contentstack
diff --git a/‎.cursor/rules/README.md‎
Lines changed: 5 additions & 0 deletions b/‎.cursor/rules/README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎AGENTS.md‎
Lines changed: 51 additions & 0 deletions b/‎AGENTS.md‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎contentstack.model.generator/Model/OAuth.cs‎
Lines changed: 248 additions & 0 deletions b/‎contentstack.model.generator/Model/OAuth.cs‎
Lines changed: 248 additions & 0 deletions
diff --git a/‎skills/README.md‎
Lines changed: 12 additions & 0 deletions b/‎skills/README.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎skills/code-review/SKILL.md‎
Lines changed: 40 additions & 0 deletions b/‎skills/code-review/SKILL.md‎
Lines changed: 40 additions & 0 deletions
@@ -0,0 +1,5 @@
+# Cursor (optional)
+
+**Cursor** users: start at **[AGENTS.md](../../AGENTS.md)**. All conventions live in **`skills/*/SKILL.md`**.
+
+This folder only points contributors to **AGENTS.md** so editor-specific config does not duplicate the canonical docs.
@@ -0,0 +1,51 @@
+# Contentstack Model Generator – Agent guide
+
+**Universal entry point** for contributors and AI agents. Detailed conventions live in **`skills/*/SKILL.md`**.
+
+## What this repo is
+
+| Field | Detail |
+| --- | --- |
+| **Name:** | [contentstack/contentstack-model-generator](https://github.com/contentstack/contentstack-model-generator) |
+| **Purpose:** | A **.NET global tool** (`contentstack.model.generator`) that connects to the Content Management API (CMA), fetches content types and global fields from a stack, and **emits C# model classes** (and helpers) under a `Models` output folder. |
+| **Out of scope (if any):** | This package is a **CLI code generator**, not a runtime Contentstack SDK for apps. Product install and CLI flags are documented in [README.md](README.md). |
+
+## Tech stack (at a glance)
+
+| Area | Details |
+| --- | --- |
+| **Language** | C# — tool targets **.NET 7** (`net7.0`); test project targets **.NET 9** (`net9.0`). |
+| **Build** | .NET SDK — solution [contentstack.model.generator/contentstack.model.generator.sln](contentstack.model.generator/contentstack.model.generator.sln); main project [contentstack.model.generator/contentstack.model.generator.csproj](contentstack.model.generator/contentstack.model.generator.csproj) (`PackAsTool`, `PackOnBuild`). |
+| **Tests** | xUnit — project [contentstack.model.generator.tests/contentstack.model.generator.tests.csproj](contentstack.model.generator.tests/contentstack.model.generator.tests.csproj); Moq; coverlet.collector. |
+| **Lint / coverage** | Built-in .NET analyzers; coverlet for coverage in tests. No repo-wide `dotnet format` / StyleCop config in-tree at time of writing. |
+| **Tool dependencies** | [contentstack.model.generator.csproj](contentstack.model.generator/contentstack.model.generator.csproj): McMaster.Extensions.CommandLineUtils, Newtonsoft.Json; HTTP via [HTTPRequestHandler.cs](contentstack.model.generator/CMA/HTTPRequestHandler.cs) (`HttpClient`). |
+| **Consumer projects (generated `Models/`)** | Emitted C# references **Contentstack.Core**, **Contentstack.Utils**, **Newtonsoft.Json**, and **Markdig** (e.g. generated `ContentstackStringExtension`). Those NuGet packages must be added to the **application that uses the generated code**, not to the generator tool project. |
+
+## Commands (quick reference)
+
+| Command type | Command |
+| --- | --- |
+| **Restore** | `dotnet restore contentstack.model.generator/contentstack.model.generator.sln` |
+| **Build** | `dotnet build contentstack.model.generator/contentstack.model.generator.sln` |
+| **Test** | `dotnet test contentstack.model.generator/contentstack.model.generator.sln` |
+| **Pack (tool NuGet)** | From [contentstack.model.generator/](contentstack.model.generator/): CI uses `dotnet pack -c Release -o out` ([nuget-publish.yml](.github/workflows/nuget-publish.yml)), producing `.nupkg` under `contentstack.model.generator/out/`. Local builds also use **`PackOnBuild`** and **`PackageOutputPath`** (`./nupkg`), so packages may appear under `contentstack.model.generator/nupkg/` unless you override with `-o`. |
+| **Install globally (users)** | See [README.md](README.md) (`dotnet tool install -g contentstack.model.generator`). |
+
+**CI / automation:** [.github/workflows/](.github/workflows/) — e.g. branch check ([check-branch.yml](.github/workflows/check-branch.yml)), SCA ([sca-scan.yml](.github/workflows/sca-scan.yml)), CodeQL ([codeql-analysis.yml](.github/workflows/codeql-analysis.yml)), NuGet publish on release ([nuget-publish.yml](.github/workflows/nuget-publish.yml)). **No workflow currently runs `dotnet test`** — run tests locally before opening a PR (see [skills/dev-workflow/SKILL.md](skills/dev-workflow/SKILL.md)).
+
+## Where the documentation lives: skills
+
+| Skill | Path | What it covers |
+| --- | --- | --- |
+| **Dev workflow** | [skills/dev-workflow/SKILL.md](skills/dev-workflow/SKILL.md) | Branches, CI, build/test/pack commands, solution paths. |
+| **Testing** | [skills/testing/SKILL.md](skills/testing/SKILL.md) | Test layout, xUnit/Moq/coverlet, test file map, secrets/credentials. |
+| **Code review** | [skills/code-review/SKILL.md](skills/code-review/SKILL.md) | PR checklist, branch policy, security scans. |
+| **C# / .NET** | [skills/csharp-dotnet/SKILL.md](skills/csharp-dotnet/SKILL.md) | TFMs, namespaces, project layout conventions. |
+| **Framework (libraries)** | [skills/framework/SKILL.md](skills/framework/SKILL.md) | McMaster CLI, Newtonsoft.Json, HTTP client, CMA `Config` / base URL—third-party and platform glue. |
+| **Product (CLI + CMA + codegen)** | [skills/contentstack-model-generator/SKILL.md](skills/contentstack-model-generator/SKILL.md) | End-to-end runtime flow, layers, extension points. |
+
+Quick links to each **SKILL.md**: [skills/README.md](skills/README.md).
+
+## Using Cursor (optional)
+
+If you use **Cursor**, [.cursor/rules/README.md](.cursor/rules/README.md) points to **[AGENTS.md](AGENTS.md)** so editor-specific config does not duplicate the canonical docs.
@@ -0,0 +1,248 @@
+using System;
+using System.Collections.Generic;
+using Newtonsoft.Json;
+using contentstack.model.generator.Model;
+
+namespace Contentstack.Model.Generator.Model
+{
+    /// <summary>
+    /// Represents the response from the OAuth app authorization API.
+    /// </summary>
+    public class OAuthAppAuthorizationResponse
+    {
+
+        [JsonProperty("data")]
+        public OAuthAppAuthorizationData[] Data { get; set; }
+    }
+
+    /// <summary>
+    /// Represents OAuth app authorization data.
+    /// </summary>
+    public class OAuthAppAuthorizationData
+    {
+
+        [JsonProperty("authorization_uid")]
+        public string AuthorizationUid { get; set; }
+
+
+        [JsonProperty("user")]
+        public OAuthUser User { get; set; }
+    }
+
+
+    public class OAuthUser
+    {
+
+        [JsonProperty("uid")]
+        public string Uid { get; set; }
+    }
+
+    /// <summary>
+    /// Configuration options for OAuth authentication.
+    /// </summary>
+    public class OAuthOptions
+    {
+        /// <summary>
+        /// The OAuth application ID. Defaults to the Contentstack app ID.
+        /// </summary>
+        public string AppId { get; set; } = "6400aa06db64de001a31c8a9";
+
+        /// <summary>
+        /// The OAuth client ID. Defaults to the Contentstack client ID.
+        /// </summary>
+        public string ClientId { get; set; } = "Ie0FEfTzlfAHL4xM";
+
+        /// <summary>
+        /// The redirect URI for OAuth callbacks. Defaults to localhost:8184.
+        /// </summary>
+        public string RedirectUri { get; set; } = "http://localhost:8184";
+
+        /// <summary>
+        /// The OAuth client secret. If provided, PKCE flow will be skipped.
+        /// If null or empty, PKCE flow will be used for enhanced security.
+        /// </summary>
+        public string ClientSecret { get; set; }
+
+        /// <summary>
+        /// The OAuth response type. Defaults to "code" for authorization code flow.
+        /// </summary>
+        public string ResponseType { get; set; } = "code";
+
+        /// <summary>
+        /// The OAuth scopes to request. Optional array of permission scopes.
+        /// </summary>
+        public string[] Scope { get; set; }
+
+        /// <summary>
+        /// Indicates whether PKCE (Proof Key for Code Exchange) flow should be used.
+        /// This is automatically determined based on whether ClientSecret is provided.
+        /// </summary>
+        public bool UsePkce => string.IsNullOrEmpty(ClientSecret);
+
+        /// <summary>
+        /// Validates the OAuth options configuration.
+        /// </summary>
+        /// <returns>True if the configuration is valid, false otherwise.</returns>
+        public bool IsValid()
+        {
+            return IsValid(out _);
+        }
+
+        /// <summary>
+        /// Validates the OAuth options configuration and provides detailed error information.
+        /// </summary>
+        /// <param name="errorMessage">The validation error message if validation fails.</param>
+        /// <returns>True if the configuration is valid, false otherwise.</returns>
+        public bool IsValid(out string errorMessage)
+        {
+            errorMessage = null;
+
+            if (string.IsNullOrWhiteSpace(AppId))
+            {
+                errorMessage = "AppId is required for OAuth configuration.";
+                return false;
+            }
+
+            if (string.IsNullOrWhiteSpace(ClientId))
+            {
+                errorMessage = "ClientId is required for OAuth configuration.";
+                return false;
+            }
+
+            if (string.IsNullOrWhiteSpace(RedirectUri))
+            {
+                errorMessage = "RedirectUri is required for OAuth configuration.";
+                return false;
+            }
+
+            if (!Uri.TryCreate(RedirectUri, UriKind.Absolute, out var redirectUri))
+            {
+                errorMessage = "RedirectUri must be a valid absolute URI.";
+                return false;
+            }
+
+            if (redirectUri.Scheme != "http" && redirectUri.Scheme != "https")
+            {
+                errorMessage = "RedirectUri must use http or https scheme.";
+                return false;
+            }
+
+            if (string.IsNullOrWhiteSpace(ResponseType))
+            {
+                errorMessage = "ResponseType is required for OAuth configuration.";
+                return false;
+            }
+
+            if (ResponseType != "code")
+            {
+                errorMessage = "ResponseType must be 'code' for authorization code flow.";
+                return false;
+            }
+
+            // For traditional OAuth flow (non-PKCE), client secret is required
+            if (!UsePkce && string.IsNullOrWhiteSpace(ClientSecret))
+            {
+                errorMessage = "ClientSecret is required for traditional OAuth flow. Use PKCE flow (leave ClientSecret empty) for public clients.";
+                return false;
+            }
+
+            return true;
+        }
+
+        /// <summary>
+        /// Validates the OAuth options configuration and throws an exception if invalid.
+        /// </summary>
+        /// <exception cref="OAuthConfigurationException">Thrown when the configuration is invalid.</exception>
+        public void Validate()
+        {
+            if (!IsValid(out var errorMessage))
+            {
+                throw new Exceptions.OAuthConfigurationException(errorMessage);
+            }
+        }
+
+        /// <summary>
+        /// Gets a string representation of the OAuth options for debugging.
+        /// </summary>
+        /// <returns>A string representation of the OAuth options.</returns>
+        public override string ToString()
+        {
+            return $"OAuthOptions: AppId={AppId}, ClientId={ClientId}, RedirectUri={RedirectUri}, " +
+                   $"ResponseType={ResponseType}, UsePkce={UsePkce}, HasScope={Scope?.Length > 0}";
+        }
+    }
+
+    /// <summary>
+    /// Represents the response from OAuth token exchange operations.
+    /// </summary>
+    public class OAuthResponse
+    {
+
+        [JsonProperty("access_token")]
+        public string AccessToken { get; set; }
+
+
+        [JsonProperty("refresh_token")]
+        public string RefreshToken { get; set; }
+
+
+        [JsonProperty("expires_in")]
+        public int ExpiresIn { get; set; }
+
+
+        [JsonProperty("organization_uid")]
+        public string OrganizationUid { get; set; }
+
+
+        [JsonProperty("user_uid")]
+        public string UserUid { get; set; }
+    }
+    /// <summary>
+    /// Represents OAuth tokens stored in memory for cross-SDK access.
+    /// This class enables sharing OAuth tokens between the Management SDK and other SDKs
+    /// </summary>
+    public class OAuthTokens
+    {
+
+        public string AccessToken { get; set; }
+
+        public string RefreshToken { get; set; }
+
+        public DateTime ExpiresAt { get; set; }
+
+        public string OrganizationUid { get; set; }
+
+        public string UserUid { get; set; }
+
+        public string ClientId { get; set; }
+
+        public string AppId { get; set; }
+
+        public bool IsExpired => ExpiresAt == DateTime.MinValue || DateTime.UtcNow >= ExpiresAt;
+
+        public bool NeedsRefresh
+        {
+            get
+            {
+                // If ExpiresAt is not set or is MinValue, consider it expired
+                if (ExpiresAt == DateTime.MinValue)
+                    return true;
+
+                try
+                {
+                    // Check if we need to refresh (5 minutes before expiration)
+                    var refreshTime = ExpiresAt.AddMinutes(-5);
+                    return DateTime.UtcNow >= refreshTime || IsExpired;
+                }
+                catch (ArgumentOutOfRangeException)
+                {
+                    // If the calculation results in an unrepresentable DateTime, consider it expired
+                    return true;
+                }
+            }
+        }
+
+        public bool IsValid => !string.IsNullOrEmpty(AccessToken) && !IsExpired;
+    }
+
+}
@@ -0,0 +1,12 @@
+# Skills – Contentstack Model Generator
+
+**Entry point:** [AGENTS.md](../AGENTS.md) — commands, stack, CI, and **which skill to open**.
+
+Each folder holds **SKILL.md** (YAML frontmatter: `name`, `description`).
+
+- [dev-workflow/SKILL.md](dev-workflow/SKILL.md)
+- [testing/SKILL.md](testing/SKILL.md)
+- [code-review/SKILL.md](code-review/SKILL.md)
+- [csharp-dotnet/SKILL.md](csharp-dotnet/SKILL.md)
+- [framework/SKILL.md](framework/SKILL.md)
+- [contentstack-model-generator/SKILL.md](contentstack-model-generator/SKILL.md)
@@ -0,0 +1,40 @@
+---
+name: code-review
+description: PR checklist, branch policy, versioning notes, and security scan context for this repository.
+---
+
+# Code review – Contentstack Model Generator
+
+## When to use
+
+- Opening or reviewing a pull request.
+- Checking release readiness (version, changelog, package metadata).
+- Ensuring changes align with automated security and branch rules.
+
+## Instructions
+
+### Branch policy
+
+- PRs **into `master`** must be **from `staging`** per [.github/workflows/check-branch.yml](../../.github/workflows/check-branch.yml). Verify head/base before approving merges to `master`.
+- If the PR does not target `master`, the same rule may not apply; still follow team conventions for default branch.
+
+### Review checklist
+
+- **Build and tests:** `dotnet build` and `dotnet test` on `contentstack.model.generator/contentstack.model.generator.sln` succeed (CI does not run `dotnet test`; see [dev-workflow/SKILL.md](../dev-workflow/SKILL.md)).
+- **Release versioning:** For releases, keep `[VersionOption]` in [ModelGenerator.cs](../../contentstack.model.generator/ModelGenerator.cs) (CLI `--version`), **`PackageVersion` / `ReleaseVersion`** in [contentstack.model.generator.csproj](../../contentstack.model.generator/contentstack.model.generator.csproj), and **[CHANGELOG.md](../../CHANGELOG.md)** aligned.
+- **Auth paths:** Traditional `authtoken` vs `--oauth` remain mutually consistent; no accidental logging of secrets.
+- **Codegen output:** Changes to `ModelGenerator` or templates do not break emitted class shapes without **[CHANGELOG.md](../../CHANGELOG.md)** and version bump in **[contentstack.model.generator.csproj](../../contentstack.model.generator/contentstack.model.generator.csproj)** when releasing.
+- **Dependencies:** New package references are justified; Snyk/SCA will scan on PRs ([sca-scan.yml](../../.github/workflows/sca-scan.yml)).
+- **Security-sensitive code:** HTTP, OAuth, and error handling reviewed for information disclosure and robust failure modes.
+
+### Automated security analysis
+
+- **Snyk (SCA):** [.github/workflows/sca-scan.yml](../../.github/workflows/sca-scan.yml) — dependency vulnerabilities.
+- **CodeQL:** [.github/workflows/codeql-analysis.yml](../../.github/workflows/codeql-analysis.yml) — static analysis for C#.
+
+Treat new findings from these workflows as blockers until triaged or waived with documented rationale.
+
+### Product and licensing
+
+- **License** and **copyright** in packaged output follow `contentstack.model.generator.csproj` and [LICENSE](../../LICENSE) / packaged `LICENSE.txt` as applicable.
+- **Security:** Report vulnerabilities per [SECURITY.md](../../SECURITY.md) (not via public GitHub issues).