@atlashub/smartstack-mcp 1.4.1 → 1.6.0

package/dist/index.js

@@ -78,14 +78,14 @@ if (envLevel && ["debug", "info", "warn", "error"].includes(envLevel)) {
 import path2 from "path";
 
 // src/utils/fs.ts
-import fs from "fs-extra";
+import { stat, mkdir, readFile, writeFile, cp, rm } from "fs/promises";
 import path from "path";
 import { glob } from "glob";
 var FileSystemError = class extends Error {
-  constructor(message, operation, path14, cause) {
+  constructor(message, operation, path21, cause) {
     super(message);
     this.operation = operation;
-    this.path = path14;
+    this.path = path21;
     this.cause = cause;
     this.name = "FileSystemError";
   }
@@ -103,26 +103,26 @@ function validatePathSecurity(targetPath, baseDir) {
 }
 async function fileExists(filePath) {
   try {
-    const stat = await fs.stat(filePath);
-    return stat.isFile();
+    const s = await stat(filePath);
+    return s.isFile();
   } catch {
     return false;
   }
 }
 async function directoryExists(dirPath) {
   try {
-    const stat = await fs.stat(dirPath);
-    return stat.isDirectory();
+    const s = await stat(dirPath);
+    return s.isDirectory();
   } catch {
     return false;
   }
 }
 async function ensureDirectory(dirPath) {
-  await fs.ensureDir(dirPath);
+  await mkdir(dirPath, { recursive: true });
 }
 async function readJson(filePath) {
   try {
-    const content = await fs.readFile(filePath, "utf-8");
+    const content = await readFile(filePath, "utf-8");
     try {
       return JSON.parse(content);
     } catch (parseError) {
@@ -148,7 +148,7 @@ async function readJson(filePath) {
 }
 async function readText(filePath) {
   try {
-    return await fs.readFile(filePath, "utf-8");
+    return await readFile(filePath, "utf-8");
   } catch (error) {
     const err = error instanceof Error ? error : new Error(String(error));
     throw new FileSystemError(
@@ -161,8 +161,8 @@ async function readText(filePath) {
 }
 async function writeText(filePath, content) {
   try {
-    await fs.ensureDir(path.dirname(filePath));
-    await fs.writeFile(filePath, content, "utf-8");
+    await mkdir(path.dirname(filePath), { recursive: true });
+    await writeFile(filePath, content, "utf-8");
   } catch (error) {
     const err = error instanceof Error ? error : new Error(String(error));
     throw new FileSystemError(
@@ -456,6 +456,70 @@ var ApiDocsInputSchema = z.object({
   format: z.enum(["markdown", "json", "openapi"]).default("markdown").describe("Output format"),
   controller: z.string().optional().describe("Filter by controller name")
 });
+var TestTypeSchema = z.enum(["unit", "integration", "security", "e2e"]);
+var TestTargetSchema = z.enum(["entity", "service", "controller", "validator", "repository", "all"]);
+var ScaffoldTestsInputSchema = z.object({
+  target: TestTargetSchema.describe("Type of component to test"),
+  name: z.string().min(1).describe('Component name (PascalCase, e.g., "User", "Order")'),
+  testTypes: z.array(TestTypeSchema).default(["unit"]).describe("Types of tests to generate"),
+  options: z.object({
+    includeEdgeCases: z.boolean().default(true).describe("Include edge case tests"),
+    includeTenantIsolation: z.boolean().default(true).describe("Include tenant isolation tests"),
+    includeSoftDelete: z.boolean().default(true).describe("Include soft delete tests"),
+    includeAudit: z.boolean().default(true).describe("Include audit trail tests"),
+    includeValidation: z.boolean().default(true).describe("Include validation tests"),
+    includeAuthorization: z.boolean().default(false).describe("Include authorization tests"),
+    includePerformance: z.boolean().default(false).describe("Include performance tests"),
+    entityProperties: z.array(EntityPropertySchema).optional().describe("Entity properties for test generation"),
+    isSystemEntity: z.boolean().default(false).describe("If true, entity has no TenantId"),
+    dryRun: z.boolean().default(false).describe("Preview without writing files")
+  }).optional()
+});
+var AnalyzeTestCoverageInputSchema = z.object({
+  path: z.string().optional().describe("Project path to analyze"),
+  scope: z.enum(["entity", "service", "controller", "all"]).default("all").describe("Scope of analysis"),
+  outputFormat: z.enum(["summary", "detailed", "json"]).default("summary").describe("Output format"),
+  includeRecommendations: z.boolean().default(true).describe("Include recommendations for missing tests")
+});
+var ValidateTestConventionsInputSchema = z.object({
+  path: z.string().optional().describe("Project path to validate"),
+  checks: z.array(z.enum(["naming", "structure", "patterns", "assertions", "mocking", "all"])).default(["all"]).describe("Types of convention checks to perform"),
+  autoFix: z.boolean().default(false).describe("Automatically fix minor issues")
+});
+var SuggestTestScenariosInputSchema = z.object({
+  target: z.enum(["entity", "service", "controller", "file"]).describe("Type of target to analyze"),
+  name: z.string().min(1).describe("Component name or file path"),
+  depth: z.enum(["basic", "comprehensive", "security-focused"]).default("comprehensive").describe("Depth of analysis")
+});
+var ScaffoldApiClientInputSchema = z.object({
+  navRoute: z.string().min(1).describe('NavRoute path (e.g., "platform.administration.users")'),
+  name: z.string().min(1).describe('Entity name in PascalCase (e.g., "User", "Order")'),
+  methods: z.array(z.enum(["getAll", "getById", "create", "update", "delete", "search", "export"])).default(["getAll", "getById", "create", "update", "delete"]).describe("API methods to generate"),
+  options: z.object({
+    outputPath: z.string().optional().describe("Custom output path for generated files"),
+    includeTypes: z.boolean().default(true).describe("Generate TypeScript types"),
+    includeHook: z.boolean().default(true).describe("Generate React Query hook"),
+    dryRun: z.boolean().default(false).describe("Preview without writing files")
+  }).optional()
+});
+var ScaffoldRoutesInputSchema = z.object({
+  source: z.enum(["controllers", "navigation", "manual"]).default("controllers").describe("Source for route discovery: controllers (scan NavRoute attributes), navigation (from DB), manual (from config)"),
+  scope: z.enum(["all", "platform", "business", "extensions"]).default("all").describe("Scope of routes to generate"),
+  options: z.object({
+    outputPath: z.string().optional().describe("Custom output path"),
+    includeLayouts: z.boolean().default(true).describe("Generate layout components"),
+    includeGuards: z.boolean().default(true).describe("Include route guards for permissions"),
+    generateRegistry: z.boolean().default(true).describe("Generate navRoutes.generated.ts"),
+    dryRun: z.boolean().default(false).describe("Preview without writing files")
+  }).optional()
+});
+var ValidateFrontendRoutesInputSchema = z.object({
+  scope: z.enum(["api-clients", "routes", "registry", "all"]).default("all").describe("Scope of validation"),
+  options: z.object({
+    fix: z.boolean().default(false).describe("Auto-fix minor issues"),
+    strict: z.boolean().default(false).describe("Fail on warnings")
+  }).optional()
+});
 
 // src/lib/detector.ts
 import path4 from "path";
@@ -2398,7 +2462,7 @@ export function use{{name}}(options: Use{{name}}Options = {}) {
 }
 async function scaffoldTest(name, options, structure, config, result, dryRun = false) {
   const isSystemEntity = options?.isSystemEntity || false;
-  const serviceTestTemplate = `using System;
+  const serviceTestTemplate2 = `using System;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
@@ -2505,7 +2569,7 @@ public class {{name}}ServiceTests
     name,
     isSystemEntity
   };
-  const testContent = Handlebars.compile(serviceTestTemplate)(context);
+  const testContent = Handlebars.compile(serviceTestTemplate2)(context);
   const testsPath = structure.application ? path7.join(path7.dirname(structure.application), `${path7.basename(structure.application)}.Tests`, "Services") : path7.join(config.smartstack.projectPath, "Application.Tests", "Services");
   const testFilePath = path7.join(testsPath, `${name}ServiceTests.cs`);
   if (!dryRun) {
@@ -3446,164 +3510,4251 @@ function compareVersions2(a, b) {
   return 0;
 }
 
-// src/resources/conventions.ts
-var conventionsResourceTemplate = {
-  uri: "smartstack://conventions",
-  name: "AtlasHub Conventions",
-  description: "Documentation of AtlasHub/SmartStack naming conventions, patterns, and best practices",
-  mimeType: "text/markdown"
+// src/tools/scaffold-tests.ts
+import Handlebars2 from "handlebars";
+import path10 from "path";
+var scaffoldTestsTool = {
+  name: "scaffold_tests",
+  description: "Generate unit, integration, and security tests for SmartStack entities, services, controllers, validators, and repositories. Ensures non-regression and maximum security coverage.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      target: {
+        type: "string",
+        enum: ["entity", "service", "controller", "validator", "repository", "all"],
+        description: "Type of component to test"
+      },
+      name: {
+        type: "string",
+        description: 'Component name (PascalCase, e.g., "User", "Order")'
+      },
+      testTypes: {
+        type: "array",
+        items: {
+          type: "string",
+          enum: ["unit", "integration", "security", "e2e"]
+        },
+        default: ["unit"],
+        description: "Types of tests to generate"
+      },
+      options: {
+        type: "object",
+        properties: {
+          includeEdgeCases: {
+            type: "boolean",
+            default: true,
+            description: "Include edge case tests"
+          },
+          includeTenantIsolation: {
+            type: "boolean",
+            default: true,
+            description: "Include tenant isolation tests"
+          },
+          includeSoftDelete: {
+            type: "boolean",
+            default: true,
+            description: "Include soft delete tests"
+          },
+          includeAudit: {
+            type: "boolean",
+            default: true,
+            description: "Include audit trail tests"
+          },
+          includeValidation: {
+            type: "boolean",
+            default: true,
+            description: "Include validation tests"
+          },
+          includeAuthorization: {
+            type: "boolean",
+            default: false,
+            description: "Include authorization tests"
+          },
+          includePerformance: {
+            type: "boolean",
+            default: false,
+            description: "Include performance tests"
+          },
+          isSystemEntity: {
+            type: "boolean",
+            default: false,
+            description: "If true, entity has no TenantId"
+          },
+          dryRun: {
+            type: "boolean",
+            default: false,
+            description: "Preview without writing files"
+          }
+        }
+      }
+    },
+    required: ["target", "name"]
+  }
 };
-async function getConventionsResource(config) {
-  const { schemas, tablePrefixes, codePrefixes, migrationFormat, namespaces, servicePattern } = config.conventions;
-  return `# AtlasHub SmartStack Conventions
+Handlebars2.registerHelper("pascalCase", (str) => {
+  if (!str) return "";
+  return str.charAt(0).toUpperCase() + str.slice(1);
+});
+Handlebars2.registerHelper("camelCase", (str) => {
+  if (!str) return "";
+  return str.charAt(0).toLowerCase() + str.slice(1);
+});
+Handlebars2.registerHelper("unless", function(conditional, options) {
+  if (!conditional) {
+    return options.fn(this);
+  }
+  return options.inverse(this);
+});
+var entityTestTemplate = `using System;
+using FluentAssertions;
+using Xunit;
+using {{domainNamespace}};
 
-## Overview
+namespace {{testNamespace}}.Unit.Domain;
 
-This document describes the mandatory conventions for extending the SmartStack/AtlasHub platform.
-Following these conventions ensures compatibility and prevents conflicts.
+/// <summary>
+/// Unit tests for {{name}} entity
+/// Tests: Factory methods, Soft delete, Audit trail, Validation
+/// </summary>
+public class {{name}}Tests
+{
+    private const string ValidCode = "test_code";
+{{#unless isSystemEntity}}
+    private readonly Guid _tenantId = Guid.NewGuid();
+{{/unless}}
 
----
+    #region Factory Method Tests
 
-## 1. Database Conventions
+    [Fact]
+    public void Create_WhenValidData_ShouldCreateEntity()
+    {
+        // Arrange
+        var code = ValidCode;
+{{#unless isSystemEntity}}
+        var tenantId = _tenantId;
+{{/unless}}
 
-### SQL Schemas
+        // Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}tenantId, {{/unless}}code);
 
-SmartStack uses SQL Server schemas to separate platform tables from client extensions:
+        // Assert
+        entity.Should().NotBeNull();
+        entity.Id.Should().NotBeEmpty();
+        entity.Code.Should().Be(code.ToLowerInvariant());
+{{#unless isSystemEntity}}
+        entity.TenantId.Should().Be(tenantId);
+{{/unless}}
+        entity.CreatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromSeconds(1));
+        entity.IsDeleted.Should().BeFalse();
+    }
 
-| Schema | Usage | Description |
-|--------|-------|-------------|
-| \`${schemas.platform}\` | SmartStack platform | All native SmartStack tables |
-| \`${schemas.extensions}\` | Client extensions | Custom tables added by clients |
+{{#unless isSystemEntity}}
+    [Fact]
+    public void Create_WhenEmptyTenantId_ShouldThrow()
+    {
+        // Arrange
+        var tenantId = Guid.Empty;
+        var code = ValidCode;
 
-### Domain Table Prefixes
+        // Act
+        var act = () => {{name}}.Create(tenantId, code);
 
-Tables are organized by domain using prefixes:
+        // Assert
+        act.Should().Throw<ArgumentException>()
+           .WithParameterName("tenantId");
+    }
+{{/unless}}
 
-| Prefix | Domain | Example Tables |
-|--------|--------|----------------|
-| \`auth_\` | Authorization | auth_Users, auth_Roles, auth_Permissions |
-| \`nav_\` | Navigation | nav_Contexts, nav_Applications, nav_Modules |
-| \`usr_\` | User profiles | usr_Profiles, usr_Preferences |
-| \`ai_\` | AI features | ai_Providers, ai_Models, ai_Prompts |
-| \`cfg_\` | Configuration | cfg_Settings |
-| \`wkf_\` | Workflows | wkf_EmailTemplates, wkf_Workflows |
-| \`support_\` | Support | support_Tickets, support_Comments |
-| \`entra_\` | Entra sync | entra_Groups, entra_SyncState |
-| \`ref_\` | References | ref_Companies, ref_Departments |
-| \`loc_\` | Localization | loc_Languages, loc_Translations |
-| \`lic_\` | Licensing | lic_Licenses |
-| \`tenant_\` | Multi-Tenancy | tenant_Tenants, tenant_TenantUsers, tenant_TenantUserRoles |
+    [Theory]
+    [InlineData("")]
+    [InlineData("   ")]
+    public void Create_WhenEmptyCode_ShouldHandleGracefully(string code)
+    {
+        // Arrange
+{{#unless isSystemEntity}}
+        var tenantId = _tenantId;
+{{/unless}}
 
-### Navigation Code Prefixes
+        // Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}tenantId, {{/unless}}code);
 
-All navigation data (Context, Application, Module, Section, Resource) uses code prefixes to distinguish system data from client extensions:
+        // Assert
+        entity.Should().NotBeNull();
+        entity.Code.Should().BeEmpty();
+    }
 
-| Origin | Prefix | Usage | Example |
-|--------|--------|-------|---------|
-| SmartStack (system) | \`${codePrefixes.core}\` | Protected, delivered with SmartStack | \`${codePrefixes.core}administration\` |
-| Client (extension) | \`${codePrefixes.extension}\` | Custom, added by clients | \`${codePrefixes.extension}it\` |
+    #endregion
 
-**Navigation Hierarchy (5 levels):**
+{{#if includeSoftDelete}}
+    #region Soft Delete Tests
 
-\`\`\`
-Context \u2192 Application \u2192 Module \u2192 Section \u2192 Resource
-\`\`\`
+    [Fact]
+    public void SoftDelete_WhenCalled_ShouldSetIsDeletedTrue()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode);
+        var deletedBy = "test_user";
 
-**Examples for each level:**
+        // Act
+        entity.SoftDelete(deletedBy);
 
-| Level | Core Example | Extension Example |
-|-------|--------------|-------------------|
-| Context | \`${codePrefixes.core}administration\` | \`${codePrefixes.extension}it\` |
-| Application | \`${codePrefixes.core}settings\` | \`${codePrefixes.extension}custom_app\` |
-| Module | \`${codePrefixes.core}users\` | \`${codePrefixes.extension}inventory\` |
-| Section | \`${codePrefixes.core}management\` | \`${codePrefixes.extension}reports\` |
-| Resource | \`${codePrefixes.core}user_list\` | \`${codePrefixes.extension}stock_view\` |
+        // Assert
+        entity.IsDeleted.Should().BeTrue();
+        entity.DeletedAt.Should().NotBeNull();
+        entity.DeletedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromSeconds(1));
+        entity.DeletedBy.Should().Be(deletedBy);
+    }
 
-**Rules:**
-1. \`${codePrefixes.core}*\` codes are **protected** - clients cannot create or modify them
-2. \`${codePrefixes.extension}*\` codes are **free** - clients can create custom navigation
-3. SmartStack updates will never overwrite \`${codePrefixes.extension}*\` data
-4. Codes must be unique within their level (e.g., no two Contexts with same code)
+    [Fact]
+    public void SoftDelete_WhenAlreadyDeleted_ShouldNotChangeDeletedAt()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode);
+        entity.SoftDelete("first_deleter");
+        var originalDeletedAt = entity.DeletedAt;
 
-### Entity Configuration
+        // Act
+        entity.SoftDelete("second_deleter");
 
-\`\`\`csharp
-public class MyEntityConfiguration : IEntityTypeConfiguration<MyEntity>
-{
-    public void Configure(EntityTypeBuilder<MyEntity> builder)
+        // Assert
+        entity.DeletedAt.Should().Be(originalDeletedAt);
+    }
+
+    [Fact]
+    public void Restore_WhenSoftDeleted_ShouldClearDeletedFields()
     {
-        // CORRECT: Use schema + domain prefix
-        builder.ToTable("auth_Users", "${schemas.platform}");
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode);
+        entity.SoftDelete("deleter");
+        var restoredBy = "restorer";
 
-        // WRONG: No schema specified
-        // builder.ToTable("auth_Users");
+        // Act
+        entity.Restore(restoredBy);
 
-        // WRONG: No domain prefix
-        // builder.ToTable("Users", "${schemas.platform}");
+        // Assert
+        entity.IsDeleted.Should().BeFalse();
+        entity.DeletedAt.Should().BeNull();
+        entity.DeletedBy.Should().BeNull();
+        entity.UpdatedBy.Should().Be(restoredBy);
     }
-}
-\`\`\`
 
-### Extending Core Entities
+    #endregion
+{{/if}}
 
-When extending a core entity, use the \`${schemas.extensions}\` schema:
+{{#if includeAudit}}
+    #region Audit Trail Tests
 
-\`\`\`csharp
-// Client extension for auth_Users
-public class UserExtension
-{
-    public Guid UserId { get; set; }  // FK to auth_Users
-    public User User { get; set; }
+    [Fact]
+    public void Create_ShouldSetCreatedAtToUtcNow()
+    {
+        // Arrange & Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode);
 
-    // Custom properties
-    public string CustomField { get; set; }
-}
+        // Assert
+        entity.CreatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromSeconds(1));
+        entity.CreatedAt.Kind.Should().Be(DateTimeKind.Utc);
+    }
 
-// Configuration - use extensions schema
-builder.ToTable("client_UserExtensions", "${schemas.extensions}");
-builder.HasOne(e => e.User)
-       .WithOne()
-       .HasForeignKey<UserExtension>(e => e.UserId);
-\`\`\`
+    [Fact]
+    public void Create_WhenCreatedByProvided_ShouldSetCreatedBy()
+    {
+        // Arrange
+        var createdBy = "test_creator";
 
----
+        // Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode, createdBy);
 
-## 2. Migration Conventions
+        // Assert
+        entity.CreatedBy.Should().Be(createdBy);
+    }
 
-### Naming Format
+    [Fact]
+    public void Update_WhenCalled_ShouldUpdateAuditFields()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}ValidCode);
+        var originalCreatedAt = entity.CreatedAt;
+        var updatedBy = "updater";
 
-Migrations MUST follow this naming pattern:
+        // Act
+        entity.Update(updatedBy);
 
-\`\`\`
-${migrationFormat}
-\`\`\`
+        // Assert
+        entity.UpdatedAt.Should().NotBeNull();
+        entity.UpdatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromSeconds(1));
+        entity.UpdatedBy.Should().Be(updatedBy);
+        entity.CreatedAt.Should().Be(originalCreatedAt);
+    }
 
-| Part | Description | Example |
-|------|-------------|---------|
-| \`{context}\` | DbContext name | \`core\`, \`extensions\` |
-| \`{version}\` | Semver version | \`v1.0.0\`, \`v1.2.0\` |
-| \`{sequence}\` | Order in version | \`001\`, \`002\` |
-| \`{Description}\` | Action (PascalCase) | \`CreateAuthUsers\` |
+    #endregion
+{{/if}}
 
-**Examples:**
-- \`core_v1.0.0_001_InitialSchema.cs\`
-- \`core_v1.0.0_002_CreateAuthUsers.cs\`
-- \`core_v1.2.0_001_AddUserProfiles.cs\`
-- \`extensions_v1.0.0_001_AddClientFeatures.cs\`
+{{#if includeEdgeCases}}
+    #region Edge Cases
 
-### Creating Migrations
+    [Fact]
+    public void Create_WithSpecialCharactersInCode_ShouldNormalize()
+    {
+        // Arrange
+        var code = "Test-Code_123";
 
-\`\`\`bash
-# Create a new migration
-dotnet ef migrations add core_v1.0.0_001_InitialSchema
+        // Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}code);
 
-# With context specified
-dotnet ef migrations add core_v1.2.0_001_AddUserProfiles --context ApplicationDbContext
-\`\`\`
+        // Assert
+        entity.Code.Should().Be(code.ToLowerInvariant());
+    }
 
-### Migration Rules
+    [Fact]
+    public void Create_WithMaxLengthCode_ShouldSucceed()
+    {
+        // Arrange
+        var code = new string('a', 100);
 
-1. **One migration per feature** - Group related changes in a single migration
+        // Act
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}code);
+
+        // Assert
+        entity.Code.Should().HaveLength(100);
+    }
+
+    #endregion
+{{/if}}
+}
+`;
+var serviceTestTemplate = `using System;
+using System.Collections.Generic;
+using System.Threading;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Microsoft.Extensions.Logging;
+using Moq;
+using Xunit;
+using {{applicationNamespace}}.Services;
+using {{applicationNamespace}}.Repositories;
+using {{domainNamespace}};
+
+namespace {{testNamespace}}.Unit.Services;
+
+/// <summary>
+/// Unit tests for {{name}}Service
+/// Tests: CRUD operations, Business logic, Error handling, Tenant isolation
+/// </summary>
+public class {{name}}ServiceTests
+{
+    private readonly Mock<I{{name}}Repository> _repositoryMock;
+    private readonly Mock<ILogger<{{name}}Service>> _loggerMock;
+    private readonly {{name}}Service _sut;
+{{#unless isSystemEntity}}
+    private readonly Guid _tenantId = Guid.NewGuid();
+{{/unless}}
+
+    public {{name}}ServiceTests()
+    {
+        _repositoryMock = new Mock<I{{name}}Repository>();
+        _loggerMock = new Mock<ILogger<{{name}}Service>>();
+        _sut = new {{name}}Service(
+            _repositoryMock.Object,
+            _loggerMock.Object
+        );
+    }
+
+    #region GetByIdAsync Tests
+
+    [Fact]
+    public async Task GetByIdAsync_WhenEntityExists_ShouldReturnEntity()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(entity);
+
+        // Act
+        var result = await _sut.GetByIdAsync(id);
+
+        // Assert
+        result.Should().NotBeNull();
+        _repositoryMock.Verify(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()), Times.Once);
+    }
+
+    [Fact]
+    public async Task GetByIdAsync_WhenNotExists_ShouldReturnNull()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var result = await _sut.GetByIdAsync(id);
+
+        // Assert
+        result.Should().BeNull();
+    }
+
+    [Fact]
+    public async Task GetByIdAsync_WhenCancelled_ShouldThrowOperationCancelledException()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var cts = new CancellationTokenSource();
+        cts.Cancel();
+
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ThrowsAsync(new OperationCanceledException());
+
+        // Act
+        var act = async () => await _sut.GetByIdAsync(id, cts.Token);
+
+        // Assert
+        await act.Should().ThrowAsync<OperationCanceledException>();
+    }
+
+    #endregion
+
+{{#unless isSystemEntity}}
+    #region Tenant Isolation Tests
+
+    [Fact]
+    public async Task GetAllAsync_ShouldFilterByTenant()
+    {
+        // Arrange
+        var entities = new List<{{name}}>
+        {
+            {{name}}.Create(_tenantId, "entity1"),
+            {{name}}.Create(_tenantId, "entity2"),
+        };
+        _repositoryMock
+            .Setup(r => r.GetAllByTenantAsync(_tenantId, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(entities);
+
+        // Act
+        var result = await _sut.GetAllAsync(_tenantId);
+
+        // Assert
+        result.Should().HaveCount(2);
+        result.Should().OnlyContain(e => e.TenantId == _tenantId);
+    }
+
+    [Fact]
+    public async Task CreateAsync_ShouldSetTenantId()
+    {
+        // Arrange
+        {{name}}? capturedEntity = null;
+        _repositoryMock
+            .Setup(r => r.AddAsync(It.IsAny<{{name}}>(), It.IsAny<CancellationToken>()))
+            .Callback<{{name}}, CancellationToken>((e, _) => capturedEntity = e)
+            .ReturnsAsync(({{name}} e, CancellationToken _) => e);
+
+        // Act
+        await _sut.CreateAsync(_tenantId, "test_code");
+
+        // Assert
+        capturedEntity.Should().NotBeNull();
+        capturedEntity!.TenantId.Should().Be(_tenantId);
+    }
+
+    [Fact]
+    public async Task GetByIdAsync_WhenEntityBelongsToDifferentTenant_ShouldReturnNull()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var otherTenantId = Guid.NewGuid();
+        var entity = {{name}}.Create(otherTenantId, "test");
+
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(({{name}}?)null); // Repository should filter by tenant
+
+        // Act
+        var result = await _sut.GetByIdAsync(id, _tenantId);
+
+        // Assert
+        result.Should().BeNull();
+    }
+
+    #endregion
+{{/unless}}
+
+    #region Error Handling Tests
+
+    [Fact]
+    public async Task UpdateAsync_WhenEntityNotFound_ShouldThrow()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var act = async () => await _sut.UpdateAsync(id, "new_code");
+
+        // Assert
+        await act.Should().ThrowAsync<InvalidOperationException>()
+            .WithMessage("*not found*");
+    }
+
+    [Fact]
+    public async Task DeleteAsync_WhenEntityNotFound_ShouldReturnFalse()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _repositoryMock
+            .Setup(r => r.GetByIdAsync(id, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var result = await _sut.DeleteAsync(id);
+
+        // Assert
+        result.Should().BeFalse();
+    }
+
+    #endregion
+
+{{#if includeEdgeCases}}
+    #region Edge Cases
+
+    [Fact]
+    public async Task CreateAsync_WithEmptyCode_ShouldStillCreate()
+    {
+        // Arrange
+        _repositoryMock
+            .Setup(r => r.AddAsync(It.IsAny<{{name}}>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync(({{name}} e, CancellationToken _) => e);
+
+        // Act
+        var result = await _sut.CreateAsync({{#unless isSystemEntity}}_tenantId, {{/unless}}"");
+
+        // Assert
+        result.Should().NotBeNull();
+        result.Code.Should().BeEmpty();
+    }
+
+    [Fact]
+    public async Task GetAllAsync_WhenNoEntities_ShouldReturnEmptyList()
+    {
+        // Arrange
+        _repositoryMock
+            .Setup(r => r.GetAllAsync(It.IsAny<CancellationToken>()))
+            .ReturnsAsync(new List<{{name}}>());
+
+        // Act
+        var result = await _sut.GetAllAsync();
+
+        // Assert
+        result.Should().BeEmpty();
+    }
+
+    #endregion
+{{/if}}
+}
+`;
+var controllerTestTemplate = `using System;
+using System.Collections.Generic;
+using System.Net;
+using System.Net.Http;
+using System.Net.Http.Json;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Microsoft.AspNetCore.Mvc.Testing;
+using Microsoft.Extensions.DependencyInjection;
+using Moq;
+using Xunit;
+using {{apiNamespace}};
+using {{applicationNamespace}}.Services;
+using {{domainNamespace}};
+
+namespace {{testNamespace}}.Integration.Controllers;
+
+/// <summary>
+/// Integration tests for {{name}}Controller
+/// Tests: HTTP status codes, Authorization, Validation, CRUD operations
+/// </summary>
+public class {{name}}ControllerTests : IClassFixture<WebApplicationFactory<Program>>
+{
+    private readonly WebApplicationFactory<Program> _factory;
+    private readonly HttpClient _client;
+    private readonly Mock<I{{name}}Service> _serviceMock;
+{{#unless isSystemEntity}}
+    private readonly Guid _tenantId = Guid.NewGuid();
+{{/unless}}
+
+    public {{name}}ControllerTests(WebApplicationFactory<Program> factory)
+    {
+        _serviceMock = new Mock<I{{name}}Service>();
+
+        _factory = factory.WithWebHostBuilder(builder =>
+        {
+            builder.ConfigureServices(services =>
+            {
+                // Replace the real service with our mock
+                var descriptor = services.SingleOrDefault(
+                    d => d.ServiceType == typeof(I{{name}}Service));
+
+                if (descriptor != null)
+                {
+                    services.Remove(descriptor);
+                }
+
+                services.AddScoped(_ => _serviceMock.Object);
+            });
+        });
+
+        _client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        _client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+    }
+
+    #region GET Tests
+
+    [Fact]
+    public async Task GetAll_WhenAuthorized_ShouldReturn200()
+    {
+        // Arrange
+        var entities = new List<{{name}}>
+        {
+            {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"entity1"),
+            {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"entity2"),
+        };
+        _serviceMock
+            .Setup(s => s.GetAllAsync({{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(entities);
+
+        // Act
+        var response = await _client.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+    }
+
+    [Fact]
+    public async Task GetById_WhenEntityExists_ShouldReturn200()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+        _serviceMock
+            .Setup(s => s.GetByIdAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(entity);
+
+        // Act
+        var response = await _client.GetAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+    }
+
+    [Fact]
+    public async Task GetById_WhenNotFound_ShouldReturn404()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _serviceMock
+            .Setup(s => s.GetByIdAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var response = await _client.GetAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    #endregion
+
+    #region POST Tests
+
+    [Fact]
+    public async Task Create_WhenValidData_ShouldReturn201()
+    {
+        // Arrange
+        var request = new { Code = "new_entity" };
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}request.Code);
+        _serviceMock
+            .Setup(s => s.CreateAsync({{#unless isSystemEntity}}_tenantId, {{/unless}}request.Code, default))
+            .ReturnsAsync(entity);
+
+        // Act
+        var response = await _client.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Created);
+    }
+
+{{#if includeValidation}}
+    [Fact]
+    public async Task Create_WhenInvalidData_ShouldReturn400()
+    {
+        // Arrange
+        var request = new { Code = (string?)null };
+
+        // Act
+        var response = await _client.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+{{/if}}
+
+    #endregion
+
+    #region PUT Tests
+
+    [Fact]
+    public async Task Update_WhenEntityExists_ShouldReturn200()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var request = new { Code = "updated_code" };
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+        _serviceMock
+            .Setup(s => s.GetByIdAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(entity);
+        _serviceMock
+            .Setup(s => s.UpdateAsync(id, request.Code, default))
+            .ReturnsAsync(entity);
+
+        // Act
+        var response = await _client.PutAsJsonAsync($"/api/{{nameLower}}/{id}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+    }
+
+    [Fact]
+    public async Task Update_WhenNotFound_ShouldReturn404()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var request = new { Code = "updated_code" };
+        _serviceMock
+            .Setup(s => s.GetByIdAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var response = await _client.PutAsJsonAsync($"/api/{{nameLower}}/{id}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    #endregion
+
+    #region DELETE Tests
+
+    [Fact]
+    public async Task Delete_WhenEntityExists_ShouldReturn204()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _serviceMock
+            .Setup(s => s.DeleteAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(true);
+
+        // Act
+        var response = await _client.DeleteAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NoContent);
+    }
+
+    [Fact]
+    public async Task Delete_WhenNotFound_ShouldReturn404()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        _serviceMock
+            .Setup(s => s.DeleteAsync(id, {{#unless isSystemEntity}}_tenantId, {{/unless}}default))
+            .ReturnsAsync(false);
+
+        // Act
+        var response = await _client.DeleteAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    #endregion
+
+{{#if includeAuthorization}}
+    #region Authorization Tests
+
+    [Fact]
+    public async Task GetAll_WhenUnauthorized_ShouldReturn401()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+        // Don't add auth header
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
+    }
+
+{{#unless isSystemEntity}}
+    [Fact]
+    public async Task GetById_WhenDifferentTenant_ShouldReturn403()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", Guid.NewGuid().ToString());
+
+        _serviceMock
+            .Setup(s => s.GetByIdAsync(id, It.IsAny<Guid>(), default))
+            .ReturnsAsync(({{name}}?)null);
+
+        // Act
+        var response = await client.GetAsync($"/api/{{nameLower}}/{id}");
+
+        // Assert
+        response.StatusCode.Should().BeOneOf(HttpStatusCode.Forbidden, HttpStatusCode.NotFound);
+    }
+{{/unless}}
+
+    #endregion
+{{/if}}
+}
+`;
+var validatorTestTemplate = `using FluentAssertions;
+using FluentValidation.TestHelper;
+using Xunit;
+using {{applicationNamespace}}.DTOs;
+using {{applicationNamespace}}.Validators;
+
+namespace {{testNamespace}}.Unit.Validators;
+
+/// <summary>
+/// Unit tests for {{name}} validators
+/// Tests: Validation rules, Error messages
+/// </summary>
+public class {{name}}ValidatorTests
+{
+    private readonly Create{{name}}DtoValidator _createValidator;
+    private readonly Update{{name}}DtoValidator _updateValidator;
+
+    public {{name}}ValidatorTests()
+    {
+        _createValidator = new Create{{name}}DtoValidator();
+        _updateValidator = new Update{{name}}DtoValidator();
+    }
+
+    #region Create Validator Tests
+
+    [Fact]
+    public void CreateValidator_WhenCodeIsEmpty_ShouldHaveError()
+    {
+        // Arrange
+        var dto = new Create{{name}}Dto { Code = string.Empty };
+
+        // Act
+        var result = _createValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldHaveValidationErrorFor(x => x.Code)
+              .WithErrorMessage("*required*");
+    }
+
+    [Fact]
+    public void CreateValidator_WhenCodeIsTooLong_ShouldHaveError()
+    {
+        // Arrange
+        var dto = new Create{{name}}Dto { Code = new string('a', 101) };
+
+        // Act
+        var result = _createValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldHaveValidationErrorFor(x => x.Code)
+              .WithErrorMessage("*100 characters*");
+    }
+
+    [Fact]
+    public void CreateValidator_WhenValidData_ShouldNotHaveErrors()
+    {
+        // Arrange
+        var dto = new Create{{name}}Dto { Code = "valid_code" };
+
+        // Act
+        var result = _createValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldNotHaveAnyValidationErrors();
+    }
+
+    #endregion
+
+    #region Update Validator Tests
+
+    [Fact]
+    public void UpdateValidator_WhenCodeIsEmpty_ShouldHaveError()
+    {
+        // Arrange
+        var dto = new Update{{name}}Dto { Code = string.Empty };
+
+        // Act
+        var result = _updateValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldHaveValidationErrorFor(x => x.Code);
+    }
+
+    [Fact]
+    public void UpdateValidator_WhenValidData_ShouldNotHaveErrors()
+    {
+        // Arrange
+        var dto = new Update{{name}}Dto { Code = "updated_code" };
+
+        // Act
+        var result = _updateValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldNotHaveAnyValidationErrors();
+    }
+
+    #endregion
+
+{{#if includeEdgeCases}}
+    #region Edge Cases
+
+    [Theory]
+    [InlineData("test-code")]
+    [InlineData("test_code")]
+    [InlineData("test.code")]
+    public void CreateValidator_WhenCodeHasSpecialCharacters_ShouldPass(string code)
+    {
+        // Arrange
+        var dto = new Create{{name}}Dto { Code = code };
+
+        // Act
+        var result = _createValidator.TestValidate(dto);
+
+        // Assert
+        result.ShouldNotHaveValidationErrorFor(x => x.Code);
+    }
+
+    [Theory]
+    [InlineData("   leading")]
+    [InlineData("trailing   ")]
+    [InlineData("   both   ")]
+    public void CreateValidator_WhenCodeHasWhitespace_ShouldTrimAndValidate(string code)
+    {
+        // Arrange
+        var dto = new Create{{name}}Dto { Code = code };
+
+        // Act
+        var result = _createValidator.TestValidate(dto);
+
+        // Assert
+        // Depending on implementation, may pass or fail
+        // This test documents the expected behavior
+    }
+
+    #endregion
+{{/if}}
+}
+`;
+var repositoryTestTemplate = `using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Microsoft.EntityFrameworkCore;
+using Xunit;
+using {{infrastructureNamespace}}.Persistence;
+using {{infrastructureNamespace}}.Repositories;
+using {{domainNamespace}};
+
+namespace {{testNamespace}}.Integration.Repositories;
+
+/// <summary>
+/// Integration tests for {{name}}Repository
+/// Tests: CRUD with DbContext, Queries, Tenant scope
+/// </summary>
+public class {{name}}RepositoryTests : IDisposable
+{
+    private readonly ApplicationDbContext _context;
+    private readonly {{name}}Repository _repository;
+{{#unless isSystemEntity}}
+    private readonly Guid _tenantId = Guid.NewGuid();
+{{/unless}}
+
+    public {{name}}RepositoryTests()
+    {
+        var options = new DbContextOptionsBuilder<ApplicationDbContext>()
+            .UseInMemoryDatabase(databaseName: Guid.NewGuid().ToString())
+            .Options;
+
+        _context = new ApplicationDbContext(options);
+        _repository = new {{name}}Repository(_context);
+    }
+
+    public void Dispose()
+    {
+        _context.Dispose();
+    }
+
+    #region GetByIdAsync Tests
+
+    [Fact]
+    public async Task GetByIdAsync_WhenEntityExists_ShouldReturnEntity()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+        await _context.Set<{{name}}>().AddAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _repository.GetByIdAsync(entity.Id);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Id.Should().Be(entity.Id);
+    }
+
+    [Fact]
+    public async Task GetByIdAsync_WhenNotExists_ShouldReturnNull()
+    {
+        // Arrange
+        var id = Guid.NewGuid();
+
+        // Act
+        var result = await _repository.GetByIdAsync(id);
+
+        // Assert
+        result.Should().BeNull();
+    }
+
+    #endregion
+
+    #region AddAsync Tests
+
+    [Fact]
+    public async Task AddAsync_ShouldPersistEntity()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+
+        // Act
+        var result = await _repository.AddAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Assert
+        result.Should().NotBeNull();
+        var persisted = await _context.Set<{{name}}>().FindAsync(entity.Id);
+        persisted.Should().NotBeNull();
+    }
+
+    #endregion
+
+    #region UpdateAsync Tests
+
+    [Fact]
+    public async Task UpdateAsync_ShouldUpdateEntity()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"original");
+        await _context.Set<{{name}}>().AddAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        entity.Update("updater");
+        await _repository.UpdateAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Assert
+        var updated = await _context.Set<{{name}}>().FindAsync(entity.Id);
+        updated!.UpdatedBy.Should().Be("updater");
+    }
+
+    #endregion
+
+    #region DeleteAsync Tests
+
+    [Fact]
+    public async Task DeleteAsync_ShouldRemoveEntity()
+    {
+        // Arrange
+        var entity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"test");
+        await _context.Set<{{name}}>().AddAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        await _repository.DeleteAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Assert
+        var deleted = await _context.Set<{{name}}>().FindAsync(entity.Id);
+        deleted.Should().BeNull();
+    }
+
+    #endregion
+
+{{#unless isSystemEntity}}
+    #region Tenant Isolation Tests
+
+    [Fact]
+    public async Task GetAllByTenantAsync_ShouldOnlyReturnTenantEntities()
+    {
+        // Arrange
+        var otherTenantId = Guid.NewGuid();
+        await _context.Set<{{name}}>().AddRangeAsync(
+            {{name}}.Create(_tenantId, "entity1"),
+            {{name}}.Create(_tenantId, "entity2"),
+            {{name}}.Create(otherTenantId, "other_tenant_entity")
+        );
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _repository.GetAllByTenantAsync(_tenantId);
+
+        // Assert
+        result.Should().HaveCount(2);
+        result.Should().OnlyContain(e => e.TenantId == _tenantId);
+    }
+
+    [Fact]
+    public async Task ExistsAsync_WhenEntityInDifferentTenant_ShouldReturnFalse()
+    {
+        // Arrange
+        var otherTenantId = Guid.NewGuid();
+        var entity = {{name}}.Create(otherTenantId, "test");
+        await _context.Set<{{name}}>().AddAsync(entity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _repository.ExistsAsync(entity.Id, _tenantId);
+
+        // Assert
+        result.Should().BeFalse();
+    }
+
+    #endregion
+{{/unless}}
+
+{{#if includeSoftDelete}}
+    #region Soft Delete Tests
+
+    [Fact]
+    public async Task GetAllAsync_ShouldExcludeSoftDeletedEntities()
+    {
+        // Arrange
+        var activeEntity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"active");
+        var deletedEntity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"deleted");
+        deletedEntity.SoftDelete("deleter");
+
+        await _context.Set<{{name}}>().AddRangeAsync(activeEntity, deletedEntity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _repository.GetAllAsync();
+
+        // Assert
+        result.Should().ContainSingle();
+        result.First().Code.Should().Be("active");
+    }
+
+    [Fact]
+    public async Task GetAllIncludingDeletedAsync_ShouldIncludeSoftDeletedEntities()
+    {
+        // Arrange
+        var activeEntity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"active");
+        var deletedEntity = {{name}}.Create({{#unless isSystemEntity}}_tenantId, {{/unless}}"deleted");
+        deletedEntity.SoftDelete("deleter");
+
+        await _context.Set<{{name}}>().AddRangeAsync(activeEntity, deletedEntity);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _repository.GetAllIncludingDeletedAsync();
+
+        // Assert
+        result.Should().HaveCount(2);
+    }
+
+    #endregion
+{{/if}}
+}
+`;
+var securityTestTemplate = `using System;
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using FluentAssertions;
+using Microsoft.AspNetCore.Mvc.Testing;
+using Xunit;
+using {{apiNamespace}};
+
+namespace {{testNamespace}}.Security;
+
+/// <summary>
+/// Security tests for {{name}}
+/// Tests: Tenant isolation, Authorization, Input validation, Injection prevention
+/// </summary>
+public class {{name}}SecurityTests : IClassFixture<WebApplicationFactory<Program>>
+{
+    private readonly WebApplicationFactory<Program> _factory;
+{{#unless isSystemEntity}}
+    private readonly Guid _tenantId = Guid.NewGuid();
+{{/unless}}
+
+    public {{name}}SecurityTests(WebApplicationFactory<Program> factory)
+    {
+        _factory = factory;
+    }
+
+{{#unless isSystemEntity}}
+    #region Tenant Isolation Tests
+
+    [Fact]
+    public async Task Request_WithoutTenantHeader_ShouldReturn400()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+        // Intentionally not adding X-Tenant-Id header
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().BeOneOf(
+            HttpStatusCode.BadRequest,
+            HttpStatusCode.Unauthorized
+        );
+    }
+
+    [Fact]
+    public async Task Request_WithInvalidTenantId_ShouldReturn400()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", "invalid-guid");
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+
+    [Fact]
+    public async Task Request_WithEmptyTenantId_ShouldReturn400()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", Guid.Empty.ToString());
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+
+    #endregion
+{{/unless}}
+
+    #region Input Validation Security Tests
+
+    [Theory]
+    [InlineData("<script>alert('xss')</script>")]
+    [InlineData("'; DROP TABLE users; --")]
+    [InlineData("{{'{{'}}constructor.prototype{{'}}'}}")]
+    public async Task Create_WithMaliciousInput_ShouldSanitizeOrReject(string maliciousInput)
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+        var request = new { Code = maliciousInput };
+
+        // Act
+        var response = await client.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Assert
+        // Should either reject (400) or sanitize (201 with cleaned data)
+        response.StatusCode.Should().BeOneOf(
+            HttpStatusCode.BadRequest,
+            HttpStatusCode.Created,
+            HttpStatusCode.UnprocessableEntity
+        );
+    }
+
+    [Theory]
+    [InlineData("../../../etc/passwd")]
+    [InlineData("..\\\\..\\\\..\\\\windows\\\\system32")]
+    [InlineData("....//....//....//etc/passwd")]
+    public async Task Create_WithPathTraversalAttempt_ShouldReject(string pathTraversal)
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+        var request = new { Code = pathTraversal };
+
+        // Act
+        var response = await client.PostAsJsonAsync("/api/{{nameLower}}", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+
+    #endregion
+
+    #region ID Manipulation Tests
+
+    [Fact]
+    public async Task GetById_WithNegativeId_ShouldReturn400Or404()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}/00000000-0000-0000-0000-000000000000");
+
+        // Assert
+        response.StatusCode.Should().BeOneOf(
+            HttpStatusCode.BadRequest,
+            HttpStatusCode.NotFound
+        );
+    }
+
+    [Fact]
+    public async Task GetById_WithMalformedGuid_ShouldReturn400()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+
+        // Act
+        var response = await client.GetAsync("/api/{{nameLower}}/not-a-guid");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+
+    #endregion
+
+    #region Rate Limiting Tests (if applicable)
+
+    [Fact]
+    public async Task MultipleRapidRequests_ShouldNotCauseDenialOfService()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+{{#unless isSystemEntity}}
+        client.DefaultRequestHeaders.Add("X-Tenant-Id", _tenantId.ToString());
+{{/unless}}
+        var tasks = new List<Task<HttpResponseMessage>>();
+
+        // Act
+        for (int i = 0; i < 10; i++)
+        {
+            tasks.Add(client.GetAsync("/api/{{nameLower}}"));
+        }
+        var responses = await Task.WhenAll(tasks);
+
+        // Assert
+        // Should handle without crashing (may return 429 if rate limiting is enabled)
+        responses.Should().OnlyContain(r =>
+            r.StatusCode == HttpStatusCode.OK ||
+            r.StatusCode == HttpStatusCode.TooManyRequests);
+    }
+
+    #endregion
+}
+`;
+async function handleScaffoldTests(args, config) {
+  const input = ScaffoldTestsInputSchema.parse(args);
+  const dryRun = input.options?.dryRun || false;
+  logger.info("Scaffolding tests", { target: input.target, name: input.name, dryRun });
+  const structure = await findSmartStackStructure(config.smartstack.projectPath);
+  const result = {
+    success: true,
+    files: [],
+    instructions: []
+  };
+  const options = {
+    includeEdgeCases: input.options?.includeEdgeCases ?? true,
+    includeTenantIsolation: input.options?.includeTenantIsolation ?? true,
+    includeSoftDelete: input.options?.includeSoftDelete ?? true,
+    includeAudit: input.options?.includeAudit ?? true,
+    includeValidation: input.options?.includeValidation ?? true,
+    includeAuthorization: input.options?.includeAuthorization ?? false,
+    isSystemEntity: input.options?.isSystemEntity ?? false
+  };
+  const testTypes = input.testTypes || ["unit"];
+  try {
+    switch (input.target) {
+      case "entity":
+        await scaffoldEntityTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+      case "service":
+        await scaffoldServiceTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+      case "controller":
+        await scaffoldControllerTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+      case "validator":
+        await scaffoldValidatorTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+      case "repository":
+        await scaffoldRepositoryTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+      case "all":
+        await scaffoldEntityTests(input.name, options, testTypes, structure, config, result, dryRun);
+        await scaffoldServiceTests(input.name, options, testTypes, structure, config, result, dryRun);
+        await scaffoldControllerTests(input.name, options, testTypes, structure, config, result, dryRun);
+        await scaffoldValidatorTests(input.name, options, testTypes, structure, config, result, dryRun);
+        await scaffoldRepositoryTests(input.name, options, testTypes, structure, config, result, dryRun);
+        break;
+    }
+  } catch (error) {
+    result.success = false;
+    result.instructions.push(`Error: ${error instanceof Error ? error.message : String(error)}`);
+  }
+  return formatTestResult(result, input.target, input.name, dryRun);
+}
+async function scaffoldEntityTests(name, options, testTypes, structure, config, result, dryRun) {
+  const testNamespace = `${config.conventions.namespaces.application}.Tests`;
+  const domainNamespace = config.conventions.namespaces.domain;
+  const context = {
+    name,
+    testNamespace,
+    domainNamespace,
+    ...options
+  };
+  if (testTypes.includes("unit")) {
+    const content = Handlebars2.compile(entityTestTemplate)(context);
+    const testPath = path10.join(structure.root, "Tests", "Unit", "Domain", `${name}Tests.cs`);
+    validatePathSecurity(testPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(testPath));
+      await writeText(testPath, content);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, testPath),
+      content,
+      type: "created"
+    });
+  }
+  if (testTypes.includes("security")) {
+    const securityContent = Handlebars2.compile(securityTestTemplate)({
+      ...context,
+      nameLower: name.charAt(0).toLowerCase() + name.slice(1),
+      apiNamespace: config.conventions.namespaces.api
+    });
+    const securityPath = path10.join(structure.root, "Tests", "Security", `${name}SecurityTests.cs`);
+    validatePathSecurity(securityPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(securityPath));
+      await writeText(securityPath, securityContent);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, securityPath),
+      content: securityContent,
+      type: "created"
+    });
+  }
+  result.instructions.push(`Add package reference: <PackageReference Include="FluentAssertions" Version="6.*" />`);
+  result.instructions.push(`Add package reference: <PackageReference Include="xunit" Version="2.*" />`);
+}
+async function scaffoldServiceTests(name, options, testTypes, structure, config, result, dryRun) {
+  const testNamespace = `${config.conventions.namespaces.application}.Tests`;
+  const applicationNamespace = config.conventions.namespaces.application;
+  const domainNamespace = config.conventions.namespaces.domain;
+  const context = {
+    name,
+    testNamespace,
+    applicationNamespace,
+    domainNamespace,
+    ...options
+  };
+  if (testTypes.includes("unit")) {
+    const content = Handlebars2.compile(serviceTestTemplate)(context);
+    const testPath = path10.join(structure.root, "Tests", "Unit", "Services", `${name}ServiceTests.cs`);
+    validatePathSecurity(testPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(testPath));
+      await writeText(testPath, content);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, testPath),
+      content,
+      type: "created"
+    });
+  }
+  result.instructions.push(`Add package reference: <PackageReference Include="Moq" Version="4.*" />`);
+}
+async function scaffoldControllerTests(name, options, testTypes, structure, config, result, dryRun) {
+  const testNamespace = `${config.conventions.namespaces.application}.Tests`;
+  const applicationNamespace = config.conventions.namespaces.application;
+  const domainNamespace = config.conventions.namespaces.domain;
+  const apiNamespace = config.conventions.namespaces.api;
+  const context = {
+    name,
+    nameLower: name.charAt(0).toLowerCase() + name.slice(1),
+    testNamespace,
+    applicationNamespace,
+    domainNamespace,
+    apiNamespace,
+    ...options
+  };
+  if (testTypes.includes("integration")) {
+    const content = Handlebars2.compile(controllerTestTemplate)(context);
+    const testPath = path10.join(structure.root, "Tests", "Integration", "Controllers", `${name}ControllerTests.cs`);
+    validatePathSecurity(testPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(testPath));
+      await writeText(testPath, content);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, testPath),
+      content,
+      type: "created"
+    });
+  }
+  if (testTypes.includes("security")) {
+    const securityContent = Handlebars2.compile(securityTestTemplate)(context);
+    const securityPath = path10.join(structure.root, "Tests", "Security", `${name}SecurityTests.cs`);
+    validatePathSecurity(securityPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(securityPath));
+      await writeText(securityPath, securityContent);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, securityPath),
+      content: securityContent,
+      type: "created"
+    });
+  }
+  result.instructions.push(`Add package reference: <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.*" />`);
+}
+async function scaffoldValidatorTests(name, options, testTypes, structure, config, result, dryRun) {
+  const testNamespace = `${config.conventions.namespaces.application}.Tests`;
+  const applicationNamespace = config.conventions.namespaces.application;
+  const context = {
+    name,
+    testNamespace,
+    applicationNamespace,
+    ...options
+  };
+  if (testTypes.includes("unit")) {
+    const content = Handlebars2.compile(validatorTestTemplate)(context);
+    const testPath = path10.join(structure.root, "Tests", "Unit", "Validators", `${name}ValidatorTests.cs`);
+    validatePathSecurity(testPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(testPath));
+      await writeText(testPath, content);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, testPath),
+      content,
+      type: "created"
+    });
+  }
+  result.instructions.push(`Add package reference: <PackageReference Include="FluentValidation.TestHelper" Version="11.*" />`);
+}
+async function scaffoldRepositoryTests(name, options, testTypes, structure, config, result, dryRun) {
+  const testNamespace = `${config.conventions.namespaces.application}.Tests`;
+  const infrastructureNamespace = config.conventions.namespaces.infrastructure;
+  const domainNamespace = config.conventions.namespaces.domain;
+  const context = {
+    name,
+    testNamespace,
+    infrastructureNamespace,
+    domainNamespace,
+    ...options
+  };
+  if (testTypes.includes("integration")) {
+    const content = Handlebars2.compile(repositoryTestTemplate)(context);
+    const testPath = path10.join(structure.root, "Tests", "Integration", "Repositories", `${name}RepositoryTests.cs`);
+    validatePathSecurity(testPath, structure.root);
+    if (!dryRun) {
+      await ensureDirectory(path10.dirname(testPath));
+      await writeText(testPath, content);
+    }
+    result.files.push({
+      path: path10.relative(structure.root, testPath),
+      content,
+      type: "created"
+    });
+  }
+  result.instructions.push(`Add package reference: <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.*" />`);
+}
+function formatTestResult(result, _target, name, dryRun) {
+  const lines = [];
+  lines.push(`# Scaffold Tests: ${name}`);
+  lines.push("");
+  if (dryRun) {
+    lines.push("> **DRY RUN MODE** - No files were written");
+    lines.push("");
+  }
+  if (!result.success) {
+    lines.push("## Error");
+    lines.push("");
+    lines.push(result.instructions.join("\n"));
+    return lines.join("\n");
+  }
+  lines.push(`## Generated Test Files (${result.files.length})`);
+  lines.push("");
+  for (const file of result.files) {
+    lines.push(`### \`${file.path}\``);
+    lines.push("");
+    lines.push("```csharp");
+    lines.push(file.content);
+    lines.push("```");
+    lines.push("");
+  }
+  if (result.instructions.length > 0) {
+    lines.push("## Next Steps");
+    lines.push("");
+    for (const instruction of result.instructions) {
+      lines.push(`- ${instruction}`);
+    }
+    lines.push("");
+  }
+  lines.push("## Test Conventions Applied");
+  lines.push("");
+  lines.push("- **Naming**: `{MethodName}_When{Condition}_Should{ExpectedResult}`");
+  lines.push("- **Pattern**: AAA (Arrange-Act-Assert)");
+  lines.push("- **Assertions**: FluentAssertions (`.Should()`)");
+  lines.push("- **Mocking**: Moq (`Mock<T>`)");
+  lines.push("");
+  return lines.join("\n");
+}
+
+// src/tools/analyze-test-coverage.ts
+import path11 from "path";
+var analyzeTestCoverageTool = {
+  name: "analyze_test_coverage",
+  description: "Analyze test coverage for a SmartStack project. Identifies entities, services, and controllers without tests, calculates coverage ratios, and provides recommendations.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      path: {
+        type: "string",
+        description: "Project path to analyze (default: configured SmartStack path)"
+      },
+      scope: {
+        type: "string",
+        enum: ["entity", "service", "controller", "all"],
+        default: "all",
+        description: "Scope of analysis"
+      },
+      outputFormat: {
+        type: "string",
+        enum: ["summary", "detailed", "json"],
+        default: "summary",
+        description: "Output format"
+      },
+      includeRecommendations: {
+        type: "boolean",
+        default: true,
+        description: "Include recommendations for missing tests"
+      }
+    }
+  }
+};
+async function handleAnalyzeTestCoverage(args, config) {
+  const input = AnalyzeTestCoverageInputSchema.parse(args);
+  const projectPath = input.path || config.smartstack.projectPath;
+  logger.info("Analyzing test coverage", { projectPath, scope: input.scope });
+  const structure = await findSmartStackStructure(projectPath);
+  const result = {
+    summary: { total: 0, tested: 0, coverage: 0 },
+    entities: { total: 0, tested: 0, coverage: 0, items: [], missingTests: [] },
+    services: { total: 0, tested: 0, coverage: 0, items: [], missingTests: [] },
+    controllers: { total: 0, tested: 0, coverage: 0, items: [], missingTests: [] },
+    missing: [],
+    recommendations: []
+  };
+  try {
+    if (input.scope === "all" || input.scope === "entity") {
+      await analyzeEntityCoverage(structure, result);
+    }
+    if (input.scope === "all" || input.scope === "service") {
+      await analyzeServiceCoverage(structure, result);
+    }
+    if (input.scope === "all" || input.scope === "controller") {
+      await analyzeControllerCoverage(structure, result);
+    }
+    result.summary.total = result.entities.total + result.services.total + result.controllers.total;
+    result.summary.tested = result.entities.tested + result.services.tested + result.controllers.tested;
+    result.summary.coverage = result.summary.total > 0 ? Math.round(result.summary.tested / result.summary.total * 100) : 0;
+    if (input.includeRecommendations) {
+      generateRecommendations(result);
+    }
+  } catch (error) {
+    logger.error("Error analyzing test coverage", error);
+    return `Error: ${error instanceof Error ? error.message : String(error)}`;
+  }
+  return formatCoverageResult(result, input.outputFormat);
+}
+async function analyzeEntityCoverage(structure, result) {
+  if (!structure.domain) {
+    result.recommendations.push("Domain layer not found - cannot analyze entity coverage");
+    return;
+  }
+  const entityFiles = await findFiles("**/*.cs", { cwd: structure.domain });
+  const entityNames = extractComponentNames(entityFiles, ["Entity", "Aggregate"]);
+  const testPath = path11.join(structure.root, "Tests", "Unit", "Domain");
+  let testFiles = [];
+  try {
+    testFiles = await findFiles("**/*Tests.cs", { cwd: testPath });
+  } catch {
+  }
+  const testedEntities = extractTestedNames(testFiles);
+  result.entities.total = entityNames.length;
+  result.entities.items = entityNames;
+  result.entities.tested = entityNames.filter((e) => testedEntities.includes(e)).length;
+  result.entities.coverage = result.entities.total > 0 ? Math.round(result.entities.tested / result.entities.total * 100) : 0;
+  result.entities.missingTests = entityNames.filter((e) => !testedEntities.includes(e));
+  for (const name of result.entities.missingTests) {
+    result.missing.push({
+      name,
+      type: "entity",
+      priority: determinePriority(name, "entity"),
+      recommendation: `Create unit tests for ${name} entity (factory methods, soft delete, audit trail)`,
+      suggestedTestFile: `Tests/Unit/Domain/${name}Tests.cs`
+    });
+  }
+}
+async function analyzeServiceCoverage(structure, result) {
+  if (!structure.application) {
+    result.recommendations.push("Application layer not found - cannot analyze service coverage");
+    return;
+  }
+  const serviceFiles = await findFiles("**/I*Service.cs", { cwd: structure.application });
+  const serviceNames = serviceFiles.map((f) => {
+    const basename = path11.basename(f, ".cs");
+    return basename.startsWith("I") ? basename.slice(1) : basename;
+  }).filter((n) => n.endsWith("Service")).map((n) => n.replace(/Service$/, ""));
+  const testPath = path11.join(structure.root, "Tests", "Unit", "Services");
+  let testFiles = [];
+  try {
+    testFiles = await findFiles("**/*ServiceTests.cs", { cwd: testPath });
+  } catch {
+  }
+  const testedServices = testFiles.map((f) => {
+    const basename = path11.basename(f, ".cs");
+    return basename.replace(/ServiceTests$/, "");
+  });
+  result.services.total = serviceNames.length;
+  result.services.items = serviceNames;
+  result.services.tested = serviceNames.filter((s) => testedServices.includes(s)).length;
+  result.services.coverage = result.services.total > 0 ? Math.round(result.services.tested / result.services.total * 100) : 0;
+  result.services.missingTests = serviceNames.filter((s) => !testedServices.includes(s));
+  for (const name of result.services.missingTests) {
+    result.missing.push({
+      name,
+      type: "service",
+      priority: determinePriority(name, "service"),
+      recommendation: `Create unit tests for ${name}Service (CRUD operations, business logic, error handling)`,
+      suggestedTestFile: `Tests/Unit/Services/${name}ServiceTests.cs`
+    });
+  }
+}
+async function analyzeControllerCoverage(structure, result) {
+  if (!structure.api) {
+    result.recommendations.push("API layer not found - cannot analyze controller coverage");
+    return;
+  }
+  const controllerFiles = await findFiles("**/*Controller.cs", { cwd: structure.api });
+  const controllerNames = controllerFiles.map((f) => {
+    const basename = path11.basename(f, ".cs");
+    return basename.replace(/Controller$/, "");
+  }).filter((n) => n !== "Base");
+  const testPath = path11.join(structure.root, "Tests", "Integration", "Controllers");
+  let testFiles = [];
+  try {
+    testFiles = await findFiles("**/*ControllerTests.cs", { cwd: testPath });
+  } catch {
+  }
+  const testedControllers = testFiles.map((f) => {
+    const basename = path11.basename(f, ".cs");
+    return basename.replace(/ControllerTests$/, "");
+  });
+  result.controllers.total = controllerNames.length;
+  result.controllers.items = controllerNames;
+  result.controllers.tested = controllerNames.filter((c) => testedControllers.includes(c)).length;
+  result.controllers.coverage = result.controllers.total > 0 ? Math.round(result.controllers.tested / result.controllers.total * 100) : 0;
+  result.controllers.missingTests = controllerNames.filter((c) => !testedControllers.includes(c));
+  for (const name of result.controllers.missingTests) {
+    result.missing.push({
+      name,
+      type: "controller",
+      priority: determinePriority(name, "controller"),
+      recommendation: `Create integration tests for ${name}Controller (HTTP status codes, authorization, validation)`,
+      suggestedTestFile: `Tests/Integration/Controllers/${name}ControllerTests.cs`
+    });
+  }
+}
+function extractComponentNames(files, excludeSuffixes = []) {
+  return files.map((f) => path11.basename(f, ".cs")).filter((name) => {
+    const excludePatterns = [
+      "Configuration",
+      "Extensions",
+      "Handler",
+      "Specification",
+      "Repository",
+      "Service",
+      "Controller",
+      "Dto",
+      "Validator",
+      ...excludeSuffixes
+    ];
+    return !excludePatterns.some((pattern) => name.endsWith(pattern));
+  }).filter((name) => !name.startsWith("I")).filter((name) => !name.startsWith("Base"));
+}
+function extractTestedNames(testFiles) {
+  return testFiles.map((f) => {
+    const basename = path11.basename(f, ".cs");
+    return basename.replace(/Tests$/, "");
+  });
+}
+function determinePriority(name, type) {
+  const criticalPatterns = ["User", "Auth", "Payment", "Order", "Tenant", "Security", "Permission", "Role"];
+  const highPatterns = ["Account", "Invoice", "Transaction", "Session", "Token", "Subscription"];
+  const nameLower = name.toLowerCase();
+  if (criticalPatterns.some((p) => nameLower.includes(p.toLowerCase()))) {
+    return "critical";
+  }
+  if (highPatterns.some((p) => nameLower.includes(p.toLowerCase()))) {
+    return "high";
+  }
+  if (type === "controller") {
+    return "high";
+  }
+  if (type === "service") {
+    return "medium";
+  }
+  return "medium";
+}
+function generateRecommendations(result) {
+  if (result.summary.coverage < 50) {
+    result.recommendations.push("CRITICAL: Overall test coverage is below 50%. Prioritize adding tests for critical components.");
+  } else if (result.summary.coverage < 80) {
+    result.recommendations.push("Test coverage is below recommended 80% threshold. Consider adding more tests.");
+  }
+  if (result.entities.coverage < 60) {
+    result.recommendations.push(`Entity coverage (${result.entities.coverage}%) is low. Focus on testing factory methods, soft delete, and audit trails.`);
+  }
+  if (result.services.coverage < 70) {
+    result.recommendations.push(`Service coverage (${result.services.coverage}%) is low. Ensure CRUD operations and business logic are tested.`);
+  }
+  if (result.controllers.coverage < 80) {
+    result.recommendations.push(`Controller coverage (${result.controllers.coverage}%) is low. Add integration tests for HTTP endpoints.`);
+  }
+  const criticalMissing = result.missing.filter((m) => m.priority === "critical");
+  if (criticalMissing.length > 0) {
+    result.recommendations.push(`${criticalMissing.length} CRITICAL component(s) have no tests: ${criticalMissing.map((m) => m.name).join(", ")}`);
+  }
+  const securityComponents = result.missing.filter(
+    (m) => m.name.toLowerCase().includes("auth") || m.name.toLowerCase().includes("security") || m.name.toLowerCase().includes("permission")
+  );
+  if (securityComponents.length > 0) {
+    result.recommendations.push(`Security-sensitive components without tests: ${securityComponents.map((m) => m.name).join(", ")}. Add security tests immediately.`);
+  }
+}
+function formatCoverageResult(result, format) {
+  if (format === "json") {
+    return JSON.stringify(result, null, 2);
+  }
+  const lines = [];
+  lines.push("# Test Coverage Analysis");
+  lines.push("");
+  const coverageEmoji = result.summary.coverage >= 80 ? "\u2705" : result.summary.coverage >= 50 ? "\u26A0\uFE0F" : "\u274C";
+  lines.push("## Summary");
+  lines.push("");
+  lines.push(`| Metric | Value |`);
+  lines.push(`|--------|-------|`);
+  lines.push(`| **Overall Coverage** | ${coverageEmoji} ${result.summary.coverage}% (${result.summary.tested}/${result.summary.total}) |`);
+  lines.push(`| Entities | ${formatCoverageCell(result.entities)} |`);
+  lines.push(`| Services | ${formatCoverageCell(result.services)} |`);
+  lines.push(`| Controllers | ${formatCoverageCell(result.controllers)} |`);
+  lines.push("");
+  if (format === "detailed") {
+    if (result.entities.missingTests.length > 0) {
+      lines.push("## Missing Entity Tests");
+      lines.push("");
+      for (const name of result.entities.missingTests) {
+        lines.push(`- [ ] ${name}`);
+      }
+      lines.push("");
+    }
+    if (result.services.missingTests.length > 0) {
+      lines.push("## Missing Service Tests");
+      lines.push("");
+      for (const name of result.services.missingTests) {
+        lines.push(`- [ ] ${name}Service`);
+      }
+      lines.push("");
+    }
+    if (result.controllers.missingTests.length > 0) {
+      lines.push("## Missing Controller Tests");
+      lines.push("");
+      for (const name of result.controllers.missingTests) {
+        lines.push(`- [ ] ${name}Controller`);
+      }
+      lines.push("");
+    }
+  }
+  if (result.missing.length > 0) {
+    lines.push("## Missing Tests (By Priority)");
+    lines.push("");
+    const priorities = ["critical", "high", "medium", "low"];
+    for (const priority of priorities) {
+      const items = result.missing.filter((m) => m.priority === priority);
+      if (items.length > 0) {
+        const emoji = priority === "critical" ? "\u{1F534}" : priority === "high" ? "\u{1F7E0}" : priority === "medium" ? "\u{1F7E1}" : "\u{1F7E2}";
+        lines.push(`### ${emoji} ${priority.charAt(0).toUpperCase() + priority.slice(1)} Priority`);
+        lines.push("");
+        lines.push("| Component | Type | Suggested Test File |");
+        lines.push("|-----------|------|---------------------|");
+        for (const item of items) {
+          lines.push(`| ${item.name} | ${item.type} | \`${item.suggestedTestFile}\` |`);
+        }
+        lines.push("");
+      }
+    }
+  }
+  if (result.recommendations.length > 0) {
+    lines.push("## Recommendations");
+    lines.push("");
+    for (const rec of result.recommendations) {
+      const emoji = rec.includes("CRITICAL") ? "\u{1F534}" : rec.includes("low") ? "\u26A0\uFE0F" : "\u{1F4A1}";
+      lines.push(`${emoji} ${rec}`);
+      lines.push("");
+    }
+  }
+  lines.push("## Quick Actions");
+  lines.push("");
+  lines.push("Generate tests for missing components using:");
+  lines.push("");
+  if (result.missing.length > 0) {
+    const firstMissing = result.missing[0];
+    lines.push("```");
+    lines.push(`scaffold_tests(target: "${firstMissing.type}", name: "${firstMissing.name}")`);
+    lines.push("```");
+  }
+  lines.push("");
+  return lines.join("\n");
+}
+function formatCoverageCell(category) {
+  const emoji = category.coverage >= 80 ? "\u2705" : category.coverage >= 50 ? "\u26A0\uFE0F" : "\u274C";
+  return `${emoji} ${category.coverage}% (${category.tested}/${category.total})`;
+}
+
+// src/tools/validate-test-conventions.ts
+import path12 from "path";
+var validateTestConventionsTool = {
+  name: "validate_test_conventions",
+  description: "Validate that tests in a SmartStack project follow conventions: naming ({Method}_When{Condition}_Should{Result}), structure (Tests/Unit, Tests/Integration), patterns (AAA), assertions (FluentAssertions), and mocking (Moq).",
+  inputSchema: {
+    type: "object",
+    properties: {
+      path: {
+        type: "string",
+        description: "Project path to validate (default: configured SmartStack path)"
+      },
+      checks: {
+        type: "array",
+        items: {
+          type: "string",
+          enum: ["naming", "structure", "patterns", "assertions", "mocking", "all"]
+        },
+        default: ["all"],
+        description: "Types of convention checks to perform"
+      },
+      autoFix: {
+        type: "boolean",
+        default: false,
+        description: "Automatically fix minor issues (naming only)"
+      }
+    }
+  }
+};
+var PATTERNS = {
+  // Test method naming: MethodName_WhenCondition_ShouldExpectedResult
+  testMethodNaming: /^(\w+)_When(\w+)_Should(\w+)$/,
+  // Alternative valid patterns
+  testMethodNamingAlt: /^(\w+)_Should(\w+)_When(\w+)$/,
+  // Fact/Theory attributes
+  factAttribute: /\[Fact\]/,
+  theoryAttribute: /\[Theory\]/,
+  // AAA pattern comments
+  arrangeComment: /\/\/\s*Arrange/i,
+  actComment: /\/\/\s*Act/i,
+  assertComment: /\/\/\s*Assert/i,
+  // FluentAssertions
+  fluentAssertions: /\.Should\(\)/,
+  // Moq
+  moqUsage: /new Mock<|Mock<\w+>/,
+  moqSetup: /\.Setup\(|\.Verify\(/,
+  // Test class naming
+  testClassNaming: /public class (\w+)Tests/,
+  // xUnit patterns
+  asyncTestMethod: /public async Task (\w+)/,
+  syncTestMethod: /public void (\w+)/
+};
+async function handleValidateTestConventions(args, config) {
+  const input = ValidateTestConventionsInputSchema.parse(args);
+  const projectPath = input.path || config.smartstack.projectPath;
+  const checks = input.checks.includes("all") ? ["naming", "structure", "patterns", "assertions", "mocking"] : input.checks;
+  logger.info("Validating test conventions", { projectPath, checks });
+  const structure = await findSmartStackStructure(projectPath);
+  const result = {
+    valid: true,
+    violations: [],
+    suggestions: [],
+    autoFixedCount: 0
+  };
+  const testsPath = path12.join(structure.root, "Tests");
+  try {
+    let testFiles = [];
+    try {
+      testFiles = await findFiles("**/*Tests.cs", { cwd: testsPath });
+    } catch {
+      result.suggestions.push("No Tests directory found. Create a Tests project with Unit and Integration subdirectories.");
+      return formatValidationResult(result);
+    }
+    if (testFiles.length === 0) {
+      result.suggestions.push("No test files found. Create test files following the pattern {ComponentName}Tests.cs");
+      return formatValidationResult(result);
+    }
+    if (checks.includes("structure")) {
+      await validateStructure(testsPath, testFiles, result);
+    }
+    for (const testFile of testFiles) {
+      const fullPath = path12.join(testsPath, testFile);
+      const content = await readText(fullPath);
+      if (checks.includes("naming")) {
+        validateNaming(testFile, content, result, input.autoFix);
+      }
+      if (checks.includes("patterns")) {
+        validatePatterns(testFile, content, result);
+      }
+      if (checks.includes("assertions")) {
+        validateAssertions(testFile, content, result);
+      }
+      if (checks.includes("mocking")) {
+        validateMocking(testFile, content, result);
+      }
+    }
+    result.valid = result.violations.filter((v) => v.severity === "error").length === 0;
+  } catch (error) {
+    logger.error("Error validating test conventions", error);
+    return `Error: ${error instanceof Error ? error.message : String(error)}`;
+  }
+  return formatValidationResult(result);
+}
+async function validateStructure(testsPath, testFiles, result) {
+  const expectedDirs = ["Unit", "Integration"];
+  const foundDirs = /* @__PURE__ */ new Set();
+  for (const file of testFiles) {
+    const parts = file.split(path12.sep);
+    if (parts.length > 1) {
+      foundDirs.add(parts[0]);
+    }
+  }
+  for (const dir of expectedDirs) {
+    if (!foundDirs.has(dir)) {
+      result.violations.push({
+        type: "structure",
+        severity: "warning",
+        file: testsPath,
+        message: `Missing expected directory: Tests/${dir}`,
+        suggestion: `Create Tests/${dir} directory for ${dir.toLowerCase()} tests`,
+        autoFixable: false
+      });
+    }
+  }
+  const hasUnitDomain = testFiles.some((f) => f.includes(path12.join("Unit", "Domain")));
+  const hasIntegrationControllers = testFiles.some((f) => f.includes(path12.join("Integration", "Controllers")));
+  if (!hasUnitDomain && testFiles.some((f) => f.includes("Unit"))) {
+    result.suggestions.push("Consider organizing unit tests into subdirectories: Unit/Domain, Unit/Services, Unit/Validators");
+  }
+  if (!hasIntegrationControllers && testFiles.some((f) => f.includes("Integration"))) {
+    result.suggestions.push("Consider organizing integration tests into subdirectories: Integration/Controllers, Integration/Repositories");
+  }
+  const hasSecurityTests = testFiles.some((f) => f.includes("Security"));
+  if (!hasSecurityTests) {
+    result.suggestions.push("Consider adding a Tests/Security directory for security-focused tests");
+  }
+}
+function validateNaming(testFile, content, result, _autoFix) {
+  const classMatch = content.match(/public class (\w+)/);
+  if (classMatch) {
+    const className = classMatch[1];
+    if (!className.endsWith("Tests")) {
+      result.violations.push({
+        type: "naming",
+        severity: "error",
+        file: testFile,
+        message: `Test class '${className}' should end with 'Tests'`,
+        suggestion: `Rename to '${className}Tests'`,
+        autoFixable: true
+      });
+    }
+  }
+  const methodMatches = content.matchAll(/\[(Fact|Theory)\]\s*\n\s*public (?:async Task|void) (\w+)\(/g);
+  for (const match of methodMatches) {
+    const methodName = match[2];
+    const isValidName = PATTERNS.testMethodNaming.test(methodName) || PATTERNS.testMethodNamingAlt.test(methodName);
+    if (!isValidName) {
+      if (methodName.includes("Test") && !methodName.includes("_")) {
+        result.violations.push({
+          type: "naming",
+          severity: "warning",
+          file: testFile,
+          message: `Test method '${methodName}' doesn't follow naming convention`,
+          suggestion: `Rename to format: {Method}_When{Condition}_Should{Result} (e.g., GetById_WhenExists_ShouldReturnEntity)`,
+          autoFixable: false
+        });
+      } else if (!methodName.includes("_")) {
+        result.violations.push({
+          type: "naming",
+          severity: "warning",
+          file: testFile,
+          message: `Test method '${methodName}' should use underscores to separate parts`,
+          suggestion: `Use format: {Method}_When{Condition}_Should{Result}`,
+          autoFixable: false
+        });
+      }
+    }
+  }
+}
+function validatePatterns(testFile, content, result) {
+  const methodBlocks = content.matchAll(/\[(Fact|Theory)\][^\[]*?public (?:async Task|void) \w+\([^)]*\)\s*\{([^}]+)\}/gs);
+  for (const match of methodBlocks) {
+    const methodBody = match[2];
+    const hasArrange = PATTERNS.arrangeComment.test(methodBody);
+    const hasAct = PATTERNS.actComment.test(methodBody);
+    const hasAssert = PATTERNS.assertComment.test(methodBody);
+    if (!hasArrange && !hasAct && !hasAssert && methodBody.split("\n").length > 3) {
+      result.violations.push({
+        type: "pattern",
+        severity: "warning",
+        file: testFile,
+        message: "Test method missing AAA (Arrange-Act-Assert) comments",
+        suggestion: "Add // Arrange, // Act, // Assert comments to improve readability",
+        autoFixable: false
+      });
+      break;
+    }
+  }
+  const asyncMethods = content.matchAll(/public async Task (\w+)\([^)]*\)\s*\{([^}]+)\}/gs);
+  for (const match of asyncMethods) {
+    const methodName = match[1];
+    const methodBody = match[2];
+    if (!methodBody.includes("await")) {
+      result.violations.push({
+        type: "pattern",
+        severity: "warning",
+        file: testFile,
+        message: `Async test method '${methodName}' doesn't contain 'await'`,
+        suggestion: "Either add await or change to synchronous void method",
+        autoFixable: false
+      });
+    }
+  }
+}
+function validateAssertions(testFile, content, result) {
+  const hasFluentAssertions = PATTERNS.fluentAssertions.test(content);
+  const hasXunitAssert = /Assert\.\w+\(/.test(content);
+  if (hasXunitAssert && !hasFluentAssertions) {
+    result.violations.push({
+      type: "assertion",
+      severity: "warning",
+      file: testFile,
+      message: "Using xUnit Assert instead of FluentAssertions",
+      suggestion: "Replace Assert.Equal(expected, actual) with actual.Should().Be(expected)",
+      autoFixable: false
+    });
+  }
+  if (hasFluentAssertions) {
+    if (content.includes(".Should().NotBe(null)")) {
+      result.violations.push({
+        type: "assertion",
+        severity: "warning",
+        file: testFile,
+        message: "Use .Should().NotBeNull() instead of .Should().NotBe(null)",
+        suggestion: "Replace .Should().NotBe(null) with .Should().NotBeNull()",
+        autoFixable: true
+      });
+    }
+    if (content.includes(".Should().Throw<") && content.includes("async")) {
+      if (!content.includes(".Should().ThrowAsync<")) {
+        result.suggestions.push("Use .Should().ThrowAsync<T>() for async exception testing");
+      }
+    }
+  }
+  const methodBlocks = content.matchAll(/\[(Fact|Theory)\][^\[]*?public (?:async Task|void) (\w+)\([^)]*\)\s*\{([^}]+)\}/gs);
+  for (const match of methodBlocks) {
+    const methodName = match[2];
+    const methodBody = match[3];
+    const hasAssertion = methodBody.includes(".Should()") || methodBody.includes("Assert.") || methodBody.includes("Verify(") || methodBody.includes("VerifyAll()");
+    if (!hasAssertion) {
+      result.violations.push({
+        type: "assertion",
+        severity: "error",
+        file: testFile,
+        message: `Test method '${methodName}' has no assertions`,
+        suggestion: "Add at least one assertion to verify expected behavior",
+        autoFixable: false
+      });
+    }
+  }
+}
+function validateMocking(testFile, content, result) {
+  const hasMoq = PATTERNS.moqUsage.test(content);
+  if (hasMoq) {
+    if (content.includes("new Mock<") && !content.includes(".Setup(")) {
+      result.violations.push({
+        type: "mocking",
+        severity: "warning",
+        file: testFile,
+        message: "Mock objects created but no Setup() calls found",
+        suggestion: "Add .Setup() calls to define mock behavior",
+        autoFixable: false
+      });
+    }
+    const hasSetup = content.includes(".Setup(");
+    const hasVerify = content.includes(".Verify(") || content.includes(".VerifyAll()");
+    if (hasSetup && !hasVerify) {
+      result.suggestions.push(`Consider adding .Verify() calls in ${testFile} to verify mock interactions`);
+    }
+    if (content.includes("MockBehavior.Strict")) {
+      result.suggestions.push("Using MockBehavior.Strict - ensure all mock calls are set up");
+    }
+  }
+  if (testFile.includes("Controller")) {
+    if (!hasMoq && !content.includes("WebApplicationFactory")) {
+      result.violations.push({
+        type: "mocking",
+        severity: "warning",
+        file: testFile,
+        message: "Controller tests should use mocking or WebApplicationFactory",
+        suggestion: "Use Moq for unit tests or WebApplicationFactory for integration tests",
+        autoFixable: false
+      });
+    }
+  }
+}
+function formatValidationResult(result) {
+  const lines = [];
+  lines.push("# Test Convention Validation");
+  lines.push("");
+  const status = result.valid ? "\u2705 PASSED" : "\u274C FAILED";
+  const errorCount = result.violations.filter((v) => v.severity === "error").length;
+  const warningCount = result.violations.filter((v) => v.severity === "warning").length;
+  lines.push("## Summary");
+  lines.push("");
+  lines.push(`| Status | ${status} |`);
+  lines.push("|--------|----------|");
+  lines.push(`| Errors | ${errorCount} |`);
+  lines.push(`| Warnings | ${warningCount} |`);
+  if (result.autoFixedCount > 0) {
+    lines.push(`| Auto-fixed | ${result.autoFixedCount} |`);
+  }
+  lines.push("");
+  if (result.violations.length > 0) {
+    lines.push("## Violations");
+    lines.push("");
+    const byType = /* @__PURE__ */ new Map();
+    for (const v of result.violations) {
+      const existing = byType.get(v.type) || [];
+      existing.push(v);
+      byType.set(v.type, existing);
+    }
+    for (const [type, violations] of byType) {
+      lines.push(`### ${type.charAt(0).toUpperCase() + type.slice(1)} Violations`);
+      lines.push("");
+      for (const v of violations) {
+        const emoji = v.severity === "error" ? "\u274C" : "\u26A0\uFE0F";
+        lines.push(`${emoji} **${v.file}**`);
+        lines.push(`  - ${v.message}`);
+        lines.push(`  - \u{1F4A1} ${v.suggestion}`);
+        if (v.autoFixable) {
+          lines.push(`  - \u{1F527} Auto-fixable`);
+        }
+        lines.push("");
+      }
+    }
+  }
+  if (result.suggestions.length > 0) {
+    lines.push("## Suggestions");
+    lines.push("");
+    for (const suggestion of result.suggestions) {
+      lines.push(`\u{1F4A1} ${suggestion}`);
+      lines.push("");
+    }
+  }
+  lines.push("## SmartStack Test Conventions");
+  lines.push("");
+  lines.push("### Naming");
+  lines.push("- Files: `{ComponentName}Tests.cs`");
+  lines.push("- Classes: `{ComponentName}Tests`");
+  lines.push("- Methods: `{MethodName}_When{Condition}_Should{ExpectedResult}`");
+  lines.push("");
+  lines.push("### Structure");
+  lines.push("```");
+  lines.push("Tests/");
+  lines.push("\u251C\u2500\u2500 Unit/");
+  lines.push("\u2502   \u251C\u2500\u2500 Domain/");
+  lines.push("\u2502   \u251C\u2500\u2500 Services/");
+  lines.push("\u2502   \u2514\u2500\u2500 Validators/");
+  lines.push("\u251C\u2500\u2500 Integration/");
+  lines.push("\u2502   \u251C\u2500\u2500 Controllers/");
+  lines.push("\u2502   \u2514\u2500\u2500 Repositories/");
+  lines.push("\u2514\u2500\u2500 Security/");
+  lines.push("```");
+  lines.push("");
+  lines.push("### Pattern (AAA)");
+  lines.push("```csharp");
+  lines.push("[Fact]");
+  lines.push("public async Task GetById_WhenExists_ShouldReturnEntity()");
+  lines.push("{");
+  lines.push("    // Arrange");
+  lines.push("    var id = Guid.NewGuid();");
+  lines.push("");
+  lines.push("    // Act");
+  lines.push("    var result = await _sut.GetByIdAsync(id);");
+  lines.push("");
+  lines.push("    // Assert");
+  lines.push("    result.Should().NotBeNull();");
+  lines.push("}");
+  lines.push("```");
+  lines.push("");
+  return lines.join("\n");
+}
+
+// src/tools/suggest-test-scenarios.ts
+import path13 from "path";
+var suggestTestScenariosTool = {
+  name: "suggest_test_scenarios",
+  description: "Analyze source code and suggest test scenarios based on detected methods, parameters, and patterns. Generates comprehensive test case recommendations for SmartStack components.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      target: {
+        type: "string",
+        enum: ["entity", "service", "controller", "file"],
+        description: "Type of target to analyze"
+      },
+      name: {
+        type: "string",
+        description: "Component name or file path"
+      },
+      depth: {
+        type: "string",
+        enum: ["basic", "comprehensive", "security-focused"],
+        default: "comprehensive",
+        description: "Depth of analysis"
+      }
+    },
+    required: ["target", "name"]
+  }
+};
+var PATTERNS2 = {
+  // Method signatures
+  publicMethod: /public\s+(?:async\s+)?(?:Task<)?(\w+)>?\s+(\w+)\s*\(([^)]*)\)/g,
+  // Parameter extraction
+  parameter: /(?:(\w+)\s+)?(\w+)\s+(\w+)(?:\s*=\s*([^,)]+))?/g,
+  // Property
+  property: /public\s+(?:virtual\s+)?(\w+)\??\s+(\w+)\s*\{\s*get;/g,
+  // Validation attributes
+  validationAttribute: /\[(Required|MaxLength|MinLength|Range|EmailAddress|Phone|Url|RegularExpression)\s*(?:\(([^)]*)\))?\]/g,
+  // Entity patterns
+  baseEntity: /:\s*(?:BaseEntity|SystemEntity)/,
+  tenantEntity: /ITenantEntity/,
+  // Factory method
+  factoryMethod: /public\s+static\s+\w+\s+Create\s*\(/,
+  // Soft delete
+  softDelete: /public\s+void\s+SoftDelete/
+};
+async function handleSuggestTestScenarios(args, config) {
+  const input = SuggestTestScenariosInputSchema.parse(args);
+  logger.info("Suggesting test scenarios", { target: input.target, name: input.name, depth: input.depth });
+  const structure = await findSmartStackStructure(config.smartstack.projectPath);
+  const result = {
+    target: input.name,
+    targetType: input.target,
+    detectedMethods: [],
+    scenarios: [],
+    coverage: {
+      happyPath: 0,
+      validation: 0,
+      errorHandling: 0,
+      security: 0,
+      edgeCases: 0
+    }
+  };
+  try {
+    const sourceFile = await findSourceFile(input.target, input.name, structure, config);
+    if (!sourceFile) {
+      return `Error: Could not find ${input.target} '${input.name}'`;
+    }
+    const content = await readText(sourceFile);
+    result.detectedMethods = parseSourceCode(content);
+    result.scenarios = generateScenarios(
+      result.detectedMethods,
+      content,
+      input.target,
+      input.depth
+    );
+    calculateCoverageDistribution(result);
+  } catch (error) {
+    logger.error("Error suggesting test scenarios", error);
+    return `Error: ${error instanceof Error ? error.message : String(error)}`;
+  }
+  return formatScenariosResult(result, input.depth);
+}
+async function findSourceFile(target, name, structure, _config) {
+  let searchPath;
+  let pattern;
+  switch (target) {
+    case "entity":
+      searchPath = structure.domain || structure.root;
+      pattern = `**/${name}.cs`;
+      break;
+    case "service":
+      searchPath = structure.application || structure.root;
+      pattern = `**/${name}Service.cs`;
+      break;
+    case "controller":
+      searchPath = structure.api || structure.root;
+      pattern = `**/${name}Controller.cs`;
+      break;
+    case "file":
+      return path13.isAbsolute(name) ? name : path13.join(structure.root, name);
+    default:
+      return null;
+  }
+  const files = await findFiles(pattern, { cwd: searchPath });
+  if (files.length === 0) {
+    const altPattern = `**/*${name}*.cs`;
+    const altFiles = await findFiles(altPattern, { cwd: searchPath });
+    if (altFiles.length > 0) {
+      return path13.join(searchPath, altFiles[0]);
+    }
+    return null;
+  }
+  return path13.join(searchPath, files[0]);
+}
+function parseSourceCode(content) {
+  const methods = [];
+  PATTERNS2.publicMethod.lastIndex = 0;
+  let match;
+  while ((match = PATTERNS2.publicMethod.exec(content)) !== null) {
+    const returnType = match[1];
+    const methodName = match[2];
+    const parametersStr = match[3];
+    const parameters = [];
+    if (parametersStr.trim()) {
+      const params = parametersStr.split(",");
+      for (const param of params) {
+        const trimmed = param.trim();
+        if (trimmed) {
+          const parts = trimmed.split(/\s+/);
+          if (parts.length >= 2) {
+            parameters.push(`${parts[parts.length - 2]} ${parts[parts.length - 1]}`);
+          }
+        }
+      }
+    }
+    const isAsync = content.substring(Math.max(0, match.index - 20), match.index).includes("async");
+    const isPublic = content.substring(Math.max(0, match.index - 20), match.index).includes("public");
+    if (isPublic && !methodName.startsWith("get_") && !methodName.startsWith("set_")) {
+      methods.push({
+        name: methodName,
+        returnType,
+        parameters,
+        isAsync,
+        visibility: "public"
+      });
+    }
+  }
+  return methods;
+}
+function generateScenarios(methods, content, target, depth) {
+  const scenarios = [];
+  const isEntity = PATTERNS2.baseEntity.test(content);
+  const hasTenant = PATTERNS2.tenantEntity.test(content);
+  const hasFactoryMethod = PATTERNS2.factoryMethod.test(content);
+  const hasSoftDelete = PATTERNS2.softDelete.test(content);
+  for (const method of methods) {
+    const methodScenarios = generateMethodScenarios(
+      method,
+      { isEntity, hasTenant, hasFactoryMethod, hasSoftDelete },
+      target,
+      depth
+    );
+    scenarios.push(...methodScenarios);
+  }
+  if (isEntity && target === "entity") {
+    scenarios.push(...generateEntityScenarios(content, hasTenant, hasSoftDelete, depth));
+  }
+  if (depth !== "basic") {
+    scenarios.push(...generateSecurityScenarios(methods, hasTenant, target));
+  }
+  return scenarios;
+}
+function generateMethodScenarios(method, patterns, _target, depth) {
+  const scenarios = [];
+  const methodLower = method.name.toLowerCase();
+  scenarios.push({
+    methodName: method.name,
+    scenarioName: "Happy Path",
+    description: `Test ${method.name} with valid data`,
+    type: "happy-path",
+    priority: "critical",
+    testMethodName: `${method.name}_WhenValidData_ShouldSucceed`,
+    assertions: generateAssertions(method, "happy-path")
+  });
+  if (methodLower.includes("getbyid") || methodLower.includes("get")) {
+    scenarios.push({
+      methodName: method.name,
+      scenarioName: "Not Found",
+      description: `Test ${method.name} when entity does not exist`,
+      type: "error-handling",
+      priority: "high",
+      testMethodName: `${method.name}_WhenNotExists_ShouldReturnNull`,
+      assertions: ["result.Should().BeNull()"]
+    });
+  }
+  if (methodLower.includes("create") || methodLower.includes("add")) {
+    scenarios.push({
+      methodName: method.name,
+      scenarioName: "Validation Failure",
+      description: `Test ${method.name} with invalid data`,
+      type: "validation",
+      priority: "high",
+      testMethodName: `${method.name}_WhenInvalidData_ShouldThrow`,
+      assertions: ["act.Should().ThrowAsync<ValidationException>()"]
+    });
+    if (patterns.hasTenant) {
+      scenarios.push({
+        methodName: method.name,
+        scenarioName: "Missing Tenant",
+        description: `Test ${method.name} without tenant context`,
+        type: "security",
+        priority: "critical",
+        testMethodName: `${method.name}_WhenNoTenant_ShouldThrow`,
+        assertions: ["act.Should().ThrowAsync<ArgumentException>()"]
+      });
+    }
+  }
+  if (methodLower.includes("update")) {
+    scenarios.push({
+      methodName: method.name,
+      scenarioName: "Not Found",
+      description: `Test ${method.name} when entity does not exist`,
+      type: "error-handling",
+      priority: "high",
+      testMethodName: `${method.name}_WhenNotExists_ShouldThrow`,
+      assertions: ["act.Should().ThrowAsync<InvalidOperationException>()"]
+    });
+    if (depth !== "basic") {
+      scenarios.push({
+        methodName: method.name,
+        scenarioName: "Concurrent Update",
+        description: `Test ${method.name} with concurrent modification`,
+        type: "edge-case",
+        priority: "medium",
+        testMethodName: `${method.name}_WhenConcurrentUpdate_ShouldHandleConflict`,
+        assertions: ["Should handle DbUpdateConcurrencyException"]
+      });
+    }
+  }
+  if (methodLower.includes("delete")) {
+    scenarios.push({
+      methodName: method.name,
+      scenarioName: "Not Found",
+      description: `Test ${method.name} when entity does not exist`,
+      type: "error-handling",
+      priority: "high",
+      testMethodName: `${method.name}_WhenNotExists_ShouldReturnFalse`,
+      assertions: ["result.Should().BeFalse()"]
+    });
+    if (patterns.hasSoftDelete) {
+      scenarios.push({
+        methodName: method.name,
+        scenarioName: "Soft Delete",
+        description: `Verify ${method.name} performs soft delete`,
+        type: "happy-path",
+        priority: "high",
+        testMethodName: `${method.name}_WhenCalled_ShouldSoftDelete`,
+        assertions: ["entity.IsDeleted.Should().BeTrue()", "entity.DeletedAt.Should().NotBeNull()"]
+      });
+    }
+  }
+  if (method.isAsync && depth !== "basic") {
+    scenarios.push({
+      methodName: method.name,
+      scenarioName: "Cancellation",
+      description: `Test ${method.name} with cancellation token`,
+      type: "edge-case",
+      priority: "low",
+      testMethodName: `${method.name}_WhenCancelled_ShouldThrowOperationCancelled`,
+      assertions: ["act.Should().ThrowAsync<OperationCanceledException>()"]
+    });
+  }
+  return scenarios;
+}
+function generateEntityScenarios(content, hasTenant, hasSoftDelete, depth) {
+  const scenarios = [];
+  if (PATTERNS2.factoryMethod.test(content)) {
+    scenarios.push({
+      methodName: "Create",
+      scenarioName: "Factory Method",
+      description: "Test entity creation via factory method",
+      type: "happy-path",
+      priority: "critical",
+      testMethodName: "Create_WhenValidData_ShouldCreateEntity",
+      assertions: [
+        "entity.Should().NotBeNull()",
+        "entity.Id.Should().NotBeEmpty()",
+        "entity.CreatedAt.Should().BeCloseTo(DateTime.UtcNow)"
+      ]
+    });
+    if (hasTenant) {
+      scenarios.push({
+        methodName: "Create",
+        scenarioName: "Invalid Tenant",
+        description: "Test entity creation with empty tenant ID",
+        type: "validation",
+        priority: "critical",
+        testMethodName: "Create_WhenEmptyTenantId_ShouldThrow",
+        assertions: ["act.Should().Throw<ArgumentException>()"]
+      });
+    }
+  }
+  if (hasSoftDelete) {
+    scenarios.push({
+      methodName: "SoftDelete",
+      scenarioName: "Soft Delete",
+      description: "Test soft delete sets IsDeleted and DeletedAt",
+      type: "happy-path",
+      priority: "high",
+      testMethodName: "SoftDelete_WhenCalled_ShouldSetDeletedFields",
+      assertions: [
+        "entity.IsDeleted.Should().BeTrue()",
+        "entity.DeletedAt.Should().NotBeNull()",
+        "entity.DeletedBy.Should().Be(deletedBy)"
+      ]
+    });
+    if (depth !== "basic") {
+      scenarios.push({
+        methodName: "Restore",
+        scenarioName: "Restore After Delete",
+        description: "Test restoring a soft-deleted entity",
+        type: "happy-path",
+        priority: "medium",
+        testMethodName: "Restore_WhenSoftDeleted_ShouldClearDeletedFields",
+        assertions: [
+          "entity.IsDeleted.Should().BeFalse()",
+          "entity.DeletedAt.Should().BeNull()"
+        ]
+      });
+    }
+  }
+  if (depth !== "basic") {
+    scenarios.push({
+      methodName: "Update",
+      scenarioName: "Audit Trail",
+      description: "Test that Update sets audit fields",
+      type: "happy-path",
+      priority: "medium",
+      testMethodName: "Update_WhenCalled_ShouldSetAuditFields",
+      assertions: [
+        "entity.UpdatedAt.Should().NotBeNull()",
+        "entity.UpdatedBy.Should().Be(updatedBy)",
+        "entity.CreatedAt.Should().Be(originalCreatedAt)"
+      ]
+    });
+  }
+  return scenarios;
+}
+function generateSecurityScenarios(_methods, hasTenant, _target) {
+  const scenarios = [];
+  if (hasTenant) {
+    scenarios.push({
+      methodName: "TenantIsolation",
+      scenarioName: "Cross-Tenant Access",
+      description: "Test that entities from other tenants are not accessible",
+      type: "security",
+      priority: "critical",
+      testMethodName: "GetById_WhenDifferentTenant_ShouldReturnNull",
+      assertions: ["result.Should().BeNull()"]
+    });
+  }
+  if (_target === "controller") {
+    scenarios.push({
+      methodName: "Authorization",
+      scenarioName: "Unauthorized Access",
+      description: "Test that unauthorized requests are rejected",
+      type: "security",
+      priority: "critical",
+      testMethodName: "GetAll_WhenUnauthorized_ShouldReturn401",
+      assertions: ["response.StatusCode.Should().Be(HttpStatusCode.Unauthorized)"]
+    });
+    scenarios.push({
+      methodName: "InputValidation",
+      scenarioName: "SQL Injection",
+      description: "Test that SQL injection attempts are handled",
+      type: "security",
+      priority: "high",
+      testMethodName: "Create_WhenSqlInjectionAttempt_ShouldSanitize",
+      assertions: ["Should not execute malicious SQL"]
+    });
+    scenarios.push({
+      methodName: "InputValidation",
+      scenarioName: "XSS Prevention",
+      description: "Test that XSS attempts are handled",
+      type: "security",
+      priority: "high",
+      testMethodName: "Create_WhenXssAttempt_ShouldSanitize",
+      assertions: ["Should not store or return script tags"]
+    });
+  }
+  return scenarios;
+}
+function generateAssertions(method, type) {
+  const assertions = [];
+  if (type === "happy-path") {
+    if (method.returnType === "void" || method.returnType === "Task") {
+      assertions.push("Should complete without exception");
+    } else if (method.returnType.includes("bool") || method.returnType === "Boolean") {
+      assertions.push("result.Should().BeTrue()");
+    } else {
+      assertions.push("result.Should().NotBeNull()");
+    }
+  }
+  return assertions;
+}
+function calculateCoverageDistribution(result) {
+  const total = result.scenarios.length;
+  if (total === 0) return;
+  const counts = {
+    happyPath: result.scenarios.filter((s) => s.type === "happy-path").length,
+    validation: result.scenarios.filter((s) => s.type === "validation").length,
+    errorHandling: result.scenarios.filter((s) => s.type === "error-handling").length,
+    security: result.scenarios.filter((s) => s.type === "security").length,
+    edgeCases: result.scenarios.filter((s) => s.type === "edge-case" || s.type === "performance").length
+  };
+  result.coverage = {
+    happyPath: Math.round(counts.happyPath / total * 100),
+    validation: Math.round(counts.validation / total * 100),
+    errorHandling: Math.round(counts.errorHandling / total * 100),
+    security: Math.round(counts.security / total * 100),
+    edgeCases: Math.round(counts.edgeCases / total * 100)
+  };
+}
+function formatScenariosResult(result, depth) {
+  const lines = [];
+  lines.push(`# Test Scenarios for ${result.target}`);
+  lines.push("");
+  lines.push(`> Analysis depth: **${depth}**`);
+  lines.push("");
+  if (result.detectedMethods.length > 0) {
+    lines.push("## Detected Methods");
+    lines.push("");
+    lines.push("| Method | Return Type | Parameters | Async |");
+    lines.push("|--------|-------------|------------|-------|");
+    for (const method of result.detectedMethods) {
+      const params = method.parameters.length > 0 ? method.parameters.join(", ") : "none";
+      lines.push(`| ${method.name} | ${method.returnType} | ${params} | ${method.isAsync ? "Yes" : "No"} |`);
+    }
+    lines.push("");
+  }
+  lines.push("## Scenario Coverage Distribution");
+  lines.push("");
+  lines.push("```");
+  lines.push(`Happy Path:     ${"\u2588".repeat(Math.floor(result.coverage.happyPath / 5))}${"\u2591".repeat(20 - Math.floor(result.coverage.happyPath / 5))} ${result.coverage.happyPath}%`);
+  lines.push(`Validation:     ${"\u2588".repeat(Math.floor(result.coverage.validation / 5))}${"\u2591".repeat(20 - Math.floor(result.coverage.validation / 5))} ${result.coverage.validation}%`);
+  lines.push(`Error Handling: ${"\u2588".repeat(Math.floor(result.coverage.errorHandling / 5))}${"\u2591".repeat(20 - Math.floor(result.coverage.errorHandling / 5))} ${result.coverage.errorHandling}%`);
+  lines.push(`Security:       ${"\u2588".repeat(Math.floor(result.coverage.security / 5))}${"\u2591".repeat(20 - Math.floor(result.coverage.security / 5))} ${result.coverage.security}%`);
+  lines.push(`Edge Cases:     ${"\u2588".repeat(Math.floor(result.coverage.edgeCases / 5))}${"\u2591".repeat(20 - Math.floor(result.coverage.edgeCases / 5))} ${result.coverage.edgeCases}%`);
+  lines.push("```");
+  lines.push("");
+  lines.push("## Suggested Test Scenarios");
+  lines.push("");
+  const priorities = ["critical", "high", "medium", "low"];
+  for (const priority of priorities) {
+    const scenarios = result.scenarios.filter((s) => s.priority === priority);
+    if (scenarios.length === 0) continue;
+    const emoji = priority === "critical" ? "\u{1F534}" : priority === "high" ? "\u{1F7E0}" : priority === "medium" ? "\u{1F7E1}" : "\u{1F7E2}";
+    lines.push(`### ${emoji} ${priority.charAt(0).toUpperCase() + priority.slice(1)} Priority`);
+    lines.push("");
+    for (const scenario of scenarios) {
+      const typeEmoji = getTypeEmoji(scenario.type);
+      lines.push(`#### ${typeEmoji} ${scenario.methodName} - ${scenario.scenarioName}`);
+      lines.push("");
+      lines.push(`**Description:** ${scenario.description}`);
+      lines.push("");
+      lines.push(`**Test Method:** \`${scenario.testMethodName}\``);
+      lines.push("");
+      if (scenario.assertions.length > 0) {
+        lines.push("**Assertions:**");
+        for (const assertion of scenario.assertions) {
+          lines.push(`- \`${assertion}\``);
+        }
+        lines.push("");
+      }
+    }
+  }
+  lines.push("## Quick Test Generation");
+  lines.push("");
+  lines.push("Generate tests for this component:");
+  lines.push("");
+  lines.push("```");
+  lines.push(`scaffold_tests(target: "${result.targetType}", name: "${result.target}", testTypes: ["unit", "security"])`);
+  lines.push("```");
+  lines.push("");
+  return lines.join("\n");
+}
+function getTypeEmoji(type) {
+  switch (type) {
+    case "happy-path":
+      return "\u2705";
+    case "validation":
+      return "\u{1F50D}";
+    case "error-handling":
+      return "\u26A0\uFE0F";
+    case "security":
+      return "\u{1F512}";
+    case "edge-case":
+      return "\u{1F9EA}";
+    case "performance":
+      return "\u26A1";
+    default:
+      return "\u{1F4CB}";
+  }
+}
+
+// src/tools/scaffold-api-client.ts
+import path14 from "path";
+var scaffoldApiClientTool = {
+  name: "scaffold_api_client",
+  description: `Generate TypeScript API client with NavRoute integration.
+
+Creates:
+- Type-safe API service with CRUD methods
+- TypeScript interfaces for request/response
+- React Query hook (optional)
+- Integration with navRoutes.generated.ts registry
+
+Example:
+  scaffold_api_client navRoute="platform.administration.users" name="User"
+
+The generated client automatically resolves the API path from the NavRoute registry,
+ensuring frontend routes stay synchronized with backend NavRoute attributes.`,
+  inputSchema: {
+    type: "object",
+    properties: {
+      navRoute: {
+        type: "string",
+        description: 'NavRoute path (e.g., "platform.administration.users")'
+      },
+      name: {
+        type: "string",
+        description: 'Entity name in PascalCase (e.g., "User", "Order")'
+      },
+      methods: {
+        type: "array",
+        items: {
+          type: "string",
+          enum: ["getAll", "getById", "create", "update", "delete", "search", "export"]
+        },
+        default: ["getAll", "getById", "create", "update", "delete"],
+        description: "API methods to generate"
+      },
+      options: {
+        type: "object",
+        properties: {
+          outputPath: { type: "string", description: "Custom output path" },
+          includeTypes: { type: "boolean", default: true, description: "Generate TypeScript types" },
+          includeHook: { type: "boolean", default: true, description: "Generate React Query hook" },
+          dryRun: { type: "boolean", default: false, description: "Preview without writing" }
+        }
+      }
+    },
+    required: ["navRoute", "name"]
+  }
+};
+async function handleScaffoldApiClient(args, config) {
+  const input = ScaffoldApiClientInputSchema.parse(args);
+  logger.info("Scaffolding API client", { navRoute: input.navRoute, name: input.name });
+  const result = await scaffoldApiClient(input, config);
+  return formatResult4(result, input);
+}
+async function scaffoldApiClient(input, config) {
+  const result = {
+    success: true,
+    files: [],
+    instructions: []
+  };
+  const { navRoute, name, methods, options } = input;
+  const dryRun = options?.dryRun ?? false;
+  const includeTypes = options?.includeTypes ?? true;
+  const includeHook = options?.includeHook ?? true;
+  const nameLower = name.charAt(0).toLowerCase() + name.slice(1);
+  const apiPath = navRouteToApiPath(navRoute);
+  const projectRoot = config.smartstack.projectPath;
+  const structure = await findSmartStackStructure(projectRoot);
+  const webPath = structure.web || path14.join(projectRoot, "web", "smartstack-web");
+  const servicesPath = options?.outputPath || path14.join(webPath, "src", "services", "api");
+  const hooksPath = path14.join(webPath, "src", "hooks");
+  const typesPath = path14.join(webPath, "src", "types");
+  const apiClientContent = generateApiClient(name, nameLower, navRoute, apiPath, methods);
+  const apiClientFile = path14.join(servicesPath, `${nameLower}.ts`);
+  if (!dryRun) {
+    await ensureDirectory(servicesPath);
+    await writeText(apiClientFile, apiClientContent);
+  }
+  result.files.push({ path: apiClientFile, content: apiClientContent, type: "created" });
+  if (includeTypes) {
+    const typesContent = generateTypes(name);
+    const typesFile = path14.join(typesPath, `${nameLower}.ts`);
+    if (!dryRun) {
+      await ensureDirectory(typesPath);
+      await writeText(typesFile, typesContent);
+    }
+    result.files.push({ path: typesFile, content: typesContent, type: "created" });
+  }
+  if (includeHook) {
+    const hookContent = generateHook(name, nameLower, methods);
+    const hookFile = path14.join(hooksPath, `use${name}.ts`);
+    if (!dryRun) {
+      await ensureDirectory(hooksPath);
+      await writeText(hookFile, hookContent);
+    }
+    result.files.push({ path: hookFile, content: hookContent, type: "created" });
+  }
+  result.instructions.push(`Import the API client: import { ${nameLower}Api } from './services/api/${nameLower}';`);
+  if (includeHook) {
+    result.instructions.push(`Import the hook: import { use${name}, use${name}List } from './hooks/use${name}';`);
+  }
+  result.instructions.push(`Ensure navRoutes.generated.ts includes route: "${navRoute}"`);
+  return result;
+}
+function navRouteToApiPath(navRoute) {
+  return `/api/${navRoute.replace(/\./g, "/")}`;
+}
+function generateApiClient(name, nameLower, navRoute, apiPath, methods) {
+  const template = `/**
+ * ${name} API Client
+ *
+ * Auto-generated by SmartStack MCP - DO NOT EDIT MANUALLY
+ * NavRoute: ${navRoute}
+ * API Path: ${apiPath}
+ */
+
+import { getRoute } from '../routes/navRoutes.generated';
+import { apiClient } from '../lib/apiClient';
+import type {
+  ${name},
+  ${name}CreateRequest,
+  ${name}UpdateRequest,
+  ${name}ListResponse,
+  PaginatedRequest,
+  PaginatedResponse
+} from '../types/${nameLower}';
+
+const ROUTE = getRoute('${navRoute}');
+
+export const ${nameLower}Api = {
+${methods.includes("getAll") ? `  /**
+   * Get all ${name}s with pagination
+   */
+  async getAll(params?: PaginatedRequest): Promise<PaginatedResponse<${name}>> {
+    const response = await apiClient.get<${name}ListResponse>(ROUTE.api, { params });
+    return response.data;
+  },
+` : ""}
+${methods.includes("getById") ? `  /**
+   * Get ${name} by ID
+   */
+  async getById(id: string): Promise<${name}> {
+    const response = await apiClient.get<${name}>(\`\${ROUTE.api}/\${id}\`);
+    return response.data;
+  },
+` : ""}
+${methods.includes("create") ? `  /**
+   * Create new ${name}
+   */
+  async create(data: ${name}CreateRequest): Promise<${name}> {
+    const response = await apiClient.post<${name}>(ROUTE.api, data);
+    return response.data;
+  },
+` : ""}
+${methods.includes("update") ? `  /**
+   * Update existing ${name}
+   */
+  async update(id: string, data: ${name}UpdateRequest): Promise<${name}> {
+    const response = await apiClient.put<${name}>(\`\${ROUTE.api}/\${id}\`, data);
+    return response.data;
+  },
+` : ""}
+${methods.includes("delete") ? `  /**
+   * Delete ${name}
+   */
+  async delete(id: string): Promise<void> {
+    await apiClient.delete(\`\${ROUTE.api}/\${id}\`);
+  },
+` : ""}
+${methods.includes("search") ? `  /**
+   * Search ${name}s
+   */
+  async search(query: string, params?: PaginatedRequest): Promise<PaginatedResponse<${name}>> {
+    const response = await apiClient.get<${name}ListResponse>(\`\${ROUTE.api}/search\`, {
+      params: { q: query, ...params }
+    });
+    return response.data;
+  },
+` : ""}
+${methods.includes("export") ? `  /**
+   * Export ${name}s to file
+   */
+  async export(format: 'csv' | 'xlsx' | 'pdf' = 'xlsx'): Promise<Blob> {
+    const response = await apiClient.get(\`\${ROUTE.api}/export\`, {
+      params: { format },
+      responseType: 'blob'
+    });
+    return response.data;
+  },
+` : ""}
+  /**
+   * Get the NavRoute for this API
+   */
+  getRoute() {
+    return ROUTE;
+  },
+};
+
+export default ${nameLower}Api;
+`;
+  return template;
+}
+function generateTypes(name) {
+  return `/**
+ * ${name} Types
+ *
+ * Auto-generated by SmartStack MCP - Customize as needed
+ */
+
+export interface ${name} {
+  id: string;
+  code: string;
+  name?: string;
+  description?: string;
+  isActive: boolean;
+  createdAt: string;
+  createdBy: string;
+  updatedAt?: string;
+  updatedBy?: string;
+}
+
+export interface ${name}CreateRequest {
+  code: string;
+  name?: string;
+  description?: string;
+}
+
+export interface ${name}UpdateRequest {
+  code?: string;
+  name?: string;
+  description?: string;
+  isActive?: boolean;
+}
+
+export interface ${name}ListResponse {
+  items: ${name}[];
+  totalCount: number;
+  pageSize: number;
+  currentPage: number;
+  totalPages: number;
+}
+
+export interface PaginatedRequest {
+  page?: number;
+  pageSize?: number;
+  sortBy?: string;
+  sortDirection?: 'asc' | 'desc';
+  filter?: string;
+}
+
+export interface PaginatedResponse<T> {
+  items: T[];
+  totalCount: number;
+  pageSize: number;
+  currentPage: number;
+  totalPages: number;
+}
+`;
+}
+function generateHook(name, nameLower, methods) {
+  return `/**
+ * ${name} React Query Hooks
+ *
+ * Auto-generated by SmartStack MCP - DO NOT EDIT MANUALLY
+ */
+
+import { useQuery, useMutation, useQueryClient, UseQueryOptions, UseMutationOptions } from '@tanstack/react-query';
+import { ${nameLower}Api } from '../services/api/${nameLower}';
+import type { ${name}, ${name}CreateRequest, ${name}UpdateRequest, PaginatedRequest, PaginatedResponse } from '../types/${nameLower}';
+
+const QUERY_KEY = '${nameLower}s';
+
+${methods.includes("getAll") ? `/**
+ * Hook to fetch paginated ${name} list
+ */
+export function use${name}List(
+  params?: PaginatedRequest,
+  options?: Omit<UseQueryOptions<PaginatedResponse<${name}>>, 'queryKey' | 'queryFn'>
+) {
+  return useQuery({
+    queryKey: [QUERY_KEY, 'list', params],
+    queryFn: () => ${nameLower}Api.getAll(params),
+    ...options,
+  });
+}
+` : ""}
+${methods.includes("getById") ? `/**
+ * Hook to fetch single ${name} by ID
+ */
+export function use${name}(
+  id: string | undefined,
+  options?: Omit<UseQueryOptions<${name}>, 'queryKey' | 'queryFn'>
+) {
+  return useQuery({
+    queryKey: [QUERY_KEY, 'detail', id],
+    queryFn: () => ${nameLower}Api.getById(id!),
+    enabled: !!id,
+    ...options,
+  });
+}
+` : ""}
+${methods.includes("create") ? `/**
+ * Hook to create new ${name}
+ */
+export function use${name}Create(
+  options?: UseMutationOptions<${name}, Error, ${name}CreateRequest>
+) {
+  const queryClient = useQueryClient();
+
+  return useMutation({
+    mutationFn: (data: ${name}CreateRequest) => ${nameLower}Api.create(data),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: [QUERY_KEY] });
+    },
+    ...options,
+  });
+}
+` : ""}
+${methods.includes("update") ? `/**
+ * Hook to update existing ${name}
+ */
+export function use${name}Update(
+  options?: UseMutationOptions<${name}, Error, { id: string; data: ${name}UpdateRequest }>
+) {
+  const queryClient = useQueryClient();
+
+  return useMutation({
+    mutationFn: ({ id, data }) => ${nameLower}Api.update(id, data),
+    onSuccess: (_, { id }) => {
+      queryClient.invalidateQueries({ queryKey: [QUERY_KEY] });
+      queryClient.invalidateQueries({ queryKey: [QUERY_KEY, 'detail', id] });
+    },
+    ...options,
+  });
+}
+` : ""}
+${methods.includes("delete") ? `/**
+ * Hook to delete ${name}
+ */
+export function use${name}Delete(
+  options?: UseMutationOptions<void, Error, string>
+) {
+  const queryClient = useQueryClient();
+
+  return useMutation({
+    mutationFn: (id: string) => ${nameLower}Api.delete(id),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: [QUERY_KEY] });
+    },
+    ...options,
+  });
+}
+` : ""}
+${methods.includes("search") ? `/**
+ * Hook to search ${name}s
+ */
+export function use${name}Search(
+  query: string,
+  params?: PaginatedRequest,
+  options?: Omit<UseQueryOptions<PaginatedResponse<${name}>>, 'queryKey' | 'queryFn'>
+) {
+  return useQuery({
+    queryKey: [QUERY_KEY, 'search', query, params],
+    queryFn: () => ${nameLower}Api.search(query, params),
+    enabled: query.length >= 2,
+    ...options,
+  });
+}
+` : ""}
+`;
+}
+function formatResult4(result, input) {
+  const lines = [];
+  lines.push(`# Scaffold API Client: ${input.name}`);
+  lines.push("");
+  if (input.options?.dryRun) {
+    lines.push("> **DRY RUN** - No files were written");
+    lines.push("");
+  }
+  lines.push(`## NavRoute Integration`);
+  lines.push("");
+  lines.push(`- **NavRoute**: \`${input.navRoute}\``);
+  lines.push(`- **API Path**: \`${navRouteToApiPath(input.navRoute)}\``);
+  lines.push(`- **Methods**: ${input.methods.join(", ")}`);
+  lines.push("");
+  lines.push("## Generated Files");
+  lines.push("");
+  for (const file of result.files) {
+    const relativePath = file.path.replace(/\\/g, "/").split("/src/").pop() || file.path;
+    lines.push(`### ${relativePath}`);
+    lines.push("");
+    lines.push("```typescript");
+    lines.push(file.content.substring(0, 1500) + (file.content.length > 1500 ? "\n// ... (truncated)" : ""));
+    lines.push("```");
+    lines.push("");
+  }
+  lines.push("## Next Steps");
+  lines.push("");
+  for (const instruction of result.instructions) {
+    lines.push(`- ${instruction}`);
+  }
+  lines.push("");
+  lines.push("## Required Setup");
+  lines.push("");
+  lines.push("1. Ensure `navRoutes.generated.ts` exists (run `scaffold_routes`)");
+  lines.push("2. Configure `apiClient` with base URL and auth interceptors");
+  lines.push("3. Install dependencies: `npm install @tanstack/react-query axios`");
+  return lines.join("\n");
+}
+
+// src/tools/scaffold-routes.ts
+import path15 from "path";
+import { glob as glob2 } from "glob";
+var scaffoldRoutesTool = {
+  name: "scaffold_routes",
+  description: `Generate React Router configuration from backend NavRoute attributes.
+
+Creates:
+- navRoutes.generated.ts: Registry of all routes with API paths and permissions
+- routes.tsx: React Router configuration with nested routes
+- Layout components (optional)
+
+Example:
+  scaffold_routes source="controllers" scope="all"
+
+Scans backend controllers for [NavRoute("context.application.module")] attributes
+and generates corresponding frontend routing infrastructure.`,
+  inputSchema: {
+    type: "object",
+    properties: {
+      source: {
+        type: "string",
+        enum: ["controllers", "navigation", "manual"],
+        default: "controllers",
+        description: "Source for route discovery"
+      },
+      scope: {
+        type: "string",
+        enum: ["all", "platform", "business", "extensions"],
+        default: "all",
+        description: "Scope of routes to generate"
+      },
+      options: {
+        type: "object",
+        properties: {
+          outputPath: { type: "string", description: "Custom output path" },
+          includeLayouts: { type: "boolean", default: true },
+          includeGuards: { type: "boolean", default: true },
+          generateRegistry: { type: "boolean", default: true },
+          dryRun: { type: "boolean", default: false }
+        }
+      }
+    }
+  }
+};
+async function handleScaffoldRoutes(args, config) {
+  const input = ScaffoldRoutesInputSchema.parse(args);
+  logger.info("Scaffolding routes", { source: input.source, scope: input.scope });
+  const result = await scaffoldRoutes(input, config);
+  return formatResult5(result, input);
+}
+async function scaffoldRoutes(input, config) {
+  const result = {
+    success: true,
+    files: [],
+    instructions: []
+  };
+  const { source, scope, options } = input;
+  const dryRun = options?.dryRun ?? false;
+  const includeLayouts = options?.includeLayouts ?? true;
+  const includeGuards = options?.includeGuards ?? true;
+  const generateRegistry = options?.generateRegistry ?? true;
+  const projectRoot = config.smartstack.projectPath;
+  const structure = await findSmartStackStructure(projectRoot);
+  const webPath = structure.web || path15.join(projectRoot, "web", "smartstack-web");
+  const routesPath = options?.outputPath || path15.join(webPath, "src", "routes");
+  const navRoutes = await discoverNavRoutes(structure, scope);
+  if (navRoutes.length === 0) {
+    result.success = false;
+    result.instructions.push("No NavRoute attributes found in controllers");
+    return result;
+  }
+  if (generateRegistry) {
+    const registryContent = generateNavRouteRegistry(navRoutes);
+    const registryFile = path15.join(routesPath, "navRoutes.generated.ts");
+    if (!dryRun) {
+      await ensureDirectory(routesPath);
+      await writeText(registryFile, registryContent);
+    }
+    result.files.push({ path: registryFile, content: registryContent, type: "created" });
+  }
+  const routerContent = generateRouterConfig(navRoutes, includeGuards);
+  const routerFile = path15.join(routesPath, "index.tsx");
+  if (!dryRun) {
+    await ensureDirectory(routesPath);
+    await writeText(routerFile, routerContent);
+  }
+  result.files.push({ path: routerFile, content: routerContent, type: "created" });
+  if (includeLayouts) {
+    const layoutsPath = path15.join(webPath, "src", "layouts");
+    const contexts = [...new Set(navRoutes.map((r) => r.navRoute.split(".")[0]))];
+    for (const context of contexts) {
+      const layoutContent = generateLayout(context);
+      const layoutFile = path15.join(layoutsPath, `${capitalize(context)}Layout.tsx`);
+      if (!dryRun) {
+        await ensureDirectory(layoutsPath);
+        await writeText(layoutFile, layoutContent);
+      }
+      result.files.push({ path: layoutFile, content: layoutContent, type: "created" });
+    }
+  }
+  if (includeGuards) {
+    const guardsContent = generateRouteGuards();
+    const guardsFile = path15.join(routesPath, "guards.tsx");
+    if (!dryRun) {
+      await writeText(guardsFile, guardsContent);
+    }
+    result.files.push({ path: guardsFile, content: guardsContent, type: "created" });
+  }
+  result.instructions.push(`Generated ${navRoutes.length} routes from ${source}`);
+  result.instructions.push('Import routes: import { router } from "./routes";');
+  result.instructions.push("Use with RouterProvider: <RouterProvider router={router} />");
+  return result;
+}
+async function discoverNavRoutes(structure, scope) {
+  const routes = [];
+  const apiPath = structure.api;
+  if (!apiPath) {
+    logger.warn("No API project found");
+    return routes;
+  }
+  const controllerFiles = await glob2("**/*Controller.cs", {
+    cwd: apiPath,
+    absolute: true,
+    ignore: ["**/obj/**", "**/bin/**"]
+  });
+  for (const file of controllerFiles) {
+    try {
+      const content = await readText(file);
+      const navRouteMatch = content.match(/\[NavRoute\s*\(\s*"([^"]+)"(?:\s*,\s*Suffix\s*=\s*"([^"]+)")?\s*\)\]/);
+      if (navRouteMatch) {
+        const navRoute = navRouteMatch[1];
+        const suffix = navRouteMatch[2];
+        const context = navRoute.split(".")[0];
+        if (scope !== "all" && context !== scope) {
+          continue;
+        }
+        const controllerMatch = path15.basename(file).match(/(.+)Controller\.cs$/);
+        const controllerName = controllerMatch ? controllerMatch[1] : "Unknown";
+        const methods = [];
+        if (content.includes("[HttpGet]")) methods.push("GET");
+        if (content.includes("[HttpPost]")) methods.push("POST");
+        if (content.includes("[HttpPut]")) methods.push("PUT");
+        if (content.includes("[HttpDelete]")) methods.push("DELETE");
+        if (content.includes("[HttpPatch]")) methods.push("PATCH");
+        const permissions = [];
+        const authorizeMatches = content.matchAll(/\[Authorize\s*\(\s*[^)]*Policy\s*=\s*"([^"]+)"/g);
+        for (const match of authorizeMatches) {
+          permissions.push(match[1]);
+        }
+        const fullNavRoute = suffix ? `${navRoute}.${suffix}` : navRoute;
+        routes.push({
+          navRoute: fullNavRoute,
+          apiPath: `/api/${navRoute.replace(/\./g, "/")}${suffix ? `/${suffix}` : ""}`,
+          webPath: `/${navRoute.replace(/\./g, "/")}${suffix ? `/${suffix}` : ""}`,
+          permissions,
+          controller: controllerName,
+          methods
+        });
+      }
+    } catch {
+      logger.debug(`Failed to parse controller: ${file}`);
+    }
+  }
+  return routes.sort((a, b) => a.navRoute.localeCompare(b.navRoute));
+}
+function generateNavRouteRegistry(routes) {
+  const lines = [
+    "/**",
+    " * NavRoute Registry",
+    " *",
+    " * Auto-generated by SmartStack MCP - DO NOT EDIT MANUALLY",
+    " * Run `scaffold_routes` to regenerate",
+    " */",
+    "",
+    "export interface NavRoute {",
+    "  navRoute: string;",
+    "  api: string;",
+    "  web: string;",
+    "  permissions: string[];",
+    "  controller?: string;",
+    "  methods: string[];",
+    "}",
+    "",
+    "export const ROUTES: Record<string, NavRoute> = {"
+  ];
+  for (const route of routes) {
+    lines.push(`  '${route.navRoute}': {`);
+    lines.push(`    navRoute: '${route.navRoute}',`);
+    lines.push(`    api: '${route.apiPath}',`);
+    lines.push(`    web: '${route.webPath}',`);
+    lines.push(`    permissions: [${route.permissions.map((p) => `'${p}'`).join(", ")}],`);
+    if (route.controller) {
+      lines.push(`    controller: '${route.controller}',`);
+    }
+    lines.push(`    methods: [${route.methods.map((m) => `'${m}'`).join(", ")}],`);
+    lines.push("  },");
+  }
+  lines.push("};");
+  lines.push("");
+  lines.push("/**");
+  lines.push(" * Get route configuration by NavRoute path");
+  lines.push(" */");
+  lines.push("export function getRoute(navRoute: string): NavRoute {");
+  lines.push("  const route = ROUTES[navRoute];");
+  lines.push("  if (!route) {");
+  lines.push("    throw new Error(`Route not found: ${navRoute}`);");
+  lines.push("  }");
+  lines.push("  return route;");
+  lines.push("}");
+  lines.push("");
+  lines.push("/**");
+  lines.push(" * Check if user has permission for route");
+  lines.push(" */");
+  lines.push("export function hasRoutePermission(navRoute: string, userPermissions: string[]): boolean {");
+  lines.push("  const route = ROUTES[navRoute];");
+  lines.push("  if (!route || route.permissions.length === 0) return true;");
+  lines.push("  return route.permissions.some(p => userPermissions.includes(p));");
+  lines.push("}");
+  lines.push("");
+  lines.push("/**");
+  lines.push(" * Get all routes for a context");
+  lines.push(" */");
+  lines.push("export function getRoutesByContext(context: string): NavRoute[] {");
+  lines.push("  return Object.values(ROUTES).filter(r => r.navRoute.startsWith(`${context}.`));");
+  lines.push("}");
+  lines.push("");
+  return lines.join("\n");
+}
+function generateRouterConfig(routes, includeGuards) {
+  const routeTree = buildRouteTree(routes);
+  const lines = [
+    "/**",
+    " * React Router Configuration",
+    " *",
+    " * Auto-generated by SmartStack MCP - DO NOT EDIT MANUALLY",
+    " */",
+    "",
+    "import { createBrowserRouter, RouteObject } from 'react-router-dom';",
+    "import { ROUTES } from './navRoutes.generated';"
+  ];
+  if (includeGuards) {
+    lines.push("import { ProtectedRoute, PermissionGuard } from './guards';");
+  }
+  const contexts = Object.keys(routeTree);
+  for (const context of contexts) {
+    lines.push(`import { ${capitalize(context)}Layout } from '../layouts/${capitalize(context)}Layout';`);
+  }
+  lines.push("");
+  lines.push("// Page imports - customize these paths");
+  for (const route of routes) {
+    const pageName = route.navRoute.split(".").map(capitalize).join("");
+    lines.push(`// import { ${pageName}Page } from '../pages/${pageName}Page';`);
+  }
+  lines.push("");
+  lines.push("const routes: RouteObject[] = [");
+  for (const [context, applications] of Object.entries(routeTree)) {
+    lines.push("  {");
+    lines.push(`    path: '${context}',`);
+    lines.push(`    element: <${capitalize(context)}Layout />,`);
+    lines.push("    children: [");
+    for (const [app, modules] of Object.entries(applications)) {
+      lines.push("      {");
+      lines.push(`        path: '${app}',`);
+      lines.push("        children: [");
+      for (const route of modules) {
+        const modulePath = route.navRoute.split(".").slice(2).join("/");
+        const pageName = route.navRoute.split(".").map(capitalize).join("");
+        if (includeGuards && route.permissions.length > 0) {
+          lines.push("          {");
+          lines.push(`            path: '${modulePath || ""}',`);
+          lines.push(`            element: (`);
+          lines.push(`              <PermissionGuard permissions={ROUTES['${route.navRoute}'].permissions}>`);
+          lines.push(`                {/* <${pageName}Page /> */}`);
+          lines.push(`                <div>TODO: ${pageName}Page</div>`);
+          lines.push(`              </PermissionGuard>`);
+          lines.push(`            ),`);
+          lines.push("          },");
+        } else {
+          lines.push("          {");
+          lines.push(`            path: '${modulePath || ""}',`);
+          lines.push(`            element: <div>TODO: ${pageName}Page</div>,`);
+          lines.push("          },");
+        }
+      }
+      lines.push("        ],");
+      lines.push("      },");
+    }
+    lines.push("    ],");
+    lines.push("  },");
+  }
+  lines.push("];");
+  lines.push("");
+  lines.push("export const router = createBrowserRouter(routes);");
+  lines.push("");
+  lines.push("export default router;");
+  lines.push("");
+  return lines.join("\n");
+}
+function buildRouteTree(routes) {
+  const tree = {};
+  for (const route of routes) {
+    const parts = route.navRoute.split(".");
+    const context = parts[0];
+    const app = parts[1] || "default";
+    if (!tree[context]) {
+      tree[context] = {};
+    }
+    if (!tree[context][app]) {
+      tree[context][app] = [];
+    }
+    tree[context][app].push(route);
+  }
+  return tree;
+}
+function generateLayout(context) {
+  const contextCapitalized = capitalize(context);
+  return `/**
+ * ${contextCapitalized} Layout
+ *
+ * Auto-generated by SmartStack MCP - Customize as needed
+ */
+
+import React from 'react';
+import { Outlet, Link, useLocation } from 'react-router-dom';
+import { ROUTES, getRoutesByContext } from '../routes/navRoutes.generated';
+
+export const ${contextCapitalized}Layout: React.FC = () => {
+  const location = useLocation();
+  const contextRoutes = getRoutesByContext('${context}');
+
+  return (
+    <div className="flex h-screen bg-gray-100">
+      {/* Sidebar */}
+      <aside className="w-64 bg-white shadow-sm">
+        <div className="p-4 border-b">
+          <h1 className="text-xl font-semibold text-gray-900">${contextCapitalized}</h1>
+        </div>
+        <nav className="p-4">
+          <ul className="space-y-2">
+            {contextRoutes.map((route) => (
+              <li key={route.navRoute}>
+                <Link
+                  to={route.web}
+                  className={\`block px-3 py-2 rounded-md \${
+                    location.pathname === route.web
+                      ? 'bg-blue-50 text-blue-700'
+                      : 'text-gray-700 hover:bg-gray-50'
+                  }\`}
+                >
+                  {route.navRoute.split('.').pop()}
+                </Link>
+              </li>
+            ))}
+          </ul>
+        </nav>
+      </aside>
+
+      {/* Main content */}
+      <main className="flex-1 overflow-auto">
+        <div className="p-6">
+          <Outlet />
+        </div>
+      </main>
+    </div>
+  );
+};
+
+export default ${contextCapitalized}Layout;
+`;
+}
+function generateRouteGuards() {
+  return `/**
+ * Route Guards
+ *
+ * Auto-generated by SmartStack MCP - Customize as needed
+ */
+
+import React from 'react';
+import { Navigate, useLocation } from 'react-router-dom';
+
+interface ProtectedRouteProps {
+  children: React.ReactNode;
+  redirectTo?: string;
+}
+
+interface PermissionGuardProps {
+  children: React.ReactNode;
+  permissions: string[];
+  fallback?: React.ReactNode;
+}
+
+/**
+ * Protect routes that require authentication
+ */
+export const ProtectedRoute: React.FC<ProtectedRouteProps> = ({
+  children,
+  redirectTo = '/login'
+}) => {
+  const location = useLocation();
+
+  // TODO: Replace with your auth hook
+  const isAuthenticated = true; // useAuth().isAuthenticated;
+
+  if (!isAuthenticated) {
+    return <Navigate to={redirectTo} state={{ from: location }} replace />;
+  }
+
+  return <>{children}</>;
+};
+
+/**
+ * Guard routes based on user permissions
+ */
+export const PermissionGuard: React.FC<PermissionGuardProps> = ({
+  children,
+  permissions,
+  fallback
+}) => {
+  // TODO: Replace with your auth hook
+  const userPermissions: string[] = []; // useAuth().permissions;
+
+  const hasPermission = permissions.length === 0 ||
+    permissions.some(p => userPermissions.includes(p));
+
+  if (!hasPermission) {
+    if (fallback) return <>{fallback}</>;
+    return (
+      <div className="flex items-center justify-center h-64">
+        <div className="text-center">
+          <h2 className="text-xl font-semibold text-gray-900">Access Denied</h2>
+          <p className="mt-2 text-gray-600">
+            You don't have permission to access this page.
+          </p>
+          <p className="mt-1 text-sm text-gray-500">
+            Required: {permissions.join(', ')}
+          </p>
+        </div>
+      </div>
+    );
+  }
+
+  return <>{children}</>;
+};
+`;
+}
+function capitalize(str) {
+  return str.charAt(0).toUpperCase() + str.slice(1);
+}
+function formatResult5(result, input) {
+  const lines = [];
+  lines.push("# Scaffold Routes");
+  lines.push("");
+  if (input.options?.dryRun) {
+    lines.push("> **DRY RUN** - No files were written");
+    lines.push("");
+  }
+  lines.push("## Configuration");
+  lines.push("");
+  lines.push(`- **Source**: ${input.source}`);
+  lines.push(`- **Scope**: ${input.scope}`);
+  lines.push("");
+  lines.push("## Generated Files");
+  lines.push("");
+  for (const file of result.files) {
+    const relativePath = file.path.replace(/\\/g, "/").split("/src/").pop() || file.path;
+    lines.push(`### ${relativePath}`);
+    lines.push("");
+    lines.push("```tsx");
+    lines.push(file.content.substring(0, 2e3) + (file.content.length > 2e3 ? "\n// ... (truncated)" : ""));
+    lines.push("```");
+    lines.push("");
+  }
+  lines.push("## Instructions");
+  lines.push("");
+  for (const instruction of result.instructions) {
+    lines.push(`- ${instruction}`);
+  }
+  return lines.join("\n");
+}
+
+// src/tools/validate-frontend-routes.ts
+import path16 from "path";
+import { glob as glob3 } from "glob";
+var validateFrontendRoutesTool = {
+  name: "validate_frontend_routes",
+  description: `Validate frontend routes against backend NavRoute attributes.
+
+Checks:
+- navRoutes.generated.ts exists and is up-to-date
+- API clients use correct NavRoute paths
+- React Router configuration matches backend routes
+- Permission configurations are synchronized
+
+Example:
+  validate_frontend_routes scope="all"
+
+Reports issues and provides actionable recommendations for synchronization.`,
+  inputSchema: {
+    type: "object",
+    properties: {
+      scope: {
+        type: "string",
+        enum: ["api-clients", "routes", "registry", "all"],
+        default: "all",
+        description: "Scope of validation"
+      },
+      options: {
+        type: "object",
+        properties: {
+          fix: { type: "boolean", default: false, description: "Auto-fix minor issues" },
+          strict: { type: "boolean", default: false, description: "Fail on warnings" }
+        }
+      }
+    }
+  }
+};
+async function handleValidateFrontendRoutes(args, config) {
+  const input = ValidateFrontendRoutesInputSchema.parse(args);
+  logger.info("Validating frontend routes", { scope: input.scope });
+  const result = await validateFrontendRoutes(input, config);
+  return formatResult6(result, input);
+}
+async function validateFrontendRoutes(input, config) {
+  const result = {
+    valid: true,
+    registry: {
+      exists: false,
+      routeCount: 0,
+      outdated: []
+    },
+    apiClients: {
+      total: 0,
+      valid: 0,
+      issues: []
+    },
+    routes: {
+      total: 0,
+      orphaned: [],
+      missing: []
+    },
+    recommendations: []
+  };
+  const { scope } = input;
+  const projectRoot = config.smartstack.projectPath;
+  const structure = await findSmartStackStructure(projectRoot);
+  const webPath = structure.web || path16.join(projectRoot, "web", "smartstack-web");
+  const backendRoutes = await discoverBackendNavRoutes(structure);
+  if (scope === "all" || scope === "registry") {
+    await validateRegistry(webPath, backendRoutes, result);
+  }
+  if (scope === "all" || scope === "api-clients") {
+    await validateApiClients(webPath, backendRoutes, result);
+  }
+  if (scope === "all" || scope === "routes") {
+    await validateRoutes(webPath, backendRoutes, result);
+  }
+  generateRecommendations2(result);
+  result.valid = result.apiClients.issues.filter((i) => i.severity === "error").length === 0 && result.routes.missing.length === 0 && result.registry.exists;
+  return result;
+}
+async function discoverBackendNavRoutes(structure) {
+  const routes = [];
+  const apiPath = structure.api;
+  if (!apiPath) {
+    return routes;
+  }
+  const controllerFiles = await glob3("**/*Controller.cs", {
+    cwd: apiPath,
+    absolute: true,
+    ignore: ["**/obj/**", "**/bin/**"]
+  });
+  for (const file of controllerFiles) {
+    try {
+      const content = await readText(file);
+      const navRouteMatch = content.match(/\[NavRoute\s*\(\s*"([^"]+)"(?:\s*,\s*Suffix\s*=\s*"([^"]+)")?\s*\)\]/);
+      if (navRouteMatch) {
+        const navRoute = navRouteMatch[1];
+        const suffix = navRouteMatch[2];
+        const fullNavRoute = suffix ? `${navRoute}.${suffix}` : navRoute;
+        const controllerMatch = path16.basename(file).match(/(.+)Controller\.cs$/);
+        const controllerName = controllerMatch ? controllerMatch[1] : "Unknown";
+        const methods = [];
+        if (content.includes("[HttpGet]")) methods.push("GET");
+        if (content.includes("[HttpPost]")) methods.push("POST");
+        if (content.includes("[HttpPut]")) methods.push("PUT");
+        if (content.includes("[HttpDelete]")) methods.push("DELETE");
+        const permissions = [];
+        const authorizeMatches = content.matchAll(/\[Authorize\s*\(\s*[^)]*Policy\s*=\s*"([^"]+)"/g);
+        for (const match of authorizeMatches) {
+          permissions.push(match[1]);
+        }
+        routes.push({
+          navRoute: fullNavRoute,
+          apiPath: `/api/${navRoute.replace(/\./g, "/")}${suffix ? `/${suffix}` : ""}`,
+          webPath: `/${navRoute.replace(/\./g, "/")}${suffix ? `/${suffix}` : ""}`,
+          permissions,
+          controller: controllerName,
+          methods
+        });
+      }
+    } catch {
+      logger.debug(`Failed to parse controller: ${file}`);
+    }
+  }
+  return routes;
+}
+async function validateRegistry(webPath, backendRoutes, result) {
+  const registryPath = path16.join(webPath, "src", "routes", "navRoutes.generated.ts");
+  if (!await fileExists(registryPath)) {
+    result.registry.exists = false;
+    result.recommendations.push("Run `scaffold_routes` to generate navRoutes.generated.ts");
+    return;
+  }
+  result.registry.exists = true;
+  try {
+    const content = await readText(registryPath);
+    const routeMatches = content.matchAll(/'([a-z.]+)':\s*\{/g);
+    const registryRoutes = /* @__PURE__ */ new Set();
+    for (const match of routeMatches) {
+      registryRoutes.add(match[1]);
+    }
+    result.registry.routeCount = registryRoutes.size;
+    for (const backendRoute of backendRoutes) {
+      if (!registryRoutes.has(backendRoute.navRoute)) {
+        result.registry.outdated.push(backendRoute.navRoute);
+      }
+    }
+    for (const registryRoute of registryRoutes) {
+      if (!backendRoutes.find((r) => r.navRoute === registryRoute)) {
+        result.registry.outdated.push(`${registryRoute} (removed from backend)`);
+      }
+    }
+  } catch {
+    result.registry.exists = false;
+  }
+}
+async function validateApiClients(webPath, backendRoutes, result) {
+  const servicesPath = path16.join(webPath, "src", "services", "api");
+  const clientFiles = await glob3("**/*.ts", {
+    cwd: servicesPath,
+    absolute: true,
+    ignore: ["**/index.ts"]
+  });
+  result.apiClients.total = clientFiles.length;
+  for (const file of clientFiles) {
+    try {
+      const content = await readText(file);
+      const relativePath = path16.relative(webPath, file);
+      const usesRegistry = content.includes("getRoute('") || content.includes('getRoute("');
+      if (!usesRegistry) {
+        const hardcodedMatch = content.match(/apiClient\.(get|post|put|delete)\s*[<(]\s*['"`]([^'"`]+)['"`]/);
+        if (hardcodedMatch) {
+          result.apiClients.issues.push({
+            type: "invalid-path",
+            severity: "warning",
+            file: relativePath,
+            message: `Hardcoded API path: ${hardcodedMatch[2]}`,
+            suggestion: "Use getRoute() from navRoutes.generated.ts instead"
+          });
+        }
+      } else {
+        const navRouteMatch = content.match(/getRoute\s*\(\s*['"`]([^'"`]+)['"`]\s*\)/);
+        if (navRouteMatch) {
+          const navRoute = navRouteMatch[1];
+          const backendRoute = backendRoutes.find((r) => r.navRoute === navRoute);
+          if (!backendRoute) {
+            result.apiClients.issues.push({
+              type: "missing-route",
+              severity: "error",
+              file: relativePath,
+              navRoute,
+              message: `NavRoute "${navRoute}" not found in backend controllers`,
+              suggestion: "Verify the NavRoute path or update the backend controller"
+            });
+          } else {
+            result.apiClients.valid++;
+          }
+        }
+      }
+    } catch {
+      logger.debug(`Failed to parse API client: ${file}`);
+    }
+  }
+}
+async function validateRoutes(webPath, backendRoutes, result) {
+  const routesPath = path16.join(webPath, "src", "routes", "index.tsx");
+  if (!await fileExists(routesPath)) {
+    result.routes.total = 0;
+    result.routes.missing = backendRoutes.map((r) => r.navRoute);
+    return;
+  }
+  try {
+    const content = await readText(routesPath);
+    const pathMatches = content.matchAll(/path:\s*['"`]([^'"`]+)['"`]/g);
+    const frontendPaths = /* @__PURE__ */ new Set();
+    for (const match of pathMatches) {
+      frontendPaths.add(match[1]);
+    }
+    result.routes.total = frontendPaths.size;
+    for (const backendRoute of backendRoutes) {
+      const webPath2 = backendRoute.webPath.replace(/^\//, "");
+      const parts = webPath2.split("/");
+      let found = false;
+      for (const pathPart of parts) {
+        if (frontendPaths.has(pathPart)) {
+          found = true;
+          break;
+        }
+      }
+      if (!found && parts.length > 0) {
+        result.routes.missing.push(backendRoute.navRoute);
+      }
+    }
+    for (const frontendPath of frontendPaths) {
+      if (frontendPath === "*" || frontendPath === "" || frontendPath.startsWith(":")) {
+        continue;
+      }
+      const matchingBackend = backendRoutes.find(
+        (r) => r.webPath.includes(frontendPath) || r.navRoute.includes(frontendPath)
+      );
+      if (!matchingBackend) {
+        result.routes.orphaned.push(frontendPath);
+      }
+    }
+  } catch {
+    result.routes.total = 0;
+    result.routes.missing = backendRoutes.map((r) => r.navRoute);
+  }
+}
+function generateRecommendations2(result) {
+  if (!result.registry.exists) {
+    result.recommendations.push('Run `scaffold_routes source="controllers"` to generate route registry');
+  } else if (result.registry.outdated.length > 0) {
+    result.recommendations.push(`Registry is outdated: ${result.registry.outdated.length} routes need sync. Run \`scaffold_routes\``);
+  }
+  if (result.apiClients.issues.length > 0) {
+    const hardcoded = result.apiClients.issues.filter((i) => i.type === "invalid-path").length;
+    const missing = result.apiClients.issues.filter((i) => i.type === "missing-route").length;
+    if (hardcoded > 0) {
+      result.recommendations.push(`${hardcoded} API clients use hardcoded paths. Migrate to getRoute()`);
+    }
+    if (missing > 0) {
+      result.recommendations.push(`${missing} API clients reference non-existent NavRoutes`);
+    }
+  }
+  if (result.routes.missing.length > 0) {
+    result.recommendations.push(`${result.routes.missing.length} backend routes have no frontend counterpart`);
+  }
+  if (result.routes.orphaned.length > 0) {
+    result.recommendations.push(`${result.routes.orphaned.length} frontend routes have no backend NavRoute`);
+  }
+  if (result.valid && result.recommendations.length === 0) {
+    result.recommendations.push("All routes are synchronized between frontend and backend");
+  }
+}
+function formatResult6(result, _input) {
+  const lines = [];
+  const statusIcon = result.valid ? "\u2705" : "\u274C";
+  lines.push(`# Frontend Route Validation ${statusIcon}`);
+  lines.push("");
+  lines.push("## Summary");
+  lines.push("");
+  lines.push(`| Metric | Value |`);
+  lines.push(`|--------|-------|`);
+  lines.push(`| Valid | ${result.valid ? "Yes" : "No"} |`);
+  lines.push(`| Registry Exists | ${result.registry.exists ? "Yes" : "No"} |`);
+  lines.push(`| Registry Routes | ${result.registry.routeCount} |`);
+  lines.push(`| API Clients | ${result.apiClients.valid}/${result.apiClients.total} valid |`);
+  lines.push(`| Frontend Routes | ${result.routes.total} |`);
+  lines.push(`| Missing Routes | ${result.routes.missing.length} |`);
+  lines.push(`| Orphaned Routes | ${result.routes.orphaned.length} |`);
+  lines.push("");
+  if (result.registry.outdated.length > 0) {
+    lines.push("## Outdated Registry Entries");
+    lines.push("");
+    for (const route of result.registry.outdated) {
+      lines.push(`- \`${route}\``);
+    }
+    lines.push("");
+  }
+  if (result.apiClients.issues.length > 0) {
+    lines.push("## API Client Issues");
+    lines.push("");
+    for (const issue of result.apiClients.issues) {
+      const icon = issue.severity === "error" ? "\u274C" : "\u26A0\uFE0F";
+      lines.push(`### ${icon} ${issue.file}`);
+      lines.push("");
+      lines.push(`- **Type**: ${issue.type}`);
+      lines.push(`- **Message**: ${issue.message}`);
+      if (issue.navRoute) {
+        lines.push(`- **NavRoute**: \`${issue.navRoute}\``);
+      }
+      lines.push(`- **Suggestion**: ${issue.suggestion}`);
+      lines.push("");
+    }
+  }
+  if (result.routes.missing.length > 0) {
+    lines.push("## Missing Frontend Routes");
+    lines.push("");
+    lines.push("These backend NavRoutes have no corresponding frontend route:");
+    lines.push("");
+    for (const route of result.routes.missing) {
+      lines.push(`- \`${route}\``);
+    }
+    lines.push("");
+  }
+  if (result.routes.orphaned.length > 0) {
+    lines.push("## Orphaned Frontend Routes");
+    lines.push("");
+    lines.push("These frontend routes have no corresponding backend NavRoute:");
+    lines.push("");
+    for (const route of result.routes.orphaned) {
+      lines.push(`- \`${route}\``);
+    }
+    lines.push("");
+  }
+  lines.push("## Recommendations");
+  lines.push("");
+  for (const rec of result.recommendations) {
+    lines.push(`- ${rec}`);
+  }
+  lines.push("");
+  lines.push("## Commands");
+  lines.push("");
+  lines.push("```bash");
+  lines.push("# Regenerate route registry");
+  lines.push('scaffold_routes source="controllers"');
+  lines.push("");
+  lines.push("# Generate API client for a specific NavRoute");
+  lines.push('scaffold_api_client navRoute="platform.administration.users" name="User"');
+  lines.push("```");
+  return lines.join("\n");
+}
+
+// src/resources/conventions.ts
+var conventionsResourceTemplate = {
+  uri: "smartstack://conventions",
+  name: "AtlasHub Conventions",
+  description: "Documentation of AtlasHub/SmartStack naming conventions, patterns, and best practices",
+  mimeType: "text/markdown"
+};
+async function getConventionsResource(config) {
+  const { schemas, tablePrefixes, codePrefixes, migrationFormat, namespaces, servicePattern } = config.conventions;
+  return `# AtlasHub SmartStack Conventions
+
+## Overview
+
+This document describes the mandatory conventions for extending the SmartStack/AtlasHub platform.
+Following these conventions ensures compatibility and prevents conflicts.
+
+---
+
+## 1. Database Conventions
+
+### SQL Schemas
+
+SmartStack uses SQL Server schemas to separate platform tables from client extensions:
+
+| Schema | Usage | Description |
+|--------|-------|-------------|
+| \`${schemas.platform}\` | SmartStack platform | All native SmartStack tables |
+| \`${schemas.extensions}\` | Client extensions | Custom tables added by clients |
+
+### Domain Table Prefixes
+
+Tables are organized by domain using prefixes:
+
+| Prefix | Domain | Example Tables |
+|--------|--------|----------------|
+| \`auth_\` | Authorization | auth_Users, auth_Roles, auth_Permissions |
+| \`nav_\` | Navigation | nav_Contexts, nav_Applications, nav_Modules |
+| \`usr_\` | User profiles | usr_Profiles, usr_Preferences |
+| \`ai_\` | AI features | ai_Providers, ai_Models, ai_Prompts |
+| \`cfg_\` | Configuration | cfg_Settings |
+| \`wkf_\` | Workflows | wkf_EmailTemplates, wkf_Workflows |
+| \`support_\` | Support | support_Tickets, support_Comments |
+| \`entra_\` | Entra sync | entra_Groups, entra_SyncState |
+| \`ref_\` | References | ref_Companies, ref_Departments |
+| \`loc_\` | Localization | loc_Languages, loc_Translations |
+| \`lic_\` | Licensing | lic_Licenses |
+| \`tenant_\` | Multi-Tenancy | tenant_Tenants, tenant_TenantUsers, tenant_TenantUserRoles |
+
+### Navigation Code Prefixes
+
+All navigation data (Context, Application, Module, Section, Resource) uses code prefixes to distinguish system data from client extensions:
+
+| Origin | Prefix | Usage | Example |
+|--------|--------|-------|---------|
+| SmartStack (system) | \`${codePrefixes.core}\` | Protected, delivered with SmartStack | \`${codePrefixes.core}administration\` |
+| Client (extension) | \`${codePrefixes.extension}\` | Custom, added by clients | \`${codePrefixes.extension}it\` |
+
+**Navigation Hierarchy (5 levels):**
+
+\`\`\`
+Context \u2192 Application \u2192 Module \u2192 Section \u2192 Resource
+\`\`\`
+
+**Examples for each level:**
+
+| Level | Core Example | Extension Example |
+|-------|--------------|-------------------|
+| Context | \`${codePrefixes.core}administration\` | \`${codePrefixes.extension}it\` |
+| Application | \`${codePrefixes.core}settings\` | \`${codePrefixes.extension}custom_app\` |
+| Module | \`${codePrefixes.core}users\` | \`${codePrefixes.extension}inventory\` |
+| Section | \`${codePrefixes.core}management\` | \`${codePrefixes.extension}reports\` |
+| Resource | \`${codePrefixes.core}user_list\` | \`${codePrefixes.extension}stock_view\` |
+
+**Rules:**
+1. \`${codePrefixes.core}*\` codes are **protected** - clients cannot create or modify them
+2. \`${codePrefixes.extension}*\` codes are **free** - clients can create custom navigation
+3. SmartStack updates will never overwrite \`${codePrefixes.extension}*\` data
+4. Codes must be unique within their level (e.g., no two Contexts with same code)
+
+### Entity Configuration
+
+\`\`\`csharp
+public class MyEntityConfiguration : IEntityTypeConfiguration<MyEntity>
+{
+    public void Configure(EntityTypeBuilder<MyEntity> builder)
+    {
+        // CORRECT: Use schema + domain prefix
+        builder.ToTable("auth_Users", "${schemas.platform}");
+
+        // WRONG: No schema specified
+        // builder.ToTable("auth_Users");
+
+        // WRONG: No domain prefix
+        // builder.ToTable("Users", "${schemas.platform}");
+    }
+}
+\`\`\`
+
+### Extending Core Entities
+
+When extending a core entity, use the \`${schemas.extensions}\` schema:
+
+\`\`\`csharp
+// Client extension for auth_Users
+public class UserExtension
+{
+    public Guid UserId { get; set; }  // FK to auth_Users
+    public User User { get; set; }
+
+    // Custom properties
+    public string CustomField { get; set; }
+}
+
+// Configuration - use extensions schema
+builder.ToTable("client_UserExtensions", "${schemas.extensions}");
+builder.HasOne(e => e.User)
+       .WithOne()
+       .HasForeignKey<UserExtension>(e => e.UserId);
+\`\`\`
+
+---
+
+## 2. Migration Conventions
+
+### Naming Format
+
+Migrations MUST follow this naming pattern:
+
+\`\`\`
+${migrationFormat}
+\`\`\`
+
+| Part | Description | Example |
+|------|-------------|---------|
+| \`{context}\` | DbContext name | \`core\`, \`extensions\` |
+| \`{version}\` | Semver version | \`v1.0.0\`, \`v1.2.0\` |
+| \`{sequence}\` | Order in version | \`001\`, \`002\` |
+| \`{Description}\` | Action (PascalCase) | \`CreateAuthUsers\` |
+
+**Examples:**
+- \`core_v1.0.0_001_InitialSchema.cs\`
+- \`core_v1.0.0_002_CreateAuthUsers.cs\`
+- \`core_v1.2.0_001_AddUserProfiles.cs\`
+- \`extensions_v1.0.0_001_AddClientFeatures.cs\`
+
+### Creating Migrations
+
+\`\`\`bash
+# Create a new migration
+dotnet ef migrations add core_v1.0.0_001_InitialSchema
+
+# With context specified
+dotnet ef migrations add core_v1.2.0_001_AddUserProfiles --context ApplicationDbContext
+\`\`\`
+
+### Migration Rules
+
+1. **One migration per feature** - Group related changes in a single migration
 2. **Version-based naming** - Use semver (v1.0.0, v1.2.0) to link migrations to releases
 3. **Sequence numbers** - Use NNN (001, 002, etc.) for migrations in the same version
 4. **Context prefix** - Use \`core_\` for platform tables, \`extensions_\` for client extensions
@@ -4432,7 +8583,7 @@ Run specific or all checks:
 }
 
 // src/resources/project-info.ts
-import path10 from "path";
+import path17 from "path";
 var projectInfoResourceTemplate = {
   uri: "smartstack://project",
   name: "SmartStack Project Info",
@@ -4469,16 +8620,16 @@ async function getProjectInfoResource(config) {
   lines.push("```");
   lines.push(`${projectInfo.name}/`);
   if (structure.domain) {
-    lines.push(`\u251C\u2500\u2500 ${path10.basename(structure.domain)}/          # Domain layer (entities)`);
+    lines.push(`\u251C\u2500\u2500 ${path17.basename(structure.domain)}/          # Domain layer (entities)`);
   }
   if (structure.application) {
-    lines.push(`\u251C\u2500\u2500 ${path10.basename(structure.application)}/     # Application layer (services)`);
+    lines.push(`\u251C\u2500\u2500 ${path17.basename(structure.application)}/     # Application layer (services)`);
   }
   if (structure.infrastructure) {
-    lines.push(`\u251C\u2500\u2500 ${path10.basename(structure.infrastructure)}/  # Infrastructure (EF Core)`);
+    lines.push(`\u251C\u2500\u2500 ${path17.basename(structure.infrastructure)}/  # Infrastructure (EF Core)`);
   }
   if (structure.api) {
-    lines.push(`\u251C\u2500\u2500 ${path10.basename(structure.api)}/             # API layer (controllers)`);
+    lines.push(`\u251C\u2500\u2500 ${path17.basename(structure.api)}/             # API layer (controllers)`);
   }
   if (structure.web) {
     lines.push(`\u2514\u2500\u2500 web/smartstack-web/      # React frontend`);
@@ -4491,8 +8642,8 @@ async function getProjectInfoResource(config) {
     lines.push("| Project | Path |");
     lines.push("|---------|------|");
     for (const csproj of projectInfo.csprojFiles) {
-      const name = path10.basename(csproj, ".csproj");
-      const relativePath = path10.relative(projectPath, csproj);
+      const name = path17.basename(csproj, ".csproj");
+      const relativePath = path17.relative(projectPath, csproj);
       lines.push(`| ${name} | \`${relativePath}\` |`);
     }
     lines.push("");
@@ -4502,10 +8653,10 @@ async function getProjectInfoResource(config) {
       cwd: structure.migrations,
       ignore: ["*.Designer.cs"]
     });
-    const migrations = migrationFiles.map((f) => path10.basename(f)).filter((f) => !f.includes("ModelSnapshot") && !f.includes(".Designer.")).sort();
+    const migrations = migrationFiles.map((f) => path17.basename(f)).filter((f) => !f.includes("ModelSnapshot") && !f.includes(".Designer.")).sort();
     lines.push("## EF Core Migrations");
     lines.push("");
-    lines.push(`**Location**: \`${path10.relative(projectPath, structure.migrations)}\``);
+    lines.push(`**Location**: \`${path17.relative(projectPath, structure.migrations)}\``);
     lines.push(`**Total Migrations**: ${migrations.length}`);
     lines.push("");
     if (migrations.length > 0) {
@@ -4540,11 +8691,11 @@ async function getProjectInfoResource(config) {
   lines.push("dotnet build");
   lines.push("");
   lines.push("# Run API");
-  lines.push(`cd ${structure.api ? path10.relative(projectPath, structure.api) : "SmartStack.Api"}`);
+  lines.push(`cd ${structure.api ? path17.relative(projectPath, structure.api) : "SmartStack.Api"}`);
   lines.push("dotnet run");
   lines.push("");
   lines.push("# Run frontend");
-  lines.push(`cd ${structure.web ? path10.relative(projectPath, structure.web) : "web/smartstack-web"}`);
+  lines.push(`cd ${structure.web ? path17.relative(projectPath, structure.web) : "web/smartstack-web"}`);
   lines.push("npm run dev");
   lines.push("");
   lines.push("# Create migration");
@@ -4567,7 +8718,7 @@ async function getProjectInfoResource(config) {
 }
 
 // src/resources/api-endpoints.ts
-import path11 from "path";
+import path18 from "path";
 var apiEndpointsResourceTemplate = {
   uri: "smartstack://api/",
   name: "SmartStack API Endpoints",
@@ -4592,7 +8743,7 @@ async function getApiEndpointsResource(config, endpointFilter) {
 }
 async function parseController(filePath, _rootPath) {
   const content = await readText(filePath);
-  const fileName = path11.basename(filePath, ".cs");
+  const fileName = path18.basename(filePath, ".cs");
   const controllerName = fileName.replace("Controller", "");
   const endpoints = [];
   const routeMatch = content.match(/\[Route\s*\(\s*"([^"]+)"\s*\)\]/);
@@ -4739,7 +8890,7 @@ function getMethodEmoji(method) {
 }
 
 // src/resources/db-schema.ts
-import path12 from "path";
+import path19 from "path";
 var dbSchemaResourceTemplate = {
   uri: "smartstack://schema/",
   name: "SmartStack Database Schema",
@@ -4829,7 +8980,7 @@ async function parseEntity(filePath, rootPath, _config) {
     tableName,
     properties,
     relationships,
-    file: path12.relative(rootPath, filePath)
+    file: path19.relative(rootPath, filePath)
   };
 }
 async function enrichFromConfigurations(entities, infrastructurePath, _config) {
@@ -4975,7 +9126,7 @@ function formatSchema(entities, filter, _config) {
 }
 
 // src/resources/entities.ts
-import path13 from "path";
+import path20 from "path";
 var entitiesResourceTemplate = {
   uri: "smartstack://entities/",
   name: "SmartStack Entities",
@@ -5035,7 +9186,7 @@ async function parseEntitySummary(filePath, rootPath, config) {
     hasSoftDelete,
     hasRowVersion,
     file: filePath,
-    relativePath: path13.relative(rootPath, filePath)
+    relativePath: path20.relative(rootPath, filePath)
   };
 }
 function inferTableInfo(entityName, config) {
@@ -5222,7 +9373,16 @@ async function createServer() {
         checkMigrationsTool,
         scaffoldExtensionTool,
         apiDocsTool,
-        suggestMigrationTool
+        suggestMigrationTool,
+        // Test Tools
+        scaffoldTestsTool,
+        analyzeTestCoverageTool,
+        validateTestConventionsTool,
+        suggestTestScenariosTool,
+        // Frontend Route Tools
+        scaffoldApiClientTool,
+        scaffoldRoutesTool,
+        validateFrontendRoutesTool
       ]
     };
   });
@@ -5248,6 +9408,29 @@ async function createServer() {
         case "suggest_migration":
           result = await handleSuggestMigration(args, config);
           break;
+        // Test Tools
+        case "scaffold_tests":
+          result = await handleScaffoldTests(args, config);
+          break;
+        case "analyze_test_coverage":
+          result = await handleAnalyzeTestCoverage(args, config);
+          break;
+        case "validate_test_conventions":
+          result = await handleValidateTestConventions(args, config);
+          break;
+        case "suggest_test_scenarios":
+          result = await handleSuggestTestScenarios(args, config);
+          break;
+        // Frontend Route Tools
+        case "scaffold_api_client":
+          result = await handleScaffoldApiClient(args ?? {}, config);
+          break;
+        case "scaffold_routes":
+          result = await handleScaffoldRoutes(args ?? {}, config);
+          break;
+        case "validate_frontend_routes":
+          result = await handleValidateFrontendRoutes(args ?? {}, config);
+          break;
         default:
           throw new Error(`Unknown tool: ${name}`);
       }