@api-client/core 0.19.22 → 0.19.23

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@api-client/core",
   "description": "The API Client's core client library. Works in NodeJS and in a ES enabled browser.",
-  "version": "0.19.22",
+  "version": "0.19.23",
   "license": "UNLICENSED",
   "exports": {
     "./browser.js": {

package/src/modeling/ApiModel.ts

@@ -22,6 +22,7 @@ import { ExposedEntity } from './ExposedEntity.js'
 import { AccessRule, AccessRuleSchema } from './rules/AccessRule.js'
 import { RateLimitingConfiguration, RateLimitingConfigurationSchema } from './rules/RateLimitingConfiguration.js'
 import { restoreAccessRule } from './rules/index.js'
+import { Exception } from '../exceptions/exception.js'
 
 /**
  * Contact information for the exposed API.
@@ -180,7 +181,7 @@ export class ApiModel extends DependentModel {
    *
    * The `key` is the key of the exposed entity. Using a Map to allow for quick lookups.
    */
-  @observed({ deep: true }) accessor exposes: Map<string, ExposedEntity>
+  @observed() accessor exposes: Map<string, ExposedEntity>
   /**
    * Optional array of access rules that define the access control policies
    * for the API. These rules are used to enforce security and permissions
@@ -189,7 +190,7 @@ export class ApiModel extends DependentModel {
    * These rules apply to all exposed entities and actions. An API action
    * can declare its own access rules, which will override these.
    */
-  @observed({ deep: true }) accessor accessRule: AccessRule[]
+  @observed() accessor accessRule: AccessRule[]
   /**
    * Optional configuration for API-wide rate limiting and throttling.
    * Defines rules to protect the API from overuse.
@@ -294,7 +295,10 @@ export class ApiModel extends DependentModel {
     } else if (typeof domain === 'object' && domain.kind === DataDomainKind) {
       instances.push(new DataDomain(domain))
     } else if (domain) {
-      throw new Error(`Invalid domain provided. Expected a DataDomain instance or schema.`)
+      throw new Exception(`Invalid domain provided. Expected a DataDomain instance or schema.`, {
+        code: 'E_DOMAIN_INVALID',
+        help: 'It looks like the provided data domain is not a valid instance or domain schema.',
+      })
     }
     // Note that since we're using the `DependentModel` class, but the API Model can have only one dependency,
     // we keep the reference to the data domain under the `dependencyList` property.
@@ -302,7 +306,11 @@ export class ApiModel extends DependentModel {
     // process when the API model is loaded from the API.
     if (domain) {
       if (!domain.info.version) {
-        throw new Error(`Domain ${domain.key} must have a version.`)
+        throw new Exception(`Domain ${domain.key} must have a version.`, {
+          code: 'E_DOMAIN_NO_VERSION',
+          // eslint-disable-next-line max-len
+          help: 'Before attaching the data domain, give it a version name. Only versioned domains can be attached to an API model.',
+        })
       }
       init.dependencyList = [{ key: domain.key, version: domain.info.version }]
     }
@@ -327,7 +335,7 @@ export class ApiModel extends DependentModel {
       this.exposes = new Map()
     }
     if (Array.isArray(init.accessRule)) {
-      this.accessRule = init.accessRule.map((rule) => restoreAccessRule(rule))
+      this.accessRule = init.accessRule.map((rule) => restoreAccessRule(this, rule))
     } else {
       this.accessRule = []
     }
@@ -422,7 +430,10 @@ export class ApiModel extends DependentModel {
   exposeEntity(entity: AssociationTarget, options?: ExposeOptions): ExposedEntity {
     const domain = this.domain
     if (!domain) {
-      throw new Error(`No domain attached to API model`)
+      throw new Exception(`No domain attached to API model`, {
+        code: 'E_NO_DOMAIN',
+        help: 'Attach a data domain to the API model before exposing entities.',
+      })
     }
     // checks whether the entity is already exposed as a root exposure.
     let existing: ExposedEntity | undefined
@@ -433,13 +444,17 @@ export class ApiModel extends DependentModel {
       }
     }
     if (existing) {
-      // quietly return the existing exposure
-      // TBD: should we throw an error here?
-      return existing
+      throw new Exception(`Entity ${entity.key} is already exposed.`, {
+        code: 'E_ENTITY_ALREADY_EXPOSED',
+        help: 'Do not try to expose already exposed entity.',
+      })
     }
     const domainEntity = domain.findEntity(entity.key, entity.domain)
     if (!domainEntity) {
-      throw new Error(`Entity not found in domain: ${entity.key}`)
+      throw new Exception(`Entity not found in domain: ${entity.key}`, {
+        code: 'E_NO_ENTITY',
+        help: 'Make sure the entity you are trying to expose exists in the data domain.',
+      })
     }
     const name = domainEntity.info.name || ''
     const segment = pluralize(name.toLocaleLowerCase())
@@ -491,7 +506,9 @@ export class ApiModel extends DependentModel {
   private followEntityAssociations(parentExposure: ExposedEntitySchema, options: ExposeOptions): void {
     const domain = this.domain
     if (!domain) {
-      return
+      throw new Exception(`No domain attached to API model`, {
+        code: 'E_NO_DOMAIN',
+      })
     }
     const maxDepth = options.maxDepth ?? 6
     const follow = (currentEntity: AssociationTarget, parentKey: string, depth: number, currentPath: string[]) => {
@@ -609,7 +626,10 @@ export class ApiModel extends DependentModel {
    */
   removeExposedEntity(key: string): void {
     if (!this.exposes.has(key)) {
-      throw new Error(`Exposed entity with key "${key}" not found.`)
+      throw new Exception(`Exposed entity with key "${key}" not found.`, {
+        code: 'E_NO_EXPOSURE',
+        help: 'The exposed entity you are trying to remove does not exist.',
+      })
     }
     this.removeWithChildren(key)
   }
@@ -667,7 +687,11 @@ export class ApiModel extends DependentModel {
    */
   attachDataDomain(domain: DataDomain): void {
     if (!domain.info.version) {
-      throw new Error(`Cannot attach DataDomain without a version. Please set the version in the domain info.`)
+      throw new Exception(`Cannot attach DataDomain without a version. Please set the version in the domain info.`, {
+        code: 'E_DOMAIN_NO_VERSION',
+        // eslint-disable-next-line max-len
+        help: 'Before attaching the data domain, give it a version name. Only versioned domains can be attached to an API model.',
+      })
     }
     this.cleanForDomainChange()
     this.dependencies.set(domain.key, domain)

package/src/modeling/ExposedEntity.ts

@@ -1,4 +1,5 @@
 import { observed, toRaw } from '../decorators/observed.js'
+import { Exception } from '../exceptions/exception.js'
 import { ExposedEntityKind } from '../models/kinds.js'
 import { nanoid } from '../nanoid.js'
 import { Action } from './actions/Action.js'
@@ -94,12 +95,12 @@ export class ExposedEntity extends EventTarget {
   /**
    * The list of enabled API actions for this exposure (List/Read/Create/etc.)
    */
-  @observed({ deep: true }) accessor actions: Action[]
+  @observed() accessor actions: Action[]
 
   /**
    * Optional array of access rules that define the access control policies for this exposure.
    */
-  @observed({ deep: true }) accessor accessRule: AccessRule[] | undefined
+  @observed() accessor accessRule: AccessRule[] | undefined
 
   /**
    * Optional configuration for rate limiting for this exposure.
@@ -203,7 +204,7 @@ export class ExposedEntity extends EventTarget {
     this.parent = init.parent
     this.exposeOptions = init.exposeOptions
     this.actions = init.actions ? init.actions.map((a) => restoreAction(this, a)) : []
-    this.accessRule = init.accessRule ? init.accessRule.map((ar) => restoreAccessRule(ar)) : []
+    this.accessRule = init.accessRule ? init.accessRule.map((ar) => restoreAccessRule(this, ar)) : []
     if (init.rateLimiting) {
       this.rateLimiting = new RateLimitingConfiguration(init.rateLimiting)
     }
@@ -223,6 +224,7 @@ export class ExposedEntity extends EventTarget {
       this.#notifying = false
       const event = new Event('change')
       this.dispatchEvent(event)
+      this.api.notifyChange()
     })
   }
 
@@ -273,13 +275,19 @@ export class ExposedEntity extends EventTarget {
    */
   setCollectionPath(path: string) {
     if (!this.hasCollection) {
-      throw new Error(`Cannot set collection path on an exposure that does not have a collection`)
+      throw new Exception(`Cannot set collection path on an exposure that does not have a collection`, {
+        code: 'E_PATH_MISSING',
+        help: 'The exposed entity you are trying to set a collection path for does not have a collection.',
+      })
     }
     const cleaned = ensureLeadingSlash(path)
     // Ensure exactly one non-empty segment
     const segments = cleaned.split('/').filter(Boolean)
     if (segments.length !== 1) {
-      throw new Error(`Collection path must contain exactly one segment. Received: "${path}"`)
+      throw new Exception(`Collection path must contain exactly one segment. Received: "${path}"`, {
+        code: 'E_PATH_SEGMENT_SIZE',
+        help: 'The set path must have a single path segment (e.g., `/products`)',
+      })
     }
     const normalizedCollection = `/${segments[0]}`
 
@@ -287,7 +295,10 @@ export class ExposedEntity extends EventTarget {
     if (this.isRoot) {
       const collision = this.api.findCollectionPathCollision(normalizedCollection, this.key)
       if (collision) {
-        throw new Error(`Collection path "${normalizedCollection}" is already in use by another root entity.`)
+        throw new Exception(`Collection path "${normalizedCollection}" is already in use by another root entity.`, {
+          code: 'E_PATH_INUSE',
+          help: 'The set path is already in use by another root entity.',
+        })
       }
     }
 
@@ -321,22 +332,44 @@ export class ExposedEntity extends EventTarget {
 
     if (this.hasCollection) {
       if (!this.collectionPath) {
-        throw new Error('Cannot set resource path: missing collection path for this exposure')
+        // Why do we throw this error? We should just create it from the resource path...
+        throw new Exception('Cannot set resource path: missing collection path for this exposure', {
+          code: 'E_PATH_MISSING',
+          help: 'Set the collection path on the exposed entity first.',
+        })
       }
       const colSegments = this.collectionPath.split('/').filter(Boolean)
       if (colSegments.length !== 1) {
-        throw new Error(`Invalid stored collection path "${this.collectionPath}"`)
+        throw new Exception(`Invalid stored collection path "${this.collectionPath}"`, {
+          code: 'E_PATH_SEGMENT_SIZE',
+          help: 'The set collection path must have a single path segment (e.g., `/products`)',
+        })
       }
       if (segments.length !== 2) {
-        throw new Error(`Resource path must be exactly two segments (collection + parameter). Received: "${cleaned}"`)
+        throw new Exception(
+          `Resource path must be exactly two segments (collection + parameter). Received: "${cleaned}"`,
+          {
+            code: 'E_PATH_SEGMENT_SIZE',
+            help: 'The set resource path must have exactly two segments (collection + parameter).',
+          }
+        )
       }
       const [s1, s2] = segments
       if (s1 !== colSegments[0]) {
-        throw new Error(`Resource path must start with the collection segment "${colSegments[0]}". Received: "${s1}"`)
+        throw new Exception(
+          `Resource path must start with the collection segment "${colSegments[0]}". Received: "${s1}"`,
+          {
+            code: 'E_PATH_MISMATCH',
+            help: 'Set the resource path to the same value as the collection path + the parameter value.',
+          }
+        )
       }
       // s2 must be a parameter segment {name}
       if (!/^\{[A-Za-z_][A-Za-z0-9_]*\}$/.test(s2)) {
-        throw new Error(`The second segment must be a parameter in braces, e.g. {id}. Received: "${s2}"`)
+        throw new Exception(`The second segment must be a parameter in braces, e.g. {id}. Received: "${s2}"`, {
+          code: 'E_PARAMETER_INVALID',
+          help: 'Use the braces to surround the parameter name, e.g., {productId}.',
+        })
       }
       if (this.resourcePath !== cleaned) {
         this.resourcePath = `/${s1}/${s2}`
@@ -346,15 +379,22 @@ export class ExposedEntity extends EventTarget {
 
     // No collection: allow exactly one segment
     if (segments.length !== 1) {
-      throw new Error(
-        `Resource path must contain exactly one segment when no collection is present. Received: "${cleaned}"`
+      throw new Exception(
+        `Resource path must contain exactly one segment when no collection is present. Received: "${cleaned}"`,
+        {
+          code: 'E_PATH_SEGMENT_SIZE',
+          help: 'The set resource path must have exactly one segment.',
+        }
       )
     }
     // Check for collision if this is a root entity (singleton case)
     if (this.isRoot) {
       const collision = this.api.findResourcePathCollision(cleaned, this.key)
       if (collision) {
-        throw new Error(`Resource path "${cleaned}" is already in use by another root entity.`)
+        throw new Exception(`Resource path "${cleaned}" is already in use by another root entity.`, {
+          code: 'E_PATH_INUSE',
+          help: 'The set path is already in use by another root entity.',
+        })
       }
     }
 
@@ -468,7 +508,10 @@ export class ExposedEntity extends EventTarget {
    */
   addAction(schema: ApiActionSchema): Action {
     if (this.actions.some((action) => action.kind === schema.kind)) {
-      throw new Error(`Action of kind "${schema.kind}" already exists for this exposure`)
+      throw new Exception(`Action of kind "${schema.kind}" already exists for this exposure`, {
+        code: 'E_ACTION_USED',
+        help: "There's no need to add an API action again.",
+      })
     }
     const action = restoreAction(this, schema)
     this.actions.push(action)
@@ -486,7 +529,10 @@ export class ExposedEntity extends EventTarget {
   createPaginationContract(): void {
     const entity = this.api.domain?.findEntity(this.entity.key, this.entity.domain)
     if (!entity) {
-      throw new Error(`Entity "${this.entity.key}" not found"`)
+      throw new Exception(`Entity "${this.entity.key}" not found"`, {
+        code: 'E_ENTITY_NOT_FOUND',
+        help: 'The set entity does not exist.',
+      })
     }
     if (!this.paginationContract) {
       this.paginationContract = {

package/src/modeling/actions/Action.ts

@@ -46,13 +46,13 @@ export class Action extends EventTarget implements ActionSchema {
     super()
     this.parent = parent
     this.kind = state.kind || ''
-    this.accessRule = state.accessRule ? state.accessRule.map((rule) => restoreAccessRule(rule)) : []
+    this.accessRule = state.accessRule ? state.accessRule.map((rule) => restoreAccessRule(this, rule)) : []
     this.rateLimiting = state.rateLimiting ? new RateLimitingConfiguration(state.rateLimiting) : undefined
   }
 
   notifyChange() {
     this.dispatchEvent(new Event('change'))
-    // this.parent.api.notifyChange()
+    this.parent.notifyChange()
   }
 
   toJSON(): ActionSchema {

package/src/modeling/rules/AccessRule.ts

@@ -1,3 +1,7 @@
+import type { Action } from '../actions/Action.js'
+import type { ApiModel } from '../ApiModel.js'
+import type { ExposedEntity } from '../ExposedEntity.js'
+
 export interface AccessRuleSchema {
   /**
    * The unique identifier for the access rule.
@@ -11,9 +15,11 @@ export interface AccessRuleSchema {
  */
 export class AccessRule extends EventTarget implements AccessRuleSchema {
   readonly type: string
+  readonly parent: ExposedEntity | ApiModel | Action
 
-  constructor(state: Partial<AccessRuleSchema> = {}) {
+  constructor(parent: ExposedEntity | ApiModel | Action, state: Partial<AccessRuleSchema> = {}) {
     super()
+    this.parent = parent
     this.type = state.type ?? ''
   }
 
@@ -25,5 +31,6 @@ export class AccessRule extends EventTarget implements AccessRuleSchema {
 
   notifyChange() {
     this.dispatchEvent(new Event('change'))
+    this.parent.notifyChange()
   }
 }

package/src/modeling/rules/AllowAuthenticated.ts

@@ -1,3 +1,6 @@
+import type { Action } from '../actions/Action.js'
+import type { ApiModel } from '../ApiModel.js'
+import type { ExposedEntity } from '../ExposedEntity.js'
 import { AccessRule, type AccessRuleSchema } from './AccessRule.js'
 
 /**
@@ -17,8 +20,8 @@ export interface AllowAuthenticatedAccessRuleSchema extends AccessRuleSchema {
 export class AllowAuthenticatedAccessRule extends AccessRule implements AllowAuthenticatedAccessRuleSchema {
   override readonly type: 'allowAuthenticated'
 
-  constructor(state: Partial<AllowAuthenticatedAccessRuleSchema> = {}) {
-    super(state)
+  constructor(parent: ExposedEntity | ApiModel | Action, state: Partial<AllowAuthenticatedAccessRuleSchema> = {}) {
+    super(parent, state)
     this.type = 'allowAuthenticated'
   }
 }

package/src/modeling/rules/AllowPublic.ts

@@ -1,3 +1,6 @@
+import type { Action } from '../actions/Action.js'
+import type { ApiModel } from '../ApiModel.js'
+import type { ExposedEntity } from '../ExposedEntity.js'
 import { AccessRule, type AccessRuleSchema } from './AccessRule.js'
 
 /**
@@ -17,8 +20,8 @@ export interface AllowPublicAccessRuleSchema extends AccessRuleSchema {
 export class AllowPublicAccessRule extends AccessRule implements AllowPublicAccessRuleSchema {
   override readonly type: 'allowPublic'
 
-  constructor(state: Partial<AllowPublicAccessRuleSchema> = {}) {
-    super(state)
+  constructor(parent: ExposedEntity | ApiModel | Action, state: Partial<AllowPublicAccessRuleSchema> = {}) {
+    super(parent, state)
     this.type = 'allowPublic'
   }
 }

package/src/modeling/rules/MatchEmailDomain.ts

@@ -1,3 +1,6 @@
+import type { Action } from '../actions/Action.js'
+import type { ApiModel } from '../ApiModel.js'
+import type { ExposedEntity } from '../ExposedEntity.js'
 import { AccessRule, type AccessRuleSchema } from './AccessRule.js'
 import { observed, toRaw } from '../../decorators/observed.js'
 
@@ -24,8 +27,8 @@ export class MatchEmailDomainAccessRule extends AccessRule implements MatchEmail
 
   @observed({ deep: true }) accessor domains: string[]
 
-  constructor(state: Partial<MatchEmailDomainAccessRuleSchema> = {}) {
-    super(state)
+  constructor(parent: ExposedEntity | ApiModel | Action, state: Partial<MatchEmailDomainAccessRuleSchema> = {}) {
+    super(parent, state)
     this.type = 'matchEmailDomain'
     this.domains = state.domains ? [...state.domains] : []
   }

package/src/modeling/rules/MatchResourceOwner.ts

@@ -1,3 +1,6 @@
+import type { Action } from '../actions/Action.js'
+import type { ApiModel } from '../ApiModel.js'
+import type { ExposedEntity } from '../ExposedEntity.js'
 import { AccessRule, type AccessRuleSchema } from './AccessRule.js'
 import { observed } from '../../decorators/observed.js'
 
@@ -38,8 +41,8 @@ export class MatchResourceOwnerAccessRule extends AccessRule implements MatchRes
   @observed() accessor property: string | undefined
   @observed() accessor target: 'property' | 'user-entity'
 
-  constructor(state: Partial<MatchResourceOwnerAccessRuleSchema> = {}) {
-    super(state)
+  constructor(parent: ExposedEntity | ApiModel | Action, state: Partial<MatchResourceOwnerAccessRuleSchema> = {}) {
+    super(parent, state)
     this.type = 'matchResourceOwner'
     this.property = state.property
     this.target = state.target ?? 'property'

package/src/modeling/rules/MatchUserProperty.ts

@@ -1,3 +1,6 @@
+import type { Action } from '../actions/Action.js'
+import type { ApiModel } from '../ApiModel.js'
+import type { ExposedEntity } from '../ExposedEntity.js'
 import { AccessRule, type AccessRuleSchema } from './AccessRule.js'
 import { observed } from '../../decorators/observed.js'
 
@@ -27,8 +30,8 @@ export class MatchUserPropertyAccessRule extends AccessRule implements MatchUser
   @observed() accessor property: string
   @observed() accessor value: string
 
-  constructor(state: Partial<MatchUserPropertyAccessRuleSchema> = {}) {
-    super(state)
+  constructor(parent: ExposedEntity | ApiModel | Action, state: Partial<MatchUserPropertyAccessRuleSchema> = {}) {
+    super(parent, state)
     this.type = 'matchUserProperty'
     this.property = state.property ?? ''
     this.value = state.value ?? ''

package/src/modeling/rules/MatchUserRole.ts

@@ -1,3 +1,6 @@
+import type { Action } from '../actions/Action.js'
+import type { ApiModel } from '../ApiModel.js'
+import type { ExposedEntity } from '../ExposedEntity.js'
 import { AccessRule, type AccessRuleSchema } from './AccessRule.js'
 import { observed, toRaw } from '../../decorators/observed.js'
 
@@ -28,8 +31,8 @@ export class MatchUserRoleAccessRule extends AccessRule implements MatchUserRole
 
   @observed({ deep: true }) accessor role: string[]
 
-  constructor(state: Partial<MatchUserRoleAccessRuleSchema> = {}) {
-    super(state)
+  constructor(parent: ExposedEntity | ApiModel | Action, state: Partial<MatchUserRoleAccessRuleSchema> = {}) {
+    super(parent, state)
     this.type = 'matchUserRole'
     this.role = state.role ? [...state.role] : []
   }

package/tests/unit/modeling/actions/Action.spec.ts

@@ -2,10 +2,11 @@ import { test } from '@japa/runner'
 import { Action, AccessRule, RateLimitingConfiguration } from '../../../../src/modeling/index.js'
 import { type ActionSchema } from '../../../../src/modeling/actions/Action.js'
 import { type ExposedEntity } from '../../../../src/modeling/ExposedEntity.js'
+import { mockExposedEntity } from './helpers.js'
 
 test.group('Action', () => {
   test('initializes with default values', ({ assert }) => {
-    const action = new Action({} as unknown as ExposedEntity)
+    const action = new Action(mockExposedEntity())
     assert.equal(action.kind, '')
     assert.deepEqual(action.accessRule, [])
     assert.isUndefined(action.rateLimiting)
@@ -17,7 +18,7 @@ test.group('Action', () => {
       accessRule: [{ type: 'allowPublic' }],
       rateLimiting: { rules: [] },
     }
-    const action = new Action({} as unknown as ExposedEntity, schema)
+    const action = new Action(mockExposedEntity(), schema)
     assert.equal(action.kind, 'read')
     assert.lengthOf(action.accessRule, 1)
     assert.instanceOf(action.accessRule[0], AccessRule)
@@ -26,7 +27,7 @@ test.group('Action', () => {
   }).tags(['@modeling', '@action'])
 
   test('serializes to JSON', ({ assert }) => {
-    const action = new Action({} as unknown as ExposedEntity, {
+    const action = new Action(mockExposedEntity(), {
       kind: 'write',
       accessRule: [{ type: 'allowPublic' }],
       rateLimiting: { rules: [] },
@@ -39,7 +40,7 @@ test.group('Action', () => {
   }).tags(['@modeling', '@action'])
 
   test('notifies change when kind changes', async ({ assert }) => {
-    const action = new Action({} as unknown as ExposedEntity, { kind: 'read' })
+    const action = new Action(mockExposedEntity(), { kind: 'read' })
     let notified = false
     action.addEventListener('change', () => {
       notified = true
@@ -53,19 +54,19 @@ test.group('Action', () => {
   }).tags(['@modeling', '@action', '@observed'])
 
   test('notifies change when accessRule array is replaced', async ({ assert }) => {
-    const action = new Action({} as unknown as ExposedEntity)
+    const action = new Action(mockExposedEntity())
     let notified = false
     action.addEventListener('change', () => {
       notified = true
     })
 
-    action.accessRule = [new AccessRule({ type: 'allowPublic' })]
+    action.accessRule = [new AccessRule(mockExposedEntity(), { type: 'allowPublic' })]
     await Promise.resolve()
     assert.isTrue(notified)
   }).tags(['@modeling', '@action', '@observed'])
 
   test('notifies change when rateLimiting is replaced', async ({ assert }) => {
-    const action = new Action({} as unknown as ExposedEntity)
+    const action = new Action(mockExposedEntity())
     let notified = false
     action.addEventListener('change', () => {
       notified = true
@@ -78,7 +79,7 @@ test.group('Action', () => {
 
   test('constructor copies accessRule array (immutability)', ({ assert }) => {
     const rules = [{ type: 'allowPublic' }]
-    const action = new Action({} as unknown as ExposedEntity, { kind: 'read', accessRule: rules })
+    const action = new Action(mockExposedEntity(), { kind: 'read', accessRule: rules })
 
     // Modify original array
     rules.push({ type: 'other' })
@@ -89,7 +90,7 @@ test.group('Action', () => {
   }).tags(['@modeling', '@action', '@immutability'])
 
   test('toJSON returns safe copy', ({ assert }) => {
-    const action = new Action({} as unknown as ExposedEntity, {
+    const action = new Action(mockExposedEntity(), {
       kind: 'read',
       accessRule: [{ type: 'allowPublic' }],
       rateLimiting: { rules: [] },
@@ -110,7 +111,8 @@ test.group('Action', () => {
 
   test('getAllRules() aggregates rules from action and parent', ({ assert }) => {
     const parent = {
-      getAllRules: () => [new AccessRule({ type: 'allowPublic' })],
+      getAllRules: () => [new AccessRule(mockExposedEntity(), { type: 'allowPublic' })],
+      notifyChange: () => {},
     } as unknown as ExposedEntity
 
     const action = new Action(parent, {
@@ -127,6 +129,7 @@ test.group('Action', () => {
     const parentLimiter = new RateLimitingConfiguration({ rules: [{ rate: 10, interval: 'second' }] })
     const parent = {
       getAllRateLimiters: () => [parentLimiter],
+      notifyChange: () => {},
     } as unknown as ExposedEntity
 
     const action = new Action(parent, {

package/tests/unit/modeling/actions/CreateAction.spec.ts

@@ -1,16 +1,17 @@
 import { test } from '@japa/runner'
 import { CreateAction } from '../../../../src/modeling/actions/CreateAction.js'
 import { AccessRule } from '../../../../src/modeling/rules/index.js'
+import { mockExposedEntity } from './helpers.js'
 
 test.group('CreateAction', () => {
   test('initializes with default values', ({ assert }) => {
-    const action = new CreateAction({} as any)
+    const action = new CreateAction(mockExposedEntity())
     assert.equal(action.kind, 'create')
     assert.isEmpty(action.accessRule) // Inherited from Action
   }).tags(['@modeling', '@action', '@create-action'])
 
   test('initializes with inherited values', ({ assert }) => {
-    const action = new CreateAction({} as any, {
+    const action = new CreateAction(mockExposedEntity(), {
       accessRule: [{ type: 'allowPublic' }],
     })
 
@@ -22,7 +23,7 @@ test.group('CreateAction', () => {
   test('constructor copies arrays (immutability)', ({ assert }) => {
     const rules = [{ type: 'allowPublic' }]
 
-    const action = new CreateAction({} as any, {
+    const action = new CreateAction(mockExposedEntity(), {
       accessRule: rules,
     })
 
@@ -35,7 +36,7 @@ test.group('CreateAction', () => {
   }).tags(['@modeling', '@action', '@create-action', '@immutability'])
 
   test('toJSON returns valid schema', ({ assert }) => {
-    const action = new CreateAction({} as any, {
+    const action = new CreateAction(mockExposedEntity(), {
       accessRule: [{ type: 'allowPublic' }],
     })
 
@@ -51,14 +52,14 @@ test.group('CreateAction', () => {
   }).tags(['@modeling', '@action', '@create-action', '@serialization'])
 
   test('notifies change when inherited property changes', async ({ assert }) => {
-    const action = new CreateAction({} as any)
+    const action = new CreateAction(mockExposedEntity())
     let notified = false
     action.addEventListener('change', () => {
       notified = true
     })
 
     // Modify inherited property
-    action.accessRule = [new AccessRule({ type: 'allowPublic' })]
+    action.accessRule = [new AccessRule(mockExposedEntity(), { type: 'allowPublic' })]
     await Promise.resolve()
     assert.isTrue(notified)
   }).tags(['@modeling', '@action', '@create-action', '@observed'])