@atlashub/smartstack-mcp 1.4.1 → 1.5.1

package/dist/index.js

@@ -78,14 +78,14 @@ if (envLevel && ["debug", "info", "warn", "error"].includes(envLevel)) {
 import path2 from "path";
 
 // src/utils/fs.ts
-import fs from "fs-extra";
+import { stat, mkdir, readFile, writeFile, cp, rm } from "fs/promises";
 import path from "path";
 import { glob } from "glob";
 var FileSystemError = class extends Error {
-  constructor(message, operation, path14, cause) {
+  constructor(message, operation, path18, cause) {
     super(message);
     this.operation = operation;
-    this.path = path14;
+    this.path = path18;
     this.cause = cause;
     this.name = "FileSystemError";
   }
@@ -103,26 +103,26 @@ function validatePathSecurity(targetPath, baseDir) {
 }
 async function fileExists(filePath) {
   try {
-    const stat = await fs.stat(filePath);
-    return stat.isFile();
+    const s = await stat(filePath);
+    return s.isFile();
   } catch {
     return false;
   }
 }
 async function directoryExists(dirPath) {
   try {
-    const stat = await fs.stat(dirPath);
-    return stat.isDirectory();
+    const s = await stat(dirPath);
+    return s.isDirectory();
   } catch {
     return false;
   }
 }
 async function ensureDirectory(dirPath) {
-  await fs.ensureDir(dirPath);
+  await mkdir(dirPath, { recursive: true });
 }
 async function readJson(filePath) {
   try {
-    const content = await fs.readFile(filePath, "utf-8");
+    const content = await readFile(filePath, "utf-8");
     try {
       return JSON.parse(content);
     } catch (parseError) {
@@ -148,7 +148,7 @@ async function readJson(filePath) {
 }
 async function readText(filePath) {
   try {
-    return await fs.readFile(filePath, "utf-8");
+    return await readFile(filePath, "utf-8");
   } catch (error) {
     const err = error instanceof Error ? error : new Error(String(error));
     throw new FileSystemError(
@@ -161,8 +161,8 @@ async function readText(filePath) {
 }
 async function writeText(filePath, content) {
   try {
-    await fs.ensureDir(path.dirname(filePath));
-    await fs.writeFile(filePath, content, "utf-8");
+    await mkdir(path.dirname(filePath), { recursive: true });
+    await writeFile(filePath, content, "utf-8");
   } catch (error) {
     const err = error instanceof Error ? error : new Error(String(error));
     throw new FileSystemError(
@@ -456,6 +456,41 @@ var ApiDocsInputSchema = z.object({
   format: z.enum(["markdown", "json", "openapi"]).default("markdown").describe("Output format"),
   controller: z.string().optional().describe("Filter by controller name")
 });
+var TestTypeSchema = z.enum(["unit", "integration", "security", "e2e"]);
+var TestTargetSchema = z.enum(["entity", "service", "controller", "validator", "repository", "all"]);
+var ScaffoldTestsInputSchema = z.object({
+  target: TestTargetSchema.describe("Type of component to test"),
+  name: z.string().min(1).describe('Component name (PascalCase, e.g., "User", "Order")'),
+  testTypes: z.array(TestTypeSchema).default(["unit"]).describe("Types of tests to generate"),
+  options: z.object({
+    includeEdgeCases: z.boolean().default(true).describe("Include edge case tests"),
+    includeTenantIsolation: z.boolean().default(true).describe("Include tenant isolation tests"),
+    includeSoftDelete: z.boolean().default(true).describe("Include soft delete tests"),
+    includeAudit: z.boolean().default(true).describe("Include audit trail tests"),
+    includeValidation: z.boolean().default(true).describe("Include validation tests"),
+    includeAuthorization: z.boolean().default(false).describe("Include authorization tests"),
+    includePerformance: z.boolean().default(false).describe("Include performance tests"),
+    entityProperties: z.array(EntityPropertySchema).optional().describe("Entity properties for test generation"),
+    isSystemEntity: z.boolean().default(false).describe("If true, entity has no TenantId"),
+    dryRun: z.boolean().default(false).describe("Preview without writing files")
+  }).optional()
+});
+var AnalyzeTestCoverageInputSchema = z.object({
+  path: z.string().optional().describe("Project path to analyze"),
+  scope: z.enum(["entity", "service", "controller", "all"]).default("all").describe("Scope of analysis"),
+  outputFormat: z.enum(["summary", "detailed", "json"]).default("summary").describe("Output format"),
+  includeRecommendations: z.boolean().default(true).describe("Include recommendations for missing tests")
+});
+var ValidateTestConventionsInputSchema = z.object({
+  path: z.string().optional().describe("Project path to validate"),
+  checks: z.array(z.enum(["naming", "structure", "patterns", "assertions", "mocking", "all"])).default(["all"]).describe("Types of convention checks to perform"),
+  autoFix: z.boolean().default(false).describe("Automatically fix minor issues")
+});
+var SuggestTestScenariosInputSchema = z.object({
+  target: z.enum(["entity", "service", "controller", "file"]).describe("Type of target to analyze"),
+  name: z.string().min(1).describe("Component name or file path"),
+  depth: z.enum(["basic", "comprehensive", "security-focused"]).default("comprehensive").describe("Depth of analysis")
+});
 
 // src/lib/detector.ts
 import path4 from "path";
@@ -2398,7 +2433,7 @@ export function use{{name}}(options: Use{{name}}Options = {}) {
 }
 async function scaffoldTest(name, options, structure, config, result, dryRun = false) {
   const isSystemEntity = options?.isSystemEntity || false;
-  const serviceTestTemplate = `using System;
+  const serviceTestTemplate2 = `using System;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
@@ -2505,7 +2540,7 @@ public class {{name}}ServiceTests
     name,
     isSystemEntity
   };
-  const testContent = Handlebars.compile(serviceTestTemplate)(context);
+  const testContent = Handlebars.compile(serviceTestTemplate2)(context);
   const testsPath = structure.application ? path7.join(path7.dirname(structure.application), `${path7.basename(structure.application)}.Tests`, "Services") : path7.join(config.smartstack.projectPath, "Application.Tests", "Services");
   const testFilePath = path7.join(testsPath, `${name}ServiceTests.cs`);
   if (!dryRun) {
@@ -3446,175 +3481,3015 @@ function compareVersions2(a, b) {
   return 0;
 }
 
-// src/resources/conventions.ts
-var conventionsResourceTemplate = {
-  uri: "smartstack://conventions",
-  name: "AtlasHub Conventions",
-  description: "Documentation of AtlasHub/SmartStack naming conventions, patterns, and best practices",
-  mimeType: "text/markdown"
+// src/tools/scaffold-tests.ts
+import Handlebars2 from "handlebars";
+import path10 from "path";
+var scaffoldTestsTool = {
+  name: "scaffold_tests",
+  description: "Generate unit, integration, and security tests for SmartStack entities, services, controllers, validators, and repositories. Ensures non-regression and maximum security coverage.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      target: {
+        type: "string",
+        enum: ["entity", "service", "controller", "validator", "repository", "all"],
+        description: "Type of component to test"
+      },
+      name: {
+        type: "string",
+        description: 'Component name (PascalCase, e.g., "User", "Order")'
+      },
+      testTypes: {
+        type: "array",
+        items: {
+          type: "string",
+          enum: ["unit", "integration", "security", "e2e"]
+        },
+        default: ["unit"],
+        description: "Types of tests to generate"
+      },
+      options: {
+        type: "object",
+        properties: {
+          includeEdgeCases: {
+            type: "boolean",
+            default: true,
+            description: "Include edge case tests"
+          },
+          includeTenantIsolation: {
+            type: "boolean",
+            default: true,
+            description: "Include tenant isolation tests"
+          },
+          includeSoftDelete: {
+            type: "boolean",
+            default: true,
+            description: "Include soft delete tests"
+          },
+          includeAudit: {
+            type: "boolean",
+            default: true,
+            description: "Include audit trail tests"
+          },
+          includeValidation: {
+            type: "boolean",
+            default: true,
+            description: "Include validation tests"
+          },
+          includeAuthorization: {
+            type: "boolean",
+            default: false,
+            description: "Include authorization tests"
+          },
+          includePerformance: {
+            type: "boolean",
+            default: false,
+            description: "Include performance tests"
+          },
+          isSystemEntity: {
+            type: "boolean",
+            default: false,
+            description: "If true, entity has no TenantId"
+          },
+          dryRun: {
+            type: "boolean",
+            default: false,
+            description: "Preview without writing files"
+          }
+        }
+      }
+    },
+    required: ["target", "name"]
+  }
 };
-async function getConventionsResource(config) {
-  const { schemas, tablePrefixes, codePrefixes, migrationFormat, namespaces, servicePattern } = config.conventions;
-  return `# AtlasHub SmartStack Conventions
-
-## Overview
-
-This document describes the mandatory conventions for extending the SmartStack/AtlasHub platform.
-Following these conventions ensures compatibility and prevents conflicts.
+Handlebars2.registerHelper("pascalCase", (str) => {
+  if (!str) return "";
+  return str.charAt(0).toUpperCase() + str.slice(1);
+});
+Handlebars2.registerHelper("camelCase", (str) => {
+  if (!str) return "";
+  return str.charAt(0).toLowerCase() + str.slice(1);
+});
+Handlebars2.registerHelper("unless", function(conditional, options) {
+  if (!conditional) {
+    return options.fn(this);
+  }
+  return options.inverse(this);
+});
+var entityTestTemplate = `using System;
+using FluentAssertions;
+using Xunit;
+using {{domainNamespace}};
 
----
+namespace {{testNamespace}}.Unit.Domain;
 
-## 1. Database Conventions
+/// <summary>
+/// Unit tests for {{name}} entity
+/// Tests: Factory methods, Soft delete, Audit trail, Validation
+/// </summary>
+public class {{name}}Tests
+{
+    private const string ValidCode = "test_code";
+{{#unless isSystemEntity}}
+    private readonly Guid _tenantId = Guid.NewGuid();
+{{/unless}}
 
-### SQL Schemas
+    #region Factory Method Tests
 
-SmartStack uses SQL Server schemas to separate platform tables from client extensions:
+    [Fact]
+    public void Create_WhenValidData_ShouldCreateEntity()
+    {
+        // Arrange
+        var code = ValidCode;
+{{#unless isSystemEntity}}
+        var tenantId = _tenantId;
+{{/unless}}
 
-| Schema | Usage | Description |
-|--------|-------|-------------|
-| \`${schemas.platform}\` | SmartStack platform | All native SmartStack tables |
-| \`${schemas.extensions}\` | Client extensions | Custom tables added by clients |
+        // Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}tenantId, {{/unless}}code);
 
-### Domain Table Prefixes
+        // Assert
+        entity.Should().NotBeNull();
+        entity.Id.Should().NotBeEmpty();
+        entity.Code.Should().Be(code.ToLowerInvariant());
+{{#unless isSystemEntity}}
+        entity.TenantId.Should().Be(tenantId);
+{{/unless}}
+        entity.CreatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromSeconds(1));
+        entity.IsDeleted.Should().BeFalse();
+    }
 
-Tables are organized by domain using prefixes:
+{{#unless isSystemEntity}}
+    [Fact]
+    public void Create_WhenEmptyTenantId_ShouldThrow()
+    {
+        // Arrange
+        var tenantId = Guid.Empty;
+        var code = ValidCode;
 
-| Prefix | Domain | Example Tables |
-|--------|--------|----------------|
-| \`auth_\` | Authorization | auth_Users, auth_Roles, auth_Permissions |
-| \`nav_\` | Navigation | nav_Contexts, nav_Applications, nav_Modules |
-| \`usr_\` | User profiles | usr_Profiles, usr_Preferences |
-| \`ai_\` | AI features | ai_Providers, ai_Models, ai_Prompts |
-| \`cfg_\` | Configuration | cfg_Settings |
-| \`wkf_\` | Workflows | wkf_EmailTemplates, wkf_Workflows |
-| \`support_\` | Support | support_Tickets, support_Comments |
-| \`entra_\` | Entra sync | entra_Groups, entra_SyncState |
-| \`ref_\` | References | ref_Companies, ref_Departments |
-| \`loc_\` | Localization | loc_Languages, loc_Translations |
-| \`lic_\` | Licensing | lic_Licenses |
-| \`tenant_\` | Multi-Tenancy | tenant_Tenants, tenant_TenantUsers, tenant_TenantUserRoles |
+        // Act
+        var act = () => {{name}}.Create(tenantId, code);
 
-### Navigation Code Prefixes
+        // Assert
+        act.Should().Throw<ArgumentException>()
+           .WithParameterName("tenantId");
+    }
+{{/unless}}
 
-All navigation data (Context, Application, Module, Section, Resource) uses code prefixes to distinguish system data from client extensions:
+    [Theory]
+    [InlineData("")]
+    [InlineData("   ")]
+    public void Create_WhenEmptyCode_ShouldHandleGracefully(string code)
+    {
+        // Arrange
+{{#unless isSystemEntity}}
+        var tenantId = _tenantId;
+{{/unless}}
 
-| Origin | Prefix | Usage | Example |
-|--------|--------|-------|---------|
-| SmartStack (system) | \`${codePrefixes.core}\` | Protected, delivered with SmartStack | \`${codePrefixes.core}administration\` |
-| Client (extension) | \`${codePrefixes.extension}\` | Custom, added by clients | \`${codePrefixes.extension}it\` |
+        // Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}tenantId, {{/unless}}code);
 
-**Navigation Hierarchy (5 levels):**
+        // Assert
+        entity.Should().NotBeNull();
+        entity.Code.Should().BeEmpty();
+    }
 
-\`\`\`
-Context \u2192 Application \u2192 Module \u2192 Section \u2192 Resource
-\`\`\`
+    #endregion
 
-**Examples for each level:**
+{{#if includeSoftDelete}}
+    #region Soft Delete Tests
 
-| Level | Core Example | Extension Example |
-|-------|--------------|-------------------|
-| Context | \`${codePrefixes.core}administration\` | \`${codePrefixes.extension}it\` |
-| Application | \`${codePrefixes.core}settings\` | \`${codePrefixes.extension}custom_app\` |
-| Module | \`${codePrefixes.core}users\` | \`${codePrefixes.extension}inventory\` |
-| Section | \`${codePrefixes.core}management\` | \`${codePrefixes.extension}reports\` |
-| Resource | \`${codePrefixes.core}user_list\` | \`${codePrefixes.extension}stock_view\` |
+    [Fact]
+    public void SoftDelete_WhenCalled_ShouldSetIsDeletedTrue()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode);
+        var deletedBy = "test_user";
 
-**Rules:**
-1. \`${codePrefixes.core}*\` codes are **protected** - clients cannot create or modify them
-2. \`${codePrefixes.extension}*\` codes are **free** - clients can create custom navigation
-3. SmartStack updates will never overwrite \`${codePrefixes.extension}*\` data
-4. Codes must be unique within their level (e.g., no two Contexts with same code)
+        // Act
+        entity.SoftDelete(deletedBy);
 
-### Entity Configuration
+        // Assert
+        entity.IsDeleted.Should().BeTrue();
+        entity.DeletedAt.Should().NotBeNull();
+        entity.DeletedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromSeconds(1));
+        entity.DeletedBy.Should().Be(deletedBy);
+    }
 
-\`\`\`csharp
-public class MyEntityConfiguration : IEntityTypeConfiguration<MyEntity>
-{
-    public void Configure(EntityTypeBuilder<MyEntity> builder)
+    [Fact]
+    public void SoftDelete_WhenAlreadyDeleted_ShouldNotChangeDeletedAt()
     {
-        // CORRECT: Use schema + domain prefix
-        builder.ToTable("auth_Users", "${schemas.platform}");
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode);
+        entity.SoftDelete("first_deleter");
+        var originalDeletedAt = entity.DeletedAt;
 
-        // WRONG: No schema specified
-        // builder.ToTable("auth_Users");
+        // Act
+        entity.SoftDelete("second_deleter");
 
-        // WRONG: No domain prefix
-        // builder.ToTable("Users", "${schemas.platform}");
+        // Assert
+        entity.DeletedAt.Should().Be(originalDeletedAt);
     }
-}
-\`\`\`
 
-### Extending Core Entities
+    [Fact]
+    public void Restore_WhenSoftDeleted_ShouldClearDeletedFields()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode);
+        entity.SoftDelete("deleter");
+        var restoredBy = "restorer";
 
-When extending a core entity, use the \`${schemas.extensions}\` schema:
+        // Act
+        entity.Restore(restoredBy);
 
-\`\`\`csharp
-// Client extension for auth_Users
-public class UserExtension
-{
-    public Guid UserId { get; set; }  // FK to auth_Users
-    public User User { get; set; }
+        // Assert
+        entity.IsDeleted.Should().BeFalse();
+        entity.DeletedAt.Should().BeNull();
+        entity.DeletedBy.Should().BeNull();
+        entity.UpdatedBy.Should().Be(restoredBy);
+    }
 
-    // Custom properties
-    public string CustomField { get; set; }
-}
+    #endregion
+{{/if}}
 
-// Configuration - use extensions schema
-builder.ToTable("client_UserExtensions", "${schemas.extensions}");
-builder.HasOne(e => e.User)
-       .WithOne()
-       .HasForeignKey<UserExtension>(e => e.UserId);
-\`\`\`
+{{#if includeAudit}}
+    #region Audit Trail Tests
 
----
+    [Fact]
+    public void Create_ShouldSetCreatedAtToUtcNow()
+    {
+        // Arrange & Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode);
 
-## 2. Migration Conventions
+        // Assert
+        entity.CreatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromSeconds(1));
+        entity.CreatedAt.Kind.Should().Be(DateTimeKind.Utc);
+    }
 
-### Naming Format
+    [Fact]
+    public void Create_WhenCreatedByProvided_ShouldSetCreatedBy()
+    {
+        // Arrange
+        var createdBy = "test_creator";
 
-Migrations MUST follow this naming pattern:
+        // Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode, createdBy);
 
-\`\`\`
-${migrationFormat}
-\`\`\`
+        // Assert
+        entity.CreatedBy.Should().Be(createdBy);
+    }
 
-| Part | Description | Example |
-|------|-------------|---------|
-| \`{context}\` | DbContext name | \`core\`, \`extensions\` |
-| \`{version}\` | Semver version | \`v1.0.0\`, \`v1.2.0\` |
-| \`{sequence}\` | Order in version | \`001\`, \`002\` |
-| \`{Description}\` | Action (PascalCase) | \`CreateAuthUsers\` |
+    [Fact]
+    public void Update_WhenCalled_ShouldUpdateAuditFields()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode);
+        var originalCreatedAt = entity.CreatedAt;
+        var updatedBy = "updater";
 
-**Examples:**
-- \`core_v1.0.0_001_InitialSchema.cs\`
-- \`core_v1.0.0_002_CreateAuthUsers.cs\`
-- \`core_v1.2.0_001_AddUserProfiles.cs\`
-- \`extensions_v1.0.0_001_AddClientFeatures.cs\`
+        // Act
+        entity.Update(updatedBy);
 
-### Creating Migrations
+        // Assert
+        entity.UpdatedAt.Should().NotBeNull();
+        entity.UpdatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromSeconds(1));
+        entity.UpdatedBy.Should().Be(updatedBy);
+        entity.CreatedAt.Should().Be(originalCreatedAt);
+    }
 
-\`\`\`bash
-# Create a new migration
-dotnet ef migrations add core_v1.0.0_001_InitialSchema
+    #endregion
+{{/if}}
 
-# With context specified
-dotnet ef migrations add core_v1.2.0_001_AddUserProfiles --context ApplicationDbContext
-\`\`\`
+{{#if includeEdgeCases}}
+    #region Edge Cases
 
-### Migration Rules
+    [Fact]
+    public void Create_WithSpecialCharactersInCode_ShouldNormalize()
+    {
+        // Arrange
+        var code = "Test-Code_123";
 
-1. **One migration per feature** - Group related changes in a single migration
-2. **Version-based naming** - Use semver (v1.0.0, v1.2.0) to link migrations to releases
-3. **Sequence numbers** - Use NNN (001, 002, etc.) for migrations in the same version
-4. **Context prefix** - Use \`core_\` for platform tables, \`extensions_\` for client extensions
-5. **Descriptive names** - Use clear PascalCase descriptions (CreateAuthUsers, AddUserProfiles, etc.)
-6. **Schema must be specified** - All tables must specify their schema in ToTable()
+        // Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}code);
 
----
+        // Assert
+        entity.Code.Should().Be(code.ToLowerInvariant());
+    }
 
-## 3. Namespace Conventions
+    [Fact]
+    public void Create_WithMaxLengthCode_ShouldSucceed()
+    {
+        // Arrange
+        var code = new string('a', 100);
 
-### Layer Structure
+        // Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}code);
+
+        // Assert
+        entity.Code.Should().HaveLength(100);
+    }
+
+    #endregion
+{{/if}}
+}
+`;
+var serviceTestTemplate = `using System;
+using System.Collections.Generic;
+using System.Threading;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Microsoft.Extensions.Logging;
+using Moq;
+using Xunit;
+using {{applicationNamespace}}.Services;
+using {{applicationNamespace}}.Repositories;
+using {{domainNamespace}};
+
+namespace {{testNamespace}}.Unit.Services;
+
+/// <summary>
+/// Unit tests for {{name}}Service
+/// Tests: CRUD operations, Business logic, Error handling, Tenant isolation
+/// </summary>
+public class {{name}}ServiceTests
+{
+    private readonly Mock<I{{name}}Repository> _repositoryMock;
+    private readonly Mock<ILogger<{{name}}Service>> _loggerMock;
+    private readonly {{name}}Service _sut;
+{{#unless isSystemEntity}}
+    private readonly Guid _tenantId = Guid.NewGuid();
+{{/unless}}
+
+    public {{name}}ServiceTests()
+    {
+        _repositoryMock = new Mock<I{{name}}Repository>();
+        _loggerMock = new Mock<ILogger<{{name}}Service>>();
+        _sut = new {{name}}Service(
+            _repositoryMock.Object,
+            _loggerMock.Object
+        );
+    }
+
+    #region GetByIdAsync Tests
+
+    [Fact]
+    public async Task GetByIdAsync_WhenEntityExists_ShouldReturnEntity()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(entity);
+
+        // Act
+        var result = await _sut.GetByIdAsync(id);
+
+        // Assert
+        result.Should().NotBeNull();
+        _repositoryMock.Verify(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()), Times.Once);
+    }
+
+    [Fact]
+    public async Task GetByIdAsync_WhenNotExists_ShouldReturnNull()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var result = await _sut.GetByIdAsync(id);
+
+        // Assert
+        result.Should().BeNull();
+    }
+
+    [Fact]
+    public async Task GetByIdAsync_WhenCancelled_ShouldThrowOperationCancelledException()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var cts = new CancellationTokenSource();
+        cts.Cancel();
+
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ThrowsAsync(new OperationCanceledException());
+
+        // Act
+        var act = async () => await _sut.GetByIdAsync(id, cts.Token);
+
+        // Assert
+        await act.Should().ThrowAsync<OperationCanceledException>();
+    }
+
+    #endregion
+
+{{#unless isSystemEntity}}
+    #region Tenant Isolation Tests
+
+    [Fact]
+    public async Task GetAllAsync_ShouldFilterByTenant()
+    {
+        // Arrange
+        var entities = new List<{{name}}>
+        {
+            {{name}}.Create(_tenantId, "entity1"),
+            {{name}}.Create(_tenantId, "entity2"),
+        };
+        _repositoryMock
+            .Setup(r => r.GetAllByTenantAsync(_tenantId, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(entities);
+
+        // Act
+        var result = await _sut.GetAllAsync(_tenantId);
+
+        // Assert
+        result.Should().HaveCount(2);
+        result.Should().OnlyContain(e => e.TenantId == _tenantId);
+    }
+
+    [Fact]
+    public async Task CreateAsync_ShouldSetTenantId()
+    {
+        // Arrange
+        {{name}}? capturedEntity = null;
+        _repositoryMock
+            .Setup(r => r.AddAsync(It.IsAny<{{name}}>(), It.IsAny<CancellationToken>()))
+            .Callback<{{name}}, CancellationToken>((e, _) => capturedEntity = e)
+            .ReturnsAsync(({{name}} e, CancellationToken _) => e);
+
+        // Act
+        await _sut.CreateAsync(_tenantId, "test_code");
+
+        // Assert
+        capturedEntity.Should().NotBeNull();
+        capturedEntity!.TenantId.Should().Be(_tenantId);
+    }
+
+    [Fact]
+    public async Task GetByIdAsync_WhenEntityBelongsToDifferentTenant_ShouldReturnNull()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var otherTenantId = Guid.NewGuid();
+        var entity = {{name}}.Create(otherTenantId, "test");
+
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(({{name}}?)null); // Repository should filter by tenant
+
+        // Act
+        var result = await _sut.GetByIdAsync(id, _tenantId);
+
+        // Assert
+        result.Should().BeNull();
+    }
+
+    #endregion
+{{/unless}}
+
+    #region Error Handling Tests
+
+    [Fact]
+    public async Task UpdateAsync_WhenEntityNotFound_ShouldThrow()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var act = async () => await _sut.UpdateAsync(id, "new_code");
+
+        // Assert
+        await act.Should().ThrowAsync<InvalidOperationException>()
+            .WithMessage("*not found*");
+    }
+
+    [Fact]
+    public async Task DeleteAsync_WhenEntityNotFound_ShouldReturnFalse()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var result = await _sut.DeleteAsync(id);
+
+        // Assert
+        result.Should().BeFalse();
+    }
+
+    #endregion
+
+{{#if includeEdgeCases}}
+    #region Edge Cases
+
+    [Fact]
+    public async Task CreateAsync_WithEmptyCode_ShouldStillCreate()
+    {
+        // Arrange
+        _repositoryMock
+            .Setup(r => r.AddAsync(It.IsAny<{{name}}>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync(({{name}} e, CancellationToken _) => e);
+
+        // Act
+        var result = await _sut.CreateAsync({{#unless isSystemEntity}}_tenantId, {{/unless}}"");
+
+        // Assert
+        result.Should().NotBeNull();
+        result.Code.Should().BeEmpty();
+    }
+
+    [Fact]
+    public async Task GetAllAsync_WhenNoEntities_ShouldReturnEmptyList()
+    {
+        // Arrange
+        _repositoryMock
+            .Setup(r => r.GetAllAsync(It.IsAny<CancellationToken>()))
+            .ReturnsAsync(new List<{{name}}>());
+
+        // Act
+        var result = await _sut.GetAllAsync();
+
+        // Assert
+        result.Should().BeEmpty();
+    }
+
+    #endregion
+{{/if}}
+}
+`;
+var controllerTestTemplate = `using System;
+using System.Collections.Generic;
+using System.Net;
+using System.Net.Http;
+using System.Net.Http.Json;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Microsoft.AspNetCore.Mvc.Testing;
+using Microsoft.Extensions.DependencyInjection;
+using Moq;
+using Xunit;
+using {{apiNamespace}};
+using {{applicationNamespace}}.Services;
+using {{domainNamespace}};
+
+namespace {{testNamespace}}.Integration.Controllers;
+
+/// <summary>
+/// Integration tests for {{name}}Controller
+/// Tests: HTTP status codes, Authorization, Validation, CRUD operations
+/// </summary>
+public class {{name}}ControllerTests : IClassFixture<WebApplicationFactory<Program>>
+{
+    private readonly WebApplicationFactory<Program> _factory;
+    private readonly HttpClient _client;
+    private readonly Mock<I{{name}}Service> _serviceMock;
+{{#unless isSystemEntity}}
+    private readonly Guid _tenantId = Guid.NewGuid();
+{{/unless}}
+
+    public {{name}}ControllerTests(WebApplicationFactory<Program> factory)
+    {
+        _serviceMock = new Mock<I{{name}}Service>();
+
+        _factory = factory.WithWebHostBuilder(builder =>
+        {
+            builder.ConfigureServices(services =>
+            {
+                // Replace the real service with our mock
+                var descriptor = services.SingleOrDefault(
+                    d => d.ServiceType == typeof(I{{name}}Service));
+
+                if (descriptor != null)
+                {
+                    services.Remove(descriptor);
+                }
+
+                services.AddScoped(_ => _serviceMock.Object);
+            });
+        });
+
+        _client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        _client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+    }
+
+    #region GET Tests
+
+    [Fact]
+    public async Task GetAll_WhenAuthorized_ShouldReturn200()
+    {
+        // Arrange
+        var entities = new List<{{name}}>
+        {
+            {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"entity1"),
+            {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"entity2"),
+        };
+        _serviceMock
+            .Setup(s => s.GetAllAsync({{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(entities);
+
+        // Act
+        var response = await _client.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+    }
+
+    [Fact]
+    public async Task GetById_WhenEntityExists_ShouldReturn200()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+        _serviceMock
+            .Setup(s => s.GetByIdAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(entity);
+
+        // Act
+        var response = await _client.GetAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+    }
+
+    [Fact]
+    public async Task GetById_WhenNotFound_ShouldReturn404()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _serviceMock
+            .Setup(s => s.GetByIdAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var response = await _client.GetAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    #endregion
+
+    #region POST Tests
+
+    [Fact]
+    public async Task Create_WhenValidData_ShouldReturn201()
+    {
+        // Arrange
+        var request = new { Code = "new_entity" };
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}request.Code);
+        _serviceMock
+            .Setup(s => s.CreateAsync({{#unless isSystemEntity}}_tenantId, {{/unless}}request.Code, default))
+            .ReturnsAsync(entity);
+
+        // Act
+        var response = await _client.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Created);
+    }
+
+{{#if includeValidation}}
+    [Fact]
+    public async Task Create_WhenInvalidData_ShouldReturn400()
+    {
+        // Arrange
+        var request = new { Code = (string?)null };
+
+        // Act
+        var response = await _client.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+{{/if}}
+
+    #endregion
+
+    #region PUT Tests
+
+    [Fact]
+    public async Task Update_WhenEntityExists_ShouldReturn200()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var request = new { Code = "updated_code" };
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+        _serviceMock
+            .Setup(s => s.GetByIdAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(entity);
+        _serviceMock
+            .Setup(s => s.UpdateAsync(id, request.Code, default))
+            .ReturnsAsync(entity);
+
+        // Act
+        var response = await _client.PutAsJsonAsync($"/api/{{nameLower}}/{id}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+    }
+
+    [Fact]
+    public async Task Update_WhenNotFound_ShouldReturn404()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var request = new { Code = "updated_code" };
+        _serviceMock
+            .Setup(s => s.GetByIdAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var response = await _client.PutAsJsonAsync($"/api/{{nameLower}}/{id}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    #endregion
+
+    #region DELETE Tests
+
+    [Fact]
+    public async Task Delete_WhenEntityExists_ShouldReturn204()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _serviceMock
+            .Setup(s => s.DeleteAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(true);
+
+        // Act
+        var response = await _client.DeleteAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NoContent);
+    }
+
+    [Fact]
+    public async Task Delete_WhenNotFound_ShouldReturn404()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _serviceMock
+            .Setup(s => s.DeleteAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(false);
+
+        // Act
+        var response = await _client.DeleteAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    #endregion
+
+{{#if includeAuthorization}}
+    #region Authorization Tests
+
+    [Fact]
+    public async Task GetAll_WhenUnauthorized_ShouldReturn401()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+        // Don't add auth header
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
+    }
+
+{{#unless isSystemEntity}}
+    [Fact]
+    public async Task GetById_WhenDifferentTenant_ShouldReturn403()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", Guid.NewGuid().ToString());
+
+        _serviceMock
+            .Setup(s => s.GetByIdAsync(id, It.IsAny<Guid>(), default))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var response = await client.GetAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().BeOneOf(HttpStatusCode.Forbidden, HttpStatusCode.NotFound);
+    }
+{{/unless}}
+
+    #endregion
+{{/if}}
+}
+`;
+var validatorTestTemplate = `using FluentAssertions;
+using FluentValidation.TestHelper;
+using Xunit;
+using {{applicationNamespace}}.DTOs;
+using {{applicationNamespace}}.Validators;
+
+namespace {{testNamespace}}.Unit.Validators;
+
+/// <summary>
+/// Unit tests for {{name}} validators
+/// Tests: Validation rules, Error messages
+/// </summary>
+public class {{name}}ValidatorTests
+{
+    private readonly Create{{name}}DtoValidator _createValidator;
+    private readonly Update{{name}}DtoValidator _updateValidator;
+
+    public {{name}}ValidatorTests()
+    {
+        _createValidator = new Create{{name}}DtoValidator();
+        _updateValidator = new Update{{name}}DtoValidator();
+    }
+
+    #region Create Validator Tests
+
+    [Fact]
+    public void CreateValidator_WhenCodeIsEmpty_ShouldHaveError()
+    {
+        // Arrange
+        var dto = new Create{{name}}Dto { Code = string.Empty };
+
+        // Act
+        var result = _createValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldHaveValidationErrorFor(x => x.Code)
+              .WithErrorMessage("*required*");
+    }
+
+    [Fact]
+    public void CreateValidator_WhenCodeIsTooLong_ShouldHaveError()
+    {
+        // Arrange
+        var dto = new Create{{name}}Dto { Code = new string('a', 101) };
+
+        // Act
+        var result = _createValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldHaveValidationErrorFor(x => x.Code)
+              .WithErrorMessage("*100 characters*");
+    }
+
+    [Fact]
+    public void CreateValidator_WhenValidData_ShouldNotHaveErrors()
+    {
+        // Arrange
+        var dto = new Create{{name}}Dto { Code = "valid_code" };
+
+        // Act
+        var result = _createValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldNotHaveAnyValidationErrors();
+    }
+
+    #endregion
+
+    #region Update Validator Tests
+
+    [Fact]
+    public void UpdateValidator_WhenCodeIsEmpty_ShouldHaveError()
+    {
+        // Arrange
+        var dto = new Update{{name}}Dto { Code = string.Empty };
+
+        // Act
+        var result = _updateValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldHaveValidationErrorFor(x => x.Code);
+    }
+
+    [Fact]
+    public void UpdateValidator_WhenValidData_ShouldNotHaveErrors()
+    {
+        // Arrange
+        var dto = new Update{{name}}Dto { Code = "updated_code" };
+
+        // Act
+        var result = _updateValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldNotHaveAnyValidationErrors();
+    }
+
+    #endregion
+
+{{#if includeEdgeCases}}
+    #region Edge Cases
+
+    [Theory]
+    [InlineData("test-code")]
+    [InlineData("test_code")]
+    [InlineData("test.code")]
+    public void CreateValidator_WhenCodeHasSpecialCharacters_ShouldPass(string code)
+    {
+        // Arrange
+        var dto = new Create{{name}}Dto { Code = code };
+
+        // Act
+        var result = _createValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldNotHaveValidationErrorFor(x => x.Code);
+    }
+
+    [Theory]
+    [InlineData("   leading")]
+    [InlineData("trailing   ")]
+    [InlineData("   both   ")]
+    public void CreateValidator_WhenCodeHasWhitespace_ShouldTrimAndValidate(string code)
+    {
+        // Arrange
+        var dto = new Create{{name}}Dto { Code = code };
+
+        // Act
+        var result = _createValidator.TestValidate(dto);
+
+        // Assert
+        // Depending on implementation, may pass or fail
+        // This test documents the expected behavior
+    }
+
+    #endregion
+{{/if}}
+}
+`;
+var repositoryTestTemplate = `using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Microsoft.EntityFrameworkCore;
+using Xunit;
+using {{infrastructureNamespace}}.Persistence;
+using {{infrastructureNamespace}}.Repositories;
+using {{domainNamespace}};
+
+namespace {{testNamespace}}.Integration.Repositories;
+
+/// <summary>
+/// Integration tests for {{name}}Repository
+/// Tests: CRUD with DbContext, Queries, Tenant scope
+/// </summary>
+public class {{name}}RepositoryTests : IDisposable
+{
+    private readonly ApplicationDbContext _context;
+    private readonly {{name}}Repository _repository;
+{{#unless isSystemEntity}}
+    private readonly Guid _tenantId = Guid.NewGuid();
+{{/unless}}
+
+    public {{name}}RepositoryTests()
+    {
+        var options = new DbContextOptionsBuilder<ApplicationDbContext>()
+            .UseInMemoryDatabase(databaseName: Guid.NewGuid().ToString())
+            .Options;
+
+        _context = new ApplicationDbContext(options);
+        _repository = new {{name}}Repository(_context);
+    }
+
+    public void Dispose()
+    {
+        _context.Dispose();
+    }
+
+    #region GetByIdAsync Tests
+
+    [Fact]
+    public async Task GetByIdAsync_WhenEntityExists_ShouldReturnEntity()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+        await _context.Set<{{name}}>().AddAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _repository.GetByIdAsync(entity.Id);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Id.Should().Be(entity.Id);
+    }
+
+    [Fact]
+    public async Task GetByIdAsync_WhenNotExists_ShouldReturnNull()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+
+        // Act
+        var result = await _repository.GetByIdAsync(id);
+
+        // Assert
+        result.Should().BeNull();
+    }
+
+    #endregion
+
+    #region AddAsync Tests
+
+    [Fact]
+    public async Task AddAsync_ShouldPersistEntity()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+
+        // Act
+        var result = await _repository.AddAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Assert
+        result.Should().NotBeNull();
+        var persisted = await _context.Set<{{name}}>().FindAsync(entity.Id);
+        persisted.Should().NotBeNull();
+    }
+
+    #endregion
+
+    #region UpdateAsync Tests
+
+    [Fact]
+    public async Task UpdateAsync_ShouldUpdateEntity()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"original");
+        await _context.Set<{{name}}>().AddAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        entity.Update("updater");
+        await _repository.UpdateAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Assert
+        var updated = await _context.Set<{{name}}>().FindAsync(entity.Id);
+        updated!.UpdatedBy.Should().Be("updater");
+    }
+
+    #endregion
+
+    #region DeleteAsync Tests
+
+    [Fact]
+    public async Task DeleteAsync_ShouldRemoveEntity()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+        await _context.Set<{{name}}>().AddAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        await _repository.DeleteAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Assert
+        var deleted = await _context.Set<{{name}}>().FindAsync(entity.Id);
+        deleted.Should().BeNull();
+    }
+
+    #endregion
+
+{{#unless isSystemEntity}}
+    #region Tenant Isolation Tests
+
+    [Fact]
+    public async Task GetAllByTenantAsync_ShouldOnlyReturnTenantEntities()
+    {
+        // Arrange
+        var otherTenantId = Guid.NewGuid();
+        await _context.Set<{{name}}>().AddRangeAsync(
+            {{name}}.Create(_tenantId, "entity1"),
+            {{name}}.Create(_tenantId, "entity2"),
+            {{name}}.Create(otherTenantId, "other_tenant_entity")
+        );
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _repository.GetAllByTenantAsync(_tenantId);
+
+        // Assert
+        result.Should().HaveCount(2);
+        result.Should().OnlyContain(e => e.TenantId == _tenantId);
+    }
+
+    [Fact]
+    public async Task ExistsAsync_WhenEntityInDifferentTenant_ShouldReturnFalse()
+    {
+        // Arrange
+        var otherTenantId = Guid.NewGuid();
+        var entity = {{name}}.Create(otherTenantId, "test");
+        await _context.Set<{{name}}>().AddAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _repository.ExistsAsync(entity.Id, _tenantId);
+
+        // Assert
+        result.Should().BeFalse();
+    }
+
+    #endregion
+{{/unless}}
+
+{{#if includeSoftDelete}}
+    #region Soft Delete Tests
+
+    [Fact]
+    public async Task GetAllAsync_ShouldExcludeSoftDeletedEntities()
+    {
+        // Arrange
+        var activeEntity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"active");
+        var deletedEntity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"deleted");
+        deletedEntity.SoftDelete("deleter");
+
+        await _context.Set<{{name}}>().AddRangeAsync(activeEntity, deletedEntity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _repository.GetAllAsync();
+
+        // Assert
+        result.Should().ContainSingle();
+        result.First().Code.Should().Be("active");
+    }
+
+    [Fact]
+    public async Task GetAllIncludingDeletedAsync_ShouldIncludeSoftDeletedEntities()
+    {
+        // Arrange
+        var activeEntity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"active");
+        var deletedEntity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"deleted");
+        deletedEntity.SoftDelete("deleter");
+
+        await _context.Set<{{name}}>().AddRangeAsync(activeEntity, deletedEntity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _repository.GetAllIncludingDeletedAsync();
+
+        // Assert
+        result.Should().HaveCount(2);
+    }
+
+    #endregion
+{{/if}}
+}
+`;
+var securityTestTemplate = `using System;
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Microsoft.AspNetCore.Mvc.Testing;
+using Xunit;
+using {{apiNamespace}};
+
+namespace {{testNamespace}}.Security;
+
+/// <summary>
+/// Security tests for {{name}}
+/// Tests: Tenant isolation, Authorization, Input validation, Injection prevention
+/// </summary>
+public class {{name}}SecurityTests : IClassFixture<WebApplicationFactory<Program>>
+{
+    private readonly WebApplicationFactory<Program> _factory;
+{{#unless isSystemEntity}}
+    private readonly Guid _tenantId = Guid.NewGuid();
+{{/unless}}
+
+    public {{name}}SecurityTests(WebApplicationFactory<Program> factory)
+    {
+        _factory = factory;
+    }
+
+{{#unless isSystemEntity}}
+    #region Tenant Isolation Tests
+
+    [Fact]
+    public async Task Request_WithoutTenantHeader_ShouldReturn400()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+        // Intentionally not adding X-Tenant-Id header
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().BeOneOf(
+            HttpStatusCode.BadRequest,
+            HttpStatusCode.Unauthorized
+        );
+    }
+
+    [Fact]
+    public async Task Request_WithInvalidTenantId_ShouldReturn400()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", "invalid-guid");
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+
+    [Fact]
+    public async Task Request_WithEmptyTenantId_ShouldReturn400()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", Guid.Empty.ToString());
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+
+    #endregion
+{{/unless}}
+
+    #region Input Validation Security Tests
+
+    [Theory]
+    [InlineData("<script>alert('xss')</script>")]
+    [InlineData("'; DROP TABLE users; --")]
+    [InlineData("{{'{{'}}constructor.prototype{{'}}'}}")]
+    public async Task Create_WithMaliciousInput_ShouldSanitizeOrReject(string maliciousInput)
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+        var request = new { Code = maliciousInput };
+
+        // Act
+        var response = await client.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Assert
+        // Should either reject (400) or sanitize (201 with cleaned data)
+        response.StatusCode.Should().BeOneOf(
+            HttpStatusCode.BadRequest,
+            HttpStatusCode.Created,
+            HttpStatusCode.UnprocessableEntity
+        );
+    }
+
+    [Theory]
+    [InlineData("../../../etc/passwd")]
+    [InlineData("..\\\\..\\\\..\\\\windows\\\\system32")]
+    [InlineData("....//....//....//etc/passwd")]
+    public async Task Create_WithPathTraversalAttempt_ShouldReject(string pathTraversal)
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+        var request = new { Code = pathTraversal };
+
+        // Act
+        var response = await client.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+
+    #endregion
+
+    #region ID Manipulation Tests
+
+    [Fact]
+    public async Task GetById_WithNegativeId_ShouldReturn400Or404()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}/00000000-0000-0000-0000-000000000000");
+
+        // Assert
+        response.StatusCode.Should().BeOneOf(
+            HttpStatusCode.BadRequest,
+            HttpStatusCode.NotFound
+        );
+    }
+
+    [Fact]
+    public async Task GetById_WithMalformedGuid_ShouldReturn400()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}/not-a-guid");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+
+    #endregion
+
+    #region Rate Limiting Tests (if applicable)
+
+    [Fact]
+    public async Task MultipleRapidRequests_ShouldNotCauseDenialOfService()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+        var tasks = new List<Task<HttpResponseMessage>>();
+
+        // Act
+        for (int i = 0; i < 10; i++)
+        {
+            tasks.Add(client.GetAsync("/api/{{nameLower}}"));
+        }
+        var responses = await Task.WhenAll(tasks);
+
+        // Assert
+        // Should handle without crashing (may return 429 if rate limiting is enabled)
+        responses.Should().OnlyContain(r =>
+            r.StatusCode == HttpStatusCode.OK ||
+            r.StatusCode == HttpStatusCode.TooManyRequests);
+    }
+
+    #endregion
+}
+`;
+async function handleScaffoldTests(args, config) {
+  const input = ScaffoldTestsInputSchema.parse(args);
+  const dryRun = input.options?.dryRun || false;
+  logger.info("Scaffolding tests", { target: input.target, name: input.name, dryRun });
+  const structure = await findSmartStackStructure(config.smartstack.projectPath);
+  const result = {
+    success: true,
+    files: [],
+    instructions: []
+  };
+  const options = {
+    includeEdgeCases: input.options?.includeEdgeCases ?? true,
+    includeTenantIsolation: input.options?.includeTenantIsolation ?? true,
+    includeSoftDelete: input.options?.includeSoftDelete ?? true,
+    includeAudit: input.options?.includeAudit ?? true,
+    includeValidation: input.options?.includeValidation ?? true,
+    includeAuthorization: input.options?.includeAuthorization ?? false,
+    isSystemEntity: input.options?.isSystemEntity ?? false
+  };
+  const testTypes = input.testTypes || ["unit"];
+  try {
+    switch (input.target) {
+      case "entity":
+        await scaffoldEntityTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+      case "service":
+        await scaffoldServiceTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+      case "controller":
+        await scaffoldControllerTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+      case "validator":
+        await scaffoldValidatorTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+      case "repository":
+        await scaffoldRepositoryTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+      case "all":
+        await scaffoldEntityTests(input.name, options, testTypes, structure, config, result, dryRun);
+        await scaffoldServiceTests(input.name, options, testTypes, structure, config, result, dryRun);
+        await scaffoldControllerTests(input.name, options, testTypes, structure, config, result, dryRun);
+        await scaffoldValidatorTests(input.name, options, testTypes, structure, config, result, dryRun);
+        await scaffoldRepositoryTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+    }
+  } catch (error) {
+    result.success = false;
+    result.instructions.push(`Error: ${error instanceof Error ? error.message : String(error)}`);
+  }
+  return formatTestResult(result, input.target, input.name, dryRun);
+}
+async function scaffoldEntityTests(name, options, testTypes, structure, config, result, dryRun) {
+  const testNamespace = `${config.conventions.namespaces.application}.Tests`;
+  const domainNamespace = config.conventions.namespaces.domain;
+  const context = {
+    name,
+    testNamespace,
+    domainNamespace,
+    ...options
+  };
+  if (testTypes.includes("unit")) {
+    const content = Handlebars2.compile(entityTestTemplate)(context);
+    const testPath = path10.join(structure.root, "Tests", "Unit", "Domain", `${name}Tests.cs`);
+    validatePathSecurity(testPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(testPath));
+      await writeText(testPath, content);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, testPath),
+      content,
+      type: "created"
+    });
+  }
+  if (testTypes.includes("security")) {
+    const securityContent = Handlebars2.compile(securityTestTemplate)({
+      ...context,
+      nameLower: name.charAt(0).toLowerCase() + name.slice(1),
+      apiNamespace: config.conventions.namespaces.api
+    });
+    const securityPath = path10.join(structure.root, "Tests", "Security", `${name}SecurityTests.cs`);
+    validatePathSecurity(securityPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(securityPath));
+      await writeText(securityPath, securityContent);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, securityPath),
+      content: securityContent,
+      type: "created"
+    });
+  }
+  result.instructions.push(`Add package reference: <PackageReference Include="FluentAssertions" Version="6.*" />`);
+  result.instructions.push(`Add package reference: <PackageReference Include="xunit" Version="2.*" />`);
+}
+async function scaffoldServiceTests(name, options, testTypes, structure, config, result, dryRun) {
+  const testNamespace = `${config.conventions.namespaces.application}.Tests`;
+  const applicationNamespace = config.conventions.namespaces.application;
+  const domainNamespace = config.conventions.namespaces.domain;
+  const context = {
+    name,
+    testNamespace,
+    applicationNamespace,
+    domainNamespace,
+    ...options
+  };
+  if (testTypes.includes("unit")) {
+    const content = Handlebars2.compile(serviceTestTemplate)(context);
+    const testPath = path10.join(structure.root, "Tests", "Unit", "Services", `${name}ServiceTests.cs`);
+    validatePathSecurity(testPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(testPath));
+      await writeText(testPath, content);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, testPath),
+      content,
+      type: "created"
+    });
+  }
+  result.instructions.push(`Add package reference: <PackageReference Include="Moq" Version="4.*" />`);
+}
+async function scaffoldControllerTests(name, options, testTypes, structure, config, result, dryRun) {
+  const testNamespace = `${config.conventions.namespaces.application}.Tests`;
+  const applicationNamespace = config.conventions.namespaces.application;
+  const domainNamespace = config.conventions.namespaces.domain;
+  const apiNamespace = config.conventions.namespaces.api;
+  const context = {
+    name,
+    nameLower: name.charAt(0).toLowerCase() + name.slice(1),
+    testNamespace,
+    applicationNamespace,
+    domainNamespace,
+    apiNamespace,
+    ...options
+  };
+  if (testTypes.includes("integration")) {
+    const content = Handlebars2.compile(controllerTestTemplate)(context);
+    const testPath = path10.join(structure.root, "Tests", "Integration", "Controllers", `${name}ControllerTests.cs`);
+    validatePathSecurity(testPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(testPath));
+      await writeText(testPath, content);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, testPath),
+      content,
+      type: "created"
+    });
+  }
+  if (testTypes.includes("security")) {
+    const securityContent = Handlebars2.compile(securityTestTemplate)(context);
+    const securityPath = path10.join(structure.root, "Tests", "Security", `${name}SecurityTests.cs`);
+    validatePathSecurity(securityPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(securityPath));
+      await writeText(securityPath, securityContent);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, securityPath),
+      content: securityContent,
+      type: "created"
+    });
+  }
+  result.instructions.push(`Add package reference: <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.*" />`);
+}
+async function scaffoldValidatorTests(name, options, testTypes, structure, config, result, dryRun) {
+  const testNamespace = `${config.conventions.namespaces.application}.Tests`;
+  const applicationNamespace = config.conventions.namespaces.application;
+  const context = {
+    name,
+    testNamespace,
+    applicationNamespace,
+    ...options
+  };
+  if (testTypes.includes("unit")) {
+    const content = Handlebars2.compile(validatorTestTemplate)(context);
+    const testPath = path10.join(structure.root, "Tests", "Unit", "Validators", `${name}ValidatorTests.cs`);
+    validatePathSecurity(testPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(testPath));
+      await writeText(testPath, content);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, testPath),
+      content,
+      type: "created"
+    });
+  }
+  result.instructions.push(`Add package reference: <PackageReference Include="FluentValidation.TestHelper" Version="11.*" />`);
+}
+async function scaffoldRepositoryTests(name, options, testTypes, structure, config, result, dryRun) {
+  const testNamespace = `${config.conventions.namespaces.application}.Tests`;
+  const infrastructureNamespace = config.conventions.namespaces.infrastructure;
+  const domainNamespace = config.conventions.namespaces.domain;
+  const context = {
+    name,
+    testNamespace,
+    infrastructureNamespace,
+    domainNamespace,
+    ...options
+  };
+  if (testTypes.includes("integration")) {
+    const content = Handlebars2.compile(repositoryTestTemplate)(context);
+    const testPath = path10.join(structure.root, "Tests", "Integration", "Repositories", `${name}RepositoryTests.cs`);
+    validatePathSecurity(testPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(testPath));
+      await writeText(testPath, content);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, testPath),
+      content,
+      type: "created"
+    });
+  }
+  result.instructions.push(`Add package reference: <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.*" />`);
+}
+function formatTestResult(result, _target, name, dryRun) {
+  const lines = [];
+  lines.push(`# Scaffold Tests: ${name}`);
+  lines.push("");
+  if (dryRun) {
+    lines.push("> **DRY RUN MODE** - No files were written");
+    lines.push("");
+  }
+  if (!result.success) {
+    lines.push("## Error");
+    lines.push("");
+    lines.push(result.instructions.join("\n"));
+    return lines.join("\n");
+  }
+  lines.push(`## Generated Test Files (${result.files.length})`);
+  lines.push("");
+  for (const file of result.files) {
+    lines.push(`### \`${file.path}\``);
+    lines.push("");
+    lines.push("```csharp");
+    lines.push(file.content);
+    lines.push("```");
+    lines.push("");
+  }
+  if (result.instructions.length > 0) {
+    lines.push("## Next Steps");
+    lines.push("");
+    for (const instruction of result.instructions) {
+      lines.push(`- ${instruction}`);
+    }
+    lines.push("");
+  }
+  lines.push("## Test Conventions Applied");
+  lines.push("");
+  lines.push("- **Naming**: `{MethodName}_When{Condition}_Should{ExpectedResult}`");
+  lines.push("- **Pattern**: AAA (Arrange-Act-Assert)");
+  lines.push("- **Assertions**: FluentAssertions (`.Should()`)");
+  lines.push("- **Mocking**: Moq (`Mock<T>`)");
+  lines.push("");
+  return lines.join("\n");
+}
+
+// src/tools/analyze-test-coverage.ts
+import path11 from "path";
+var analyzeTestCoverageTool = {
+  name: "analyze_test_coverage",
+  description: "Analyze test coverage for a SmartStack project. Identifies entities, services, and controllers without tests, calculates coverage ratios, and provides recommendations.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      path: {
+        type: "string",
+        description: "Project path to analyze (default: configured SmartStack path)"
+      },
+      scope: {
+        type: "string",
+        enum: ["entity", "service", "controller", "all"],
+        default: "all",
+        description: "Scope of analysis"
+      },
+      outputFormat: {
+        type: "string",
+        enum: ["summary", "detailed", "json"],
+        default: "summary",
+        description: "Output format"
+      },
+      includeRecommendations: {
+        type: "boolean",
+        default: true,
+        description: "Include recommendations for missing tests"
+      }
+    }
+  }
+};
+async function handleAnalyzeTestCoverage(args, config) {
+  const input = AnalyzeTestCoverageInputSchema.parse(args);
+  const projectPath = input.path || config.smartstack.projectPath;
+  logger.info("Analyzing test coverage", { projectPath, scope: input.scope });
+  const structure = await findSmartStackStructure(projectPath);
+  const result = {
+    summary: { total: 0, tested: 0, coverage: 0 },
+    entities: { total: 0, tested: 0, coverage: 0, items: [], missingTests: [] },
+    services: { total: 0, tested: 0, coverage: 0, items: [], missingTests: [] },
+    controllers: { total: 0, tested: 0, coverage: 0, items: [], missingTests: [] },
+    missing: [],
+    recommendations: []
+  };
+  try {
+    if (input.scope === "all" || input.scope === "entity") {
+      await analyzeEntityCoverage(structure, result);
+    }
+    if (input.scope === "all" || input.scope === "service") {
+      await analyzeServiceCoverage(structure, result);
+    }
+    if (input.scope === "all" || input.scope === "controller") {
+      await analyzeControllerCoverage(structure, result);
+    }
+    result.summary.total = result.entities.total + result.services.total + result.controllers.total;
+    result.summary.tested = result.entities.tested + result.services.tested + result.controllers.tested;
+    result.summary.coverage = result.summary.total > 0 ? Math.round(result.summary.tested / result.summary.total * 100) : 0;
+    if (input.includeRecommendations) {
+      generateRecommendations(result);
+    }
+  } catch (error) {
+    logger.error("Error analyzing test coverage", error);
+    return `Error: ${error instanceof Error ? error.message : String(error)}`;
+  }
+  return formatCoverageResult(result, input.outputFormat);
+}
+async function analyzeEntityCoverage(structure, result) {
+  if (!structure.domain) {
+    result.recommendations.push("Domain layer not found - cannot analyze entity coverage");
+    return;
+  }
+  const entityFiles = await findFiles("**/*.cs", { cwd: structure.domain });
+  const entityNames = extractComponentNames(entityFiles, ["Entity", "Aggregate"]);
+  const testPath = path11.join(structure.root, "Tests", "Unit", "Domain");
+  let testFiles = [];
+  try {
+    testFiles = await findFiles("**/*Tests.cs", { cwd: testPath });
+  } catch {
+  }
+  const testedEntities = extractTestedNames(testFiles);
+  result.entities.total = entityNames.length;
+  result.entities.items = entityNames;
+  result.entities.tested = entityNames.filter((e) => testedEntities.includes(e)).length;
+  result.entities.coverage = result.entities.total > 0 ? Math.round(result.entities.tested / result.entities.total * 100) : 0;
+  result.entities.missingTests = entityNames.filter((e) => !testedEntities.includes(e));
+  for (const name of result.entities.missingTests) {
+    result.missing.push({
+      name,
+      type: "entity",
+      priority: determinePriority(name, "entity"),
+      recommendation: `Create unit tests for ${name} entity (factory methods, soft delete, audit trail)`,
+      suggestedTestFile: `Tests/Unit/Domain/${name}Tests.cs`
+    });
+  }
+}
+async function analyzeServiceCoverage(structure, result) {
+  if (!structure.application) {
+    result.recommendations.push("Application layer not found - cannot analyze service coverage");
+    return;
+  }
+  const serviceFiles = await findFiles("**/I*Service.cs", { cwd: structure.application });
+  const serviceNames = serviceFiles.map((f) => {
+    const basename = path11.basename(f, ".cs");
+    return basename.startsWith("I") ? basename.slice(1) : basename;
+  }).filter((n) => n.endsWith("Service")).map((n) => n.replace(/Service$/, ""));
+  const testPath = path11.join(structure.root, "Tests", "Unit", "Services");
+  let testFiles = [];
+  try {
+    testFiles = await findFiles("**/*ServiceTests.cs", { cwd: testPath });
+  } catch {
+  }
+  const testedServices = testFiles.map((f) => {
+    const basename = path11.basename(f, ".cs");
+    return basename.replace(/ServiceTests$/, "");
+  });
+  result.services.total = serviceNames.length;
+  result.services.items = serviceNames;
+  result.services.tested = serviceNames.filter((s) => testedServices.includes(s)).length;
+  result.services.coverage = result.services.total > 0 ? Math.round(result.services.tested / result.services.total * 100) : 0;
+  result.services.missingTests = serviceNames.filter((s) => !testedServices.includes(s));
+  for (const name of result.services.missingTests) {
+    result.missing.push({
+      name,
+      type: "service",
+      priority: determinePriority(name, "service"),
+      recommendation: `Create unit tests for ${name}Service (CRUD operations, business logic, error handling)`,
+      suggestedTestFile: `Tests/Unit/Services/${name}ServiceTests.cs`
+    });
+  }
+}
+async function analyzeControllerCoverage(structure, result) {
+  if (!structure.api) {
+    result.recommendations.push("API layer not found - cannot analyze controller coverage");
+    return;
+  }
+  const controllerFiles = await findFiles("**/*Controller.cs", { cwd: structure.api });
+  const controllerNames = controllerFiles.map((f) => {
+    const basename = path11.basename(f, ".cs");
+    return basename.replace(/Controller$/, "");
+  }).filter((n) => n !== "Base");
+  const testPath = path11.join(structure.root, "Tests", "Integration", "Controllers");
+  let testFiles = [];
+  try {
+    testFiles = await findFiles("**/*ControllerTests.cs", { cwd: testPath });
+  } catch {
+  }
+  const testedControllers = testFiles.map((f) => {
+    const basename = path11.basename(f, ".cs");
+    return basename.replace(/ControllerTests$/, "");
+  });
+  result.controllers.total = controllerNames.length;
+  result.controllers.items = controllerNames;
+  result.controllers.tested = controllerNames.filter((c) => testedControllers.includes(c)).length;
+  result.controllers.coverage = result.controllers.total > 0 ? Math.round(result.controllers.tested / result.controllers.total * 100) : 0;
+  result.controllers.missingTests = controllerNames.filter((c) => !testedControllers.includes(c));
+  for (const name of result.controllers.missingTests) {
+    result.missing.push({
+      name,
+      type: "controller",
+      priority: determinePriority(name, "controller"),
+      recommendation: `Create integration tests for ${name}Controller (HTTP status codes, authorization, validation)`,
+      suggestedTestFile: `Tests/Integration/Controllers/${name}ControllerTests.cs`
+    });
+  }
+}
+function extractComponentNames(files, excludeSuffixes = []) {
+  return files.map((f) => path11.basename(f, ".cs")).filter((name) => {
+    const excludePatterns = [
+      "Configuration",
+      "Extensions",
+      "Handler",
+      "Specification",
+      "Repository",
+      "Service",
+      "Controller",
+      "Dto",
+      "Validator",
+      ...excludeSuffixes
+    ];
+    return !excludePatterns.some((pattern) => name.endsWith(pattern));
+  }).filter((name) => !name.startsWith("I")).filter((name) => !name.startsWith("Base"));
+}
+function extractTestedNames(testFiles) {
+  return testFiles.map((f) => {
+    const basename = path11.basename(f, ".cs");
+    return basename.replace(/Tests$/, "");
+  });
+}
+function determinePriority(name, type) {
+  const criticalPatterns = ["User", "Auth", "Payment", "Order", "Tenant", "Security", "Permission", "Role"];
+  const highPatterns = ["Account", "Invoice", "Transaction", "Session", "Token", "Subscription"];
+  const nameLower = name.toLowerCase();
+  if (criticalPatterns.some((p) => nameLower.includes(p.toLowerCase()))) {
+    return "critical";
+  }
+  if (highPatterns.some((p) => nameLower.includes(p.toLowerCase()))) {
+    return "high";
+  }
+  if (type === "controller") {
+    return "high";
+  }
+  if (type === "service") {
+    return "medium";
+  }
+  return "medium";
+}
+function generateRecommendations(result) {
+  if (result.summary.coverage < 50) {
+    result.recommendations.push("CRITICAL: Overall test coverage is below 50%. Prioritize adding tests for critical components.");
+  } else if (result.summary.coverage < 80) {
+    result.recommendations.push("Test coverage is below recommended 80% threshold. Consider adding more tests.");
+  }
+  if (result.entities.coverage < 60) {
+    result.recommendations.push(`Entity coverage (${result.entities.coverage}%) is low. Focus on testing factory methods, soft delete, and audit trails.`);
+  }
+  if (result.services.coverage < 70) {
+    result.recommendations.push(`Service coverage (${result.services.coverage}%) is low. Ensure CRUD operations and business logic are tested.`);
+  }
+  if (result.controllers.coverage < 80) {
+    result.recommendations.push(`Controller coverage (${result.controllers.coverage}%) is low. Add integration tests for HTTP endpoints.`);
+  }
+  const criticalMissing = result.missing.filter((m) => m.priority === "critical");
+  if (criticalMissing.length > 0) {
+    result.recommendations.push(`${criticalMissing.length} CRITICAL component(s) have no tests: ${criticalMissing.map((m) => m.name).join(", ")}`);
+  }
+  const securityComponents = result.missing.filter(
+    (m) => m.name.toLowerCase().includes("auth") || m.name.toLowerCase().includes("security") || m.name.toLowerCase().includes("permission")
+  );
+  if (securityComponents.length > 0) {
+    result.recommendations.push(`Security-sensitive components without tests: ${securityComponents.map((m) => m.name).join(", ")}. Add security tests immediately.`);
+  }
+}
+function formatCoverageResult(result, format) {
+  if (format === "json") {
+    return JSON.stringify(result, null, 2);
+  }
+  const lines = [];
+  lines.push("# Test Coverage Analysis");
+  lines.push("");
+  const coverageEmoji = result.summary.coverage >= 80 ? "\u2705" : result.summary.coverage >= 50 ? "\u26A0\uFE0F" : "\u274C";
+  lines.push("## Summary");
+  lines.push("");
+  lines.push(`| Metric | Value |`);
+  lines.push(`|--------|-------|`);
+  lines.push(`| **Overall Coverage** | ${coverageEmoji} ${result.summary.coverage}% (${result.summary.tested}/${result.summary.total}) |`);
+  lines.push(`| Entities | ${formatCoverageCell(result.entities)} |`);
+  lines.push(`| Services | ${formatCoverageCell(result.services)} |`);
+  lines.push(`| Controllers | ${formatCoverageCell(result.controllers)} |`);
+  lines.push("");
+  if (format === "detailed") {
+    if (result.entities.missingTests.length > 0) {
+      lines.push("## Missing Entity Tests");
+      lines.push("");
+      for (const name of result.entities.missingTests) {
+        lines.push(`- [ ] ${name}`);
+      }
+      lines.push("");
+    }
+    if (result.services.missingTests.length > 0) {
+      lines.push("## Missing Service Tests");
+      lines.push("");
+      for (const name of result.services.missingTests) {
+        lines.push(`- [ ] ${name}Service`);
+      }
+      lines.push("");
+    }
+    if (result.controllers.missingTests.length > 0) {
+      lines.push("## Missing Controller Tests");
+      lines.push("");
+      for (const name of result.controllers.missingTests) {
+        lines.push(`- [ ] ${name}Controller`);
+      }
+      lines.push("");
+    }
+  }
+  if (result.missing.length > 0) {
+    lines.push("## Missing Tests (By Priority)");
+    lines.push("");
+    const priorities = ["critical", "high", "medium", "low"];
+    for (const priority of priorities) {
+      const items = result.missing.filter((m) => m.priority === priority);
+      if (items.length > 0) {
+        const emoji = priority === "critical" ? "\u{1F534}" : priority === "high" ? "\u{1F7E0}" : priority === "medium" ? "\u{1F7E1}" : "\u{1F7E2}";
+        lines.push(`### ${emoji} ${priority.charAt(0).toUpperCase() + priority.slice(1)} Priority`);
+        lines.push("");
+        lines.push("| Component | Type | Suggested Test File |");
+        lines.push("|-----------|------|---------------------|");
+        for (const item of items) {
+          lines.push(`| ${item.name} | ${item.type} | \`${item.suggestedTestFile}\` |`);
+        }
+        lines.push("");
+      }
+    }
+  }
+  if (result.recommendations.length > 0) {
+    lines.push("## Recommendations");
+    lines.push("");
+    for (const rec of result.recommendations) {
+      const emoji = rec.includes("CRITICAL") ? "\u{1F534}" : rec.includes("low") ? "\u26A0\uFE0F" : "\u{1F4A1}";
+      lines.push(`${emoji} ${rec}`);
+      lines.push("");
+    }
+  }
+  lines.push("## Quick Actions");
+  lines.push("");
+  lines.push("Generate tests for missing components using:");
+  lines.push("");
+  if (result.missing.length > 0) {
+    const firstMissing = result.missing[0];
+    lines.push("```");
+    lines.push(`scaffold_tests(target: "${firstMissing.type}", name: "${firstMissing.name}")`);
+    lines.push("```");
+  }
+  lines.push("");
+  return lines.join("\n");
+}
+function formatCoverageCell(category) {
+  const emoji = category.coverage >= 80 ? "\u2705" : category.coverage >= 50 ? "\u26A0\uFE0F" : "\u274C";
+  return `${emoji} ${category.coverage}% (${category.tested}/${category.total})`;
+}
+
+// src/tools/validate-test-conventions.ts
+import path12 from "path";
+var validateTestConventionsTool = {
+  name: "validate_test_conventions",
+  description: "Validate that tests in a SmartStack project follow conventions: naming ({Method}_When{Condition}_Should{Result}), structure (Tests/Unit, Tests/Integration), patterns (AAA), assertions (FluentAssertions), and mocking (Moq).",
+  inputSchema: {
+    type: "object",
+    properties: {
+      path: {
+        type: "string",
+        description: "Project path to validate (default: configured SmartStack path)"
+      },
+      checks: {
+        type: "array",
+        items: {
+          type: "string",
+          enum: ["naming", "structure", "patterns", "assertions", "mocking", "all"]
+        },
+        default: ["all"],
+        description: "Types of convention checks to perform"
+      },
+      autoFix: {
+        type: "boolean",
+        default: false,
+        description: "Automatically fix minor issues (naming only)"
+      }
+    }
+  }
+};
+var PATTERNS = {
+  // Test method naming: MethodName_WhenCondition_ShouldExpectedResult
+  testMethodNaming: /^(\w+)_When(\w+)_Should(\w+)$/,
+  // Alternative valid patterns
+  testMethodNamingAlt: /^(\w+)_Should(\w+)_When(\w+)$/,
+  // Fact/Theory attributes
+  factAttribute: /\[Fact\]/,
+  theoryAttribute: /\[Theory\]/,
+  // AAA pattern comments
+  arrangeComment: /\/\/\s*Arrange/i,
+  actComment: /\/\/\s*Act/i,
+  assertComment: /\/\/\s*Assert/i,
+  // FluentAssertions
+  fluentAssertions: /\.Should\(\)/,
+  // Moq
+  moqUsage: /new Mock<|Mock<\w+>/,
+  moqSetup: /\.Setup\(|\.Verify\(/,
+  // Test class naming
+  testClassNaming: /public class (\w+)Tests/,
+  // xUnit patterns
+  asyncTestMethod: /public async Task (\w+)/,
+  syncTestMethod: /public void (\w+)/
+};
+async function handleValidateTestConventions(args, config) {
+  const input = ValidateTestConventionsInputSchema.parse(args);
+  const projectPath = input.path || config.smartstack.projectPath;
+  const checks = input.checks.includes("all") ? ["naming", "structure", "patterns", "assertions", "mocking"] : input.checks;
+  logger.info("Validating test conventions", { projectPath, checks });
+  const structure = await findSmartStackStructure(projectPath);
+  const result = {
+    valid: true,
+    violations: [],
+    suggestions: [],
+    autoFixedCount: 0
+  };
+  const testsPath = path12.join(structure.root, "Tests");
+  try {
+    let testFiles = [];
+    try {
+      testFiles = await findFiles("**/*Tests.cs", { cwd: testsPath });
+    } catch {
+      result.suggestions.push("No Tests directory found. Create a Tests project with Unit and Integration subdirectories.");
+      return formatValidationResult(result);
+    }
+    if (testFiles.length === 0) {
+      result.suggestions.push("No test files found. Create test files following the pattern {ComponentName}Tests.cs");
+      return formatValidationResult(result);
+    }
+    if (checks.includes("structure")) {
+      await validateStructure(testsPath, testFiles, result);
+    }
+    for (const testFile of testFiles) {
+      const fullPath = path12.join(testsPath, testFile);
+      const content = await readText(fullPath);
+      if (checks.includes("naming")) {
+        validateNaming(testFile, content, result, input.autoFix);
+      }
+      if (checks.includes("patterns")) {
+        validatePatterns(testFile, content, result);
+      }
+      if (checks.includes("assertions")) {
+        validateAssertions(testFile, content, result);
+      }
+      if (checks.includes("mocking")) {
+        validateMocking(testFile, content, result);
+      }
+    }
+    result.valid = result.violations.filter((v) => v.severity === "error").length === 0;
+  } catch (error) {
+    logger.error("Error validating test conventions", error);
+    return `Error: ${error instanceof Error ? error.message : String(error)}`;
+  }
+  return formatValidationResult(result);
+}
+async function validateStructure(testsPath, testFiles, result) {
+  const expectedDirs = ["Unit", "Integration"];
+  const foundDirs = /* @__PURE__ */ new Set();
+  for (const file of testFiles) {
+    const parts = file.split(path12.sep);
+    if (parts.length > 1) {
+      foundDirs.add(parts[0]);
+    }
+  }
+  for (const dir of expectedDirs) {
+    if (!foundDirs.has(dir)) {
+      result.violations.push({
+        type: "structure",
+        severity: "warning",
+        file: testsPath,
+        message: `Missing expected directory: Tests/${dir}`,
+        suggestion: `Create Tests/${dir} directory for ${dir.toLowerCase()} tests`,
+        autoFixable: false
+      });
+    }
+  }
+  const hasUnitDomain = testFiles.some((f) => f.includes(path12.join("Unit", "Domain")));
+  const hasIntegrationControllers = testFiles.some((f) => f.includes(path12.join("Integration", "Controllers")));
+  if (!hasUnitDomain && testFiles.some((f) => f.includes("Unit"))) {
+    result.suggestions.push("Consider organizing unit tests into subdirectories: Unit/Domain, Unit/Services, Unit/Validators");
+  }
+  if (!hasIntegrationControllers && testFiles.some((f) => f.includes("Integration"))) {
+    result.suggestions.push("Consider organizing integration tests into subdirectories: Integration/Controllers, Integration/Repositories");
+  }
+  const hasSecurityTests = testFiles.some((f) => f.includes("Security"));
+  if (!hasSecurityTests) {
+    result.suggestions.push("Consider adding a Tests/Security directory for security-focused tests");
+  }
+}
+function validateNaming(testFile, content, result, _autoFix) {
+  const classMatch = content.match(/public class (\w+)/);
+  if (classMatch) {
+    const className = classMatch[1];
+    if (!className.endsWith("Tests")) {
+      result.violations.push({
+        type: "naming",
+        severity: "error",
+        file: testFile,
+        message: `Test class '${className}' should end with 'Tests'`,
+        suggestion: `Rename to '${className}Tests'`,
+        autoFixable: true
+      });
+    }
+  }
+  const methodMatches = content.matchAll(/\[(Fact|Theory)\]\s*\n\s*public (?:async Task|void) (\w+)\(/g);
+  for (const match of methodMatches) {
+    const methodName = match[2];
+    const isValidName = PATTERNS.testMethodNaming.test(methodName) || PATTERNS.testMethodNamingAlt.test(methodName);
+    if (!isValidName) {
+      if (methodName.includes("Test") && !methodName.includes("_")) {
+        result.violations.push({
+          type: "naming",
+          severity: "warning",
+          file: testFile,
+          message: `Test method '${methodName}' doesn't follow naming convention`,
+          suggestion: `Rename to format: {Method}_When{Condition}_Should{Result} (e.g., GetById_WhenExists_ShouldReturnEntity)`,
+          autoFixable: false
+        });
+      } else if (!methodName.includes("_")) {
+        result.violations.push({
+          type: "naming",
+          severity: "warning",
+          file: testFile,
+          message: `Test method '${methodName}' should use underscores to separate parts`,
+          suggestion: `Use format: {Method}_When{Condition}_Should{Result}`,
+          autoFixable: false
+        });
+      }
+    }
+  }
+}
+function validatePatterns(testFile, content, result) {
+  const methodBlocks = content.matchAll(/\[(Fact|Theory)\][^\[]*?public (?:async Task|void) \w+\([^)]*\)\s*\{([^}]+)\}/gs);
+  for (const match of methodBlocks) {
+    const methodBody = match[2];
+    const hasArrange = PATTERNS.arrangeComment.test(methodBody);
+    const hasAct = PATTERNS.actComment.test(methodBody);
+    const hasAssert = PATTERNS.assertComment.test(methodBody);
+    if (!hasArrange && !hasAct && !hasAssert && methodBody.split("\n").length > 3) {
+      result.violations.push({
+        type: "pattern",
+        severity: "warning",
+        file: testFile,
+        message: "Test method missing AAA (Arrange-Act-Assert) comments",
+        suggestion: "Add // Arrange, // Act, // Assert comments to improve readability",
+        autoFixable: false
+      });
+      break;
+    }
+  }
+  const asyncMethods = content.matchAll(/public async Task (\w+)\([^)]*\)\s*\{([^}]+)\}/gs);
+  for (const match of asyncMethods) {
+    const methodName = match[1];
+    const methodBody = match[2];
+    if (!methodBody.includes("await")) {
+      result.violations.push({
+        type: "pattern",
+        severity: "warning",
+        file: testFile,
+        message: `Async test method '${methodName}' doesn't contain 'await'`,
+        suggestion: "Either add await or change to synchronous void method",
+        autoFixable: false
+      });
+    }
+  }
+}
+function validateAssertions(testFile, content, result) {
+  const hasFluentAssertions = PATTERNS.fluentAssertions.test(content);
+  const hasXunitAssert = /Assert\.\w+\(/.test(content);
+  if (hasXunitAssert && !hasFluentAssertions) {
+    result.violations.push({
+      type: "assertion",
+      severity: "warning",
+      file: testFile,
+      message: "Using xUnit Assert instead of FluentAssertions",
+      suggestion: "Replace Assert.Equal(expected, actual) with actual.Should().Be(expected)",
+      autoFixable: false
+    });
+  }
+  if (hasFluentAssertions) {
+    if (content.includes(".Should().NotBe(null)")) {
+      result.violations.push({
+        type: "assertion",
+        severity: "warning",
+        file: testFile,
+        message: "Use .Should().NotBeNull() instead of .Should().NotBe(null)",
+        suggestion: "Replace .Should().NotBe(null) with .Should().NotBeNull()",
+        autoFixable: true
+      });
+    }
+    if (content.includes(".Should().Throw<") && content.includes("async")) {
+      if (!content.includes(".Should().ThrowAsync<")) {
+        result.suggestions.push("Use .Should().ThrowAsync<T>() for async exception testing");
+      }
+    }
+  }
+  const methodBlocks = content.matchAll(/\[(Fact|Theory)\][^\[]*?public (?:async Task|void) (\w+)\([^)]*\)\s*\{([^}]+)\}/gs);
+  for (const match of methodBlocks) {
+    const methodName = match[2];
+    const methodBody = match[3];
+    const hasAssertion = methodBody.includes(".Should()") || methodBody.includes("Assert.") || methodBody.includes("Verify(") || methodBody.includes("VerifyAll()");
+    if (!hasAssertion) {
+      result.violations.push({
+        type: "assertion",
+        severity: "error",
+        file: testFile,
+        message: `Test method '${methodName}' has no assertions`,
+        suggestion: "Add at least one assertion to verify expected behavior",
+        autoFixable: false
+      });
+    }
+  }
+}
+function validateMocking(testFile, content, result) {
+  const hasMoq = PATTERNS.moqUsage.test(content);
+  if (hasMoq) {
+    if (content.includes("new Mock<") && !content.includes(".Setup(")) {
+      result.violations.push({
+        type: "mocking",
+        severity: "warning",
+        file: testFile,
+        message: "Mock objects created but no Setup() calls found",
+        suggestion: "Add .Setup() calls to define mock behavior",
+        autoFixable: false
+      });
+    }
+    const hasSetup = content.includes(".Setup(");
+    const hasVerify = content.includes(".Verify(") || content.includes(".VerifyAll()");
+    if (hasSetup && !hasVerify) {
+      result.suggestions.push(`Consider adding .Verify() calls in ${testFile} to verify mock interactions`);
+    }
+    if (content.includes("MockBehavior.Strict")) {
+      result.suggestions.push("Using MockBehavior.Strict - ensure all mock calls are set up");
+    }
+  }
+  if (testFile.includes("Controller")) {
+    if (!hasMoq && !content.includes("WebApplicationFactory")) {
+      result.violations.push({
+        type: "mocking",
+        severity: "warning",
+        file: testFile,
+        message: "Controller tests should use mocking or WebApplicationFactory",
+        suggestion: "Use Moq for unit tests or WebApplicationFactory for integration tests",
+        autoFixable: false
+      });
+    }
+  }
+}
+function formatValidationResult(result) {
+  const lines = [];
+  lines.push("# Test Convention Validation");
+  lines.push("");
+  const status = result.valid ? "\u2705 PASSED" : "\u274C FAILED";
+  const errorCount = result.violations.filter((v) => v.severity === "error").length;
+  const warningCount = result.violations.filter((v) => v.severity === "warning").length;
+  lines.push("## Summary");
+  lines.push("");
+  lines.push(`| Status | ${status} |`);
+  lines.push("|--------|----------|");
+  lines.push(`| Errors | ${errorCount} |`);
+  lines.push(`| Warnings | ${warningCount} |`);
+  if (result.autoFixedCount > 0) {
+    lines.push(`| Auto-fixed | ${result.autoFixedCount} |`);
+  }
+  lines.push("");
+  if (result.violations.length > 0) {
+    lines.push("## Violations");
+    lines.push("");
+    const byType = /* @__PURE__ */ new Map();
+    for (const v of result.violations) {
+      const existing = byType.get(v.type) || [];
+      existing.push(v);
+      byType.set(v.type, existing);
+    }
+    for (const [type, violations] of byType) {
+      lines.push(`### ${type.charAt(0).toUpperCase() + type.slice(1)} Violations`);
+      lines.push("");
+      for (const v of violations) {
+        const emoji = v.severity === "error" ? "\u274C" : "\u26A0\uFE0F";
+        lines.push(`${emoji} **${v.file}**`);
+        lines.push(`  - ${v.message}`);
+        lines.push(`  - \u{1F4A1} ${v.suggestion}`);
+        if (v.autoFixable) {
+          lines.push(`  - \u{1F527} Auto-fixable`);
+        }
+        lines.push("");
+      }
+    }
+  }
+  if (result.suggestions.length > 0) {
+    lines.push("## Suggestions");
+    lines.push("");
+    for (const suggestion of result.suggestions) {
+      lines.push(`\u{1F4A1} ${suggestion}`);
+      lines.push("");
+    }
+  }
+  lines.push("## SmartStack Test Conventions");
+  lines.push("");
+  lines.push("### Naming");
+  lines.push("- Files: `{ComponentName}Tests.cs`");
+  lines.push("- Classes: `{ComponentName}Tests`");
+  lines.push("- Methods: `{MethodName}_When{Condition}_Should{ExpectedResult}`");
+  lines.push("");
+  lines.push("### Structure");
+  lines.push("```");
+  lines.push("Tests/");
+  lines.push("\u251C\u2500\u2500 Unit/");
+  lines.push("\u2502   \u251C\u2500\u2500 Domain/");
+  lines.push("\u2502   \u251C\u2500\u2500 Services/");
+  lines.push("\u2502   \u2514\u2500\u2500 Validators/");
+  lines.push("\u251C\u2500\u2500 Integration/");
+  lines.push("\u2502   \u251C\u2500\u2500 Controllers/");
+  lines.push("\u2502   \u2514\u2500\u2500 Repositories/");
+  lines.push("\u2514\u2500\u2500 Security/");
+  lines.push("```");
+  lines.push("");
+  lines.push("### Pattern (AAA)");
+  lines.push("```csharp");
+  lines.push("[Fact]");
+  lines.push("public async Task GetById_WhenExists_ShouldReturnEntity()");
+  lines.push("{");
+  lines.push("    // Arrange");
+  lines.push("    var id = Guid.NewGuid();");
+  lines.push("");
+  lines.push("    // Act");
+  lines.push("    var result = await _sut.GetByIdAsync(id);");
+  lines.push("");
+  lines.push("    // Assert");
+  lines.push("    result.Should().NotBeNull();");
+  lines.push("}");
+  lines.push("```");
+  lines.push("");
+  return lines.join("\n");
+}
+
+// src/tools/suggest-test-scenarios.ts
+import path13 from "path";
+var suggestTestScenariosTool = {
+  name: "suggest_test_scenarios",
+  description: "Analyze source code and suggest test scenarios based on detected methods, parameters, and patterns. Generates comprehensive test case recommendations for SmartStack components.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      target: {
+        type: "string",
+        enum: ["entity", "service", "controller", "file"],
+        description: "Type of target to analyze"
+      },
+      name: {
+        type: "string",
+        description: "Component name or file path"
+      },
+      depth: {
+        type: "string",
+        enum: ["basic", "comprehensive", "security-focused"],
+        default: "comprehensive",
+        description: "Depth of analysis"
+      }
+    },
+    required: ["target", "name"]
+  }
+};
+var PATTERNS2 = {
+  // Method signatures
+  publicMethod: /public\s+(?:async\s+)?(?:Task<)?(\w+)>?\s+(\w+)\s*\(([^)]*)\)/g,
+  // Parameter extraction
+  parameter: /(?:(\w+)\s+)?(\w+)\s+(\w+)(?:\s*=\s*([^,)]+))?/g,
+  // Property
+  property: /public\s+(?:virtual\s+)?(\w+)\??\s+(\w+)\s*\{\s*get;/g,
+  // Validation attributes
+  validationAttribute: /\[(Required|MaxLength|MinLength|Range|EmailAddress|Phone|Url|RegularExpression)\s*(?:\(([^)]*)\))?\]/g,
+  // Entity patterns
+  baseEntity: /:\s*(?:BaseEntity|SystemEntity)/,
+  tenantEntity: /ITenantEntity/,
+  // Factory method
+  factoryMethod: /public\s+static\s+\w+\s+Create\s*\(/,
+  // Soft delete
+  softDelete: /public\s+void\s+SoftDelete/
+};
+async function handleSuggestTestScenarios(args, config) {
+  const input = SuggestTestScenariosInputSchema.parse(args);
+  logger.info("Suggesting test scenarios", { target: input.target, name: input.name, depth: input.depth });
+  const structure = await findSmartStackStructure(config.smartstack.projectPath);
+  const result = {
+    target: input.name,
+    targetType: input.target,
+    detectedMethods: [],
+    scenarios: [],
+    coverage: {
+      happyPath: 0,
+      validation: 0,
+      errorHandling: 0,
+      security: 0,
+      edgeCases: 0
+    }
+  };
+  try {
+    const sourceFile = await findSourceFile(input.target, input.name, structure, config);
+    if (!sourceFile) {
+      return `Error: Could not find ${input.target} '${input.name}'`;
+    }
+    const content = await readText(sourceFile);
+    result.detectedMethods = parseSourceCode(content);
+    result.scenarios = generateScenarios(
+      result.detectedMethods,
+      content,
+      input.target,
+      input.depth
+    );
+    calculateCoverageDistribution(result);
+  } catch (error) {
+    logger.error("Error suggesting test scenarios", error);
+    return `Error: ${error instanceof Error ? error.message : String(error)}`;
+  }
+  return formatScenariosResult(result, input.depth);
+}
+async function findSourceFile(target, name, structure, _config) {
+  let searchPath;
+  let pattern;
+  switch (target) {
+    case "entity":
+      searchPath = structure.domain || structure.root;
+      pattern = `**/${name}.cs`;
+      break;
+    case "service":
+      searchPath = structure.application || structure.root;
+      pattern = `**/${name}Service.cs`;
+      break;
+    case "controller":
+      searchPath = structure.api || structure.root;
+      pattern = `**/${name}Controller.cs`;
+      break;
+    case "file":
+      return path13.isAbsolute(name) ? name : path13.join(structure.root, name);
+    default:
+      return null;
+  }
+  const files = await findFiles(pattern, { cwd: searchPath });
+  if (files.length === 0) {
+    const altPattern = `**/*${name}*.cs`;
+    const altFiles = await findFiles(altPattern, { cwd: searchPath });
+    if (altFiles.length > 0) {
+      return path13.join(searchPath, altFiles[0]);
+    }
+    return null;
+  }
+  return path13.join(searchPath, files[0]);
+}
+function parseSourceCode(content) {
+  const methods = [];
+  PATTERNS2.publicMethod.lastIndex = 0;
+  let match;
+  while ((match = PATTERNS2.publicMethod.exec(content)) !== null) {
+    const returnType = match[1];
+    const methodName = match[2];
+    const parametersStr = match[3];
+    const parameters = [];
+    if (parametersStr.trim()) {
+      const params = parametersStr.split(",");
+      for (const param of params) {
+        const trimmed = param.trim();
+        if (trimmed) {
+          const parts = trimmed.split(/\s+/);
+          if (parts.length >= 2) {
+            parameters.push(`${parts[parts.length - 2]} ${parts[parts.length - 1]}`);
+          }
+        }
+      }
+    }
+    const isAsync = content.substring(Math.max(0, match.index - 20), match.index).includes("async");
+    const isPublic = content.substring(Math.max(0, match.index - 20), match.index).includes("public");
+    if (isPublic && !methodName.startsWith("get_") && !methodName.startsWith("set_")) {
+      methods.push({
+        name: methodName,
+        returnType,
+        parameters,
+        isAsync,
+        visibility: "public"
+      });
+    }
+  }
+  return methods;
+}
+function generateScenarios(methods, content, target, depth) {
+  const scenarios = [];
+  const isEntity = PATTERNS2.baseEntity.test(content);
+  const hasTenant = PATTERNS2.tenantEntity.test(content);
+  const hasFactoryMethod = PATTERNS2.factoryMethod.test(content);
+  const hasSoftDelete = PATTERNS2.softDelete.test(content);
+  for (const method of methods) {
+    const methodScenarios = generateMethodScenarios(
+      method,
+      { isEntity, hasTenant, hasFactoryMethod, hasSoftDelete },
+      target,
+      depth
+    );
+    scenarios.push(...methodScenarios);
+  }
+  if (isEntity && target === "entity") {
+    scenarios.push(...generateEntityScenarios(content, hasTenant, hasSoftDelete, depth));
+  }
+  if (depth !== "basic") {
+    scenarios.push(...generateSecurityScenarios(methods, hasTenant, target));
+  }
+  return scenarios;
+}
+function generateMethodScenarios(method, patterns, _target, depth) {
+  const scenarios = [];
+  const methodLower = method.name.toLowerCase();
+  scenarios.push({
+    methodName: method.name,
+    scenarioName: "Happy Path",
+    description: `Test ${method.name} with valid data`,
+    type: "happy-path",
+    priority: "critical",
+    testMethodName: `${method.name}_WhenValidData_ShouldSucceed`,
+    assertions: generateAssertions(method, "happy-path")
+  });
+  if (methodLower.includes("getbyid") || methodLower.includes("get")) {
+    scenarios.push({
+      methodName: method.name,
+      scenarioName: "Not Found",
+      description: `Test ${method.name} when entity does not exist`,
+      type: "error-handling",
+      priority: "high",
+      testMethodName: `${method.name}_WhenNotExists_ShouldReturnNull`,
+      assertions: ["result.Should().BeNull()"]
+    });
+  }
+  if (methodLower.includes("create") || methodLower.includes("add")) {
+    scenarios.push({
+      methodName: method.name,
+      scenarioName: "Validation Failure",
+      description: `Test ${method.name} with invalid data`,
+      type: "validation",
+      priority: "high",
+      testMethodName: `${method.name}_WhenInvalidData_ShouldThrow`,
+      assertions: ["act.Should().ThrowAsync<ValidationException>()"]
+    });
+    if (patterns.hasTenant) {
+      scenarios.push({
+        methodName: method.name,
+        scenarioName: "Missing Tenant",
+        description: `Test ${method.name} without tenant context`,
+        type: "security",
+        priority: "critical",
+        testMethodName: `${method.name}_WhenNoTenant_ShouldThrow`,
+        assertions: ["act.Should().ThrowAsync<ArgumentException>()"]
+      });
+    }
+  }
+  if (methodLower.includes("update")) {
+    scenarios.push({
+      methodName: method.name,
+      scenarioName: "Not Found",
+      description: `Test ${method.name} when entity does not exist`,
+      type: "error-handling",
+      priority: "high",
+      testMethodName: `${method.name}_WhenNotExists_ShouldThrow`,
+      assertions: ["act.Should().ThrowAsync<InvalidOperationException>()"]
+    });
+    if (depth !== "basic") {
+      scenarios.push({
+        methodName: method.name,
+        scenarioName: "Concurrent Update",
+        description: `Test ${method.name} with concurrent modification`,
+        type: "edge-case",
+        priority: "medium",
+        testMethodName: `${method.name}_WhenConcurrentUpdate_ShouldHandleConflict`,
+        assertions: ["Should handle DbUpdateConcurrencyException"]
+      });
+    }
+  }
+  if (methodLower.includes("delete")) {
+    scenarios.push({
+      methodName: method.name,
+      scenarioName: "Not Found",
+      description: `Test ${method.name} when entity does not exist`,
+      type: "error-handling",
+      priority: "high",
+      testMethodName: `${method.name}_WhenNotExists_ShouldReturnFalse`,
+      assertions: ["result.Should().BeFalse()"]
+    });
+    if (patterns.hasSoftDelete) {
+      scenarios.push({
+        methodName: method.name,
+        scenarioName: "Soft Delete",
+        description: `Verify ${method.name} performs soft delete`,
+        type: "happy-path",
+        priority: "high",
+        testMethodName: `${method.name}_WhenCalled_ShouldSoftDelete`,
+        assertions: ["entity.IsDeleted.Should().BeTrue()", "entity.DeletedAt.Should().NotBeNull()"]
+      });
+    }
+  }
+  if (method.isAsync && depth !== "basic") {
+    scenarios.push({
+      methodName: method.name,
+      scenarioName: "Cancellation",
+      description: `Test ${method.name} with cancellation token`,
+      type: "edge-case",
+      priority: "low",
+      testMethodName: `${method.name}_WhenCancelled_ShouldThrowOperationCancelled`,
+      assertions: ["act.Should().ThrowAsync<OperationCanceledException>()"]
+    });
+  }
+  return scenarios;
+}
+function generateEntityScenarios(content, hasTenant, hasSoftDelete, depth) {
+  const scenarios = [];
+  if (PATTERNS2.factoryMethod.test(content)) {
+    scenarios.push({
+      methodName: "Create",
+      scenarioName: "Factory Method",
+      description: "Test entity creation via factory method",
+      type: "happy-path",
+      priority: "critical",
+      testMethodName: "Create_WhenValidData_ShouldCreateEntity",
+      assertions: [
+        "entity.Should().NotBeNull()",
+        "entity.Id.Should().NotBeEmpty()",
+        "entity.CreatedAt.Should().BeCloseTo(DateTime.UtcNow)"
+      ]
+    });
+    if (hasTenant) {
+      scenarios.push({
+        methodName: "Create",
+        scenarioName: "Invalid Tenant",
+        description: "Test entity creation with empty tenant ID",
+        type: "validation",
+        priority: "critical",
+        testMethodName: "Create_WhenEmptyTenantId_ShouldThrow",
+        assertions: ["act.Should().Throw<ArgumentException>()"]
+      });
+    }
+  }
+  if (hasSoftDelete) {
+    scenarios.push({
+      methodName: "SoftDelete",
+      scenarioName: "Soft Delete",
+      description: "Test soft delete sets IsDeleted and DeletedAt",
+      type: "happy-path",
+      priority: "high",
+      testMethodName: "SoftDelete_WhenCalled_ShouldSetDeletedFields",
+      assertions: [
+        "entity.IsDeleted.Should().BeTrue()",
+        "entity.DeletedAt.Should().NotBeNull()",
+        "entity.DeletedBy.Should().Be(deletedBy)"
+      ]
+    });
+    if (depth !== "basic") {
+      scenarios.push({
+        methodName: "Restore",
+        scenarioName: "Restore After Delete",
+        description: "Test restoring a soft-deleted entity",
+        type: "happy-path",
+        priority: "medium",
+        testMethodName: "Restore_WhenSoftDeleted_ShouldClearDeletedFields",
+        assertions: [
+          "entity.IsDeleted.Should().BeFalse()",
+          "entity.DeletedAt.Should().BeNull()"
+        ]
+      });
+    }
+  }
+  if (depth !== "basic") {
+    scenarios.push({
+      methodName: "Update",
+      scenarioName: "Audit Trail",
+      description: "Test that Update sets audit fields",
+      type: "happy-path",
+      priority: "medium",
+      testMethodName: "Update_WhenCalled_ShouldSetAuditFields",
+      assertions: [
+        "entity.UpdatedAt.Should().NotBeNull()",
+        "entity.UpdatedBy.Should().Be(updatedBy)",
+        "entity.CreatedAt.Should().Be(originalCreatedAt)"
+      ]
+    });
+  }
+  return scenarios;
+}
+function generateSecurityScenarios(_methods, hasTenant, _target) {
+  const scenarios = [];
+  if (hasTenant) {
+    scenarios.push({
+      methodName: "TenantIsolation",
+      scenarioName: "Cross-Tenant Access",
+      description: "Test that entities from other tenants are not accessible",
+      type: "security",
+      priority: "critical",
+      testMethodName: "GetById_WhenDifferentTenant_ShouldReturnNull",
+      assertions: ["result.Should().BeNull()"]
+    });
+  }
+  if (_target === "controller") {
+    scenarios.push({
+      methodName: "Authorization",
+      scenarioName: "Unauthorized Access",
+      description: "Test that unauthorized requests are rejected",
+      type: "security",
+      priority: "critical",
+      testMethodName: "GetAll_WhenUnauthorized_ShouldReturn401",
+      assertions: ["response.StatusCode.Should().Be(HttpStatusCode.Unauthorized)"]
+    });
+    scenarios.push({
+      methodName: "InputValidation",
+      scenarioName: "SQL Injection",
+      description: "Test that SQL injection attempts are handled",
+      type: "security",
+      priority: "high",
+      testMethodName: "Create_WhenSqlInjectionAttempt_ShouldSanitize",
+      assertions: ["Should not execute malicious SQL"]
+    });
+    scenarios.push({
+      methodName: "InputValidation",
+      scenarioName: "XSS Prevention",
+      description: "Test that XSS attempts are handled",
+      type: "security",
+      priority: "high",
+      testMethodName: "Create_WhenXssAttempt_ShouldSanitize",
+      assertions: ["Should not store or return script tags"]
+    });
+  }
+  return scenarios;
+}
+function generateAssertions(method, type) {
+  const assertions = [];
+  if (type === "happy-path") {
+    if (method.returnType === "void" || method.returnType === "Task") {
+      assertions.push("Should complete without exception");
+    } else if (method.returnType.includes("bool") || method.returnType === "Boolean") {
+      assertions.push("result.Should().BeTrue()");
+    } else {
+      assertions.push("result.Should().NotBeNull()");
+    }
+  }
+  return assertions;
+}
+function calculateCoverageDistribution(result) {
+  const total = result.scenarios.length;
+  if (total === 0) return;
+  const counts = {
+    happyPath: result.scenarios.filter((s) => s.type === "happy-path").length,
+    validation: result.scenarios.filter((s) => s.type === "validation").length,
+    errorHandling: result.scenarios.filter((s) => s.type === "error-handling").length,
+    security: result.scenarios.filter((s) => s.type === "security").length,
+    edgeCases: result.scenarios.filter((s) => s.type === "edge-case" || s.type === "performance").length
+  };
+  result.coverage = {
+    happyPath: Math.round(counts.happyPath / total * 100),
+    validation: Math.round(counts.validation / total * 100),
+    errorHandling: Math.round(counts.errorHandling / total * 100),
+    security: Math.round(counts.security / total * 100),
+    edgeCases: Math.round(counts.edgeCases / total * 100)
+  };
+}
+function formatScenariosResult(result, depth) {
+  const lines = [];
+  lines.push(`# Test Scenarios for ${result.target}`);
+  lines.push("");
+  lines.push(`> Analysis depth: **${depth}**`);
+  lines.push("");
+  if (result.detectedMethods.length > 0) {
+    lines.push("## Detected Methods");
+    lines.push("");
+    lines.push("| Method | Return Type | Parameters | Async |");
+    lines.push("|--------|-------------|------------|-------|");
+    for (const method of result.detectedMethods) {
+      const params = method.parameters.length > 0 ? method.parameters.join(", ") : "none";
+      lines.push(`| ${method.name} | ${method.returnType} | ${params} | ${method.isAsync ? "Yes" : "No"} |`);
+    }
+    lines.push("");
+  }
+  lines.push("## Scenario Coverage Distribution");
+  lines.push("");
+  lines.push("```");
+  lines.push(`Happy Path:     ${"\u2588".repeat(Math.floor(result.coverage.happyPath / 5))}${"\u2591".repeat(20 - Math.floor(result.coverage.happyPath / 5))} ${result.coverage.happyPath}%`);
+  lines.push(`Validation:     ${"\u2588".repeat(Math.floor(result.coverage.validation / 5))}${"\u2591".repeat(20 - Math.floor(result.coverage.validation / 5))} ${result.coverage.validation}%`);
+  lines.push(`Error Handling: ${"\u2588".repeat(Math.floor(result.coverage.errorHandling / 5))}${"\u2591".repeat(20 - Math.floor(result.coverage.errorHandling / 5))} ${result.coverage.errorHandling}%`);
+  lines.push(`Security:       ${"\u2588".repeat(Math.floor(result.coverage.security / 5))}${"\u2591".repeat(20 - Math.floor(result.coverage.security / 5))} ${result.coverage.security}%`);
+  lines.push(`Edge Cases:     ${"\u2588".repeat(Math.floor(result.coverage.edgeCases / 5))}${"\u2591".repeat(20 - Math.floor(result.coverage.edgeCases / 5))} ${result.coverage.edgeCases}%`);
+  lines.push("```");
+  lines.push("");
+  lines.push("## Suggested Test Scenarios");
+  lines.push("");
+  const priorities = ["critical", "high", "medium", "low"];
+  for (const priority of priorities) {
+    const scenarios = result.scenarios.filter((s) => s.priority === priority);
+    if (scenarios.length === 0) continue;
+    const emoji = priority === "critical" ? "\u{1F534}" : priority === "high" ? "\u{1F7E0}" : priority === "medium" ? "\u{1F7E1}" : "\u{1F7E2}";
+    lines.push(`### ${emoji} ${priority.charAt(0).toUpperCase() + priority.slice(1)} Priority`);
+    lines.push("");
+    for (const scenario of scenarios) {
+      const typeEmoji = getTypeEmoji(scenario.type);
+      lines.push(`#### ${typeEmoji} ${scenario.methodName} - ${scenario.scenarioName}`);
+      lines.push("");
+      lines.push(`**Description:** ${scenario.description}`);
+      lines.push("");
+      lines.push(`**Test Method:** \`${scenario.testMethodName}\``);
+      lines.push("");
+      if (scenario.assertions.length > 0) {
+        lines.push("**Assertions:**");
+        for (const assertion of scenario.assertions) {
+          lines.push(`- \`${assertion}\``);
+        }
+        lines.push("");
+      }
+    }
+  }
+  lines.push("## Quick Test Generation");
+  lines.push("");
+  lines.push("Generate tests for this component:");
+  lines.push("");
+  lines.push("```");
+  lines.push(`scaffold_tests(target: "${result.targetType}", name: "${result.target}", testTypes: ["unit", "security"])`);
+  lines.push("```");
+  lines.push("");
+  return lines.join("\n");
+}
+function getTypeEmoji(type) {
+  switch (type) {
+    case "happy-path":
+      return "\u2705";
+    case "validation":
+      return "\u{1F50D}";
+    case "error-handling":
+      return "\u26A0\uFE0F";
+    case "security":
+      return "\u{1F512}";
+    case "edge-case":
+      return "\u{1F9EA}";
+    case "performance":
+      return "\u26A1";
+    default:
+      return "\u{1F4CB}";
+  }
+}
+
+// src/resources/conventions.ts
+var conventionsResourceTemplate = {
+  uri: "smartstack://conventions",
+  name: "AtlasHub Conventions",
+  description: "Documentation of AtlasHub/SmartStack naming conventions, patterns, and best practices",
+  mimeType: "text/markdown"
+};
+async function getConventionsResource(config) {
+  const { schemas, tablePrefixes, codePrefixes, migrationFormat, namespaces, servicePattern } = config.conventions;
+  return `# AtlasHub SmartStack Conventions
+
+## Overview
+
+This document describes the mandatory conventions for extending the SmartStack/AtlasHub platform.
+Following these conventions ensures compatibility and prevents conflicts.
+
+---
+
+## 1. Database Conventions
+
+### SQL Schemas
+
+SmartStack uses SQL Server schemas to separate platform tables from client extensions:
+
+| Schema | Usage | Description |
+|--------|-------|-------------|
+| \`${schemas.platform}\` | SmartStack platform | All native SmartStack tables |
+| \`${schemas.extensions}\` | Client extensions | Custom tables added by clients |
+
+### Domain Table Prefixes
+
+Tables are organized by domain using prefixes:
+
+| Prefix | Domain | Example Tables |
+|--------|--------|----------------|
+| \`auth_\` | Authorization | auth_Users, auth_Roles, auth_Permissions |
+| \`nav_\` | Navigation | nav_Contexts, nav_Applications, nav_Modules |
+| \`usr_\` | User profiles | usr_Profiles, usr_Preferences |
+| \`ai_\` | AI features | ai_Providers, ai_Models, ai_Prompts |
+| \`cfg_\` | Configuration | cfg_Settings |
+| \`wkf_\` | Workflows | wkf_EmailTemplates, wkf_Workflows |
+| \`support_\` | Support | support_Tickets, support_Comments |
+| \`entra_\` | Entra sync | entra_Groups, entra_SyncState |
+| \`ref_\` | References | ref_Companies, ref_Departments |
+| \`loc_\` | Localization | loc_Languages, loc_Translations |
+| \`lic_\` | Licensing | lic_Licenses |
+| \`tenant_\` | Multi-Tenancy | tenant_Tenants, tenant_TenantUsers, tenant_TenantUserRoles |
+
+### Navigation Code Prefixes
+
+All navigation data (Context, Application, Module, Section, Resource) uses code prefixes to distinguish system data from client extensions:
+
+| Origin | Prefix | Usage | Example |
+|--------|--------|-------|---------|
+| SmartStack (system) | \`${codePrefixes.core}\` | Protected, delivered with SmartStack | \`${codePrefixes.core}administration\` |
+| Client (extension) | \`${codePrefixes.extension}\` | Custom, added by clients | \`${codePrefixes.extension}it\` |
+
+**Navigation Hierarchy (5 levels):**
+
+\`\`\`
+Context \u2192 Application \u2192 Module \u2192 Section \u2192 Resource
+\`\`\`
+
+**Examples for each level:**
+
+| Level | Core Example | Extension Example |
+|-------|--------------|-------------------|
+| Context | \`${codePrefixes.core}administration\` | \`${codePrefixes.extension}it\` |
+| Application | \`${codePrefixes.core}settings\` | \`${codePrefixes.extension}custom_app\` |
+| Module | \`${codePrefixes.core}users\` | \`${codePrefixes.extension}inventory\` |
+| Section | \`${codePrefixes.core}management\` | \`${codePrefixes.extension}reports\` |
+| Resource | \`${codePrefixes.core}user_list\` | \`${codePrefixes.extension}stock_view\` |
+
+**Rules:**
+1. \`${codePrefixes.core}*\` codes are **protected** - clients cannot create or modify them
+2. \`${codePrefixes.extension}*\` codes are **free** - clients can create custom navigation
+3. SmartStack updates will never overwrite \`${codePrefixes.extension}*\` data
+4. Codes must be unique within their level (e.g., no two Contexts with same code)
+
+### Entity Configuration
+
+\`\`\`csharp
+public class MyEntityConfiguration : IEntityTypeConfiguration<MyEntity>
+{
+    public void Configure(EntityTypeBuilder<MyEntity> builder)
+    {
+        // CORRECT: Use schema + domain prefix
+        builder.ToTable("auth_Users", "${schemas.platform}");
+
+        // WRONG: No schema specified
+        // builder.ToTable("auth_Users");
+
+        // WRONG: No domain prefix
+        // builder.ToTable("Users", "${schemas.platform}");
+    }
+}
+\`\`\`
+
+### Extending Core Entities
+
+When extending a core entity, use the \`${schemas.extensions}\` schema:
+
+\`\`\`csharp
+// Client extension for auth_Users
+public class UserExtension
+{
+    public Guid UserId { get; set; }  // FK to auth_Users
+    public User User { get; set; }
+
+    // Custom properties
+    public string CustomField { get; set; }
+}
+
+// Configuration - use extensions schema
+builder.ToTable("client_UserExtensions", "${schemas.extensions}");
+builder.HasOne(e => e.User)
+       .WithOne()
+       .HasForeignKey<UserExtension>(e => e.UserId);
+\`\`\`
+
+---
+
+## 2. Migration Conventions
+
+### Naming Format
+
+Migrations MUST follow this naming pattern:
+
+\`\`\`
+${migrationFormat}
+\`\`\`
+
+| Part | Description | Example |
+|------|-------------|---------|
+| \`{context}\` | DbContext name | \`core\`, \`extensions\` |
+| \`{version}\` | Semver version | \`v1.0.0\`, \`v1.2.0\` |
+| \`{sequence}\` | Order in version | \`001\`, \`002\` |
+| \`{Description}\` | Action (PascalCase) | \`CreateAuthUsers\` |
+
+**Examples:**
+- \`core_v1.0.0_001_InitialSchema.cs\`
+- \`core_v1.0.0_002_CreateAuthUsers.cs\`
+- \`core_v1.2.0_001_AddUserProfiles.cs\`
+- \`extensions_v1.0.0_001_AddClientFeatures.cs\`
+
+### Creating Migrations
+
+\`\`\`bash
+# Create a new migration
+dotnet ef migrations add core_v1.0.0_001_InitialSchema
+
+# With context specified
+dotnet ef migrations add core_v1.2.0_001_AddUserProfiles --context ApplicationDbContext
+\`\`\`
+
+### Migration Rules
+
+1. **One migration per feature** - Group related changes in a single migration
+2. **Version-based naming** - Use semver (v1.0.0, v1.2.0) to link migrations to releases
+3. **Sequence numbers** - Use NNN (001, 002, etc.) for migrations in the same version
+4. **Context prefix** - Use \`core_\` for platform tables, \`extensions_\` for client extensions
+5. **Descriptive names** - Use clear PascalCase descriptions (CreateAuthUsers, AddUserProfiles, etc.)
+6. **Schema must be specified** - All tables must specify their schema in ToTable()
+
+---
+
+## 3. Namespace Conventions
+
+### Layer Structure
 
 | Layer | Namespace | Purpose |
 |-------|-----------|---------|
@@ -4432,7 +7307,7 @@ Run specific or all checks:
 }
 
 // src/resources/project-info.ts
-import path10 from "path";
+import path14 from "path";
 var projectInfoResourceTemplate = {
   uri: "smartstack://project",
   name: "SmartStack Project Info",
@@ -4469,16 +7344,16 @@ async function getProjectInfoResource(config) {
   lines.push("```");
   lines.push(`${projectInfo.name}/`);
   if (structure.domain) {
-    lines.push(`\u251C\u2500\u2500 ${path10.basename(structure.domain)}/          # Domain layer (entities)`);
+    lines.push(`\u251C\u2500\u2500 ${path14.basename(structure.domain)}/          # Domain layer (entities)`);
   }
   if (structure.application) {
-    lines.push(`\u251C\u2500\u2500 ${path10.basename(structure.application)}/     # Application layer (services)`);
+    lines.push(`\u251C\u2500\u2500 ${path14.basename(structure.application)}/     # Application layer (services)`);
   }
   if (structure.infrastructure) {
-    lines.push(`\u251C\u2500\u2500 ${path10.basename(structure.infrastructure)}/  # Infrastructure (EF Core)`);
+    lines.push(`\u251C\u2500\u2500 ${path14.basename(structure.infrastructure)}/  # Infrastructure (EF Core)`);
   }
   if (structure.api) {
-    lines.push(`\u251C\u2500\u2500 ${path10.basename(structure.api)}/             # API layer (controllers)`);
+    lines.push(`\u251C\u2500\u2500 ${path14.basename(structure.api)}/             # API layer (controllers)`);
   }
   if (structure.web) {
     lines.push(`\u2514\u2500\u2500 web/smartstack-web/      # React frontend`);
@@ -4491,8 +7366,8 @@ async function getProjectInfoResource(config) {
     lines.push("| Project | Path |");
     lines.push("|---------|------|");
     for (const csproj of projectInfo.csprojFiles) {
-      const name = path10.basename(csproj, ".csproj");
-      const relativePath = path10.relative(projectPath, csproj);
+      const name = path14.basename(csproj, ".csproj");
+      const relativePath = path14.relative(projectPath, csproj);
       lines.push(`| ${name} | \`${relativePath}\` |`);
     }
     lines.push("");
@@ -4502,10 +7377,10 @@ async function getProjectInfoResource(config) {
       cwd: structure.migrations,
       ignore: ["*.Designer.cs"]
     });
-    const migrations = migrationFiles.map((f) => path10.basename(f)).filter((f) => !f.includes("ModelSnapshot") && !f.includes(".Designer.")).sort();
+    const migrations = migrationFiles.map((f) => path14.basename(f)).filter((f) => !f.includes("ModelSnapshot") && !f.includes(".Designer.")).sort();
     lines.push("## EF Core Migrations");
     lines.push("");
-    lines.push(`**Location**: \`${path10.relative(projectPath, structure.migrations)}\``);
+    lines.push(`**Location**: \`${path14.relative(projectPath, structure.migrations)}\``);
     lines.push(`**Total Migrations**: ${migrations.length}`);
     lines.push("");
     if (migrations.length > 0) {
@@ -4540,11 +7415,11 @@ async function getProjectInfoResource(config) {
   lines.push("dotnet build");
   lines.push("");
   lines.push("# Run API");
-  lines.push(`cd ${structure.api ? path10.relative(projectPath, structure.api) : "SmartStack.Api"}`);
+  lines.push(`cd ${structure.api ? path14.relative(projectPath, structure.api) : "SmartStack.Api"}`);
   lines.push("dotnet run");
   lines.push("");
   lines.push("# Run frontend");
-  lines.push(`cd ${structure.web ? path10.relative(projectPath, structure.web) : "web/smartstack-web"}`);
+  lines.push(`cd ${structure.web ? path14.relative(projectPath, structure.web) : "web/smartstack-web"}`);
   lines.push("npm run dev");
   lines.push("");
   lines.push("# Create migration");
@@ -4567,7 +7442,7 @@ async function getProjectInfoResource(config) {
 }
 
 // src/resources/api-endpoints.ts
-import path11 from "path";
+import path15 from "path";
 var apiEndpointsResourceTemplate = {
   uri: "smartstack://api/",
   name: "SmartStack API Endpoints",
@@ -4592,7 +7467,7 @@ async function getApiEndpointsResource(config, endpointFilter) {
 }
 async function parseController(filePath, _rootPath) {
   const content = await readText(filePath);
-  const fileName = path11.basename(filePath, ".cs");
+  const fileName = path15.basename(filePath, ".cs");
   const controllerName = fileName.replace("Controller", "");
   const endpoints = [];
   const routeMatch = content.match(/\[Route\s*\(\s*"([^"]+)"\s*\)\]/);
@@ -4739,7 +7614,7 @@ function getMethodEmoji(method) {
 }
 
 // src/resources/db-schema.ts
-import path12 from "path";
+import path16 from "path";
 var dbSchemaResourceTemplate = {
   uri: "smartstack://schema/",
   name: "SmartStack Database Schema",
@@ -4829,7 +7704,7 @@ async function parseEntity(filePath, rootPath, _config) {
     tableName,
     properties,
     relationships,
-    file: path12.relative(rootPath, filePath)
+    file: path16.relative(rootPath, filePath)
   };
 }
 async function enrichFromConfigurations(entities, infrastructurePath, _config) {
@@ -4975,7 +7850,7 @@ function formatSchema(entities, filter, _config) {
 }
 
 // src/resources/entities.ts
-import path13 from "path";
+import path17 from "path";
 var entitiesResourceTemplate = {
   uri: "smartstack://entities/",
   name: "SmartStack Entities",
@@ -5035,7 +7910,7 @@ async function parseEntitySummary(filePath, rootPath, config) {
     hasSoftDelete,
     hasRowVersion,
     file: filePath,
-    relativePath: path13.relative(rootPath, filePath)
+    relativePath: path17.relative(rootPath, filePath)
   };
 }
 function inferTableInfo(entityName, config) {
@@ -5222,7 +8097,12 @@ async function createServer() {
         checkMigrationsTool,
         scaffoldExtensionTool,
         apiDocsTool,
-        suggestMigrationTool
+        suggestMigrationTool,
+        // Test Tools
+        scaffoldTestsTool,
+        analyzeTestCoverageTool,
+        validateTestConventionsTool,
+        suggestTestScenariosTool
       ]
     };
   });
@@ -5248,6 +8128,19 @@ async function createServer() {
         case "suggest_migration":
           result = await handleSuggestMigration(args, config);
           break;
+        // Test Tools
+        case "scaffold_tests":
+          result = await handleScaffoldTests(args, config);
+          break;
+        case "analyze_test_coverage":
+          result = await handleAnalyzeTestCoverage(args, config);
+          break;
+        case "validate_test_conventions":
+          result = await handleValidateTestConventions(args, config);
+          break;
+        case "suggest_test_scenarios":
+          result = await handleSuggestTestScenarios(args, config);
+          break;
         default:
           throw new Error(`Unknown tool: ${name}`);
       }