@atlashub/smartstack-cli 2.9.0 → 3.1.0

package/dist/mcp-entry.mjs

@@ -471,8 +471,8 @@ var init_parseUtil = __esm({
     init_errors();
     init_en();
     makeIssue = (params) => {
-      const { data, path: path29, errorMaps, issueData } = params;
-      const fullPath = [...path29, ...issueData.path || []];
+      const { data, path: path30, errorMaps, issueData } = params;
+      const fullPath = [...path30, ...issueData.path || []];
       const fullIssue = {
         ...issueData,
         path: fullPath
@@ -786,11 +786,11 @@ var init_types = __esm({
     init_parseUtil();
     init_util();
     ParseInputLazyPath = class {
-      constructor(parent, value, path29, key) {
+      constructor(parent, value, path30, key) {
         this._cachedPath = [];
         this.parent = parent;
         this.data = value;
-        this._path = path29;
+        this._path = path30;
         this._key = key;
       }
       get path() {
@@ -4367,10 +4367,10 @@ function assignProp(target, prop, value) {
     configurable: true
   });
 }
-function getElementAtPath(obj, path29) {
-  if (!path29)
+function getElementAtPath(obj, path30) {
+  if (!path30)
     return obj;
-  return path29.reduce((acc, key) => acc?.[key], obj);
+  return path30.reduce((acc, key) => acc?.[key], obj);
 }
 function promiseAllObject(promisesObj) {
   const keys = Object.keys(promisesObj);
@@ -4619,11 +4619,11 @@ function aborted(x, startIndex = 0) {
   }
   return false;
 }
-function prefixIssues(path29, issues) {
+function prefixIssues(path30, issues) {
   return issues.map((iss) => {
     var _a;
     (_a = iss).path ?? (_a.path = []);
-    iss.path.unshift(path29);
+    iss.path.unshift(path30);
     return iss;
   });
 }
@@ -14435,8 +14435,8 @@ var require_utils = __commonJS({
       }
       return ind;
     }
-    function removeDotSegments(path29) {
-      let input = path29;
+    function removeDotSegments(path30) {
+      let input = path30;
       const output = [];
       let nextSlash = -1;
       let len = 0;
@@ -14636,8 +14636,8 @@ var require_schemes = __commonJS({
         wsComponent.secure = void 0;
       }
       if (wsComponent.resourceName) {
-        const [path29, query] = wsComponent.resourceName.split("?");
-        wsComponent.path = path29 && path29 !== "/" ? path29 : void 0;
+        const [path30, query] = wsComponent.resourceName.split("?");
+        wsComponent.path = path30 && path30 !== "/" ? path30 : void 0;
         wsComponent.query = query;
         wsComponent.resourceName = void 0;
       }
@@ -28777,12 +28777,12 @@ var init_esm7 = __esm({
       /**
        * Get the Path object referenced by the string path, resolved from this Path
        */
-      resolve(path29) {
-        if (!path29) {
+      resolve(path30) {
+        if (!path30) {
           return this;
         }
-        const rootPath = this.getRootString(path29);
-        const dir = path29.substring(rootPath.length);
+        const rootPath = this.getRootString(path30);
+        const dir = path30.substring(rootPath.length);
         const dirParts = dir.split(this.splitSep);
         const result = rootPath ? this.getRoot(rootPath).#resolveParts(dirParts) : this.#resolveParts(dirParts);
         return result;
@@ -29534,8 +29534,8 @@ var init_esm7 = __esm({
       /**
        * @internal
        */
-      getRootString(path29) {
-        return win32.parse(path29).root;
+      getRootString(path30) {
+        return win32.parse(path30).root;
       }
       /**
        * @internal
@@ -29581,8 +29581,8 @@ var init_esm7 = __esm({
       /**
        * @internal
        */
-      getRootString(path29) {
-        return path29.startsWith("/") ? "/" : "";
+      getRootString(path30) {
+        return path30.startsWith("/") ? "/" : "";
       }
       /**
        * @internal
@@ -29671,11 +29671,11 @@ var init_esm7 = __esm({
       /**
        * Get the depth of a provided path, string, or the cwd
        */
-      depth(path29 = this.cwd) {
-        if (typeof path29 === "string") {
-          path29 = this.cwd.resolve(path29);
+      depth(path30 = this.cwd) {
+        if (typeof path30 === "string") {
+          path30 = this.cwd.resolve(path30);
         }
-        return path29.depth();
+        return path30.depth();
       }
       /**
        * Return the cache of child entries.  Exposed so subclasses can create
@@ -30162,9 +30162,9 @@ var init_esm7 = __esm({
         process3();
         return results;
       }
-      chdir(path29 = this.cwd) {
+      chdir(path30 = this.cwd) {
         const oldCwd = this.cwd;
-        this.cwd = typeof path29 === "string" ? this.cwd.resolve(path29) : path29;
+        this.cwd = typeof path30 === "string" ? this.cwd.resolve(path30) : path30;
         this.cwd[setAsCwd](oldCwd);
       }
     };
@@ -30545,8 +30545,8 @@ var init_processor = __esm({
       }
       // match, absolute, ifdir
       entries() {
-        return [...this.store.entries()].map(([path29, n]) => [
-          path29,
+        return [...this.store.entries()].map(([path30, n]) => [
+          path30,
           !!(n & 2),
           !!(n & 1)
         ]);
@@ -30761,9 +30761,9 @@ var init_walker = __esm({
       signal;
       maxDepth;
       includeChildMatches;
-      constructor(patterns, path29, opts) {
+      constructor(patterns, path30, opts) {
         this.patterns = patterns;
-        this.path = path29;
+        this.path = path30;
         this.opts = opts;
         this.#sep = !opts.posix && opts.platform === "win32" ? "\\" : "/";
         this.includeChildMatches = opts.includeChildMatches !== false;
@@ -30782,11 +30782,11 @@ var init_walker = __esm({
           });
         }
       }
-      #ignored(path29) {
-        return this.seen.has(path29) || !!this.#ignore?.ignored?.(path29);
+      #ignored(path30) {
+        return this.seen.has(path30) || !!this.#ignore?.ignored?.(path30);
       }
-      #childrenIgnored(path29) {
-        return !!this.#ignore?.childrenIgnored?.(path29);
+      #childrenIgnored(path30) {
+        return !!this.#ignore?.childrenIgnored?.(path30);
       }
       // backpressure mechanism
       pause() {
@@ -31001,8 +31001,8 @@ var init_walker = __esm({
     };
     GlobWalker = class extends GlobUtil {
       matches = /* @__PURE__ */ new Set();
-      constructor(patterns, path29, opts) {
-        super(patterns, path29, opts);
+      constructor(patterns, path30, opts) {
+        super(patterns, path30, opts);
       }
       matchEmit(e) {
         this.matches.add(e);
@@ -31039,8 +31039,8 @@ var init_walker = __esm({
     };
     GlobStream = class extends GlobUtil {
       results;
-      constructor(patterns, path29, opts) {
-        super(patterns, path29, opts);
+      constructor(patterns, path30, opts) {
+        super(patterns, path30, opts);
         this.results = new Minipass({
           signal: this.signal,
           objectMode: true
@@ -31477,10 +31477,10 @@ var init_fs = __esm({
     init_esm_shims();
     init_esm8();
     FileSystemError = class extends Error {
-      constructor(message, operation, path29, cause) {
+      constructor(message, operation, path30, cause) {
         super(message);
         this.operation = operation;
-        this.path = path29;
+        this.path = path30;
         this.cause = cause;
         this.name = "FileSystemError";
       }
@@ -31641,7 +31641,7 @@ var init_types3 = __esm({
       dryRun: external_exports.boolean().default(false).describe("Preview without writing files or creating migration")
     });
     TestTypeSchema = external_exports.enum(["unit", "integration", "security", "e2e"]);
-    TestTargetSchema = external_exports.enum(["entity", "service", "controller", "validator", "repository", "all"]);
+    TestTargetSchema = external_exports.enum(["entity", "service", "controller", "validator", "repository", "infrastructure", "all"]);
     ScaffoldTestsInputSchema = external_exports.object({
       target: TestTargetSchema.describe("Type of component to test"),
       name: external_exports.string().min(1).describe('Component name (PascalCase, e.g., "User", "Order")'),
@@ -33365,6 +33365,37 @@ var init_validate_conventions = __esm({
   }
 });
 
+// src/mcp/utils/semver.ts
+function parseSemver(version2) {
+  const match2 = version2.match(/^(\d+)\.(\d+)\.(\d+)$/);
+  if (!match2) {
+    return null;
+  }
+  return [
+    parseInt(match2[1], 10),
+    parseInt(match2[2], 10),
+    parseInt(match2[3], 10)
+  ];
+}
+function compareVersions(a, b) {
+  const partsA = parseSemver(a);
+  const partsB = parseSemver(b);
+  if (!partsA && !partsB) return 0;
+  if (!partsA) return 1;
+  if (!partsB) return -1;
+  for (let i = 0; i < 3; i++) {
+    if (partsA[i] > partsB[i]) return 1;
+    if (partsA[i] < partsB[i]) return -1;
+  }
+  return 0;
+}
+var init_semver = __esm({
+  "src/mcp/utils/semver.ts"() {
+    "use strict";
+    init_esm_shims();
+  }
+});
+
 // src/mcp/tools/check-migrations.ts
 import path9 from "path";
 async function handleCheckMigrations(args, config2) {
@@ -33441,29 +33472,6 @@ async function parseMigrations(migrationsPath, rootPath) {
     return a.sequence.localeCompare(b.sequence);
   });
 }
-function parseSemver(version2) {
-  const match2 = version2.match(/^(\d+)\.(\d+)\.(\d+)$/);
-  if (!match2) {
-    return null;
-  }
-  return [
-    parseInt(match2[1], 10),
-    parseInt(match2[2], 10),
-    parseInt(match2[3], 10)
-  ];
-}
-function compareVersions(a, b) {
-  const partsA = parseSemver(a);
-  const partsB = parseSemver(b);
-  if (!partsA && !partsB) return 0;
-  if (!partsA) return 1;
-  if (!partsB) return -1;
-  for (let i = 0; i < 3; i++) {
-    if (partsA[i] > partsB[i]) return 1;
-    if (partsA[i] < partsB[i]) return -1;
-  }
-  return 0;
-}
 function checkNamingConventions(result, _config) {
   for (const migration of result.migrations) {
     if (migration.context === "Unknown") {
@@ -33656,6 +33664,7 @@ var init_check_migrations = __esm({
     init_fs();
     init_git();
     init_detector();
+    init_semver();
     init_logger();
     checkMigrationsTool = {
       name: "check_migrations",
@@ -34774,7 +34783,7 @@ var require_no_conflict = __commonJS({
     "use strict";
     init_esm_shims();
     exports.__esModule = true;
-    exports["default"] = function(Handlebars3) {
+    exports["default"] = function(Handlebars4) {
       (function() {
         if (typeof globalThis === "object") return;
         Object.prototype.__defineGetter__("__magic__", function() {
@@ -34784,11 +34793,11 @@ var require_no_conflict = __commonJS({
         delete Object.prototype.__magic__;
       })();
       var $Handlebars = globalThis.Handlebars;
-      Handlebars3.noConflict = function() {
-        if (globalThis.Handlebars === Handlebars3) {
+      Handlebars4.noConflict = function() {
+        if (globalThis.Handlebars === Handlebars4) {
           globalThis.Handlebars = $Handlebars;
         }
-        return Handlebars3;
+        return Handlebars4;
       };
     };
     module.exports = exports["default"];
@@ -34867,13 +34876,13 @@ var require_ast = __commonJS({
         helperExpression: function helperExpression(node) {
           return node.type === "SubExpression" || (node.type === "MustacheStatement" || node.type === "BlockStatement") && !!(node.params && node.params.length || node.hash);
         },
-        scopedId: function scopedId(path29) {
-          return /^\.|this\b/.test(path29.original);
+        scopedId: function scopedId(path30) {
+          return /^\.|this\b/.test(path30.original);
         },
         // an ID is simple if it only has one part, and that part is not
         // `..` or `this`.
-        simpleId: function simpleId(path29) {
-          return path29.parts.length === 1 && !AST2.helpers.scopedId(path29) && !path29.depth;
+        simpleId: function simpleId(path30) {
+          return path30.parts.length === 1 && !AST2.helpers.scopedId(path30) && !path30.depth;
         }
       }
     };
@@ -35947,12 +35956,12 @@ var require_helpers2 = __commonJS({
         loc
       };
     }
-    function prepareMustache(path29, params, hash, open, strip, locInfo) {
+    function prepareMustache(path30, params, hash, open, strip, locInfo) {
       var escapeFlag = open.charAt(3) || open.charAt(2), escaped = escapeFlag !== "{" && escapeFlag !== "&";
       var decorator = /\*/.test(open);
       return {
         type: decorator ? "Decorator" : "MustacheStatement",
-        path: path29,
+        path: path30,
         params,
         hash,
         escaped,
@@ -36224,9 +36233,9 @@ var require_compiler = __commonJS({
       },
       DecoratorBlock: function DecoratorBlock(decorator) {
         var program = decorator.program && this.compileProgram(decorator.program);
-        var params = this.setupFullMustacheParams(decorator, program, void 0), path29 = decorator.path;
+        var params = this.setupFullMustacheParams(decorator, program, void 0), path30 = decorator.path;
         this.useDecorators = true;
-        this.opcode("registerDecorator", params.length, path29.original);
+        this.opcode("registerDecorator", params.length, path30.original);
       },
       PartialStatement: function PartialStatement(partial2) {
         this.usePartial = true;
@@ -36290,46 +36299,46 @@ var require_compiler = __commonJS({
         }
       },
       ambiguousSexpr: function ambiguousSexpr(sexpr, program, inverse) {
-        var path29 = sexpr.path, name = path29.parts[0], isBlock = program != null || inverse != null;
-        this.opcode("getContext", path29.depth);
+        var path30 = sexpr.path, name = path30.parts[0], isBlock = program != null || inverse != null;
+        this.opcode("getContext", path30.depth);
         this.opcode("pushProgram", program);
         this.opcode("pushProgram", inverse);
-        path29.strict = true;
-        this.accept(path29);
+        path30.strict = true;
+        this.accept(path30);
         this.opcode("invokeAmbiguous", name, isBlock);
       },
       simpleSexpr: function simpleSexpr(sexpr) {
-        var path29 = sexpr.path;
-        path29.strict = true;
-        this.accept(path29);
+        var path30 = sexpr.path;
+        path30.strict = true;
+        this.accept(path30);
         this.opcode("resolvePossibleLambda");
       },
       helperSexpr: function helperSexpr(sexpr, program, inverse) {
-        var params = this.setupFullMustacheParams(sexpr, program, inverse), path29 = sexpr.path, name = path29.parts[0];
+        var params = this.setupFullMustacheParams(sexpr, program, inverse), path30 = sexpr.path, name = path30.parts[0];
         if (this.options.knownHelpers[name]) {
           this.opcode("invokeKnownHelper", params.length, name);
         } else if (this.options.knownHelpersOnly) {
           throw new _exception2["default"]("You specified knownHelpersOnly, but used the unknown helper " + name, sexpr);
         } else {
-          path29.strict = true;
-          path29.falsy = true;
-          this.accept(path29);
-          this.opcode("invokeHelper", params.length, path29.original, _ast2["default"].helpers.simpleId(path29));
+          path30.strict = true;
+          path30.falsy = true;
+          this.accept(path30);
+          this.opcode("invokeHelper", params.length, path30.original, _ast2["default"].helpers.simpleId(path30));
         }
       },
-      PathExpression: function PathExpression(path29) {
-        this.addDepth(path29.depth);
-        this.opcode("getContext", path29.depth);
-        var name = path29.parts[0], scoped = _ast2["default"].helpers.scopedId(path29), blockParamId = !path29.depth && !scoped && this.blockParamIndex(name);
+      PathExpression: function PathExpression(path30) {
+        this.addDepth(path30.depth);
+        this.opcode("getContext", path30.depth);
+        var name = path30.parts[0], scoped = _ast2["default"].helpers.scopedId(path30), blockParamId = !path30.depth && !scoped && this.blockParamIndex(name);
         if (blockParamId) {
-          this.opcode("lookupBlockParam", blockParamId, path29.parts);
+          this.opcode("lookupBlockParam", blockParamId, path30.parts);
         } else if (!name) {
           this.opcode("pushContext");
-        } else if (path29.data) {
+        } else if (path30.data) {
           this.options.data = true;
-          this.opcode("lookupData", path29.depth, path29.parts, path29.strict);
+          this.opcode("lookupData", path30.depth, path30.parts, path30.strict);
         } else {
-          this.opcode("lookupOnContext", path29.parts, path29.falsy, path29.strict, scoped);
+          this.opcode("lookupOnContext", path30.parts, path30.falsy, path30.strict, scoped);
         }
       },
       StringLiteral: function StringLiteral(string3) {
@@ -36685,16 +36694,16 @@ var require_util3 = __commonJS({
     }
     exports.urlGenerate = urlGenerate;
     function normalize2(aPath) {
-      var path29 = aPath;
+      var path30 = aPath;
       var url2 = urlParse(aPath);
       if (url2) {
         if (!url2.path) {
           return aPath;
         }
-        path29 = url2.path;
+        path30 = url2.path;
       }
-      var isAbsolute = exports.isAbsolute(path29);
-      var parts = path29.split(/\/+/);
+      var isAbsolute = exports.isAbsolute(path30);
+      var parts = path30.split(/\/+/);
       for (var part, up = 0, i = parts.length - 1; i >= 0; i--) {
         part = parts[i];
         if (part === ".") {
@@ -36711,15 +36720,15 @@ var require_util3 = __commonJS({
           }
         }
       }
-      path29 = parts.join("/");
-      if (path29 === "") {
-        path29 = isAbsolute ? "/" : ".";
+      path30 = parts.join("/");
+      if (path30 === "") {
+        path30 = isAbsolute ? "/" : ".";
       }
       if (url2) {
-        url2.path = path29;
+        url2.path = path30;
         return urlGenerate(url2);
       }
-      return path29;
+      return path30;
     }
     exports.normalize = normalize2;
     function join2(aRoot, aPath) {
@@ -39520,8 +39529,8 @@ var require_printer = __commonJS({
       return this.accept(sexpr.path) + " " + params + hash;
     };
     PrintVisitor.prototype.PathExpression = function(id) {
-      var path29 = id.parts.join("/");
-      return (id.data ? "@" : "") + "PATH:" + path29;
+      var path30 = id.parts.join("/");
+      return (id.data ? "@" : "") + "PATH:" + path30;
     };
     PrintVisitor.prototype.StringLiteral = function(string3) {
       return '"' + string3.value + '"';
@@ -50738,11 +50747,11 @@ var require_mime_types = __commonJS({
       }
       return exts[0];
     }
-    function lookup(path29) {
-      if (!path29 || typeof path29 !== "string") {
+    function lookup(path30) {
+      if (!path30 || typeof path30 !== "string") {
         return false;
       }
-      var extension2 = extname("x." + path29).toLowerCase().substr(1);
+      var extension2 = extname("x." + path30).toLowerCase().substr(1);
       if (!extension2) {
         return false;
       }
@@ -51905,7 +51914,7 @@ var require_form_data = __commonJS({
     init_esm_shims();
     var CombinedStream = require_combined_stream();
     var util4 = __require("util");
-    var path29 = __require("path");
+    var path30 = __require("path");
     var http3 = __require("http");
     var https2 = __require("https");
     var parseUrl = __require("url").parse;
@@ -52033,11 +52042,11 @@ var require_form_data = __commonJS({
     FormData3.prototype._getContentDisposition = function(value, options) {
       var filename;
       if (typeof options.filepath === "string") {
-        filename = path29.normalize(options.filepath).replace(/\\/g, "/");
+        filename = path30.normalize(options.filepath).replace(/\\/g, "/");
       } else if (options.filename || value && (value.name || value.path)) {
-        filename = path29.basename(options.filename || value && (value.name || value.path));
+        filename = path30.basename(options.filename || value && (value.name || value.path));
       } else if (value && value.readable && hasOwn(value, "httpVersion")) {
-        filename = path29.basename(value.client._httpMessage.path || "");
+        filename = path30.basename(value.client._httpMessage.path || "");
       }
       if (filename) {
         return 'filename="' + filename + '"';
@@ -52236,9 +52245,9 @@ function isVisitable(thing) {
 function removeBrackets(key) {
   return utils_default.endsWith(key, "[]") ? key.slice(0, -2) : key;
 }
-function renderKey(path29, key, dots) {
-  if (!path29) return key;
-  return path29.concat(key).map(function each(token, i) {
+function renderKey(path30, key, dots) {
+  if (!path30) return key;
+  return path30.concat(key).map(function each(token, i) {
     token = removeBrackets(token);
     return !dots && i ? "[" + token + "]" : token;
   }).join(dots ? "." : "");
@@ -52283,9 +52292,9 @@ function toFormData(obj, formData, options) {
     }
     return value;
   }
-  function defaultVisitor(value, key, path29) {
+  function defaultVisitor(value, key, path30) {
     let arr = value;
-    if (value && !path29 && typeof value === "object") {
+    if (value && !path30 && typeof value === "object") {
       if (utils_default.endsWith(key, "{}")) {
         key = metaTokens ? key : key.slice(0, -2);
         value = JSON.stringify(value);
@@ -52304,7 +52313,7 @@ function toFormData(obj, formData, options) {
     if (isVisitable(value)) {
       return true;
     }
-    formData.append(renderKey(path29, key, dots), convertValue(value));
+    formData.append(renderKey(path30, key, dots), convertValue(value));
     return false;
   }
   const stack = [];
@@ -52313,10 +52322,10 @@ function toFormData(obj, formData, options) {
     convertValue,
     isVisitable
   });
-  function build(value, path29) {
+  function build(value, path30) {
     if (utils_default.isUndefined(value)) return;
     if (stack.indexOf(value) !== -1) {
-      throw Error("Circular reference detected in " + path29.join("."));
+      throw Error("Circular reference detected in " + path30.join("."));
     }
     stack.push(value);
     utils_default.forEach(value, function each(el, key) {
@@ -52324,11 +52333,11 @@ function toFormData(obj, formData, options) {
         formData,
         el,
         utils_default.isString(key) ? key.trim() : key,
-        path29,
+        path30,
         exposedHelpers
       );
       if (result === true) {
-        build(el, path29 ? path29.concat(key) : [key]);
+        build(el, path30 ? path30.concat(key) : [key]);
       }
     });
     stack.pop();
@@ -52613,7 +52622,7 @@ var init_platform = __esm({
 // node_modules/axios/lib/helpers/toURLEncodedForm.js
 function toURLEncodedForm(data, options) {
   return toFormData_default(data, new platform_default.classes.URLSearchParams(), {
-    visitor: function(value, key, path29, helpers) {
+    visitor: function(value, key, path30, helpers) {
       if (platform_default.isNode && utils_default.isBuffer(value)) {
         this.append(key, value.toString("base64"));
         return false;
@@ -52652,11 +52661,11 @@ function arrayToObject(arr) {
   return obj;
 }
 function formDataToJSON(formData) {
-  function buildPath(path29, value, target, index) {
-    let name = path29[index++];
+  function buildPath(path30, value, target, index) {
+    let name = path30[index++];
     if (name === "__proto__") return true;
     const isNumericKey = Number.isFinite(+name);
-    const isLast = index >= path29.length;
+    const isLast = index >= path30.length;
     name = !name && utils_default.isArray(target) ? target.length : name;
     if (isLast) {
       if (utils_default.hasOwnProp(target, name)) {
@@ -52669,7 +52678,7 @@ function formDataToJSON(formData) {
     if (!target[name] || !utils_default.isObject(target[name])) {
       target[name] = [];
     }
-    const result = buildPath(path29, value, target[name], index);
+    const result = buildPath(path30, value, target[name], index);
     if (result && utils_default.isArray(target[name])) {
       target[name] = arrayToObject(target[name]);
     }
@@ -55566,9 +55575,9 @@ var init_http = __esm({
           auth = urlUsername + ":" + urlPassword;
         }
         auth && headers.delete("authorization");
-        let path29;
+        let path30;
         try {
-          path29 = buildURL(
+          path30 = buildURL(
             parsed.pathname + parsed.search,
             config2.params,
             config2.paramsSerializer
@@ -55586,7 +55595,7 @@ var init_http = __esm({
           false
         );
         const options = {
-          path: path29,
+          path: path30,
           method,
           headers: headers.toJSON(),
           agents: { http: config2.httpAgent, https: config2.httpsAgent },
@@ -55839,14 +55848,14 @@ var init_cookies = __esm({
     cookies_default = platform_default.hasStandardBrowserEnv ? (
       // Standard browser envs support document.cookie
       {
-        write(name, value, expires, path29, domain, secure, sameSite) {
+        write(name, value, expires, path30, domain, secure, sameSite) {
           if (typeof document === "undefined") return;
           const cookie = [`${name}=${encodeURIComponent(value)}`];
           if (utils_default.isNumber(expires)) {
             cookie.push(`expires=${new Date(expires).toUTCString()}`);
           }
-          if (utils_default.isString(path29)) {
-            cookie.push(`path=${path29}`);
+          if (utils_default.isString(path30)) {
+            cookie.push(`path=${path30}`);
           }
           if (utils_default.isString(domain)) {
             cookie.push(`domain=${domain}`);
@@ -57600,8 +57609,12 @@ var init_api_docs = __esm({
 import path12 from "path";
 async function handleSuggestMigration(args, config2) {
   const input = SuggestMigrationInputSchema2.parse(args);
+  const sanitizedDescription = input.description.replace(/[^a-zA-Z0-9\s\-_]/g, "").trim();
+  if (sanitizedDescription.length < 3) {
+    throw new Error("Migration description must contain at least 3 alphanumeric characters after sanitization");
+  }
   const context = input.context || config2.defaultDbContext || "core";
-  logger.info("Suggesting migration name", { description: input.description, context });
+  logger.info("Suggesting migration name", { description: sanitizedDescription, context });
   const structure = await findSmartStackStructure(config2.smartstack.projectPath);
   const existingMigrations = await findExistingMigrations(structure, config2, context);
   let version2 = input.version;
@@ -57619,7 +57632,10 @@ async function handleSuggestMigration(args, config2) {
   } else {
     version2 = version2 || "1.0.0";
   }
-  const pascalDescription = toPascalCase(input.description);
+  const pascalDescription = toPascalCase(sanitizedDescription);
+  if (!pascalDescription || !/^[A-Z][a-zA-Z0-9]*$/.test(pascalDescription)) {
+    throw new Error(`Invalid migration description after PascalCase conversion: "${pascalDescription}"`);
+  }
   const sequenceStr = sequence.toString().padStart(3, "0");
   const migrationName = `${context}_v${version2}_${sequenceStr}_${pascalDescription}`;
   const dbContextName = context === "core" ? "CoreDbContext" : "ExtensionsDbContext";
@@ -57690,27 +57706,23 @@ async function findExistingMigrations(structure, config2, context) {
       }
     }
     migrations.sort((a, b) => {
-      const verCompare = compareVersions2(a.version, b.version);
+      const verCompare = compareVersions(a.version, b.version);
       if (verCompare !== 0) return verCompare;
       return a.sequence - b.sequence;
     });
-  } catch {
-    logger.debug("No migrations folder found");
+  } catch (error2) {
+    const err = error2 instanceof Error ? error2 : new Error(String(error2));
+    if (err.message.includes("ENOENT") || err.message.includes("no such file")) {
+      logger.debug("Migrations folder not found (expected for new projects)", { path: migrationsPath });
+    } else {
+      logger.warn("Failed to read migrations folder", { path: migrationsPath, error: err.message });
+    }
   }
   return migrations;
 }
 function toPascalCase(str) {
   return str.replace(/[^a-zA-Z0-9\s]/g, "").split(/\s+/).map((word) => word.charAt(0).toUpperCase() + word.slice(1).toLowerCase()).join("");
 }
-function compareVersions2(a, b) {
-  const aParts = a.split(".").map(Number);
-  const bParts = b.split(".").map(Number);
-  for (let i = 0; i < 3; i++) {
-    if (aParts[i] > bParts[i]) return 1;
-    if (aParts[i] < bParts[i]) return -1;
-  }
-  return 0;
-}
 var suggestMigrationTool, SuggestMigrationInputSchema2;
 var init_suggest_migration = __esm({
   "src/mcp/tools/suggest-migration.ts"() {
@@ -57719,6 +57731,7 @@ var init_suggest_migration = __esm({
     init_zod();
     init_detector();
     init_fs();
+    init_semver();
     init_logger();
     suggestMigrationTool = {
       name: "suggest_migration",
@@ -57744,9 +57757,9 @@ var init_suggest_migration = __esm({
       }
     };
     SuggestMigrationInputSchema2 = external_exports.object({
-      description: external_exports.string().describe("Description of what the migration does"),
+      description: external_exports.string().min(3, "Migration description must be at least 3 characters").max(100, "Migration description must be at most 100 characters").describe("Description of what the migration does"),
       context: external_exports.enum(["core", "extensions"]).optional().describe("DbContext name (default: auto-detected from project config)"),
-      version: external_exports.string().optional().describe('Semver version (e.g., "1.0.0")')
+      version: external_exports.string().regex(/^\d+\.\d+\.\d+$/, 'Version must be semver format (e.g., "1.0.0")').optional().describe('Semver version (e.g., "1.0.0")')
     });
   }
 });
@@ -58146,6 +58159,9 @@ async function handleScaffoldTests(args, config2) {
       case "repository":
         await scaffoldRepositoryTests(input.name, options, testTypes, structure, config2, result, dryRun);
         break;
+      case "infrastructure":
+        await scaffoldInfrastructureTests(input.name, options, structure, config2, result, dryRun);
+        break;
       case "all":
         await scaffoldEntityTests(input.name, options, testTypes, structure, config2, result, dryRun);
         await scaffoldServiceTests(input.name, options, testTypes, structure, config2, result, dryRun);
@@ -58183,25 +58199,7 @@ async function scaffoldEntityTests(name, options, testTypes, structure, config2,
       type: "created"
     });
   }
-  if (testTypes.includes("security")) {
-    const securityContent = import_handlebars2.default.compile(securityTestTemplate)({
-      ...context,
-      nameLower: name.charAt(0).toLowerCase() + name.slice(1),
-      apiNamespace: config2.conventions.namespaces.api
-    });
-    const securityPath = path14.join(structure.root, "Tests", "Security", `${name}SecurityTests.cs`);
-    validatePathSecurity(securityPath, structure.root);
-    if (!dryRun) {
-      await ensureDirectory(path14.dirname(securityPath));
-      await writeText(securityPath, securityContent);
-    }
-    result.files.push({
-      path: path14.relative(structure.root, securityPath),
-      content: securityContent,
-      type: "created"
-    });
-  }
-  result.instructions.push(`Add package reference: <PackageReference Include="FluentAssertions" Version="6.*" />`);
+  result.instructions.push(`Add package reference: <PackageReference Include="FluentAssertions" Version="8.*" />`);
   result.instructions.push(`Add package reference: <PackageReference Include="xunit" Version="2.*" />`);
 }
 async function scaffoldServiceTests(name, options, testTypes, structure, config2, result, dryRun) {
@@ -58258,6 +58256,18 @@ async function scaffoldControllerTests(name, options, testTypes, structure, conf
       content,
       type: "created"
     });
+    const realContent = import_handlebars2.default.compile(controllerIntegrationTestTemplate)(context);
+    const realTestPath = path14.join(structure.root, "Tests", "Integration", "Controllers", `${name}ControllerIntegrationTests.cs`);
+    validatePathSecurity(realTestPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path14.dirname(realTestPath));
+      await writeText(realTestPath, realContent);
+    }
+    result.files.push({
+      path: path14.relative(structure.root, realTestPath),
+      content: realContent,
+      type: "created"
+    });
   }
   if (testTypes.includes("security")) {
     const securityContent = import_handlebars2.default.compile(securityTestTemplate)(context);
@@ -58273,7 +58283,8 @@ async function scaffoldControllerTests(name, options, testTypes, structure, conf
       type: "created"
     });
   }
-  result.instructions.push(`Add package reference: <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.*" />`);
+  result.instructions.push(`Add package reference: <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="9.*" />`);
+  result.instructions.push(`Add package reference: <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.*" />`);
 }
 async function scaffoldValidatorTests(name, options, testTypes, structure, config2, result, dryRun) {
   const testNamespace = `${config2.conventions.namespaces.application}.Tests`;
@@ -58327,6 +58338,41 @@ async function scaffoldRepositoryTests(name, options, testTypes, structure, conf
   }
   result.instructions.push(`Add package reference: <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.*" />`);
 }
+async function scaffoldInfrastructureTests(name, options, structure, config2, result, dryRun) {
+  const testNamespace = `${config2.conventions.namespaces.application}.Tests`;
+  const infrastructureNamespace = config2.conventions.namespaces.infrastructure;
+  const context = {
+    name,
+    testNamespace,
+    infrastructureNamespace,
+    ...options
+  };
+  const templates = [
+    { template: testFactoryTemplate, filename: "SmartStackTestFactory.cs" },
+    { template: testAuthHandlerTemplate, filename: "TestAuthHandler.cs" },
+    { template: integrationTestBaseTemplate, filename: "IntegrationTestBase.cs" },
+    { template: testDataSeederTemplate, filename: "TestDataSeeder.cs" }
+  ];
+  for (const { template, filename } of templates) {
+    const content = import_handlebars2.default.compile(template)(context);
+    const testPath = path14.join(structure.root, "Tests", "Integration", filename);
+    validatePathSecurity(testPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path14.dirname(testPath));
+      await writeText(testPath, content);
+    }
+    result.files.push({
+      path: path14.relative(structure.root, testPath),
+      content,
+      type: "created"
+    });
+  }
+  result.instructions.push(`Add package reference: <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="9.*" />`);
+  result.instructions.push(`Add package reference: <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.*" />`);
+  result.instructions.push(`Add package reference: <PackageReference Include="Microsoft.Data.Sqlite" Version="9.*" />`);
+  result.instructions.push(`Add package reference: <PackageReference Include="FluentAssertions" Version="8.*" />`);
+  result.instructions.push(`IMPORTANT: Add to your API .csproj: <InternalsVisibleTo Include="$(AssemblyName).Tests" /> or add 'public partial class Program { }' to Program.cs`);
+}
 function formatTestResult(result, _target, name, dryRun) {
   const lines = [];
   lines.push(`# Scaffold Tests: ${name}`);
@@ -58368,7 +58414,7 @@ function formatTestResult(result, _target, name, dryRun) {
   lines.push("");
   return lines.join("\n");
 }
-var import_handlebars2, scaffoldTestsTool, entityTestTemplate, serviceTestTemplate, controllerTestTemplate, validatorTestTemplate, repositoryTestTemplate, securityTestTemplate;
+var import_handlebars2, scaffoldTestsTool, entityTestTemplate, serviceTestTemplate, controllerTestTemplate, validatorTestTemplate, repositoryTestTemplate, securityTestTemplate, testFactoryTemplate, testAuthHandlerTemplate, integrationTestBaseTemplate, testDataSeederTemplate, controllerIntegrationTestTemplate;
 var init_scaffold_tests = __esm({
   "src/mcp/tools/scaffold-tests.ts"() {
     "use strict";
@@ -58386,8 +58432,8 @@ var init_scaffold_tests = __esm({
         properties: {
           target: {
             type: "string",
-            enum: ["entity", "service", "controller", "validator", "repository", "all"],
-            description: "Type of component to test"
+            enum: ["entity", "service", "controller", "validator", "repository", "infrastructure", "all"],
+            description: 'Type of component to test. Use "infrastructure" to generate shared test base classes (WebApplicationFactory, IntegrationTestBase, TestAuthHandler).'
           },
           name: {
             type: "string",
@@ -59744,6 +59790,547 @@ public class {{name}}SecurityTests : IClassFixture<WebApplicationFactory<Program
 
     #endregion
 }
+`;
+    testFactoryTemplate = `using System;
+using System.Data.Common;
+using System.Linq;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Mvc.Testing;
+using Microsoft.Data.Sqlite;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.DependencyInjection;
+using {{infrastructureNamespace}}.Persistence;
+
+namespace {{testNamespace}}.Integration;
+
+/// <summary>
+/// Shared WebApplicationFactory for integration tests.
+/// Uses SQLite in-memory for real SQL behavior.
+/// Replaces JWT auth with TestAuthHandler.
+/// </summary>
+public class SmartStackTestFactory : WebApplicationFactory<Program>, IAsyncLifetime
+{
+    private DbConnection _connection = null!;
+
+    protected override void ConfigureWebHost(IWebHostBuilder builder)
+    {
+        builder.ConfigureServices(services =>
+        {
+            // Remove existing DbContext registration
+            var dbDescriptor = services.SingleOrDefault(
+                d => d.ServiceType == typeof(DbContextOptions<ApplicationDbContext>));
+            if (dbDescriptor != null)
+                services.Remove(dbDescriptor);
+
+            // Remove existing DbConnection if registered
+            var connDescriptor = services.SingleOrDefault(
+                d => d.ServiceType == typeof(DbConnection));
+            if (connDescriptor != null)
+                services.Remove(connDescriptor);
+
+            // Create and open a shared SQLite in-memory connection
+            _connection = new SqliteConnection("DataSource=:memory:");
+            _connection.Open();
+
+            services.AddSingleton(_connection);
+            services.AddDbContext<ApplicationDbContext>((sp, options) =>
+            {
+                options.UseSqlite(sp.GetRequiredService<DbConnection>());
+            });
+
+            // Replace authentication with test handler
+            services.AddAuthentication("Test")
+                .AddScheme<AuthenticationSchemeOptions, TestAuthHandler>("Test", null);
+        });
+
+        builder.UseEnvironment("Testing");
+    }
+
+    public async Task InitializeAsync()
+    {
+        // Ensure database is created with current schema
+        using var scope = Services.CreateScope();
+        var db = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
+        await db.Database.EnsureCreatedAsync();
+
+        // Seed minimal test data (tenant, admin user, base permissions)
+        var seeder = new TestDataSeeder(db);
+        await seeder.SeedAsync();
+    }
+
+    async Task IAsyncLifetime.DisposeAsync()
+    {
+        if (_connection is not null)
+        {
+            await _connection.CloseAsync();
+            await _connection.DisposeAsync();
+        }
+    }
+
+    /// <summary>
+    /// Resets the database between test classes for isolation.
+    /// </summary>
+    public async Task ResetDatabaseAsync()
+    {
+        using var scope = Services.CreateScope();
+        var db = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
+        await db.Database.EnsureDeletedAsync();
+        await db.Database.EnsureCreatedAsync();
+
+        var seeder = new TestDataSeeder(db);
+        await seeder.SeedAsync();
+    }
+}
+`;
+    testAuthHandlerTemplate = `using System.Security.Claims;
+using System.Text.Encodings.Web;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace {{testNamespace}}.Integration;
+
+/// <summary>
+/// Test authentication handler that creates a fake authenticated user.
+/// Bypasses JWT validation for integration tests.
+/// </summary>
+public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
+{
+    public static Guid DefaultTenantId { get; set; } = Guid.Parse("11111111-1111-1111-1111-111111111111");
+    public static string DefaultUserId { get; set; } = "test-user-id";
+    public static string DefaultUserName { get; set; } = "test-admin@smartstack.io";
+    public static string DefaultRole { get; set; } = "Administrator";
+
+    public TestAuthHandler(
+        IOptionsMonitor<AuthenticationSchemeOptions> options,
+        ILoggerFactory logger,
+        UrlEncoder encoder)
+        : base(options, logger, encoder)
+    {
+    }
+
+    protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+    {
+        // Check if the request explicitly opts out of auth (for 401 tests)
+        if (Request.Headers.ContainsKey("X-Test-Anonymous"))
+        {
+            return Task.FromResult(AuthenticateResult.Fail("Anonymous request"));
+        }
+
+        var tenantId = DefaultTenantId.ToString();
+        if (Request.Headers.TryGetValue("X-Tenant-Id", out var tenantHeader))
+        {
+            tenantId = tenantHeader.ToString();
+        }
+
+        var claims = new[]
+        {
+            new Claim(ClaimTypes.NameIdentifier, DefaultUserId),
+            new Claim(ClaimTypes.Name, DefaultUserName),
+            new Claim(ClaimTypes.Email, DefaultUserName),
+            new Claim(ClaimTypes.Role, DefaultRole),
+            new Claim("tenant_id", tenantId),
+            // Add all permissions for test user (admin has full access)
+            new Claim("permissions", "*"),
+        };
+
+        var identity = new ClaimsIdentity(claims, "Test");
+        var principal = new ClaimsPrincipal(identity);
+        var ticket = new AuthenticationTicket(principal, "Test");
+
+        return Task.FromResult(AuthenticateResult.Success(ticket));
+    }
+}
+`;
+    integrationTestBaseTemplate = `using System;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Net.Http.Json;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Microsoft.Extensions.DependencyInjection;
+using {{infrastructureNamespace}}.Persistence;
+using Xunit;
+
+namespace {{testNamespace}}.Integration;
+
+/// <summary>
+/// Base class for integration tests.
+/// Provides configured HttpClient with auth and tenant headers.
+/// </summary>
+public abstract class IntegrationTestBase : IClassFixture<SmartStackTestFactory>, IAsyncLifetime
+{
+    protected readonly SmartStackTestFactory Factory;
+    protected readonly HttpClient Client;
+    protected readonly Guid TestTenantId = TestAuthHandler.DefaultTenantId;
+
+    protected IntegrationTestBase(SmartStackTestFactory factory)
+    {
+        Factory = factory;
+        Client = factory.CreateClient();
+        Client.DefaultRequestHeaders.Add("X-Tenant-Id", TestTenantId.ToString());
+    }
+
+    public virtual async Task InitializeAsync()
+    {
+        // Reset database for each test class to ensure isolation
+        await Factory.ResetDatabaseAsync();
+    }
+
+    public virtual Task DisposeAsync() => Task.CompletedTask;
+
+    /// <summary>
+    /// Creates an HttpClient without authentication (for 401 tests).
+    /// </summary>
+    protected HttpClient CreateAnonymousClient()
+    {
+        var client = Factory.CreateClient();
+        client.DefaultRequestHeaders.Add("X-Test-Anonymous", "true");
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", TestTenantId.ToString());
+        return client;
+    }
+
+    /// <summary>
+    /// Creates an HttpClient for a different tenant (for isolation tests).
+    /// </summary>
+    protected HttpClient CreateClientForTenant(Guid tenantId)
+    {
+        var client = Factory.CreateClient();
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", tenantId.ToString());
+        return client;
+    }
+
+    /// <summary>
+    /// Gets direct access to the DbContext for verification queries.
+    /// </summary>
+    protected async Task<T> WithDbContextAsync<T>(Func<ApplicationDbContext, Task<T>> action)
+    {
+        using var scope = Factory.Services.CreateScope();
+        var db = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
+        return await action(db);
+    }
+}
+`;
+    testDataSeederTemplate = `using System;
+using System.Threading.Tasks;
+using {{infrastructureNamespace}}.Persistence;
+
+namespace {{testNamespace}}.Integration;
+
+/// <summary>
+/// Seeds minimal test data required for integration tests.
+/// Creates a test tenant, admin user, and base navigation/permissions.
+/// </summary>
+public class TestDataSeeder
+{
+    private readonly ApplicationDbContext _db;
+
+    public static readonly Guid TestTenantId = Guid.Parse("11111111-1111-1111-1111-111111111111");
+    public static readonly Guid TestUserId = Guid.Parse("22222222-2222-2222-2222-222222222222");
+
+    public TestDataSeeder(ApplicationDbContext db)
+    {
+        _db = db;
+    }
+
+    public async Task SeedAsync()
+    {
+        // NOTE: Add your tenant and user seeding logic here.
+        // This depends on your specific entity model.
+        // Example:
+        // var tenant = Tenant.Create("test-tenant", "Test Tenant");
+        // _db.Set<Tenant>().Add(tenant);
+        // await _db.SaveChangesAsync();
+
+        await Task.CompletedTask;
+    }
+}
+`;
+    controllerIntegrationTestTemplate = `using System;
+using System.Collections.Generic;
+using System.Net;
+using System.Net.Http;
+using System.Net.Http.Json;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Xunit;
+using {{testNamespace}}.Integration;
+
+namespace {{testNamespace}}.Integration.Controllers;
+
+/// <summary>
+/// REAL integration tests for {{name}}Controller.
+/// Uses actual DI pipeline, real services, SQLite database.
+/// No mocks - verifies the complete request/response cycle.
+/// </summary>
+public class {{name}}ControllerIntegrationTests : IntegrationTestBase
+{
+{{#unless isSystemEntity}}
+    private readonly Guid _tenantId;
+{{/unless}}
+
+    public {{name}}ControllerIntegrationTests(SmartStackTestFactory factory)
+        : base(factory)
+    {
+{{#unless isSystemEntity}}
+        _tenantId = TestTenantId;
+{{/unless}}
+    }
+
+    #region GET Tests
+
+    [Fact]
+    public async Task GetAll_WhenAuthenticated_ShouldReturn200()
+    {
+        // Act
+        var response = await Client.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+    }
+
+    [Fact]
+    public async Task GetById_WhenEntityExists_ShouldReturn200WithData()
+    {
+        // Arrange - Create an entity first
+        var createRequest = new { Code = "get-test-01", Name = "Get Test Entity" };
+        var createResponse = await Client.PostAsJsonAsync("/api/{{nameLower}}", createRequest);
+        createResponse.StatusCode.Should().BeOneOf(HttpStatusCode.Created, HttpStatusCode.OK);
+
+        var created = await createResponse.Content.ReadFromJsonAsync<Dictionary<string, object>>();
+        created.Should().NotBeNull();
+        var id = created!["id"]?.ToString();
+        id.Should().NotBeNullOrEmpty();
+
+        // Act
+        var response = await Client.GetAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+        var entity = await response.Content.ReadFromJsonAsync<Dictionary<string, object>>();
+        entity.Should().NotBeNull();
+    }
+
+    [Fact]
+    public async Task GetById_WhenNotExists_ShouldReturn404()
+    {
+        // Arrange
+        var nonExistentId = Guid.NewGuid();
+
+        // Act
+        var response = await Client.GetAsync($"/api/{{nameLower}}/{nonExistentId}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    #endregion
+
+    #region POST Tests
+
+    [Fact]
+    public async Task Create_WhenValidData_ShouldPersistAndReturn201()
+    {
+        // Arrange
+        var request = new { Code = "create-test-01", Name = "Created Entity" };
+
+        // Act
+        var response = await Client.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Assert
+        response.StatusCode.Should().BeOneOf(HttpStatusCode.Created, HttpStatusCode.OK);
+        var created = await response.Content.ReadFromJsonAsync<Dictionary<string, object>>();
+        created.Should().NotBeNull();
+        var id = created!["id"]?.ToString();
+        id.Should().NotBeNullOrEmpty();
+
+        // Verify REAL persistence - read back from DB
+        var getResponse = await Client.GetAsync($"/api/{{nameLower}}/{id}");
+        getResponse.StatusCode.Should().Be(HttpStatusCode.OK);
+        var persisted = await getResponse.Content.ReadFromJsonAsync<Dictionary<string, object>>();
+        persisted.Should().NotBeNull();
+    }
+
+{{#if includeValidation}}
+    [Fact]
+    public async Task Create_WhenInvalidData_ShouldReturn400()
+    {
+        // Arrange
+        var request = new { Code = (string?)null, Name = (string?)null };
+
+        // Act
+        var response = await Client.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Assert
+        response.StatusCode.Should().BeOneOf(HttpStatusCode.BadRequest, HttpStatusCode.UnprocessableEntity);
+    }
+{{/if}}
+
+    [Fact]
+    public async Task Create_WhenDuplicateCode_ShouldReturn409()
+    {
+        // Arrange
+        var request = new { Code = "duplicate-test", Name = "First Entity" };
+        var firstResponse = await Client.PostAsJsonAsync("/api/{{nameLower}}", request);
+        firstResponse.StatusCode.Should().BeOneOf(HttpStatusCode.Created, HttpStatusCode.OK);
+
+        // Act - Try to create with same code
+        var duplicateRequest = new { Code = "duplicate-test", Name = "Duplicate Entity" };
+        var response = await Client.PostAsJsonAsync("/api/{{nameLower}}", duplicateRequest);
+
+        // Assert
+        response.StatusCode.Should().BeOneOf(HttpStatusCode.Conflict, HttpStatusCode.BadRequest);
+    }
+
+    #endregion
+
+    #region PUT Tests
+
+    [Fact]
+    public async Task Update_WhenEntityExists_ShouldPersistChanges()
+    {
+        // Arrange - Create an entity first
+        var createRequest = new { Code = "update-test-01", Name = "Original Name" };
+        var createResponse = await Client.PostAsJsonAsync("/api/{{nameLower}}", createRequest);
+        var created = await createResponse.Content.ReadFromJsonAsync<Dictionary<string, object>>();
+        var id = created!["id"]?.ToString();
+
+        // Act
+        var updateRequest = new { Code = "update-test-01", Name = "Updated Name" };
+        var response = await Client.PutAsJsonAsync($"/api/{{nameLower}}/{id}", updateRequest);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+
+        // Verify persistence
+        var getResponse = await Client.GetAsync($"/api/{{nameLower}}/{id}");
+        var updated = await getResponse.Content.ReadFromJsonAsync<Dictionary<string, object>>();
+        updated.Should().NotBeNull();
+    }
+
+    [Fact]
+    public async Task Update_WhenNotExists_ShouldReturn404()
+    {
+        // Arrange
+        var nonExistentId = Guid.NewGuid();
+        var request = new { Code = "ghost", Name = "Ghost Entity" };
+
+        // Act
+        var response = await Client.PutAsJsonAsync($"/api/{{nameLower}}/{nonExistentId}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    #endregion
+
+    #region DELETE Tests
+
+    [Fact]
+    public async Task Delete_WhenEntityExists_ShouldReturn204()
+    {
+        // Arrange - Create an entity first
+        var createRequest = new { Code = "delete-test-01", Name = "To Delete" };
+        var createResponse = await Client.PostAsJsonAsync("/api/{{nameLower}}", createRequest);
+        var created = await createResponse.Content.ReadFromJsonAsync<Dictionary<string, object>>();
+        var id = created!["id"]?.ToString();
+
+        // Act
+        var response = await Client.DeleteAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().BeOneOf(HttpStatusCode.NoContent, HttpStatusCode.OK);
+    }
+
+    [Fact]
+    public async Task Delete_WhenNotExists_ShouldReturn404()
+    {
+        // Arrange
+        var nonExistentId = Guid.NewGuid();
+
+        // Act
+        var response = await Client.DeleteAsync($"/api/{{nameLower}}/{nonExistentId}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    #endregion
+
+{{#unless isSystemEntity}}
+    #region Tenant Isolation Tests (REAL)
+
+    [Fact]
+    public async Task Create_ThenGetFromOtherTenant_ShouldReturn404()
+    {
+        // Arrange - Create entity in default tenant
+        var request = new { Code = "tenant-iso-01", Name = "Tenant A Entity" };
+        var createResponse = await Client.PostAsJsonAsync("/api/{{nameLower}}", request);
+        var created = await createResponse.Content.ReadFromJsonAsync<Dictionary<string, object>>();
+        var id = created!["id"]?.ToString();
+
+        // Act - Try to access from a different tenant
+        var otherTenantClient = CreateClientForTenant(Guid.NewGuid());
+        var response = await otherTenantClient.GetAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert - Should not see other tenant's data
+        response.StatusCode.Should().BeOneOf(HttpStatusCode.NotFound, HttpStatusCode.Forbidden);
+    }
+
+    [Fact]
+    public async Task GetAll_ShouldOnlyReturnCurrentTenantData()
+    {
+        // Arrange - Create entity in default tenant
+        var request = new { Code = "tenant-list-01", Name = "My Tenant Entity" };
+        await Client.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Act - Get all from a different tenant
+        var otherTenantClient = CreateClientForTenant(Guid.NewGuid());
+        var response = await otherTenantClient.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+        var content = await response.Content.ReadAsStringAsync();
+        content.Should().NotContain("tenant-list-01");
+    }
+
+    #endregion
+{{/unless}}
+
+{{#if includeAuthorization}}
+    #region Authorization Tests (REAL)
+
+    [Fact]
+    public async Task GetAll_WhenNotAuthenticated_ShouldReturn401()
+    {
+        // Arrange
+        var anonClient = CreateAnonymousClient();
+
+        // Act
+        var response = await anonClient.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
+    }
+
+    [Fact]
+    public async Task Create_WhenNotAuthenticated_ShouldReturn401()
+    {
+        // Arrange
+        var anonClient = CreateAnonymousClient();
+        var request = new { Code = "unauth-test", Name = "Should Fail" };
+
+        // Act
+        var response = await anonClient.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
+    }
+
+    #endregion
+{{/if}}
+}
 `;
   }
 });
@@ -63685,8 +64272,493 @@ Use this before scaffold_frontend_extension to understand what slots to add.`,
   }
 });
 
-// src/mcp/tools/validate-security.ts
+// src/mcp/tools/scaffold-frontend-tests.ts
 import path22 from "path";
+async function handleScaffoldFrontendTests(args, config2) {
+  const input = ScaffoldFrontendTestsInputSchema.parse(args);
+  const dryRun = input.options?.dryRun || false;
+  const name = input.name;
+  const nameLower = name.charAt(0).toLowerCase() + name.slice(1);
+  const apiRoute = input.apiRoute || `/api/${nameLower}`;
+  logger.info("Scaffolding frontend tests", { name, components: input.components, dryRun });
+  const structure = await findSmartStackStructure(config2.smartstack.projectPath);
+  const result = {
+    success: true,
+    files: [],
+    instructions: []
+  };
+  const context = { name, nameLower, apiRoute };
+  const components = input.components.includes("all") ? ["page", "list", "detail", "hooks", "api"] : input.components;
+  const webRoot = input.options?.outputPath || path22.join(structure.root, "web", "smartstack-web");
+  const templateMap = {
+    page: { template: pageTestTemplate, filename: `${name}Page.test.tsx` },
+    list: { template: listTestTemplate, filename: `${name}ListView.test.tsx` },
+    detail: { template: detailTestTemplate, filename: `${name}DetailPage.test.tsx` },
+    hooks: { template: hooksTestTemplate, filename: `use${name}Preferences.test.ts` },
+    api: { template: apiTestTemplate, filename: `${nameLower}Api.test.ts` }
+  };
+  try {
+    for (const component of components) {
+      const entry = templateMap[component];
+      if (!entry) continue;
+      const content = import_handlebars3.default.compile(entry.template)(context);
+      let testDir;
+      if (component === "hooks") {
+        testDir = path22.join(webRoot, "src", "hooks", "__tests__");
+      } else if (component === "api") {
+        testDir = path22.join(webRoot, "src", "services", "api", "__tests__");
+      } else {
+        testDir = path22.join(webRoot, "src", "pages", nameLower, "__tests__");
+      }
+      const testPath = path22.join(testDir, entry.filename);
+      validatePathSecurity(testPath, structure.root);
+      if (!dryRun) {
+        await ensureDirectory(testDir);
+        await writeText(testPath, content);
+      }
+      result.files.push({
+        path: path22.relative(structure.root, testPath),
+        content,
+        type: "created"
+      });
+    }
+  } catch (error2) {
+    result.success = false;
+    result.instructions.push(`Error: ${error2 instanceof Error ? error2.message : String(error2)}`);
+  }
+  result.instructions.push("Install test dependencies: npm install -D vitest @testing-library/react @testing-library/jest-dom @testing-library/user-event jsdom msw");
+  result.instructions.push("Copy test infrastructure from templates/project/test-frontend/ to your web project src/test/");
+  result.instructions.push('Add "test": "vitest run" and "test:watch": "vitest" to package.json scripts');
+  return formatResult8(result, name, dryRun);
+}
+function formatResult8(result, name, dryRun) {
+  const lines = [];
+  lines.push(`# Scaffold Frontend Tests: ${name}`);
+  lines.push("");
+  if (dryRun) {
+    lines.push("> **DRY RUN MODE** - No files were written");
+    lines.push("");
+  }
+  if (!result.success) {
+    lines.push("## Error");
+    lines.push("");
+    lines.push(result.instructions.join("\n"));
+    return lines.join("\n");
+  }
+  lines.push(`## Generated Test Files (${result.files.length})`);
+  lines.push("");
+  for (const file of result.files) {
+    lines.push(`### \`${file.path}\``);
+    lines.push("");
+    lines.push("```tsx");
+    lines.push(file.content);
+    lines.push("```");
+    lines.push("");
+  }
+  if (result.instructions.length > 0) {
+    lines.push("## Next Steps");
+    lines.push("");
+    for (const instruction of result.instructions) {
+      lines.push(`- ${instruction}`);
+    }
+    lines.push("");
+  }
+  lines.push("## Test Conventions Applied");
+  lines.push("");
+  lines.push("- **Framework**: Vitest + @testing-library/react");
+  lines.push("- **API Mocking**: MSW (Mock Service Worker)");
+  lines.push("- **Pattern**: Arrange (setup MSW handlers) -> Act (render component) -> Assert (check DOM)");
+  lines.push("- **Providers**: BrowserRouter, I18nextProvider, AuthContext");
+  lines.push("");
+  return lines.join("\n");
+}
+var import_handlebars3, ScaffoldFrontendTestsInputSchema, scaffoldFrontendTestsTool, pageTestTemplate, listTestTemplate, detailTestTemplate, hooksTestTemplate, apiTestTemplate;
+var init_scaffold_frontend_tests = __esm({
+  "src/mcp/tools/scaffold-frontend-tests.ts"() {
+    "use strict";
+    init_esm_shims();
+    import_handlebars3 = __toESM(require_lib());
+    init_zod();
+    init_fs();
+    init_detector();
+    init_logger();
+    ScaffoldFrontendTestsInputSchema = external_exports.object({
+      name: external_exports.string().min(1).describe('Entity name in PascalCase (e.g., "Product", "Order")'),
+      components: external_exports.array(external_exports.enum(["page", "list", "form", "detail", "hooks", "api", "all"])).default(["all"]).describe("Components to generate tests for"),
+      apiRoute: external_exports.string().optional().describe('API route path (e.g., "/api/products")'),
+      options: external_exports.object({
+        outputPath: external_exports.string().optional().describe("Custom output path for generated test files"),
+        dryRun: external_exports.boolean().default(false).describe("Preview without writing files")
+      }).optional()
+    });
+    scaffoldFrontendTestsTool = {
+      name: "scaffold_frontend_tests",
+      description: "Generate React component tests (Vitest + Testing Library + MSW) for SmartStack frontend pages, lists, forms, and hooks.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          name: {
+            type: "string",
+            description: 'Entity name in PascalCase (e.g., "Product", "Order")'
+          },
+          components: {
+            type: "array",
+            items: {
+              type: "string",
+              enum: ["page", "list", "form", "detail", "hooks", "api", "all"]
+            },
+            default: ["all"],
+            description: "Components to generate tests for"
+          },
+          apiRoute: {
+            type: "string",
+            description: 'API route path (e.g., "/api/products")'
+          },
+          options: {
+            type: "object",
+            properties: {
+              outputPath: { type: "string" },
+              dryRun: { type: "boolean", default: false }
+            }
+          }
+        },
+        required: ["name"]
+      }
+    };
+    pageTestTemplate = `import { describe, it, expect, vi } from 'vitest';
+import { renderWithProviders, screen, waitFor } from '@/test/test-utils';
+import { server } from '@/test/msw/server';
+import { http, HttpResponse } from 'msw';
+
+// Adjust import path to your actual page component
+// import { {{name}}Page } from '@/pages/{{nameLower}}/{{name}}Page';
+
+describe('{{name}}Page', () => {
+  it('should render the page title', async () => {
+    // TODO: Uncomment and adjust import path
+    // renderWithProviders(<{{name}}Page />);
+    // await waitFor(() => {
+    //   expect(screen.getByRole('heading')).toBeInTheDocument();
+    // });
+    expect(true).toBe(true); // Placeholder - replace with actual test
+  });
+
+  it('should show loading state initially', () => {
+    // renderWithProviders(<{{name}}Page />);
+    // expect(screen.getByTestId('page-loader')).toBeInTheDocument();
+    expect(true).toBe(true);
+  });
+
+  it('should display data after loading', async () => {
+    server.use(
+      http.get('{{apiRoute}}', () =>
+        HttpResponse.json({
+          items: [
+            { id: '1', code: 'test-01', name: 'Test {{name}}' },
+          ],
+          totalCount: 1,
+          pageNumber: 1,
+          pageSize: 10,
+        })
+      )
+    );
+
+    // renderWithProviders(<{{name}}Page />);
+    // await waitFor(() => {
+    //   expect(screen.getByText('Test {{name}}')).toBeInTheDocument();
+    // });
+    expect(true).toBe(true);
+  });
+
+  it('should show empty state when no data', async () => {
+    server.use(
+      http.get('{{apiRoute}}', () =>
+        HttpResponse.json({
+          items: [],
+          totalCount: 0,
+          pageNumber: 1,
+          pageSize: 10,
+        })
+      )
+    );
+
+    // renderWithProviders(<{{name}}Page />);
+    // await waitFor(() => {
+    //   expect(screen.getByText(/empty|no data|aucun/i)).toBeInTheDocument();
+    // });
+    expect(true).toBe(true);
+  });
+
+  it('should show error state on API failure', async () => {
+    server.use(
+      http.get('{{apiRoute}}', () =>
+        HttpResponse.error()
+      )
+    );
+
+    // renderWithProviders(<{{name}}Page />);
+    // await waitFor(() => {
+    //   expect(screen.getByText(/error|erreur/i)).toBeInTheDocument();
+    // });
+    expect(true).toBe(true);
+  });
+});
+`;
+    listTestTemplate = `import { describe, it, expect } from 'vitest';
+import { renderWithProviders, screen, within } from '@/test/test-utils';
+import { server } from '@/test/msw/server';
+import { http, HttpResponse } from 'msw';
+
+// Adjust import path
+// import { {{name}}ListView } from '@/components/{{nameLower}}/{{name}}ListView';
+
+const mockItems = [
+  { id: '1', code: 'item-01', name: 'First {{name}}' },
+  { id: '2', code: 'item-02', name: 'Second {{name}}' },
+  { id: '3', code: 'item-03', name: 'Third {{name}}' },
+];
+
+describe('{{name}}ListView', () => {
+  it('should render a list of items', () => {
+    // renderWithProviders(<{{name}}ListView items={mockItems} />);
+    // expect(screen.getByText('First {{name}}')).toBeInTheDocument();
+    // expect(screen.getByText('Second {{name}}')).toBeInTheDocument();
+    expect(true).toBe(true);
+  });
+
+  it('should render EntityCard for each item', () => {
+    // renderWithProviders(<{{name}}ListView items={mockItems} />);
+    // const cards = screen.getAllByTestId('entity-card');
+    // expect(cards).toHaveLength(3);
+    expect(true).toBe(true);
+  });
+
+  it('should show empty state when no items', () => {
+    // renderWithProviders(<{{name}}ListView items={[]} />);
+    // expect(screen.getByText(/empty|no data|aucun/i)).toBeInTheDocument();
+    expect(true).toBe(true);
+  });
+
+  it('should support view toggle (table/cards)', () => {
+    // renderWithProviders(<{{name}}ListView items={mockItems} />);
+    // const viewToggle = screen.getByTestId('view-toggle');
+    // expect(viewToggle).toBeInTheDocument();
+    expect(true).toBe(true);
+  });
+
+  it('should handle pagination', () => {
+    // renderWithProviders(
+    //   <{{name}}ListView
+    //     items={mockItems}
+    //     totalCount={30}
+    //     pageSize={10}
+    //     currentPage={1}
+    //   />
+    // );
+    // expect(screen.getByTestId('pagination')).toBeInTheDocument();
+    expect(true).toBe(true);
+  });
+});
+`;
+    detailTestTemplate = `import { describe, it, expect } from 'vitest';
+import { renderWithProviders, screen, waitFor } from '@/test/test-utils';
+import { server } from '@/test/msw/server';
+import { http, HttpResponse } from 'msw';
+
+// Adjust import path
+// import { {{name}}DetailPage } from '@/pages/{{nameLower}}/{{name}}DetailPage';
+
+const mockEntity = {
+  id: '1',
+  code: 'test-01',
+  name: 'Test {{name}}',
+  createdAt: '2024-01-01T00:00:00Z',
+  createdBy: 'admin',
+};
+
+describe('{{name}}DetailPage', () => {
+  it('should render entity details', async () => {
+    server.use(
+      http.get('{{apiRoute}}/:id', () =>
+        HttpResponse.json(mockEntity)
+      )
+    );
+
+    // renderWithProviders(<{{name}}DetailPage />);
+    // await waitFor(() => {
+    //   expect(screen.getByText('Test {{name}}')).toBeInTheDocument();
+    // });
+    expect(true).toBe(true);
+  });
+
+  it('should show loading state', () => {
+    // renderWithProviders(<{{name}}DetailPage />);
+    // expect(screen.getByTestId('page-loader')).toBeInTheDocument();
+    expect(true).toBe(true);
+  });
+
+  it('should show 404 when entity not found', async () => {
+    server.use(
+      http.get('{{apiRoute}}/:id', () =>
+        new HttpResponse(null, { status: 404 })
+      )
+    );
+
+    // renderWithProviders(<{{name}}DetailPage />);
+    // await waitFor(() => {
+    //   expect(screen.getByText(/not found|introuvable/i)).toBeInTheDocument();
+    // });
+    expect(true).toBe(true);
+  });
+
+  it('should have a back button', () => {
+    // renderWithProviders(<{{name}}DetailPage />);
+    // expect(screen.getByRole('link', { name: /back|retour/i })).toBeInTheDocument();
+    expect(true).toBe(true);
+  });
+});
+`;
+    hooksTestTemplate = `import { describe, it, expect } from 'vitest';
+import { renderHook, act } from '@testing-library/react';
+
+// Adjust import path
+// import { use{{name}}Preferences } from '@/hooks/use{{name}}Preferences';
+
+describe('use{{name}}Preferences', () => {
+  it('should return default pageSize', () => {
+    // const { result } = renderHook(() => use{{name}}Preferences());
+    // expect(result.current.pageSize).toBe(10);
+    expect(true).toBe(true);
+  });
+
+  it('should return default viewMode', () => {
+    // const { result } = renderHook(() => use{{name}}Preferences());
+    // expect(result.current.viewMode).toBe('table');
+    expect(true).toBe(true);
+  });
+
+  it('should update pageSize', () => {
+    // const { result } = renderHook(() => use{{name}}Preferences());
+    // act(() => {
+    //   result.current.setPageSize(25);
+    // });
+    // expect(result.current.pageSize).toBe(25);
+    expect(true).toBe(true);
+  });
+
+  it('should update viewMode', () => {
+    // const { result } = renderHook(() => use{{name}}Preferences());
+    // act(() => {
+    //   result.current.setViewMode('cards');
+    // });
+    // expect(result.current.viewMode).toBe('cards');
+    expect(true).toBe(true);
+  });
+});
+`;
+    apiTestTemplate = `import { describe, it, expect, beforeEach } from 'vitest';
+import { server } from '@/test/msw/server';
+import { http, HttpResponse } from 'msw';
+
+// Adjust import path
+// import { {{nameLower}}Api } from '@/services/api/{{nameLower}}Api';
+
+describe('{{nameLower}}Api', () => {
+  describe('getAll', () => {
+    it('should fetch paginated list', async () => {
+      server.use(
+        http.get('{{apiRoute}}', () =>
+          HttpResponse.json({
+            items: [{ id: '1', code: 'test', name: 'Test' }],
+            totalCount: 1,
+            pageNumber: 1,
+            pageSize: 10,
+          })
+        )
+      );
+
+      // const result = await {{nameLower}}Api.getAll();
+      // expect(result.items).toHaveLength(1);
+      // expect(result.totalCount).toBe(1);
+      expect(true).toBe(true);
+    });
+  });
+
+  describe('getById', () => {
+    it('should fetch entity by ID', async () => {
+      server.use(
+        http.get('{{apiRoute}}/:id', () =>
+          HttpResponse.json({ id: '1', code: 'test', name: 'Test' })
+        )
+      );
+
+      // const result = await {{nameLower}}Api.getById('1');
+      // expect(result.id).toBe('1');
+      expect(true).toBe(true);
+    });
+
+    it('should throw on 404', async () => {
+      server.use(
+        http.get('{{apiRoute}}/:id', () =>
+          new HttpResponse(null, { status: 404 })
+        )
+      );
+
+      // await expect({{nameLower}}Api.getById('999')).rejects.toThrow();
+      expect(true).toBe(true);
+    });
+  });
+
+  describe('create', () => {
+    it('should create entity and return it', async () => {
+      server.use(
+        http.post('{{apiRoute}}', () =>
+          HttpResponse.json(
+            { id: '1', code: 'new-test', name: 'New Test' },
+            { status: 201 }
+          )
+        )
+      );
+
+      // const result = await {{nameLower}}Api.create({ code: 'new-test', name: 'New Test' });
+      // expect(result.id).toBe('1');
+      expect(true).toBe(true);
+    });
+  });
+
+  describe('update', () => {
+    it('should update entity', async () => {
+      server.use(
+        http.put('{{apiRoute}}/:id', () =>
+          HttpResponse.json({ id: '1', code: 'updated', name: 'Updated' })
+        )
+      );
+
+      // const result = await {{nameLower}}Api.update('1', { code: 'updated', name: 'Updated' });
+      // expect(result.code).toBe('updated');
+      expect(true).toBe(true);
+    });
+  });
+
+  describe('delete', () => {
+    it('should delete entity', async () => {
+      server.use(
+        http.delete('{{apiRoute}}/:id', () =>
+          new HttpResponse(null, { status: 204 })
+        )
+      );
+
+      // await expect({{nameLower}}Api.delete('1')).resolves.not.toThrow();
+      expect(true).toBe(true);
+    });
+  });
+});
+`;
+  }
+});
+
+// src/mcp/tools/validate-security.ts
+import path23 from "path";
 async function handleValidateSecurity(args, config2) {
   const input = ValidateSecurityInputSchema.parse(args);
   const projectPath = input.path || config2.smartstack.projectPath;
@@ -63768,7 +64840,7 @@ async function checkHardcodedSecrets(structure, result) {
           severity: "blocking",
           category: "hardcoded-secrets",
           message: `Hardcoded ${name} detected`,
-          file: path22.relative(structure.root, file),
+          file: path23.relative(structure.root, file),
           line: lineNumber,
           code: truncateCode(lineContent),
           suggestion: `Move ${name} to configuration or environment variables`,
@@ -63803,7 +64875,7 @@ async function checkSqlInjection(structure, result) {
           severity: "blocking",
           category: "sql-injection",
           message: `Potential SQL injection: ${name}`,
-          file: path22.relative(structure.root, file),
+          file: path23.relative(structure.root, file),
           line: lineNumber,
           code: truncateCode(lineContent),
           suggestion: 'Use parameterized queries: FromSqlRaw("SELECT * FROM x WHERE id = {0}", id) or FromSqlInterpolated',
@@ -63843,7 +64915,7 @@ async function checkTenantIsolation(structure, result) {
           severity: "blocking",
           category: "tenant-isolation",
           message: "Create method missing tenantId parameter for tenant entity",
-          file: path22.relative(structure.root, file),
+          file: path23.relative(structure.root, file),
           line: lineNumber,
           code: truncateCode(match2[0]),
           suggestion: "Add Guid tenantId as first parameter: Create(Guid tenantId, ...)",
@@ -63866,7 +64938,7 @@ async function checkTenantIsolation(structure, result) {
             severity: "critical",
             category: "tenant-isolation",
             message: "Direct DbContext access without tenant filtering",
-            file: path22.relative(structure.root, file),
+            file: path23.relative(structure.root, file),
             line: lineNumber,
             code: truncateCode(match2[0]),
             suggestion: "Use repository with global tenant filter or add explicit TenantId filter",
@@ -63903,7 +64975,7 @@ async function checkAuthorization(structure, result) {
           severity: "blocking",
           category: "authorization",
           message: `Controller ${controllerName} missing authorization attribute`,
-          file: path22.relative(structure.root, file),
+          file: path23.relative(structure.root, file),
           line: lineNumber,
           suggestion: 'Add [NavRoute("context.application.module")] or [Authorize] attribute to the controller class',
           cweId: "CWE-862"
@@ -63951,7 +65023,7 @@ async function checkPatterns(file, content, patterns, structure, result) {
         severity: "critical",
         category: "dangerous-functions",
         message: `Dangerous function: ${name}`,
-        file: path22.relative(structure.root, file),
+        file: path23.relative(structure.root, file),
         line: lineNumber,
         code: truncateCode(lineContent),
         suggestion: "Avoid using dangerous functions with user-controlled input. Use safe alternatives.",
@@ -64160,7 +65232,7 @@ var init_validate_security = __esm({
 });
 
 // src/mcp/tools/analyze-code-quality.ts
-import path23 from "path";
+import path24 from "path";
 async function handleAnalyzeCodeQuality(args, config2) {
   const input = AnalyzeCodeQualityInputSchema.parse(args);
   const projectPath = input.path || config2.smartstack.projectPath;
@@ -64179,7 +65251,7 @@ async function handleAnalyzeCodeQuality(args, config2) {
   const filteredCsFiles = csFiles.filter((f) => !isExcludedPath(f));
   for (const file of filteredCsFiles) {
     const content = await readText(file);
-    const relPath = path23.relative(structure.root, file);
+    const relPath = path24.relative(structure.root, file);
     const lineCount = content.split("\n").length;
     const functions = extractCSharpFunctions(content, relPath);
     allFunctionMetrics.push(...functions);
@@ -64196,7 +65268,7 @@ async function handleAnalyzeCodeQuality(args, config2) {
   const filteredTsFiles = tsFiles.filter((f) => !isExcludedPath(f));
   for (const file of filteredTsFiles) {
     const content = await readText(file);
-    const relPath = path23.relative(structure.root, file);
+    const relPath = path24.relative(structure.root, file);
     const lineCount = content.split("\n").length;
     const functions = extractTypeScriptFunctions(content, relPath);
     allFunctionMetrics.push(...functions);
@@ -64812,7 +65884,7 @@ var init_analyze_code_quality = __esm({
 });
 
 // src/mcp/tools/analyze-hierarchy-patterns.ts
-import path24 from "path";
+import path25 from "path";
 async function handleAnalyzeHierarchyPatterns(args, config2) {
   const input = AnalyzeHierarchyPatternsInputSchema.parse(args);
   const projectPath = input.path || config2.smartstack.projectPath;
@@ -64835,7 +65907,7 @@ async function handleAnalyzeHierarchyPatterns(args, config2) {
     recommendations,
     circularDependencies: detectCircularDependencies(entityGraph)
   };
-  return formatResult8(result, outputFormat, structure.root);
+  return formatResult9(result, outputFormat, structure.root);
 }
 async function buildEntityGraph(domainPath, filter3) {
   const entityFiles = await findFiles("**/*.cs", { cwd: domainPath });
@@ -64891,7 +65963,7 @@ async function buildEntityGraph(domainPath, filter3) {
   return entityMap;
 }
 function parseEntity(content, file, domainPath) {
-  const fileName = path24.basename(file, ".cs");
+  const fileName = path25.basename(file, ".cs");
   if (fileName.endsWith("Dto") || fileName.endsWith("Command") || fileName.endsWith("Query") || fileName.endsWith("Handler") || fileName.endsWith("Validator") || fileName.endsWith("Exception") || fileName.startsWith("I")) {
     return null;
   }
@@ -64935,7 +66007,7 @@ function parseEntity(content, file, domainPath) {
   const parentEntity = foreignKeys.length > 0 ? foreignKeys[0].referencedEntity : void 0;
   return {
     name: entityName,
-    file: path24.relative(domainPath, file),
+    file: path25.relative(domainPath, file),
     baseClass: hasSystemEntity ? "SystemEntity" : "BaseEntity",
     isTenantAware: hasITenantEntity,
     isSystemEntity: hasSystemEntity,
@@ -64966,24 +66038,24 @@ function detectCircularDependencies(entityMap) {
   const cycles = [];
   for (const [name] of entityMap) {
     let dfs2 = function(current) {
-      if (path29.includes(current)) {
-        const cycleStart = path29.indexOf(current);
-        cycles.push([...path29.slice(cycleStart), current]);
+      if (path30.includes(current)) {
+        const cycleStart = path30.indexOf(current);
+        cycles.push([...path30.slice(cycleStart), current]);
         return true;
       }
       if (visited.has(current)) return false;
       visited.add(current);
-      path29.push(current);
+      path30.push(current);
       const node = entityMap.get(current);
       if (node?.parent) {
         dfs2(node.parent);
       }
-      path29.pop();
+      path30.pop();
       return false;
     };
     var dfs = dfs2;
     const visited = /* @__PURE__ */ new Set();
-    const path29 = [];
+    const path30 = [];
     dfs2(name);
   }
   const unique = /* @__PURE__ */ new Map();
@@ -65190,7 +66262,7 @@ function getImplementationSteps(pattern, node) {
       return [];
   }
 }
-function formatResult8(result, format, _rootPath) {
+function formatResult9(result, format, _rootPath) {
   if (format === "json") {
     return JSON.stringify(result, null, 2);
   }
@@ -68928,7 +70000,7 @@ var init_conventions = __esm({
 });
 
 // src/mcp/resources/project-info.ts
-import path25 from "path";
+import path26 from "path";
 async function getProjectInfoResource(config2) {
   const projectPath = config2.smartstack.projectPath;
   const projectInfo = await detectProject(projectPath);
@@ -68959,16 +70031,16 @@ async function getProjectInfoResource(config2) {
   lines.push("```");
   lines.push(`${projectInfo.name}/`);
   if (structure.domain) {
-    lines.push(`\u251C\u2500\u2500 ${path25.basename(structure.domain)}/          # Domain layer (entities)`);
+    lines.push(`\u251C\u2500\u2500 ${path26.basename(structure.domain)}/          # Domain layer (entities)`);
   }
   if (structure.application) {
-    lines.push(`\u251C\u2500\u2500 ${path25.basename(structure.application)}/     # Application layer (services)`);
+    lines.push(`\u251C\u2500\u2500 ${path26.basename(structure.application)}/     # Application layer (services)`);
   }
   if (structure.infrastructure) {
-    lines.push(`\u251C\u2500\u2500 ${path25.basename(structure.infrastructure)}/  # Infrastructure (EF Core)`);
+    lines.push(`\u251C\u2500\u2500 ${path26.basename(structure.infrastructure)}/  # Infrastructure (EF Core)`);
   }
   if (structure.api) {
-    lines.push(`\u251C\u2500\u2500 ${path25.basename(structure.api)}/             # API layer (controllers)`);
+    lines.push(`\u251C\u2500\u2500 ${path26.basename(structure.api)}/             # API layer (controllers)`);
   }
   if (structure.web) {
     lines.push(`\u2514\u2500\u2500 web/smartstack-web/      # React frontend`);
@@ -68981,8 +70053,8 @@ async function getProjectInfoResource(config2) {
     lines.push("| Project | Path |");
     lines.push("|---------|------|");
     for (const csproj of projectInfo.csprojFiles) {
-      const name = path25.basename(csproj, ".csproj");
-      const relativePath = path25.relative(projectPath, csproj);
+      const name = path26.basename(csproj, ".csproj");
+      const relativePath = path26.relative(projectPath, csproj);
       lines.push(`| ${name} | \`${relativePath}\` |`);
     }
     lines.push("");
@@ -68992,10 +70064,10 @@ async function getProjectInfoResource(config2) {
       cwd: structure.migrations,
       ignore: ["*.Designer.cs"]
     });
-    const migrations = migrationFiles.map((f) => path25.basename(f)).filter((f) => !f.includes("ModelSnapshot") && !f.includes(".Designer.")).sort();
+    const migrations = migrationFiles.map((f) => path26.basename(f)).filter((f) => !f.includes("ModelSnapshot") && !f.includes(".Designer.")).sort();
     lines.push("## EF Core Migrations");
     lines.push("");
-    lines.push(`**Location**: \`${path25.relative(projectPath, structure.migrations)}\``);
+    lines.push(`**Location**: \`${path26.relative(projectPath, structure.migrations)}\``);
     lines.push(`**Total Migrations**: ${migrations.length}`);
     lines.push("");
     if (migrations.length > 0) {
@@ -69030,11 +70102,11 @@ async function getProjectInfoResource(config2) {
   lines.push("dotnet build");
   lines.push("");
   lines.push("# Run API");
-  lines.push(`cd ${structure.api ? path25.relative(projectPath, structure.api) : "src/Api"}`);
+  lines.push(`cd ${structure.api ? path26.relative(projectPath, structure.api) : "src/Api"}`);
   lines.push("dotnet run");
   lines.push("");
   lines.push("# Run frontend");
-  lines.push(`cd ${structure.web ? path25.relative(projectPath, structure.web) : "web"}`);
+  lines.push(`cd ${structure.web ? path26.relative(projectPath, structure.web) : "web"}`);
   lines.push("npm run dev");
   lines.push("");
   lines.push("# Create migration");
@@ -69072,7 +70144,7 @@ var init_project_info = __esm({
 });
 
 // src/mcp/resources/api-endpoints.ts
-import path26 from "path";
+import path27 from "path";
 async function getApiEndpointsResource(config2, endpointFilter) {
   const structure = await findSmartStackStructure(config2.smartstack.projectPath);
   if (!structure.api) {
@@ -69091,7 +70163,7 @@ async function getApiEndpointsResource(config2, endpointFilter) {
 }
 async function parseController(filePath, _rootPath) {
   const content = await readText(filePath);
-  const fileName = path26.basename(filePath, ".cs");
+  const fileName = path27.basename(filePath, ".cs");
   const controllerName = fileName.replace("Controller", "");
   const endpoints = [];
   const routeMatch = content.match(/\[Route\s*\(\s*"([^"]+)"\s*\)\]/);
@@ -69253,7 +70325,7 @@ var init_api_endpoints = __esm({
 });
 
 // src/mcp/resources/db-schema.ts
-import path27 from "path";
+import path28 from "path";
 async function getDbSchemaResource(config2, tableFilter) {
   const structure = await findSmartStackStructure(config2.smartstack.projectPath);
   if (!structure.domain && !structure.infrastructure) {
@@ -69337,7 +70409,7 @@ async function parseEntity2(filePath, rootPath, _config) {
     tableName,
     properties,
     relationships,
-    file: path27.relative(rootPath, filePath)
+    file: path28.relative(rootPath, filePath)
   };
 }
 async function enrichFromConfigurations(entities, infrastructurePath, _config) {
@@ -69498,7 +70570,7 @@ var init_db_schema = __esm({
 });
 
 // src/mcp/resources/entities.ts
-import path28 from "path";
+import path29 from "path";
 async function getEntitiesResource(config2, entityFilter) {
   const structure = await findSmartStackStructure(config2.smartstack.projectPath);
   if (!structure.domain) {
@@ -69552,7 +70624,7 @@ async function parseEntitySummary(filePath, rootPath, config2) {
     hasSoftDelete,
     hasRowVersion,
     file: filePath,
-    relativePath: path28.relative(rootPath, filePath)
+    relativePath: path29.relative(rootPath, filePath)
   };
 }
 function inferTableInfo(entityName, config2) {
@@ -69761,6 +70833,8 @@ async function createServer() {
         analyzeTestCoverageTool,
         validateTestConventionsTool,
         suggestTestScenariosTool,
+        // Frontend Test Tools
+        scaffoldFrontendTestsTool,
         // Frontend Route Tools
         scaffoldApiClientTool,
         scaffoldRoutesTool,
@@ -69786,35 +70860,39 @@ async function createServer() {
       let result;
       switch (name) {
         case "validate_conventions":
-          result = await handleValidateConventions(args, config2);
+          result = await handleValidateConventions(args ?? {}, config2);
           break;
         case "check_migrations":
-          result = await handleCheckMigrations(args, config2);
+          result = await handleCheckMigrations(args ?? {}, config2);
           break;
         case "scaffold_extension":
-          result = await handleScaffoldExtension(args, config2);
+          result = await handleScaffoldExtension(args ?? {}, config2);
           break;
         case "api_docs":
-          result = await handleApiDocs(args, config2);
+          result = await handleApiDocs(args ?? {}, config2);
           break;
         case "suggest_migration":
-          result = await handleSuggestMigration(args, config2);
+          result = await handleSuggestMigration(args ?? {}, config2);
           break;
         case "generate_permissions":
-          result = await handleGeneratePermissions(args, config2);
+          result = await handleGeneratePermissions(args ?? {}, config2);
           break;
         // Test Tools
         case "scaffold_tests":
-          result = await handleScaffoldTests(args, config2);
+          result = await handleScaffoldTests(args ?? {}, config2);
           break;
         case "analyze_test_coverage":
-          result = await handleAnalyzeTestCoverage(args, config2);
+          result = await handleAnalyzeTestCoverage(args ?? {}, config2);
           break;
         case "validate_test_conventions":
-          result = await handleValidateTestConventions(args, config2);
+          result = await handleValidateTestConventions(args ?? {}, config2);
           break;
         case "suggest_test_scenarios":
-          result = await handleSuggestTestScenarios(args, config2);
+          result = await handleSuggestTestScenarios(args ?? {}, config2);
+          break;
+        // Frontend Test Tools
+        case "scaffold_frontend_tests":
+          result = await handleScaffoldFrontendTests(args ?? {}, config2);
           break;
         // Frontend Route Tools
         case "scaffold_api_client":
@@ -69958,6 +71036,7 @@ var init_server3 = __esm({
     init_validate_frontend_routes();
     init_scaffold_frontend_extension();
     init_analyze_extension_points();
+    init_scaffold_frontend_tests();
     init_validate_security();
     init_analyze_code_quality();
     init_analyze_hierarchy_patterns();