Production REST API

Build a production-ready REST API for [FEATURE/DOMAIN — e.g. "a task management system"].

Tech stack: [STACK — e.g. "Node.js + Express + TypeScript + Prisma + PostgreSQL"]

Include:
1. Full CRUD endpoints with proper HTTP methods and status codes
2. JWT authentication middleware (access + refresh tokens)
3. Request validation using [LIBRARY — e.g. "Zod / Joi / express-validator"]
4. Centralized error handling middleware with consistent error response shape
5. Rate limiting (express-rate-limit)
6. Input sanitization against SQL injection and XSS
7. Pagination on all list endpoints (cursor-based preferred)
8. Proper TypeScript types for all request/response objects
9. Environment variable validation on startup
10. Health check endpoint (/health)

Response format: Always { data, error, meta } shape
Error format: Always { error: { code, message, details } }
Logging: Use [LIBRARY — e.g. "winston / pino"] with request ID tracing

Write clean, production-grade code with comments on non-obvious logic.
Separate concerns: routes / controllers / services / repositories.