import { Logger, ValidationPipe } from '@nestjs/common'; import { NestFactory } from '@nestjs/core'; import { AppModule } from './app/app.module'; async function bootstrap() { const app = await NestFactory.create(AppModule); app.useGlobalPipes( new ValidationPipe({ whitelist: true, forbidNonWhitelisted: true, transform: true, }), ); // Phase-2 security ADRs will add: helmet, CORS allowlist, cookie-session, // CSRF protection, rate limiting, auth guards, structured error filter. const globalPrefix = 'api'; app.setGlobalPrefix(globalPrefix); const port = process.env['PORT'] || 3000; await app.listen(port); Logger.log(`Application is running on: http://localhost:${port}/${globalPrefix}`); } bootstrap();