.
src/
├─ domain/
│ ├─ aggregates/
│ ├─ entities/
│ ├─ events/
│ ├─ ports/
│ └─ value-objects/
├─ application/
│ ├─ commands/
│ ├─ handlers/
│ ├─ ports/
│ ├─ queries/
│ ├─ sagas/
│ └─ use-cases/
├─ adapters/
│ ├─ cache/
│ ├─ event-bus/
│ ├─ http/
│ └─ persistence/
├─ infrastructure/
│ ├─ config/
│ ├─ event-store/
│ ├─ health/
│ ├─ http/
│ ├─ logging/
│ ├─ performance/
│ └─ security/
└─ modules/
The closest mental model is a focused Node.js/NestJS counterpart to the “generate a serious backend application baseline” part of JHipster, but StrictPath is narrower: it optimizes for one strict NestJS + Fastify golden path instead of broad stack choice.
| Tool | Primary focus | Difference |
|---|---|---|
| Nest CLI | Nest project/module/controller generation | Does not generate the full strict hexagonal backend baseline, governance docs and CI gates. |
| Nx | Monorepo task graph and generators | Strong workspace tooling, not a standalone DBMR service golden path. |
| Backstage Scaffolder | Portal-based software templates | Requires platform setup; StrictPath is a local/CI-friendly CLI. |
| JHipster | Full application generation for Java/Spring ecosystems | StrictPath targets the NestJS + Fastify + TypeScript backend niche. |
| Yeoman/Cookiecutter | Generic templating | Does not enforce this backend architecture and audit gate stack. |
- Node.js 22+
- pnpm 10+
- Git
- Docker, kubectl and Terraform are optional;
strictpath doctorreports them as optional capability checks.
pnpm run verifyExpanded gate:
pnpm run typecheck
pnpm run lint
pnpm run ci:test
pnpm run validate-templates
pnpm run verify:docs
pnpm run build
pnpm pack --pack-destination /tmp/strictpath-packCurrent coverage target for the CLI is at least 80% statements/lines on the full Jest suite.
Generated services vendor the required cross-cutting runtime support packages into vendor/strictpath-shared-packages and reference them with local file:./vendor/... versions in the generated package.json. A generated service does not need the source monorepo or any separately published shared packages to install. The package scopes inside those vendored dependencies are implementation details of the v0.1 public beta; the CLI package includes the vendor source needed for public beta generation.
Publishing or renaming those shared runtime packages is tracked as a v0.2 packaging decision, not a v0.1 launch blocker.
- Template versions are tied to the CLI package version in the first beta; generated services now record provenance in
.strictpath/template-manifest.json. - Automatic generated-project migration is not available in v0.1;
strictpath doctorreports template version drift so teams can compare release notes before upgrading. - Local registry persistence and
domain listare available; external service catalog integration is intentionally deferred. - The default generated-output release gate validates generation and lockfile installation. The heavier generated project typecheck/lint/test pass is available through
pnpm run demo:terminal -- --full --quality. - The public beta scope is the NestJS + Fastify backend golden path, not a generic multi-framework generator.
Before publishing, maintainers run pnpm run verify, pnpm run demo:terminal -- --full and pnpm run release:dry-run. These gates keep the CLI, packaged tarball and generated-service smoke path aligned.
MIT