@classytic/arc 1.1.0 → 2.1.2

package/dist/testing/index.mjs

@@ -0,0 +1,1977 @@
+import { t as CRUD_OPERATIONS } from "../constants-DdXFXQtN.mjs";
+import { n as applyFieldWritePermissions, t as applyFieldReadPermissions } from "../fields-iagOozy0.mjs";
+import Fastify from "fastify";
+import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
+import mongoose, { Model } from "mongoose";
+
+//#region src/testing/TestHarness.ts
+/**
+* Resource Test Harness
+*
+* Generates baseline tests for Arc resources automatically.
+* Tests CRUD operations + preset routes with minimal configuration.
+*
+* @example
+* import { createTestHarness } from '@classytic/arc/testing';
+* import productResource from './product.resource.js';
+*
+* const harness = createTestHarness(productResource, {
+*   fixtures: {
+*     valid: { name: 'Test Product', price: 100 },
+*     update: { name: 'Updated Product' },
+*   },
+* });
+*
+* // Run all baseline tests (50+ auto-generated)
+* harness.runAll();
+*
+* // Or run specific test suites
+* harness.runCrud();
+* harness.runPresets();
+*/
+/**
+* Test harness for Arc resources
+*
+* Provides automatic test generation for:
+* - CRUD operations (create, read, update, delete)
+* - Schema validation
+* - Preset-specific functionality (softDelete, slugLookup, tree, etc.)
+*/
+var TestHarness = class {
+	resource;
+	fixtures;
+	setupFn;
+	teardownFn;
+	mongoUri;
+	_createdIds = [];
+	Model;
+	constructor(resource, options) {
+		this.resource = resource;
+		this.fixtures = options.fixtures;
+		this.setupFn = options.setupFn;
+		this.teardownFn = options.teardownFn;
+		this.mongoUri = options.mongoUri || process.env.MONGO_URI || "mongodb://localhost:27017/test";
+		if (!resource.adapter) throw new Error(`TestHarness requires a resource with a database adapter`);
+		if (resource.adapter.type !== "mongoose") throw new Error(`TestHarness currently only supports Mongoose adapters`);
+		const model = resource.adapter.model;
+		if (!model) throw new Error(`Mongoose adapter for ${resource.name} does not have a model`);
+		this.Model = model;
+	}
+	/**
+	* Run all baseline tests
+	*
+	* Executes CRUD, validation, and preset tests
+	*/
+	runAll() {
+		this.runCrud();
+		this.runValidation();
+		this.runPresets();
+		this.runFieldPermissions();
+		this.runPipeline();
+		this.runEvents();
+	}
+	/**
+	* Run CRUD operation tests (model-level)
+	*
+	* Tests: create, read (list + getById), update, delete
+	*
+	* @deprecated Use `HttpTestHarness.runCrud()` for HTTP-level CRUD tests.
+	* This method tests Mongoose models directly and does not exercise
+	* HTTP routes, authentication, permissions, or the Arc pipeline.
+	*/
+	runCrud() {
+		const { resource, fixtures, Model } = this;
+		describe(`${resource.displayName} CRUD Operations`, () => {
+			beforeAll(async () => {
+				await mongoose.connect(this.mongoUri);
+				if (this.setupFn) await this.setupFn();
+			});
+			afterAll(async () => {
+				if (this._createdIds.length > 0) await Model.deleteMany({ _id: { $in: this._createdIds } });
+				if (this.teardownFn) await this.teardownFn();
+				await mongoose.disconnect();
+			});
+			describe("Create", () => {
+				it("should create a new document with valid data", async () => {
+					const doc = await Model.create(fixtures.valid);
+					this._createdIds.push(doc._id);
+					expect(doc).toBeDefined();
+					expect(doc._id).toBeDefined();
+					for (const [key, value] of Object.entries(fixtures.valid)) if (typeof value !== "object") expect(doc[key]).toEqual(value);
+				});
+				it("should have timestamps", async () => {
+					const doc = await Model.findById(this._createdIds[0]);
+					expect(doc).toBeDefined();
+					expect(doc.createdAt).toBeDefined();
+					expect(doc.updatedAt).toBeDefined();
+				});
+			});
+			describe("Read", () => {
+				it("should find document by ID", async () => {
+					expect(await Model.findById(this._createdIds[0])).toBeDefined();
+				});
+				it("should list documents", async () => {
+					const docs = await Model.find({});
+					expect(Array.isArray(docs)).toBe(true);
+					expect(docs.length).toBeGreaterThan(0);
+				});
+			});
+			describe("Update", () => {
+				it("should update document", async () => {
+					const updateData = fixtures.update || { updatedAt: /* @__PURE__ */ new Date() };
+					expect(await Model.findByIdAndUpdate(this._createdIds[0], updateData, { new: true })).toBeDefined();
+				});
+			});
+			describe("Delete", () => {
+				it("should delete document", async () => {
+					const toDelete = await Model.create(fixtures.valid);
+					await Model.findByIdAndDelete(toDelete._id);
+					expect(await Model.findById(toDelete._id)).toBeNull();
+				});
+			});
+		});
+	}
+	/**
+	* Run validation tests
+	*
+	* Tests schema validation, required fields, etc.
+	*/
+	runValidation() {
+		const { resource, fixtures, Model } = this;
+		describe(`${resource.displayName} Validation`, () => {
+			beforeAll(async () => {
+				await mongoose.connect(this.mongoUri);
+			});
+			afterAll(async () => {
+				await mongoose.disconnect();
+			});
+			it("should reject empty document", async () => {
+				await expect(Model.create({})).rejects.toThrow();
+			});
+			if (fixtures.invalid) it("should reject invalid data", async () => {
+				await expect(Model.create(fixtures.invalid)).rejects.toThrow();
+			});
+		});
+	}
+	/**
+	* Run preset-specific tests
+	*
+	* Auto-detects applied presets and tests their functionality:
+	* - softDelete: deletedAt field, soft delete/restore
+	* - slugLookup: slug generation
+	* - tree: parent references, displayOrder
+	* - multiTenant: organizationId requirement
+	* - ownedByUser: userId requirement
+	*/
+	runPresets() {
+		const { resource, fixtures, Model } = this;
+		const presets = resource._appliedPresets || [];
+		if (presets.length === 0) return;
+		describe(`${resource.displayName} Preset Tests`, () => {
+			beforeAll(async () => {
+				await mongoose.connect(this.mongoUri);
+			});
+			afterAll(async () => {
+				await mongoose.disconnect();
+			});
+			if (presets.includes("softDelete")) describe("Soft Delete", () => {
+				let testDoc;
+				beforeEach(async () => {
+					testDoc = await Model.create(fixtures.valid);
+					this._createdIds.push(testDoc._id);
+				});
+				it("should have deletedAt field", () => {
+					expect(testDoc.deletedAt).toBeDefined();
+					expect(testDoc.deletedAt).toBeNull();
+				});
+				it("should soft delete (set deletedAt)", async () => {
+					await Model.findByIdAndUpdate(testDoc._id, { deletedAt: /* @__PURE__ */ new Date() });
+					expect((await Model.findById(testDoc._id)).deletedAt).not.toBeNull();
+				});
+				it("should restore (clear deletedAt)", async () => {
+					await Model.findByIdAndUpdate(testDoc._id, { deletedAt: /* @__PURE__ */ new Date() });
+					await Model.findByIdAndUpdate(testDoc._id, { deletedAt: null });
+					expect((await Model.findById(testDoc._id)).deletedAt).toBeNull();
+				});
+			});
+			if (presets.includes("slugLookup")) describe("Slug Lookup", () => {
+				it("should have slug field", async () => {
+					const doc = await Model.create(fixtures.valid);
+					this._createdIds.push(doc._id);
+					expect(doc.slug).toBeDefined();
+				});
+				it("should generate slug from name", async () => {
+					const doc = await Model.create({
+						...fixtures.valid,
+						name: "Test Slug Name"
+					});
+					this._createdIds.push(doc._id);
+					expect(doc.slug).toMatch(/test-slug-name/i);
+				});
+			});
+			if (presets.includes("tree")) describe("Tree Structure", () => {
+				it("should allow parent reference", async () => {
+					const parent = await Model.create(fixtures.valid);
+					this._createdIds.push(parent._id);
+					const child = await Model.create({
+						...fixtures.valid,
+						parent: parent._id
+					});
+					this._createdIds.push(child._id);
+					expect(child.parent.toString()).toEqual(parent._id.toString());
+				});
+				it("should support displayOrder", async () => {
+					const doc = await Model.create({
+						...fixtures.valid,
+						displayOrder: 5
+					});
+					this._createdIds.push(doc._id);
+					expect(doc.displayOrder).toEqual(5);
+				});
+			});
+			if (presets.includes("multiTenant")) describe("Multi-Tenant", () => {
+				it("should require organizationId", async () => {
+					const docWithoutOrg = { ...fixtures.valid };
+					delete docWithoutOrg.organizationId;
+					await expect(Model.create(docWithoutOrg)).rejects.toThrow();
+				});
+			});
+			if (presets.includes("ownedByUser")) describe("Owned By User", () => {
+				it("should require userId", async () => {
+					const docWithoutUser = { ...fixtures.valid };
+					delete docWithoutUser.userId;
+					await expect(Model.create(docWithoutUser)).rejects.toThrow();
+				});
+			});
+		});
+	}
+	/**
+	* Run field-level permission tests
+	*
+	* Auto-generates tests for each field permission:
+	* - hidden: field is stripped from responses
+	* - visibleTo: field only shown to specified roles
+	* - writableBy: field stripped from writes by non-privileged users
+	* - redactFor: field shows redacted value for specified roles
+	*/
+	runFieldPermissions() {
+		const { resource } = this;
+		const fieldPerms = resource.fields;
+		if (!fieldPerms || Object.keys(fieldPerms).length === 0) return;
+		describe(`${resource.displayName} Field Permissions`, () => {
+			for (const [field, perm] of Object.entries(fieldPerms)) switch (perm._type) {
+				case "hidden":
+					it(`should always hide field '${field}'`, () => {
+						const result = applyFieldReadPermissions({
+							[field]: "secret",
+							otherField: "visible"
+						}, fieldPerms, []);
+						expect(result[field]).toBeUndefined();
+						expect(result.otherField).toBe("visible");
+					});
+					it(`should strip hidden field '${field}' from writes`, () => {
+						const result = applyFieldWritePermissions({
+							[field]: "attempt",
+							name: "test"
+						}, fieldPerms, []);
+						expect(result[field]).toBeUndefined();
+						expect(result.name).toBe("test");
+					});
+					break;
+				case "visibleTo":
+					it(`should hide field '${field}' from non-privileged users`, () => {
+						expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, ["viewer"])[field]).toBeUndefined();
+					});
+					if (perm.roles && perm.roles.length > 0) {
+						const allowedRole = perm.roles[0];
+						it(`should show field '${field}' to roles: ${[...perm.roles].join(", ")}`, () => {
+							expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, [allowedRole])[field]).toBe("sensitive");
+						});
+					}
+					break;
+				case "writableBy":
+					it(`should strip field '${field}' from writes by non-privileged users`, () => {
+						const result = applyFieldWritePermissions({
+							[field]: "new-value",
+							name: "test"
+						}, fieldPerms, ["viewer"]);
+						expect(result[field]).toBeUndefined();
+						expect(result.name).toBe("test");
+					});
+					if (perm.roles && perm.roles.length > 0) {
+						const writeRole = perm.roles[0];
+						it(`should allow writing field '${field}' by roles: ${[...perm.roles].join(", ")}`, () => {
+							expect(applyFieldWritePermissions({ [field]: "new-value" }, fieldPerms, [writeRole])[field]).toBe("new-value");
+						});
+					}
+					break;
+				case "redactFor":
+					if (perm.roles && perm.roles.length > 0) {
+						const redactRole = perm.roles[0];
+						it(`should redact field '${field}' for roles: ${[...perm.roles].join(", ")}`, () => {
+							expect(applyFieldReadPermissions({ [field]: "real-value" }, fieldPerms, [redactRole])[field]).toBe(perm.redactValue ?? "***");
+						});
+					}
+					it(`should show real value of field '${field}' to non-redacted roles`, () => {
+						expect(applyFieldReadPermissions({ [field]: "real-value" }, fieldPerms, ["unrelated-role"])[field]).toBe("real-value");
+					});
+					break;
+			}
+		});
+	}
+	/**
+	* Run pipeline configuration tests
+	*
+	* Validates that pipeline steps are properly configured:
+	* - All steps have names
+	* - All steps have valid _type discriminants
+	* - Operation filters (if set) use valid CRUD operation names
+	*/
+	runPipeline() {
+		const { resource } = this;
+		const pipe = resource.pipe;
+		if (!pipe) return;
+		const validOps = new Set(CRUD_OPERATIONS);
+		describe(`${resource.displayName} Pipeline`, () => {
+			const steps = collectPipelineSteps(pipe);
+			it("should have at least one pipeline step", () => {
+				expect(steps.length).toBeGreaterThan(0);
+			});
+			for (const step of steps) {
+				it(`${step._type} '${step.name}' should have a valid type`, () => {
+					expect([
+						"guard",
+						"transform",
+						"interceptor"
+					]).toContain(step._type);
+				});
+				it(`${step._type} '${step.name}' should have a name`, () => {
+					expect(step.name).toBeTruthy();
+					expect(typeof step.name).toBe("string");
+				});
+				it(`${step._type} '${step.name}' should have a handler function`, () => {
+					expect(typeof step.handler).toBe("function");
+				});
+				if (step.operations?.length) it(`${step._type} '${step.name}' should target valid operations`, () => {
+					for (const op of step.operations) expect(validOps.has(op)).toBe(true);
+				});
+			}
+		});
+	}
+	/**
+	* Run event definition tests
+	*
+	* Validates that events are properly defined:
+	* - All events have handler functions
+	* - Event names follow resource:action convention
+	* - Schema definitions (if present) are valid objects
+	*/
+	runEvents() {
+		const { resource } = this;
+		const events = resource.events;
+		if (!events || Object.keys(events).length === 0) return;
+		describe(`${resource.displayName} Events`, () => {
+			for (const [action, def] of Object.entries(events)) {
+				it(`event '${resource.name}:${action}' should have a handler function`, () => {
+					expect(typeof def.handler).toBe("function");
+				});
+				it(`event '${resource.name}:${action}' should have a name`, () => {
+					expect(def.name).toBeTruthy();
+					expect(typeof def.name).toBe("string");
+				});
+				if (def.schema) it(`event '${resource.name}:${action}' schema should be an object`, () => {
+					expect(typeof def.schema).toBe("object");
+					expect(def.schema).not.toBeNull();
+				});
+			}
+		});
+	}
+};
+/**
+* Collect all pipeline steps from a PipelineConfig (flat array or per-operation map)
+*/
+function collectPipelineSteps(pipe) {
+	if (Array.isArray(pipe)) return pipe;
+	const seen = /* @__PURE__ */ new Set();
+	const steps = [];
+	for (const opSteps of Object.values(pipe)) if (Array.isArray(opSteps)) for (const step of opSteps) {
+		const key = `${step._type}:${step.name}`;
+		if (!seen.has(key)) {
+			seen.add(key);
+			steps.push(step);
+		}
+	}
+	return steps;
+}
+/**
+* Create a test harness for an Arc resource
+*
+* @param resource - The Arc resource definition to test
+* @param options - Test harness configuration
+* @returns Test harness instance
+*
+* @example
+* import { createTestHarness } from '@classytic/arc/testing';
+*
+* const harness = createTestHarness(productResource, {
+*   fixtures: {
+*     valid: { name: 'Product', price: 100 },
+*     update: { name: 'Updated' },
+*   },
+* });
+*
+* harness.runAll(); // Generates 50+ baseline tests
+*/
+function createTestHarness(resource, options) {
+	return new TestHarness(resource, options);
+}
+/**
+* Generate test file content for a resource
+*
+* Useful for scaffolding new resource tests via CLI
+*
+* @param resourceName - Resource name in kebab-case (e.g., 'product')
+* @param options - Generation options
+* @returns Complete test file content as string
+*
+* @example
+* const testContent = generateTestFile('product', {
+*   presets: ['softDelete'],
+*   modulePath: './modules/catalog',
+* });
+* fs.writeFileSync('product.test.js', testContent);
+*/
+function generateTestFile(resourceName, options = {}) {
+	const { presets = [], modulePath = "." } = options;
+	const className = resourceName.split("-").map((s) => s.charAt(0).toUpperCase() + s.slice(1)).join("");
+	const varName = className.charAt(0).toLowerCase() + className.slice(1);
+	return `/**
+ * ${className} Resource Tests
+ *
+ * Auto-generated baseline tests. Customize as needed.
+ */
+
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import mongoose from 'mongoose';
+import { createTestHarness } from '@classytic/arc/testing';
+import ${varName}Resource from '${modulePath}/${resourceName}.resource.js';
+import ${className} from '${modulePath}/${resourceName}.model.js';
+
+const MONGO_URI = process.env.MONGO_TEST_URI || 'mongodb://localhost:27017/${resourceName}-test';
+
+// Test fixtures
+const fixtures = {
+  valid: {
+    name: 'Test ${className}',
+    // Add required fields here
+  },
+  update: {
+    name: 'Updated ${className}',
+  },
+  invalid: {
+    // Empty or invalid data
+  },
+};
+
+// Create test harness
+const harness = createTestHarness(${varName}Resource, {
+  fixtures,
+  mongoUri: MONGO_URI,
+});
+
+// Run all baseline tests
+harness.runAll();
+
+// Custom tests
+describe('${className} Custom Tests', () => {
+  let testId;
+
+  beforeAll(async () => {
+    await mongoose.connect(MONGO_URI);
+  });
+
+  afterAll(async () => {
+    if (testId) {
+      await ${className}.findByIdAndDelete(testId);
+    }
+    await mongoose.disconnect();
+  });
+
+  // Add your custom tests here
+  it('should pass custom validation', async () => {
+    // Example: const doc = await ${className}.create(fixtures.valid);
+    // testId = doc._id;
+    // expect(doc.someField).toBe('expectedValue');
+    expect(true).toBe(true);
+  });
+});
+`;
+}
+/**
+* Run config-level tests for a resource (no DB required)
+*
+* Tests field permissions, pipeline configuration, and event definitions.
+* Works with any adapter — no Mongoose dependency.
+*
+* @param resource - The Arc resource definition to test
+*
+* @example
+* ```typescript
+* import { createConfigTestSuite } from '@classytic/arc/testing';
+* import productResource from './product.resource.js';
+*
+* // Generates field permission, pipeline, and event tests
+* createConfigTestSuite(productResource);
+* ```
+*/
+function createConfigTestSuite(resource) {
+	const fieldPerms = resource.fields;
+	const pipe = resource.pipe;
+	const events = resource.events;
+	if (fieldPerms && Object.keys(fieldPerms).length > 0) runFieldPermissionTests(resource.displayName, fieldPerms);
+	if (pipe) runPipelineTests(resource.displayName, pipe);
+	if (events && Object.keys(events).length > 0) runEventTests(resource.name, resource.displayName, events);
+	if (resource.permissions && Object.keys(resource.permissions).length > 0) describe(`${resource.displayName} Permission Config`, () => {
+		for (const op of CRUD_OPERATIONS) {
+			const check = resource.permissions[op];
+			if (check) it(`${op} permission should be a function`, () => {
+				expect(typeof check).toBe("function");
+			});
+		}
+	});
+}
+function runFieldPermissionTests(displayName, fieldPerms) {
+	describe(`${displayName} Field Permissions`, () => {
+		for (const [field, perm] of Object.entries(fieldPerms)) switch (perm._type) {
+			case "hidden":
+				it(`should always hide field '${field}'`, () => {
+					expect(applyFieldReadPermissions({
+						[field]: "secret",
+						other: "visible"
+					}, fieldPerms, [])[field]).toBeUndefined();
+				});
+				it(`should strip hidden field '${field}' from writes`, () => {
+					expect(applyFieldWritePermissions({
+						[field]: "attempt",
+						name: "test"
+					}, fieldPerms, [])[field]).toBeUndefined();
+				});
+				break;
+			case "visibleTo":
+				it(`should hide field '${field}' from non-privileged users`, () => {
+					expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, ["_no_role_"])[field]).toBeUndefined();
+				});
+				if (perm.roles && perm.roles.length > 0) {
+					const allowedRole = perm.roles[0];
+					it(`should show field '${field}' to roles: ${[...perm.roles].join(", ")}`, () => {
+						expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, [allowedRole])[field]).toBe("sensitive");
+					});
+				}
+				break;
+			case "writableBy":
+				it(`should strip field '${field}' from writes by non-privileged users`, () => {
+					expect(applyFieldWritePermissions({
+						[field]: "v",
+						name: "test"
+					}, fieldPerms, ["_no_role_"])[field]).toBeUndefined();
+				});
+				if (perm.roles && perm.roles.length > 0) {
+					const writeRole = perm.roles[0];
+					it(`should allow writing field '${field}' by roles: ${[...perm.roles].join(", ")}`, () => {
+						expect(applyFieldWritePermissions({ [field]: "v" }, fieldPerms, [writeRole])[field]).toBe("v");
+					});
+				}
+				break;
+			case "redactFor":
+				if (perm.roles && perm.roles.length > 0) {
+					const redactRole = perm.roles[0];
+					it(`should redact field '${field}' for roles: ${[...perm.roles].join(", ")}`, () => {
+						expect(applyFieldReadPermissions({ [field]: "real" }, fieldPerms, [redactRole])[field]).toBe(perm.redactValue ?? "***");
+					});
+				}
+				it(`should show real value of field '${field}' to non-redacted roles`, () => {
+					expect(applyFieldReadPermissions({ [field]: "real" }, fieldPerms, ["_other_"])[field]).toBe("real");
+				});
+				break;
+		}
+	});
+}
+function runPipelineTests(displayName, pipe) {
+	const steps = collectPipelineSteps(pipe);
+	if (steps.length === 0) return;
+	const validOps = new Set(CRUD_OPERATIONS);
+	describe(`${displayName} Pipeline`, () => {
+		it("should have at least one pipeline step", () => {
+			expect(steps.length).toBeGreaterThan(0);
+		});
+		for (const step of steps) {
+			it(`${step._type} '${step.name}' should have a valid type`, () => {
+				expect([
+					"guard",
+					"transform",
+					"interceptor"
+				]).toContain(step._type);
+			});
+			it(`${step._type} '${step.name}' should have a handler function`, () => {
+				expect(typeof step.handler).toBe("function");
+			});
+			if (step.operations?.length) it(`${step._type} '${step.name}' should target valid operations`, () => {
+				for (const op of step.operations) expect(validOps.has(op)).toBe(true);
+			});
+		}
+	});
+}
+function runEventTests(resourceName, displayName, events) {
+	describe(`${displayName} Events`, () => {
+		for (const [action, def] of Object.entries(events)) {
+			it(`event '${resourceName}:${action}' should have a handler function`, () => {
+				expect(typeof def.handler).toBe("function");
+			});
+			it(`event '${resourceName}:${action}' should have a name`, () => {
+				expect(def.name).toBeTruthy();
+			});
+			if (def.schema) it(`event '${resourceName}:${action}' schema should be an object`, () => {
+				expect(typeof def.schema).toBe("object");
+				expect(def.schema).not.toBeNull();
+			});
+		}
+	});
+}
+
+//#endregion
+//#region src/testing/dbHelpers.ts
+/**
+* Testing Utilities - Database Helpers
+*
+* Utilities for managing test databases and fixtures
+*/
+/**
+* Test database manager
+*/
+var TestDatabase = class {
+	connection;
+	dbName;
+	constructor(dbName = `test_${Date.now()}`) {
+		this.dbName = dbName;
+	}
+	/**
+	* Connect to test database
+	*/
+	async connect(uri) {
+		const fullUri = `${uri || process.env.MONGO_TEST_URI || "mongodb://localhost:27017"}/${this.dbName}`;
+		this.connection = await mongoose.createConnection(fullUri).asPromise();
+		return this.connection;
+	}
+	/**
+	* Disconnect and cleanup
+	*/
+	async disconnect() {
+		if (this.connection) {
+			await this.connection.dropDatabase();
+			await this.connection.close();
+			this.connection = void 0;
+		}
+	}
+	/**
+	* Clear all collections
+	*/
+	async clear() {
+		if (!this.connection?.db) throw new Error("Database not connected");
+		const collections = await this.connection.db.collections();
+		await Promise.all(collections.map((collection) => collection.deleteMany({})));
+	}
+	/**
+	* Get connection
+	*/
+	getConnection() {
+		if (!this.connection) throw new Error("Database not connected");
+		return this.connection;
+	}
+};
+/**
+* Higher-order function to wrap tests with database setup/teardown
+*
+* @example
+* describe('Product Tests', () => {
+*   withTestDb(async (db) => {
+*     test('create product', async () => {
+*       const Product = db.getConnection().model('Product', schema);
+*       const product = await Product.create({ name: 'Test' });
+*       expect(product.name).toBe('Test');
+*     });
+*   });
+* });
+*/
+function withTestDb(tests, options = {}) {
+	const db = new TestDatabase(options.dbName);
+	beforeAll(async () => {
+		await db.connect(options.uri);
+	});
+	afterAll(async () => {
+		await db.disconnect();
+	});
+	afterEach(async () => {
+		await db.clear();
+	});
+	tests(db);
+}
+/**
+* Create test fixtures
+*
+* @example
+* const fixtures = new TestFixtures(connection);
+*
+* await fixtures.load('products', [
+*   { name: 'Product 1', price: 100 },
+*   { name: 'Product 2', price: 200 },
+* ]);
+*
+* const products = await fixtures.get('products');
+*/
+var TestFixtures = class {
+	fixtures = /* @__PURE__ */ new Map();
+	connection;
+	constructor(connection) {
+		this.connection = connection;
+	}
+	/**
+	* Load fixtures into a collection
+	*/
+	async load(collectionName, data) {
+		const result = await this.connection.collection(collectionName).insertMany(data);
+		const insertedDocs = Object.values(result.insertedIds).map((id, index) => ({
+			...data[index],
+			_id: id
+		}));
+		this.fixtures.set(collectionName, insertedDocs);
+		return insertedDocs;
+	}
+	/**
+	* Get loaded fixtures
+	*/
+	get(collectionName) {
+		return this.fixtures.get(collectionName) || [];
+	}
+	/**
+	* Get first fixture
+	*/
+	getFirst(collectionName) {
+		return this.get(collectionName)[0] || null;
+	}
+	/**
+	* Clear all fixtures
+	*/
+	async clear() {
+		for (const collectionName of this.fixtures.keys()) {
+			const collection = this.connection.collection(collectionName);
+			const ids = this.fixtures.get(collectionName)?.map((item) => item._id) || [];
+			await collection.deleteMany({ _id: { $in: ids } });
+		}
+		this.fixtures.clear();
+	}
+};
+/**
+* In-memory MongoDB for ultra-fast tests
+*
+* Requires: mongodb-memory-server
+*
+* @example
+* import { InMemoryDatabase } from '@classytic/arc/testing';
+*
+* describe('Fast Tests', () => {
+*   const memoryDb = new InMemoryDatabase();
+*
+*   beforeAll(async () => {
+*     await memoryDb.start();
+*   });
+*
+*   afterAll(async () => {
+*     await memoryDb.stop();
+*   });
+*
+*   test('create user', async () => {
+*     const uri = memoryDb.getUri();
+*     // Use uri for connection
+*   });
+* });
+*/
+var InMemoryDatabase = class {
+	mongod;
+	uri;
+	/**
+	* Start in-memory MongoDB
+	*/
+	async start() {
+		try {
+			const { MongoMemoryServer } = await import("mongodb-memory-server");
+			this.mongod = await MongoMemoryServer.create();
+			const uri = this.mongod.getUri();
+			this.uri = uri;
+			return uri;
+		} catch {
+			throw new Error("mongodb-memory-server not installed. Install with: npm install -D mongodb-memory-server");
+		}
+	}
+	/**
+	* Stop in-memory MongoDB
+	*/
+	async stop() {
+		if (this.mongod) {
+			await this.mongod.stop();
+			this.mongod = void 0;
+			this.uri = void 0;
+		}
+	}
+	/**
+	* Get connection URI
+	*/
+	getUri() {
+		if (!this.uri) throw new Error("In-memory database not started");
+		return this.uri;
+	}
+};
+/**
+* Database transaction helper for testing
+*/
+var TestTransaction = class {
+	session;
+	connection;
+	constructor(connection) {
+		this.connection = connection;
+	}
+	/**
+	* Start transaction
+	*/
+	async start() {
+		this.session = await this.connection.startSession();
+		this.session.startTransaction();
+	}
+	/**
+	* Commit transaction
+	*/
+	async commit() {
+		if (!this.session) throw new Error("Transaction not started");
+		await this.session.commitTransaction();
+		await this.session.endSession();
+		this.session = void 0;
+	}
+	/**
+	* Rollback transaction
+	*/
+	async rollback() {
+		if (!this.session) throw new Error("Transaction not started");
+		await this.session.abortTransaction();
+		await this.session.endSession();
+		this.session = void 0;
+	}
+	/**
+	* Get session
+	*/
+	getSession() {
+		if (!this.session) throw new Error("Transaction not started");
+		return this.session;
+	}
+};
+/**
+* Seed data helper
+*/
+var TestSeeder = class {
+	connection;
+	constructor(connection) {
+		this.connection = connection;
+	}
+	/**
+	* Seed collection with data
+	*/
+	async seed(collectionName, generator, count = 10) {
+		const data = Array.from({ length: count }, () => generator()).flat();
+		const result = await this.connection.collection(collectionName).insertMany(data);
+		return Object.values(result.insertedIds).map((id, index) => ({
+			...data[index],
+			_id: id
+		}));
+	}
+	/**
+	* Clear collection
+	*/
+	async clear(collectionName) {
+		await this.connection.collection(collectionName).deleteMany({});
+	}
+	/**
+	* Clear all collections
+	*/
+	async clearAll() {
+		if (!this.connection.db) throw new Error("Database not connected");
+		const collections = await this.connection.db.collections();
+		await Promise.all(collections.map((collection) => collection.deleteMany({})));
+	}
+};
+/**
+* Database snapshot helper for rollback testing
+*/
+var DatabaseSnapshot = class {
+	snapshots = /* @__PURE__ */ new Map();
+	connection;
+	constructor(connection) {
+		this.connection = connection;
+	}
+	/**
+	* Take snapshot of current database state
+	*/
+	async take() {
+		if (!this.connection.db) throw new Error("Database not connected");
+		const collections = await this.connection.db.collections();
+		for (const collection of collections) {
+			const data = await collection.find({}).toArray();
+			this.snapshots.set(collection.collectionName, data);
+		}
+	}
+	/**
+	* Restore database to snapshot
+	*/
+	async restore() {
+		if (!this.connection.db) throw new Error("Database not connected");
+		const collections = await this.connection.db.collections();
+		await Promise.all(collections.map((collection) => collection.deleteMany({})));
+		for (const [collectionName, data] of this.snapshots.entries()) if (data.length > 0) await this.connection.collection(collectionName).insertMany(data);
+	}
+	/**
+	* Clear snapshot
+	*/
+	clear() {
+		this.snapshots.clear();
+	}
+};
+
+//#endregion
+//#region src/testing/testFactory.ts
+/**
+* Testing Utilities - Test App Factory
+*
+* Create Fastify test instances with Arc configuration
+*/
+/**
+* Create a test application instance with optional in-memory MongoDB
+*
+* **Performance Boost**: Uses in-memory MongoDB by default for 10x faster tests.
+*
+* @example Basic usage with in-memory DB
+* ```typescript
+* import { createTestApp } from '@classytic/arc/testing';
+*
+* describe('API Tests', () => {
+*   let testApp: TestAppResult;
+*
+*   beforeAll(async () => {
+*     testApp = await createTestApp({
+*       auth: { type: 'jwt', jwt: { secret: 'test-secret' } },
+*     });
+*   });
+*
+*   afterAll(async () => {
+*     await testApp.close(); // Cleans up DB and disconnects
+*   });
+*
+*   test('GET /health', async () => {
+*     const response = await testApp.app.inject({
+*       method: 'GET',
+*       url: '/health',
+*     });
+*     expect(response.statusCode).toBe(200);
+*   });
+* });
+* ```
+*
+* @example Using external MongoDB
+* ```typescript
+* const testApp = await createTestApp({
+*   auth: { type: 'jwt', jwt: { secret: 'test-secret' } },
+*   useInMemoryDb: false,
+*   mongoUri: 'mongodb://localhost:27017/test-db',
+* });
+* ```
+*
+* @example Accessing MongoDB URI for model connections
+* ```typescript
+* const testApp = await createTestApp({
+*   auth: { type: 'jwt', jwt: { secret: 'test-secret' } },
+* });
+* await mongoose.connect(testApp.mongoUri); // Connect your models
+* ```
+*/
+async function createTestApp(options = {}) {
+	const { createApp } = await import("../createApp-CUgNqegw.mjs").then((n) => n.r);
+	const { useInMemoryDb = true, mongoUri: providedMongoUri, ...appOptions } = options;
+	const defaultAuth = {
+		type: "jwt",
+		jwt: { secret: "test-secret-32-chars-minimum-len" }
+	};
+	let inMemoryDb = null;
+	let mongoUri = providedMongoUri;
+	if (useInMemoryDb && !providedMongoUri) try {
+		inMemoryDb = new InMemoryDatabase();
+		mongoUri = await inMemoryDb.start();
+	} catch (err) {
+		console.warn("[createTestApp] Failed to start in-memory MongoDB:", err.message, "\nFalling back to external MongoDB or no DB connection.");
+	}
+	const app = await createApp({
+		preset: "testing",
+		logger: false,
+		helmet: false,
+		cors: false,
+		rateLimit: false,
+		underPressure: false,
+		auth: defaultAuth,
+		...appOptions
+	});
+	return {
+		app,
+		mongoUri,
+		async close() {
+			await app.close();
+			if (inMemoryDb) await inMemoryDb.stop();
+		}
+	};
+}
+/**
+* Create a minimal Fastify instance for unit tests
+*
+* Use when you don't need Arc's full plugin stack
+*
+* @example
+* const app = createMinimalTestApp();
+* app.get('/test', async () => ({ success: true }));
+*
+* const response = await app.inject({ method: 'GET', url: '/test' });
+* expect(response.json()).toEqual({ success: true });
+*/
+function createMinimalTestApp(options = {}) {
+	return Fastify({
+		logger: false,
+		...options
+	});
+}
+/**
+* Test request builder for cleaner tests
+*
+* @example
+* const request = new TestRequestBuilder(app)
+*   .get('/products')
+*   .withAuth(mockUser)
+*   .withQuery({ page: 1, limit: 10 });
+*
+* const response = await request.send();
+* expect(response.statusCode).toBe(200);
+*/
+var TestRequestBuilder = class {
+	method = "GET";
+	url = "/";
+	body;
+	query;
+	headers = {};
+	app;
+	constructor(app) {
+		this.app = app;
+	}
+	get(url) {
+		this.method = "GET";
+		this.url = url;
+		return this;
+	}
+	post(url) {
+		this.method = "POST";
+		this.url = url;
+		return this;
+	}
+	put(url) {
+		this.method = "PUT";
+		this.url = url;
+		return this;
+	}
+	patch(url) {
+		this.method = "PATCH";
+		this.url = url;
+		return this;
+	}
+	delete(url) {
+		this.method = "DELETE";
+		this.url = url;
+		return this;
+	}
+	withBody(body) {
+		this.body = body;
+		return this;
+	}
+	withQuery(query) {
+		this.query = query;
+		return this;
+	}
+	withHeader(key, value) {
+		this.headers[key] = value;
+		return this;
+	}
+	withAuth(userOrHeaders) {
+		if ("authorization" in userOrHeaders || "Authorization" in userOrHeaders) {
+			for (const [key, value] of Object.entries(userOrHeaders)) if (typeof value === "string") this.headers[key] = value;
+		} else {
+			const token = this.app.jwt?.sign?.(userOrHeaders) || "mock-token";
+			this.headers["Authorization"] = `Bearer ${token}`;
+		}
+		return this;
+	}
+	withContentType(type) {
+		this.headers["Content-Type"] = type;
+		return this;
+	}
+	async send() {
+		return this.app.inject({
+			method: this.method,
+			url: this.url,
+			payload: this.body,
+			query: this.query,
+			headers: this.headers
+		});
+	}
+};
+/**
+* Helper to create a test request builder
+*/
+function request(app) {
+	return new TestRequestBuilder(app);
+}
+/**
+* Test helper for authentication
+*/
+function createTestAuth(app) {
+	return {
+		generateToken(user) {
+			if (!app.jwt) throw new Error("JWT plugin not registered");
+			return app.jwt.sign(user);
+		},
+		decodeToken(token) {
+			if (!app.jwt) throw new Error("JWT plugin not registered");
+			return app.jwt.decode(token);
+		},
+		async verifyToken(token) {
+			if (!app.jwt) throw new Error("JWT plugin not registered");
+			return app.jwt.verify(token);
+		}
+	};
+}
+/**
+* Snapshot testing helper for API responses
+*/
+function createSnapshotMatcher() {
+	return { matchStructure(response, expected) {
+		if (typeof response !== typeof expected) return false;
+		if (Array.isArray(response) && Array.isArray(expected)) return response.length === expected.length;
+		if (typeof response === "object" && response !== null) {
+			const responseKeys = Object.keys(response).sort();
+			const expectedKeys = Object.keys(expected).sort();
+			if (JSON.stringify(responseKeys) !== JSON.stringify(expectedKeys)) return false;
+			for (const key of responseKeys) if (!this.matchStructure(response[key], expected[key])) return false;
+			return true;
+		}
+		return true;
+	} };
+}
+/**
+* Bulk test data loader
+*/
+var TestDataLoader = class {
+	data = /* @__PURE__ */ new Map();
+	app;
+	constructor(app) {
+		this.app = app;
+	}
+	/**
+	* Load test data into database
+	*/
+	async load(collection, items) {
+		this.data.set(collection, items);
+		return items;
+	}
+	/**
+	* Clear all loaded test data
+	*/
+	async cleanup() {
+		for (const [collection, items] of this.data.entries());
+		this.data.clear();
+	}
+};
+
+//#endregion
+//#region src/testing/mocks.ts
+/**
+* Testing Utilities - Mock Factories
+*
+* Create mock repositories, controllers, and services for testing.
+* Uses Vitest for mocking (compatible with Jest API).
+*/
+/**
+* Create a mock repository for testing
+*
+* @example
+* const mockRepo = createMockRepository<Product>({
+*   getById: vi.fn().mockResolvedValue({ id: '1', name: 'Test' }),
+*   create: vi.fn().mockImplementation(data => Promise.resolve({ id: '1', ...data })),
+* });
+*
+* await mockRepo.getById('1'); // Returns mocked product
+*/
+function createMockRepository(overrides = {}) {
+	return {
+		getAll: vi.fn().mockResolvedValue({
+			docs: [],
+			total: 0,
+			page: 1,
+			limit: 20,
+			pages: 0,
+			hasNext: false,
+			hasPrev: false
+		}),
+		getById: vi.fn().mockResolvedValue(null),
+		create: vi.fn().mockImplementation((data) => Promise.resolve({
+			_id: "mock-id",
+			...data
+		})),
+		update: vi.fn().mockImplementation((_id, data) => Promise.resolve({
+			_id: "mock-id",
+			...data
+		})),
+		delete: vi.fn().mockResolvedValue({
+			success: true,
+			message: "Deleted"
+		}),
+		getBySlug: vi.fn().mockResolvedValue(null),
+		getDeleted: vi.fn().mockResolvedValue([]),
+		restore: vi.fn().mockResolvedValue(null),
+		getTree: vi.fn().mockResolvedValue([]),
+		getChildren: vi.fn().mockResolvedValue([]),
+		...overrides
+	};
+}
+/**
+* Create a mock user for authentication testing
+*/
+function createMockUser(overrides = {}) {
+	return {
+		_id: "mock-user-id",
+		id: "mock-user-id",
+		email: "test@example.com",
+		roles: ["user"],
+		organizationId: null,
+		...overrides
+	};
+}
+/**
+* Create a mock Fastify request
+*/
+function createMockRequest(overrides = {}) {
+	return {
+		body: {},
+		params: {},
+		query: {},
+		headers: {},
+		user: createMockUser(),
+		context: {},
+		log: {
+			info: vi.fn(),
+			warn: vi.fn(),
+			error: vi.fn(),
+			debug: vi.fn()
+		},
+		...overrides
+	};
+}
+/**
+* Create a mock Fastify reply
+*/
+function createMockReply() {
+	return {
+		code: vi.fn().mockReturnThis(),
+		send: vi.fn().mockReturnThis(),
+		header: vi.fn().mockReturnThis(),
+		headers: vi.fn().mockReturnThis(),
+		status: vi.fn().mockReturnThis(),
+		type: vi.fn().mockReturnThis(),
+		redirect: vi.fn().mockReturnThis(),
+		callNotFound: vi.fn().mockReturnThis(),
+		sent: false
+	};
+}
+/**
+* Create a mock controller for testing
+*/
+function createMockController(repository) {
+	return {
+		repository,
+		list: vi.fn(),
+		get: vi.fn(),
+		create: vi.fn(),
+		update: vi.fn(),
+		delete: vi.fn()
+	};
+}
+/**
+* Create mock data factory
+*
+* @example
+* const productFactory = createDataFactory<Product>({
+*   name: () => faker.commerce.productName(),
+*   price: () => faker.number.int({ min: 10, max: 1000 }),
+*   sku: (i) => `SKU-${i}`,
+* });
+*
+* const product = productFactory.build();
+* const products = productFactory.buildMany(10);
+*/
+function createDataFactory(template) {
+	let counter = 0;
+	return {
+		build(overrides = {}) {
+			const index = counter++;
+			const data = {};
+			for (const [key, generator] of Object.entries(template)) data[key] = generator(index);
+			return {
+				...data,
+				...overrides
+			};
+		},
+		buildMany(count, overrides = {}) {
+			return Array.from({ length: count }, () => this.build(overrides));
+		},
+		reset() {
+			counter = 0;
+		}
+	};
+}
+/**
+* Create a spy that tracks function calls
+*
+* Useful for testing side effects without full mocking
+*/
+function createSpy(_name = "spy") {
+	const calls = [];
+	const spy = vi.fn((...args) => {
+		calls.push(args);
+	});
+	spy.getCalls = () => calls;
+	spy.getLastCall = () => calls[calls.length - 1] || [];
+	return spy;
+}
+/**
+* Wait for a condition to be true
+*
+* Useful for async testing
+*/
+async function waitFor(condition, options = {}) {
+	const { timeout = 5e3, interval = 100 } = options;
+	const startTime = Date.now();
+	while (Date.now() - startTime < timeout) {
+		if (await condition()) return;
+		await new Promise((resolve) => setTimeout(resolve, interval));
+	}
+	throw new Error(`Timeout waiting for condition after ${timeout}ms`);
+}
+/**
+* Create a test timer that can be controlled
+*/
+function createTestTimer() {
+	let time = Date.now();
+	return {
+		now: () => time,
+		advance: (ms) => {
+			time += ms;
+		},
+		set: (timestamp) => {
+			time = timestamp;
+		},
+		reset: () => {
+			time = Date.now();
+		}
+	};
+}
+
+//#endregion
+//#region src/testing/authHelpers.ts
+/**
+* Safely parse a JSON response body.
+* Returns null if parsing fails.
+*/
+function safeParseBody(body) {
+	try {
+		return JSON.parse(body);
+	} catch {
+		return null;
+	}
+}
+/**
+* Create stateless Better Auth test helpers.
+*
+* All methods take the app instance as a parameter, making them
+* safe to use across multiple test suites.
+*/
+function createBetterAuthTestHelpers(options = {}) {
+	const basePath = options.basePath ?? "/api/auth";
+	return {
+		async signUp(app, data) {
+			const res = await app.inject({
+				method: "POST",
+				url: `${basePath}/sign-up/email`,
+				payload: data
+			});
+			const token = res.headers["set-auth-token"];
+			const body = safeParseBody(res.body);
+			return {
+				statusCode: res.statusCode,
+				token: token || "",
+				user: body?.user || body,
+				body
+			};
+		},
+		async signIn(app, data) {
+			const res = await app.inject({
+				method: "POST",
+				url: `${basePath}/sign-in/email`,
+				payload: data
+			});
+			const token = res.headers["set-auth-token"];
+			const body = safeParseBody(res.body);
+			return {
+				statusCode: res.statusCode,
+				token: token || "",
+				user: body?.user || body,
+				body
+			};
+		},
+		async createOrg(app, token, data) {
+			const res = await app.inject({
+				method: "POST",
+				url: `${basePath}/organization/create`,
+				headers: { authorization: `Bearer ${token}` },
+				payload: data
+			});
+			const body = safeParseBody(res.body);
+			return {
+				statusCode: res.statusCode,
+				orgId: body?.id,
+				body
+			};
+		},
+		async setActiveOrg(app, token, orgId) {
+			const res = await app.inject({
+				method: "POST",
+				url: `${basePath}/organization/set-active`,
+				headers: { authorization: `Bearer ${token}` },
+				payload: { organizationId: orgId }
+			});
+			return {
+				statusCode: res.statusCode,
+				body: safeParseBody(res.body)
+			};
+		},
+		authHeaders(token, orgId) {
+			const h = { authorization: `Bearer ${token}` };
+			if (orgId) h["x-organization-id"] = orgId;
+			return h;
+		}
+	};
+}
+/**
+* Set up a complete test organization with users.
+*
+* Creates the app, signs up users, creates an org, adds members,
+* and returns a context object with tokens and a teardown function.
+*
+* @example
+* ```typescript
+* const ctx = await setupBetterAuthOrg({
+*   createApp: () => createAppInstance(),
+*   org: { name: 'Test Corp', slug: 'test-corp' },
+*   users: [
+*     { key: 'admin', email: 'admin@test.com', password: 'pass', name: 'Admin', role: 'admin', isCreator: true },
+*     { key: 'member', email: 'user@test.com', password: 'pass', name: 'User', role: 'member' },
+*   ],
+*   addMember: async (data) => {
+*     await auth.api.addMember({ body: data });
+*     return { statusCode: 200 };
+*   },
+* });
+*
+* // Use in tests:
+* const res = await ctx.app.inject({
+*   method: 'GET',
+*   url: '/api/products',
+*   headers: auth.authHeaders(ctx.users.admin.token, ctx.orgId),
+* });
+*
+* // Cleanup:
+* await ctx.teardown();
+* ```
+*/
+async function setupBetterAuthOrg(options) {
+	const { createApp, org, users: userConfigs, addMember, afterSetup, authHelpers: helpersOptions } = options;
+	const helpers = createBetterAuthTestHelpers(helpersOptions);
+	const creators = userConfigs.filter((u) => u.isCreator);
+	if (creators.length !== 1) throw new Error(`setupBetterAuthOrg: Exactly one user must have isCreator: true (found ${creators.length})`);
+	const app = await createApp();
+	await app.ready();
+	const signups = /* @__PURE__ */ new Map();
+	for (const userConfig of userConfigs) {
+		const signup = await helpers.signUp(app, {
+			email: userConfig.email,
+			password: userConfig.password,
+			name: userConfig.name
+		});
+		if (signup.statusCode !== 200) throw new Error(`setupBetterAuthOrg: Failed to sign up ${userConfig.email} (status ${signup.statusCode})`);
+		signups.set(userConfig.key, signup);
+	}
+	const creatorConfig = creators[0];
+	const creatorSignup = signups.get(creatorConfig.key);
+	const orgResult = await helpers.createOrg(app, creatorSignup.token, org);
+	if (orgResult.statusCode !== 200) throw new Error(`setupBetterAuthOrg: Failed to create org (status ${orgResult.statusCode})`);
+	const orgId = orgResult.orgId;
+	for (const userConfig of userConfigs) {
+		if (userConfig.isCreator) continue;
+		const result = await addMember({
+			organizationId: orgId,
+			userId: signups.get(userConfig.key).user?.id,
+			role: userConfig.role
+		});
+		if (result.statusCode !== 200) throw new Error(`setupBetterAuthOrg: Failed to add member ${userConfig.email} (status ${result.statusCode})`);
+	}
+	await helpers.setActiveOrg(app, creatorSignup.token, orgId);
+	const users = {};
+	for (const userConfig of userConfigs) if (userConfig.isCreator) {
+		const signup = signups.get(userConfig.key);
+		users[userConfig.key] = {
+			token: signup.token,
+			userId: signup.user?.id,
+			email: userConfig.email
+		};
+	} else {
+		const login = await helpers.signIn(app, {
+			email: userConfig.email,
+			password: userConfig.password
+		});
+		await helpers.setActiveOrg(app, login.token, orgId);
+		users[userConfig.key] = {
+			token: login.token,
+			userId: signups.get(userConfig.key).user?.id,
+			email: userConfig.email
+		};
+	}
+	const ctx = {
+		app,
+		orgId,
+		users,
+		async teardown() {
+			await app.close();
+		}
+	};
+	if (afterSetup) await afterSetup(ctx);
+	return ctx;
+}
+
+//#endregion
+//#region src/testing/HttpTestHarness.ts
+/**
+* HTTP Test Harness
+*
+* Generates HTTP-level CRUD tests for Arc resources using `app.inject()`.
+* Unlike TestHarness (which tests Mongoose models directly), this exercises
+* the full request lifecycle: HTTP routes, auth, permissions, pipeline,
+* field permissions, and the Arc response envelope.
+*
+* Supports both eager and deferred options:
+* - **Eager**: Pass options directly when app is available at construction time
+* - **Deferred**: Pass a getter function when app comes from async setup (beforeAll)
+*
+* @example Eager (app available at module level)
+* ```typescript
+* const harness = createHttpTestHarness(jobResource, {
+*   app,
+*   fixtures: { valid: { title: 'Test' } },
+*   auth: createJwtAuthProvider({ app, users, adminRole: 'admin' }),
+* });
+* harness.runAll();
+* ```
+*
+* @example Deferred (app from beforeAll)
+* ```typescript
+* let ctx: TestContext;
+* beforeAll(async () => { ctx = await setupTestOrg(); });
+* afterAll(async () => { await teardownTestOrg(ctx); });
+*
+* const harness = createHttpTestHarness(jobResource, () => ({
+*   app: ctx.app,
+*   fixtures: { valid: { title: 'Test' } },
+*   auth: createBetterAuthProvider({ tokens: { admin: ctx.users.admin.token }, orgId: ctx.orgId, adminRole: 'admin' }),
+* }));
+* harness.runAll();
+* ```
+*/
+/**
+* Create an auth provider for JWT-based apps.
+*
+* Generates JWT tokens on the fly using the app's JWT plugin.
+*
+* @example
+* ```typescript
+* const auth = createJwtAuthProvider({
+*   app,
+*   users: {
+*     admin: { payload: { id: '1', roles: ['admin'] }, organizationId: 'org1' },
+*     viewer: { payload: { id: '2', roles: ['viewer'] } },
+*   },
+*   adminRole: 'admin',
+* });
+* ```
+*/
+function createJwtAuthProvider(options) {
+	const { app, users, adminRole } = options;
+	return {
+		getHeaders(role) {
+			const user = users[role];
+			if (!user) throw new Error(`createJwtAuthProvider: Unknown role '${role}'. Available: ${Object.keys(users).join(", ")}`);
+			const headers = { authorization: `Bearer ${app.jwt?.sign?.(user.payload) || "mock-token"}` };
+			if (user.organizationId) headers["x-organization-id"] = user.organizationId;
+			return headers;
+		},
+		availableRoles: Object.keys(users),
+		adminRole
+	};
+}
+/**
+* Create an auth provider for Better Auth apps.
+*
+* Uses pre-existing tokens (from signUp/signIn) rather than generating them.
+*
+* @example
+* ```typescript
+* const auth = createBetterAuthProvider({
+*   tokens: {
+*     admin: ctx.users.admin.token,
+*     member: ctx.users.member.token,
+*   },
+*   orgId: ctx.orgId,
+*   adminRole: 'admin',
+* });
+* ```
+*/
+function createBetterAuthProvider(options) {
+	const { tokens, orgId, adminRole } = options;
+	return {
+		getHeaders(role) {
+			const token = tokens[role];
+			if (!token) throw new Error(`createBetterAuthProvider: No token for role '${role}'. Available: ${Object.keys(tokens).join(", ")}`);
+			return {
+				authorization: `Bearer ${token}`,
+				"x-organization-id": orgId
+			};
+		},
+		availableRoles: Object.keys(tokens),
+		adminRole
+	};
+}
+/**
+* HTTP-level test harness for Arc resources.
+*
+* Generates tests that exercise the full HTTP lifecycle:
+* routes, auth, permissions, pipeline, and response envelope.
+*
+* Supports deferred options via a getter function, which is essential
+* when the app instance comes from async `beforeAll()` setup.
+*/
+var HttpTestHarness = class {
+	resource;
+	optionsOrGetter;
+	baseUrl;
+	enabledRoutes;
+	updateMethod;
+	constructor(resource, optionsOrGetter) {
+		this.resource = resource;
+		this.optionsOrGetter = optionsOrGetter;
+		this.baseUrl = `${typeof optionsOrGetter === "function" ? "/api" : optionsOrGetter.apiPrefix ?? "/api"}${resource.prefix}`;
+		const disabled = new Set(resource.disabledRoutes ?? []);
+		this.enabledRoutes = new Set(resource.disableDefaultRoutes ? [] : CRUD_OPERATIONS.filter((op) => !disabled.has(op)));
+		this.updateMethod = resource.updateMethod === "PUT" ? "PUT" : "PATCH";
+	}
+	/** Resolve options (supports both direct and deferred) */
+	getOptions() {
+		return typeof this.optionsOrGetter === "function" ? this.optionsOrGetter() : this.optionsOrGetter;
+	}
+	/**
+	* Run all test suites: CRUD + permissions + validation
+	*/
+	runAll() {
+		this.runCrud();
+		this.runPermissions();
+		this.runValidation();
+	}
+	/**
+	* Run HTTP-level CRUD tests.
+	*
+	* Tests each enabled CRUD operation through app.inject():
+	* - POST (create) → 200/201 with { success: true, data }
+	* - GET (list) → 200 with array or paginated response
+	* - GET /:id → 200 with { success: true, data }
+	* - PATCH/PUT /:id → 200 with { success: true, data }
+	* - DELETE /:id → 200
+	* - GET /:id with non-existent ID → 404
+	*/
+	runCrud() {
+		const { resource, baseUrl, enabledRoutes, updateMethod } = this;
+		let createdId = null;
+		describe(`${resource.displayName} HTTP CRUD`, () => {
+			afterAll(async () => {
+				if (createdId && enabledRoutes.has("delete")) {
+					const { app, auth } = this.getOptions();
+					await app.inject({
+						method: "DELETE",
+						url: `${baseUrl}/${createdId}`,
+						headers: auth.getHeaders(auth.adminRole)
+					});
+				}
+			});
+			if (enabledRoutes.has("create")) it("POST should create a resource", async () => {
+				const { app, auth, fixtures } = this.getOptions();
+				const adminHeaders = auth.getHeaders(auth.adminRole);
+				const res = await app.inject({
+					method: "POST",
+					url: baseUrl,
+					headers: adminHeaders,
+					payload: fixtures.valid
+				});
+				expect(res.statusCode).toBeLessThan(300);
+				const body = JSON.parse(res.body);
+				expect(body.success).toBe(true);
+				expect(body.data).toBeDefined();
+				expect(body.data._id).toBeDefined();
+				createdId = body.data._id;
+			});
+			if (enabledRoutes.has("list")) it("GET should list resources", async () => {
+				const { app, auth } = this.getOptions();
+				const res = await app.inject({
+					method: "GET",
+					url: baseUrl,
+					headers: auth.getHeaders(auth.adminRole)
+				});
+				expect(res.statusCode).toBe(200);
+				const body = JSON.parse(res.body);
+				expect(body.success).toBe(true);
+				const list = body.data ?? body.docs;
+				expect(list).toBeDefined();
+				expect(Array.isArray(list)).toBe(true);
+			});
+			if (enabledRoutes.has("get")) {
+				it("GET /:id should return the resource", async () => {
+					if (!createdId) return;
+					const { app, auth } = this.getOptions();
+					const res = await app.inject({
+						method: "GET",
+						url: `${baseUrl}/${createdId}`,
+						headers: auth.getHeaders(auth.adminRole)
+					});
+					expect(res.statusCode).toBe(200);
+					const body = JSON.parse(res.body);
+					expect(body.success).toBe(true);
+					expect(body.data).toBeDefined();
+					expect(body.data._id).toBe(createdId);
+				});
+				it("GET /:id with non-existent ID should return 404", async () => {
+					const { app, auth } = this.getOptions();
+					const res = await app.inject({
+						method: "GET",
+						url: `${baseUrl}/000000000000000000000000`,
+						headers: auth.getHeaders(auth.adminRole)
+					});
+					expect(res.statusCode).toBe(404);
+					expect(JSON.parse(res.body).success).toBe(false);
+				});
+			}
+			if (enabledRoutes.has("update")) {
+				it(`${updateMethod} /:id should update the resource`, async () => {
+					if (!createdId) return;
+					const { app, auth, fixtures } = this.getOptions();
+					const updatePayload = fixtures.update || fixtures.valid;
+					const res = await app.inject({
+						method: updateMethod,
+						url: `${baseUrl}/${createdId}`,
+						headers: auth.getHeaders(auth.adminRole),
+						payload: updatePayload
+					});
+					expect(res.statusCode).toBe(200);
+					const body = JSON.parse(res.body);
+					expect(body.success).toBe(true);
+					expect(body.data).toBeDefined();
+				});
+				it(`${updateMethod} /:id with non-existent ID should return 404`, async () => {
+					const { app, auth, fixtures } = this.getOptions();
+					expect((await app.inject({
+						method: updateMethod,
+						url: `${baseUrl}/000000000000000000000000`,
+						headers: auth.getHeaders(auth.adminRole),
+						payload: fixtures.update || fixtures.valid
+					})).statusCode).toBe(404);
+				});
+			}
+			if (enabledRoutes.has("delete")) {
+				it("DELETE /:id should delete the resource", async () => {
+					const { app, auth, fixtures } = this.getOptions();
+					const adminHeaders = auth.getHeaders(auth.adminRole);
+					let deleteId;
+					if (enabledRoutes.has("create")) {
+						const createRes = await app.inject({
+							method: "POST",
+							url: baseUrl,
+							headers: adminHeaders,
+							payload: fixtures.valid
+						});
+						deleteId = JSON.parse(createRes.body).data?._id;
+					}
+					if (!deleteId) return;
+					expect((await app.inject({
+						method: "DELETE",
+						url: `${baseUrl}/${deleteId}`,
+						headers: adminHeaders
+					})).statusCode).toBe(200);
+					if (enabledRoutes.has("get")) expect((await app.inject({
+						method: "GET",
+						url: `${baseUrl}/${deleteId}`,
+						headers: adminHeaders
+					})).statusCode).toBe(404);
+				});
+				it("DELETE /:id with non-existent ID should return 404", async () => {
+					const { app, auth } = this.getOptions();
+					expect((await app.inject({
+						method: "DELETE",
+						url: `${baseUrl}/000000000000000000000000`,
+						headers: auth.getHeaders(auth.adminRole)
+					})).statusCode).toBe(404);
+				});
+			}
+		});
+	}
+	/**
+	* Run permission tests.
+	*
+	* Tests that:
+	* - Unauthenticated requests return 401
+	* - Admin role gets 2xx for all operations
+	*/
+	runPermissions() {
+		const { resource, baseUrl, enabledRoutes, updateMethod } = this;
+		describe(`${resource.displayName} HTTP Permissions`, () => {
+			if (enabledRoutes.has("list")) it("GET list without auth should return 401", async () => {
+				const { app } = this.getOptions();
+				expect((await app.inject({
+					method: "GET",
+					url: baseUrl
+				})).statusCode).toBe(401);
+			});
+			if (enabledRoutes.has("get")) it("GET get without auth should return 401", async () => {
+				const { app } = this.getOptions();
+				expect((await app.inject({
+					method: "GET",
+					url: `${baseUrl}/000000000000000000000000`
+				})).statusCode).toBe(401);
+			});
+			if (enabledRoutes.has("create")) it("POST create without auth should return 401", async () => {
+				const { app, fixtures } = this.getOptions();
+				expect((await app.inject({
+					method: "POST",
+					url: baseUrl,
+					payload: fixtures.valid
+				})).statusCode).toBe(401);
+			});
+			if (enabledRoutes.has("update")) it(`${updateMethod} update without auth should return 401`, async () => {
+				const { app, fixtures } = this.getOptions();
+				expect((await app.inject({
+					method: updateMethod,
+					url: `${baseUrl}/000000000000000000000000`,
+					payload: fixtures.update || fixtures.valid
+				})).statusCode).toBe(401);
+			});
+			if (enabledRoutes.has("delete")) it("DELETE delete without auth should return 401", async () => {
+				const { app } = this.getOptions();
+				expect((await app.inject({
+					method: "DELETE",
+					url: `${baseUrl}/000000000000000000000000`
+				})).statusCode).toBe(401);
+			});
+			if (enabledRoutes.has("list")) it("admin should access list endpoint", async () => {
+				const { app, auth } = this.getOptions();
+				expect((await app.inject({
+					method: "GET",
+					url: baseUrl,
+					headers: auth.getHeaders(auth.adminRole)
+				})).statusCode).toBeLessThan(400);
+			});
+			if (enabledRoutes.has("create")) it("admin should access create endpoint", async () => {
+				const { app, auth, fixtures } = this.getOptions();
+				const res = await app.inject({
+					method: "POST",
+					url: baseUrl,
+					headers: auth.getHeaders(auth.adminRole),
+					payload: fixtures.valid
+				});
+				expect(res.statusCode).toBeLessThan(400);
+				const body = JSON.parse(res.body);
+				if (body.data?._id && enabledRoutes.has("delete")) await app.inject({
+					method: "DELETE",
+					url: `${baseUrl}/${body.data._id}`,
+					headers: auth.getHeaders(auth.adminRole)
+				});
+			});
+		});
+	}
+	/**
+	* Run validation tests.
+	*
+	* Tests that invalid payloads return 400.
+	*/
+	runValidation() {
+		const { resource, baseUrl, enabledRoutes } = this;
+		if (!enabledRoutes.has("create")) return;
+		describe(`${resource.displayName} HTTP Validation`, () => {
+			it("POST with invalid payload should not return 2xx", async () => {
+				const { app, auth, fixtures } = this.getOptions();
+				if (!fixtures.invalid) return;
+				const res = await app.inject({
+					method: "POST",
+					url: baseUrl,
+					headers: auth.getHeaders(auth.adminRole),
+					payload: fixtures.invalid
+				});
+				expect(res.statusCode).toBeGreaterThanOrEqual(400);
+				expect(JSON.parse(res.body).success).toBe(false);
+			});
+		});
+	}
+};
+/**
+* Create an HTTP test harness for an Arc resource.
+*
+* Accepts options directly or as a getter function for deferred resolution.
+*
+* @example Deferred (recommended for async setup)
+* ```typescript
+* let ctx: TestContext;
+* beforeAll(async () => { ctx = await setupTestOrg(); });
+*
+* createHttpTestHarness(jobResource, () => ({
+*   app: ctx.app,
+*   fixtures: { valid: { title: 'Test' } },
+*   auth: createBetterAuthProvider({ ... }),
+* })).runAll();
+* ```
+*/
+function createHttpTestHarness(resource, optionsOrGetter) {
+	return new HttpTestHarness(resource, optionsOrGetter);
+}
+
+//#endregion
+export { DatabaseSnapshot, TestFixtures as DbTestFixtures, HttpTestHarness, InMemoryDatabase, TestDataLoader, TestDatabase, TestHarness, TestRequestBuilder, TestSeeder, TestTransaction, createBetterAuthProvider, createBetterAuthTestHelpers, createConfigTestSuite, createDataFactory, createHttpTestHarness, createJwtAuthProvider, createMinimalTestApp, createMockController, createMockReply, createMockRepository, createMockRequest, createMockUser, createSnapshotMatcher, createSpy, createTestApp, createTestAuth, createTestHarness, createTestTimer, generateTestFile, request, safeParseBody, setupBetterAuthOrg, waitFor, withTestDb };
+//# sourceMappingURL=index.mjs.map