@classytic/arc 2.3.0 → 2.4.2

package/dist/testing/index.mjs

@@ -1,2008 +1,1953 @@
-import { t as CRUD_OPERATIONS } from "../constants-DdXFXQtN.mjs";
-import { n as applyFieldWritePermissions, t as applyFieldReadPermissions } from "../fields-CTd_CrKr.mjs";
+import { t as CRUD_OPERATIONS } from "../constants-Cxde4rpC.mjs";
+import { n as applyFieldWritePermissions, t as applyFieldReadPermissions } from "../fields-ipsbIRPK.mjs";
 import Fastify from "fastify";
+import mongoose from "mongoose";
 import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
-import mongoose, { Model } from "mongoose";
-
-//#region src/testing/TestHarness.ts
+//#region src/testing/authHelpers.ts
 /**
-* Resource Test Harness
+* Safely parse a JSON response body.
+* Returns null if parsing fails.
+*/
+function safeParseBody(body) {
+	try {
+		return JSON.parse(body);
+	} catch {
+		return null;
+	}
+}
+/**
+* Create stateless Better Auth test helpers.
 *
-* Generates baseline tests for Arc resources automatically.
-* Tests CRUD operations + preset routes with minimal configuration.
+* All methods take the app instance as a parameter, making them
+* safe to use across multiple test suites.
+*/
+function createBetterAuthTestHelpers(options = {}) {
+	const basePath = options.basePath ?? "/api/auth";
+	return {
+		async signUp(app, data) {
+			const res = await app.inject({
+				method: "POST",
+				url: `${basePath}/sign-up/email`,
+				payload: data
+			});
+			const token = res.headers["set-auth-token"];
+			const body = safeParseBody(res.body);
+			return {
+				statusCode: res.statusCode,
+				token: token || "",
+				user: body?.user || body,
+				body
+			};
+		},
+		async signIn(app, data) {
+			const res = await app.inject({
+				method: "POST",
+				url: `${basePath}/sign-in/email`,
+				payload: data
+			});
+			const token = res.headers["set-auth-token"];
+			const body = safeParseBody(res.body);
+			return {
+				statusCode: res.statusCode,
+				token: token || "",
+				user: body?.user || body,
+				body
+			};
+		},
+		async createOrg(app, token, data) {
+			const res = await app.inject({
+				method: "POST",
+				url: `${basePath}/organization/create`,
+				headers: { authorization: `Bearer ${token}` },
+				payload: data
+			});
+			const body = safeParseBody(res.body);
+			return {
+				statusCode: res.statusCode,
+				orgId: body?.id,
+				body
+			};
+		},
+		async setActiveOrg(app, token, orgId) {
+			const res = await app.inject({
+				method: "POST",
+				url: `${basePath}/organization/set-active`,
+				headers: { authorization: `Bearer ${token}` },
+				payload: { organizationId: orgId }
+			});
+			return {
+				statusCode: res.statusCode,
+				body: safeParseBody(res.body)
+			};
+		},
+		authHeaders(token, orgId) {
+			const h = { authorization: `Bearer ${token}` };
+			if (orgId) h["x-organization-id"] = orgId;
+			return h;
+		}
+	};
+}
+/**
+* Set up a complete test organization with users.
 *
-* @example
-* import { createTestHarness } from '@classytic/arc/testing';
-* import productResource from './product.resource.js';
+* Creates the app, signs up users, creates an org, adds members,
+* and returns a context object with tokens and a teardown function.
 *
-* const harness = createTestHarness(productResource, {
-*   fixtures: {
-*     valid: { name: 'Test Product', price: 100 },
-*     update: { name: 'Updated Product' },
+* @example
+* ```typescript
+* const ctx = await setupBetterAuthOrg({
+*   createApp: () => createAppInstance(),
+*   org: { name: 'Test Corp', slug: 'test-corp' },
+*   users: [
+*     { key: 'admin', email: 'admin@test.com', password: 'pass', name: 'Admin', role: 'admin', isCreator: true },
+*     { key: 'member', email: 'user@test.com', password: 'pass', name: 'User', role: 'member' },
+*   ],
+*   addMember: async (data) => {
+*     await auth.api.addMember({ body: data });
+*     return { statusCode: 200 };
 *   },
 * });
 *
-* // Run all baseline tests (50+ auto-generated)
-* harness.runAll();
+* // Use in tests:
+* const res = await ctx.app.inject({
+*   method: 'GET',
+*   url: '/api/products',
+*   headers: auth.authHeaders(ctx.users.admin.token, ctx.orgId),
+* });
 *
-* // Or run specific test suites
-* harness.runCrud();
-* harness.runPresets();
+* // Cleanup:
+* await ctx.teardown();
+* ```
 */
+async function setupBetterAuthOrg(options) {
+	const { createApp, org, users: userConfigs, addMember, afterSetup, authHelpers: helpersOptions } = options;
+	const helpers = createBetterAuthTestHelpers(helpersOptions);
+	const creators = userConfigs.filter((u) => u.isCreator);
+	if (creators.length !== 1) throw new Error(`setupBetterAuthOrg: Exactly one user must have isCreator: true (found ${creators.length})`);
+	const app = await createApp();
+	await app.ready();
+	const signups = /* @__PURE__ */ new Map();
+	for (const userConfig of userConfigs) {
+		const signup = await helpers.signUp(app, {
+			email: userConfig.email,
+			password: userConfig.password,
+			name: userConfig.name
+		});
+		if (signup.statusCode !== 200) throw new Error(`setupBetterAuthOrg: Failed to sign up ${userConfig.email} (status ${signup.statusCode})`);
+		signups.set(userConfig.key, signup);
+	}
+	const creatorConfig = creators[0];
+	const creatorSignup = signups.get(creatorConfig.key);
+	const orgResult = await helpers.createOrg(app, creatorSignup.token, org);
+	if (orgResult.statusCode !== 200) throw new Error(`setupBetterAuthOrg: Failed to create org (status ${orgResult.statusCode})`);
+	const orgId = orgResult.orgId;
+	for (const userConfig of userConfigs) {
+		if (userConfig.isCreator) continue;
+		const result = await addMember({
+			organizationId: orgId,
+			userId: signups.get(userConfig.key).user?.id,
+			role: userConfig.role
+		});
+		if (result.statusCode !== 200) throw new Error(`setupBetterAuthOrg: Failed to add member ${userConfig.email} (status ${result.statusCode})`);
+	}
+	await helpers.setActiveOrg(app, creatorSignup.token, orgId);
+	const users = {};
+	for (const userConfig of userConfigs) if (userConfig.isCreator) {
+		const signup = signups.get(userConfig.key);
+		users[userConfig.key] = {
+			token: signup.token,
+			userId: signup.user?.id,
+			email: userConfig.email
+		};
+	} else {
+		const login = await helpers.signIn(app, {
+			email: userConfig.email,
+			password: userConfig.password
+		});
+		await helpers.setActiveOrg(app, login.token, orgId);
+		users[userConfig.key] = {
+			token: login.token,
+			userId: signups.get(userConfig.key)?.user?.id,
+			email: userConfig.email
+		};
+	}
+	const ctx = {
+		app,
+		orgId,
+		users,
+		async teardown() {
+			await app.close();
+		}
+	};
+	if (afterSetup) await afterSetup(ctx);
+	return ctx;
+}
+//#endregion
+//#region src/testing/dbHelpers.ts
 /**
-* Test harness for Arc resources
-*
-* Provides automatic test generation for:
-* - CRUD operations (create, read, update, delete)
-* - Schema validation
-* - Preset-specific functionality (softDelete, slugLookup, tree, etc.)
+* Test database manager
 */
-var TestHarness = class {
-	resource;
-	fixtures;
-	setupFn;
-	teardownFn;
-	mongoUri;
-	_createdIds = [];
-	Model;
-	constructor(resource, options) {
-		this.resource = resource;
-		this.fixtures = options.fixtures;
-		this.setupFn = options.setupFn;
-		this.teardownFn = options.teardownFn;
-		this.mongoUri = options.mongoUri || process.env.MONGO_URI || "mongodb://localhost:27017/test";
-		if (!resource.adapter) throw new Error(`TestHarness requires a resource with a database adapter`);
-		if (resource.adapter.type !== "mongoose") throw new Error(`TestHarness currently only supports Mongoose adapters`);
-		const model = resource.adapter.model;
-		if (!model) throw new Error(`Mongoose adapter for ${resource.name} does not have a model`);
-		this.Model = model;
+var TestDatabase = class {
+	connection;
+	dbName;
+	constructor(dbName = `test_${Date.now()}`) {
+		this.dbName = dbName;
 	}
 	/**
-	* Run all baseline tests
-	*
-	* Executes CRUD, validation, and preset tests
+	* Connect to test database
 	*/
-	runAll() {
-		this.runCrud();
-		this.runValidation();
-		this.runPresets();
-		this.runFieldPermissions();
-		this.runPipeline();
-		this.runEvents();
+	async connect(uri) {
+		const fullUri = `${uri || process.env.MONGO_TEST_URI || "mongodb://localhost:27017"}/${this.dbName}`;
+		this.connection = await mongoose.createConnection(fullUri).asPromise();
+		return this.connection;
 	}
 	/**
-	* Run CRUD operation tests (model-level)
-	*
-	* Tests: create, read (list + getById), update, delete
-	*
-	* @deprecated Use `HttpTestHarness.runCrud()` for HTTP-level CRUD tests.
-	* This method tests Mongoose models directly and does not exercise
-	* HTTP routes, authentication, permissions, or the Arc pipeline.
+	* Disconnect and cleanup
 	*/
-	runCrud() {
-		const { resource, fixtures, Model } = this;
-		describe(`${resource.displayName} CRUD Operations`, () => {
-			beforeAll(async () => {
-				await mongoose.connect(this.mongoUri);
-				if (this.setupFn) await this.setupFn();
-			});
-			afterAll(async () => {
-				if (this._createdIds.length > 0) await Model.deleteMany({ _id: { $in: this._createdIds } });
-				if (this.teardownFn) await this.teardownFn();
-				await mongoose.disconnect();
-			});
-			describe("Create", () => {
-				it("should create a new document with valid data", async () => {
-					const doc = await Model.create(fixtures.valid);
-					this._createdIds.push(doc._id);
-					expect(doc).toBeDefined();
-					expect(doc._id).toBeDefined();
-					for (const [key, value] of Object.entries(fixtures.valid)) if (typeof value !== "object") expect(doc[key]).toEqual(value);
-				});
-				it("should have timestamps", async () => {
-					const doc = await Model.findById(this._createdIds[0]);
-					expect(doc).toBeDefined();
-					expect(doc.createdAt).toBeDefined();
-					expect(doc.updatedAt).toBeDefined();
-				});
-			});
-			describe("Read", () => {
-				it("should find document by ID", async () => {
-					expect(await Model.findById(this._createdIds[0])).toBeDefined();
-				});
-				it("should list documents", async () => {
-					const docs = await Model.find({});
-					expect(Array.isArray(docs)).toBe(true);
-					expect(docs.length).toBeGreaterThan(0);
-				});
-			});
-			describe("Update", () => {
-				it("should update document", async () => {
-					const updateData = fixtures.update || { updatedAt: /* @__PURE__ */ new Date() };
-					expect(await Model.findByIdAndUpdate(this._createdIds[0], updateData, { new: true })).toBeDefined();
-				});
-			});
-			describe("Delete", () => {
-				it("should delete document", async () => {
-					const toDelete = await Model.create(fixtures.valid);
-					await Model.findByIdAndDelete(toDelete._id);
-					expect(await Model.findById(toDelete._id)).toBeNull();
-				});
-			});
-		});
+	async disconnect() {
+		if (this.connection) {
+			await this.connection.dropDatabase();
+			await this.connection.close();
+			this.connection = void 0;
+		}
 	}
 	/**
-	* Run validation tests
-	*
-	* Tests schema validation, required fields, etc.
+	* Clear all collections
 	*/
-	runValidation() {
-		const { resource, fixtures, Model } = this;
-		describe(`${resource.displayName} Validation`, () => {
-			beforeAll(async () => {
-				await mongoose.connect(this.mongoUri);
-			});
-			afterAll(async () => {
-				await mongoose.disconnect();
-			});
-			it("should reject empty document", async () => {
-				await expect(Model.create({})).rejects.toThrow();
-			});
-			if (fixtures.invalid) it("should reject invalid data", async () => {
-				await expect(Model.create(fixtures.invalid)).rejects.toThrow();
-			});
-		});
+	async clear() {
+		if (!this.connection?.db) throw new Error("Database not connected");
+		const collections = await this.connection.db.collections();
+		await Promise.all(collections.map((collection) => collection.deleteMany({})));
 	}
 	/**
-	* Run preset-specific tests
-	*
-	* Auto-detects applied presets and tests their functionality:
-	* - softDelete: deletedAt field, soft delete/restore
-	* - slugLookup: slug generation
-	* - tree: parent references, displayOrder
-	* - multiTenant: organizationId requirement
-	* - ownedByUser: userId requirement
+	* Get connection
 	*/
-	runPresets() {
-		const { resource, fixtures, Model } = this;
-		const presets = resource._appliedPresets || [];
-		if (presets.length === 0) return;
-		describe(`${resource.displayName} Preset Tests`, () => {
-			beforeAll(async () => {
-				await mongoose.connect(this.mongoUri);
-			});
-			afterAll(async () => {
-				await mongoose.disconnect();
-			});
-			if (presets.includes("softDelete")) describe("Soft Delete", () => {
-				let testDoc;
-				beforeEach(async () => {
-					testDoc = await Model.create(fixtures.valid);
-					this._createdIds.push(testDoc._id);
-				});
-				it("should have deletedAt field", () => {
-					expect(testDoc.deletedAt).toBeDefined();
-					expect(testDoc.deletedAt).toBeNull();
-				});
-				it("should soft delete (set deletedAt)", async () => {
-					await Model.findByIdAndUpdate(testDoc._id, { deletedAt: /* @__PURE__ */ new Date() });
-					expect((await Model.findById(testDoc._id)).deletedAt).not.toBeNull();
-				});
-				it("should restore (clear deletedAt)", async () => {
-					await Model.findByIdAndUpdate(testDoc._id, { deletedAt: /* @__PURE__ */ new Date() });
-					await Model.findByIdAndUpdate(testDoc._id, { deletedAt: null });
-					expect((await Model.findById(testDoc._id)).deletedAt).toBeNull();
-				});
-			});
-			if (presets.includes("slugLookup")) describe("Slug Lookup", () => {
-				it("should have slug field", async () => {
-					const doc = await Model.create(fixtures.valid);
-					this._createdIds.push(doc._id);
-					expect(doc.slug).toBeDefined();
-				});
-				it("should generate slug from name", async () => {
-					const doc = await Model.create({
-						...fixtures.valid,
-						name: "Test Slug Name"
-					});
-					this._createdIds.push(doc._id);
-					expect(doc.slug).toMatch(/test-slug-name/i);
-				});
-			});
-			if (presets.includes("tree")) describe("Tree Structure", () => {
-				it("should allow parent reference", async () => {
-					const parent = await Model.create(fixtures.valid);
-					this._createdIds.push(parent._id);
-					const child = await Model.create({
-						...fixtures.valid,
-						parent: parent._id
-					});
-					this._createdIds.push(child._id);
-					expect(child.parent.toString()).toEqual(parent._id.toString());
-				});
-				it("should support displayOrder", async () => {
-					const doc = await Model.create({
-						...fixtures.valid,
-						displayOrder: 5
-					});
-					this._createdIds.push(doc._id);
-					expect(doc.displayOrder).toEqual(5);
-				});
-			});
-			if (presets.includes("multiTenant")) describe("Multi-Tenant", () => {
-				it("should require organizationId", async () => {
-					const docWithoutOrg = { ...fixtures.valid };
-					delete docWithoutOrg.organizationId;
-					await expect(Model.create(docWithoutOrg)).rejects.toThrow();
-				});
-			});
-			if (presets.includes("ownedByUser")) describe("Owned By User", () => {
-				it("should require userId", async () => {
-					const docWithoutUser = { ...fixtures.valid };
-					delete docWithoutUser.userId;
-					await expect(Model.create(docWithoutUser)).rejects.toThrow();
-				});
-			});
-		});
+	getConnection() {
+		if (!this.connection) throw new Error("Database not connected");
+		return this.connection;
+	}
+};
+/**
+* Higher-order function to wrap tests with database setup/teardown
+*
+* @example
+* describe('Product Tests', () => {
+*   withTestDb(async (db) => {
+*     test('create product', async () => {
+*       const Product = db.getConnection().model('Product', schema);
+*       const product = await Product.create({ name: 'Test' });
+*       expect(product.name).toBe('Test');
+*     });
+*   });
+* });
+*/
+function withTestDb(tests, options = {}) {
+	const db = new TestDatabase(options.dbName);
+	beforeAll(async () => {
+		await db.connect(options.uri);
+	});
+	afterAll(async () => {
+		await db.disconnect();
+	});
+	afterEach(async () => {
+		await db.clear();
+	});
+	tests(db);
+}
+/**
+* Create test fixtures
+*
+* @example
+* const fixtures = new TestFixtures(connection);
+*
+* await fixtures.load('products', [
+*   { name: 'Product 1', price: 100 },
+*   { name: 'Product 2', price: 200 },
+* ]);
+*
+* const products = await fixtures.get('products');
+*/
+var TestFixtures = class {
+	fixtures = /* @__PURE__ */ new Map();
+	connection;
+	constructor(connection) {
+		this.connection = connection;
 	}
 	/**
-	* Run field-level permission tests
-	*
-	* Auto-generates tests for each field permission:
-	* - hidden: field is stripped from responses
-	* - visibleTo: field only shown to specified roles
-	* - writableBy: field stripped from writes by non-privileged users
-	* - redactFor: field shows redacted value for specified roles
+	* Load fixtures into a collection
 	*/
-	runFieldPermissions() {
-		const { resource } = this;
-		const fieldPerms = resource.fields;
-		if (!fieldPerms || Object.keys(fieldPerms).length === 0) return;
-		describe(`${resource.displayName} Field Permissions`, () => {
-			for (const [field, perm] of Object.entries(fieldPerms)) switch (perm._type) {
-				case "hidden":
-					it(`should always hide field '${field}'`, () => {
-						const result = applyFieldReadPermissions({
-							[field]: "secret",
-							otherField: "visible"
-						}, fieldPerms, []);
-						expect(result[field]).toBeUndefined();
-						expect(result.otherField).toBe("visible");
-					});
-					it(`should strip hidden field '${field}' from writes`, () => {
-						const result = applyFieldWritePermissions({
-							[field]: "attempt",
-							name: "test"
-						}, fieldPerms, []);
-						expect(result[field]).toBeUndefined();
-						expect(result.name).toBe("test");
-					});
-					break;
-				case "visibleTo":
-					it(`should hide field '${field}' from non-privileged users`, () => {
-						expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, ["viewer"])[field]).toBeUndefined();
-					});
-					if (perm.roles && perm.roles.length > 0) {
-						const allowedRole = perm.roles[0];
-						it(`should show field '${field}' to roles: ${[...perm.roles].join(", ")}`, () => {
-							expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, [allowedRole])[field]).toBe("sensitive");
-						});
-					}
-					break;
-				case "writableBy":
-					it(`should strip field '${field}' from writes by non-privileged users`, () => {
-						const result = applyFieldWritePermissions({
-							[field]: "new-value",
-							name: "test"
-						}, fieldPerms, ["viewer"]);
-						expect(result[field]).toBeUndefined();
-						expect(result.name).toBe("test");
-					});
-					if (perm.roles && perm.roles.length > 0) {
-						const writeRole = perm.roles[0];
-						it(`should allow writing field '${field}' by roles: ${[...perm.roles].join(", ")}`, () => {
-							expect(applyFieldWritePermissions({ [field]: "new-value" }, fieldPerms, [writeRole])[field]).toBe("new-value");
-						});
-					}
-					break;
-				case "redactFor":
-					if (perm.roles && perm.roles.length > 0) {
-						const redactRole = perm.roles[0];
-						it(`should redact field '${field}' for roles: ${[...perm.roles].join(", ")}`, () => {
-							expect(applyFieldReadPermissions({ [field]: "real-value" }, fieldPerms, [redactRole])[field]).toBe(perm.redactValue ?? "***");
-						});
-					}
-					it(`should show real value of field '${field}' to non-redacted roles`, () => {
-						expect(applyFieldReadPermissions({ [field]: "real-value" }, fieldPerms, ["unrelated-role"])[field]).toBe("real-value");
-					});
-					break;
-			}
-		});
+	async load(collectionName, data) {
+		const result = await this.connection.collection(collectionName).insertMany(data);
+		const insertedDocs = Object.values(result.insertedIds).map((id, index) => ({
+			...data[index],
+			_id: id
+		}));
+		this.fixtures.set(collectionName, insertedDocs);
+		return insertedDocs;
 	}
 	/**
-	* Run pipeline configuration tests
-	*
-	* Validates that pipeline steps are properly configured:
-	* - All steps have names
-	* - All steps have valid _type discriminants
-	* - Operation filters (if set) use valid CRUD operation names
+	* Get loaded fixtures
 	*/
-	runPipeline() {
-		const { resource } = this;
-		const pipe = resource.pipe;
-		if (!pipe) return;
-		const validOps = new Set(CRUD_OPERATIONS);
-		describe(`${resource.displayName} Pipeline`, () => {
-			const steps = collectPipelineSteps(pipe);
-			it("should have at least one pipeline step", () => {
-				expect(steps.length).toBeGreaterThan(0);
-			});
-			for (const step of steps) {
-				it(`${step._type} '${step.name}' should have a valid type`, () => {
-					expect([
-						"guard",
-						"transform",
-						"interceptor"
-					]).toContain(step._type);
-				});
-				it(`${step._type} '${step.name}' should have a name`, () => {
-					expect(step.name).toBeTruthy();
-					expect(typeof step.name).toBe("string");
-				});
-				it(`${step._type} '${step.name}' should have a handler function`, () => {
-					expect(typeof step.handler).toBe("function");
-				});
-				if (step.operations?.length) it(`${step._type} '${step.name}' should target valid operations`, () => {
-					for (const op of step.operations) expect(validOps.has(op)).toBe(true);
-				});
-			}
-		});
+	get(collectionName) {
+		return this.fixtures.get(collectionName) || [];
 	}
 	/**
-	* Run event definition tests
-	*
-	* Validates that events are properly defined:
-	* - All events have handler functions
-	* - Event names follow resource:action convention
-	* - Schema definitions (if present) are valid objects
+	* Get first fixture
 	*/
-	runEvents() {
-		const { resource } = this;
-		const events = resource.events;
-		if (!events || Object.keys(events).length === 0) return;
-		describe(`${resource.displayName} Events`, () => {
-			for (const [action, def] of Object.entries(events)) {
-				it(`event '${resource.name}:${action}' should have a handler function`, () => {
-					expect(typeof def.handler).toBe("function");
-				});
-				it(`event '${resource.name}:${action}' should have a name`, () => {
-					expect(def.name).toBeTruthy();
-					expect(typeof def.name).toBe("string");
-				});
-				if (def.schema) it(`event '${resource.name}:${action}' schema should be an object`, () => {
-					expect(typeof def.schema).toBe("object");
-					expect(def.schema).not.toBeNull();
-				});
-			}
-		});
+	getFirst(collectionName) {
+		return this.get(collectionName)[0] || null;
 	}
-};
-/**
-* Collect all pipeline steps from a PipelineConfig (flat array or per-operation map)
-*/
-function collectPipelineSteps(pipe) {
-	if (Array.isArray(pipe)) return pipe;
-	const seen = /* @__PURE__ */ new Set();
-	const steps = [];
-	for (const opSteps of Object.values(pipe)) if (Array.isArray(opSteps)) for (const step of opSteps) {
-		const key = `${step._type}:${step.name}`;
-		if (!seen.has(key)) {
-			seen.add(key);
-			steps.push(step);
+	/**
+	* Clear all fixtures
+	*/
+	async clear() {
+		for (const collectionName of this.fixtures.keys()) {
+			const collection = this.connection.collection(collectionName);
+			const ids = this.fixtures.get(collectionName)?.map((item) => item._id) || [];
+			await collection.deleteMany({ _id: { $in: ids } });
 		}
+		this.fixtures.clear();
 	}
-	return steps;
-}
+};
 /**
-* Create a test harness for an Arc resource
+* In-memory MongoDB for ultra-fast tests
 *
-* @param resource - The Arc resource definition to test
-* @param options - Test harness configuration
-* @returns Test harness instance
+* Requires: mongodb-memory-server
 *
 * @example
-* import { createTestHarness } from '@classytic/arc/testing';
-*
-* const harness = createTestHarness(productResource, {
-*   fixtures: {
-*     valid: { name: 'Product', price: 100 },
-*     update: { name: 'Updated' },
-*   },
-* });
+* import { InMemoryDatabase } from '@classytic/arc/testing';
 *
-* harness.runAll(); // Generates 50+ baseline tests
-*/
-function createTestHarness(resource, options) {
-	return new TestHarness(resource, options);
-}
-/**
-* Generate test file content for a resource
+* describe('Fast Tests', () => {
+*   const memoryDb = new InMemoryDatabase();
 *
-* Useful for scaffolding new resource tests via CLI
+*   beforeAll(async () => {
+*     await memoryDb.start();
+*   });
 *
-* @param resourceName - Resource name in kebab-case (e.g., 'product')
-* @param options - Generation options
-* @returns Complete test file content as string
+*   afterAll(async () => {
+*     await memoryDb.stop();
+*   });
 *
-* @example
-* const testContent = generateTestFile('product', {
-*   presets: ['softDelete'],
-*   modulePath: './modules/catalog',
+*   test('create user', async () => {
+*     const uri = memoryDb.getUri();
+*     // Use uri for connection
+*   });
 * });
-* fs.writeFileSync('product.test.js', testContent);
 */
-function generateTestFile(resourceName, options = {}) {
-	const { presets = [], modulePath = "." } = options;
-	const className = resourceName.split("-").map((s) => s.charAt(0).toUpperCase() + s.slice(1)).join("");
-	const varName = className.charAt(0).toLowerCase() + className.slice(1);
-	return `/**
- * ${className} Resource Tests
- *
- * Auto-generated baseline tests. Customize as needed.
- */
-
-import { describe, it, expect, beforeAll, afterAll } from 'vitest';
-import mongoose from 'mongoose';
-import { createTestHarness } from '@classytic/arc/testing';
-import ${varName}Resource from '${modulePath}/${resourceName}.resource.js';
-import ${className} from '${modulePath}/${resourceName}.model.js';
-
-const MONGO_URI = process.env.MONGO_TEST_URI || 'mongodb://localhost:27017/${resourceName}-test';
-
-// Test fixtures
-const fixtures = {
-  valid: {
-    name: 'Test ${className}',
-    // Add required fields here
-  },
-  update: {
-    name: 'Updated ${className}',
-  },
-  invalid: {
-    // Empty or invalid data
-  },
+var InMemoryDatabase = class {
+	mongod;
+	uri;
+	/**
+	* Start in-memory MongoDB
+	*/
+	async start() {
+		try {
+			const { MongoMemoryServer } = await import("mongodb-memory-server");
+			this.mongod = await MongoMemoryServer.create();
+			const uri = this.mongod.getUri();
+			this.uri = uri;
+			return uri;
+		} catch {
+			throw new Error("mongodb-memory-server not installed. Install with: npm install -D mongodb-memory-server");
+		}
+	}
+	/**
+	* Stop in-memory MongoDB
+	*/
+	async stop() {
+		if (this.mongod) {
+			await this.mongod.stop();
+			this.mongod = void 0;
+			this.uri = void 0;
+		}
+	}
+	/**
+	* Get connection URI
+	*/
+	getUri() {
+		if (!this.uri) throw new Error("In-memory database not started");
+		return this.uri;
+	}
 };
-
-// Create test harness
-const harness = createTestHarness(${varName}Resource, {
-  fixtures,
-  mongoUri: MONGO_URI,
-});
-
-// Run all baseline tests
-harness.runAll();
-
-// Custom tests
-describe('${className} Custom Tests', () => {
-  let testId;
-
-  beforeAll(async () => {
-    await mongoose.connect(MONGO_URI);
-  });
-
-  afterAll(async () => {
-    if (testId) {
-      await ${className}.findByIdAndDelete(testId);
-    }
-    await mongoose.disconnect();
-  });
-
-  // Add your custom tests here
-  it('should pass custom validation', async () => {
-    // Example: const doc = await ${className}.create(fixtures.valid);
-    // testId = doc._id;
-    // expect(doc.someField).toBe('expectedValue');
-    expect(true).toBe(true);
-  });
-});
-`;
-}
 /**
-* Run config-level tests for a resource (no DB required)
-*
-* Tests field permissions, pipeline configuration, and event definitions.
-* Works with any adapter — no Mongoose dependency.
-*
-* @param resource - The Arc resource definition to test
-*
-* @example
-* ```typescript
-* import { createConfigTestSuite } from '@classytic/arc/testing';
-* import productResource from './product.resource.js';
-*
-* // Generates field permission, pipeline, and event tests
-* createConfigTestSuite(productResource);
-* ```
+* Database transaction helper for testing
 */
-function createConfigTestSuite(resource) {
-	const fieldPerms = resource.fields;
-	const pipe = resource.pipe;
-	const events = resource.events;
-	if (fieldPerms && Object.keys(fieldPerms).length > 0) runFieldPermissionTests(resource.displayName, fieldPerms);
-	if (pipe) runPipelineTests(resource.displayName, pipe);
-	if (events && Object.keys(events).length > 0) runEventTests(resource.name, resource.displayName, events);
-	if (resource.permissions && Object.keys(resource.permissions).length > 0) describe(`${resource.displayName} Permission Config`, () => {
-		for (const op of CRUD_OPERATIONS) {
-			const check = resource.permissions[op];
-			if (check) it(`${op} permission should be a function`, () => {
-				expect(typeof check).toBe("function");
-			});
-		}
-	});
-}
-function runFieldPermissionTests(displayName, fieldPerms) {
-	describe(`${displayName} Field Permissions`, () => {
-		for (const [field, perm] of Object.entries(fieldPerms)) switch (perm._type) {
-			case "hidden":
-				it(`should always hide field '${field}'`, () => {
-					expect(applyFieldReadPermissions({
-						[field]: "secret",
-						other: "visible"
-					}, fieldPerms, [])[field]).toBeUndefined();
-				});
-				it(`should strip hidden field '${field}' from writes`, () => {
-					expect(applyFieldWritePermissions({
-						[field]: "attempt",
-						name: "test"
-					}, fieldPerms, [])[field]).toBeUndefined();
-				});
-				break;
-			case "visibleTo":
-				it(`should hide field '${field}' from non-privileged users`, () => {
-					expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, ["_no_role_"])[field]).toBeUndefined();
-				});
-				if (perm.roles && perm.roles.length > 0) {
-					const allowedRole = perm.roles[0];
-					it(`should show field '${field}' to roles: ${[...perm.roles].join(", ")}`, () => {
-						expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, [allowedRole])[field]).toBe("sensitive");
-					});
-				}
-				break;
-			case "writableBy":
-				it(`should strip field '${field}' from writes by non-privileged users`, () => {
-					expect(applyFieldWritePermissions({
-						[field]: "v",
-						name: "test"
-					}, fieldPerms, ["_no_role_"])[field]).toBeUndefined();
-				});
-				if (perm.roles && perm.roles.length > 0) {
-					const writeRole = perm.roles[0];
-					it(`should allow writing field '${field}' by roles: ${[...perm.roles].join(", ")}`, () => {
-						expect(applyFieldWritePermissions({ [field]: "v" }, fieldPerms, [writeRole])[field]).toBe("v");
-					});
-				}
-				break;
-			case "redactFor":
-				if (perm.roles && perm.roles.length > 0) {
-					const redactRole = perm.roles[0];
-					it(`should redact field '${field}' for roles: ${[...perm.roles].join(", ")}`, () => {
-						expect(applyFieldReadPermissions({ [field]: "real" }, fieldPerms, [redactRole])[field]).toBe(perm.redactValue ?? "***");
-					});
-				}
-				it(`should show real value of field '${field}' to non-redacted roles`, () => {
-					expect(applyFieldReadPermissions({ [field]: "real" }, fieldPerms, ["_other_"])[field]).toBe("real");
-				});
-				break;
-		}
-	});
-}
-function runPipelineTests(displayName, pipe) {
-	const steps = collectPipelineSteps(pipe);
-	if (steps.length === 0) return;
-	const validOps = new Set(CRUD_OPERATIONS);
-	describe(`${displayName} Pipeline`, () => {
-		it("should have at least one pipeline step", () => {
-			expect(steps.length).toBeGreaterThan(0);
-		});
-		for (const step of steps) {
-			it(`${step._type} '${step.name}' should have a valid type`, () => {
-				expect([
-					"guard",
-					"transform",
-					"interceptor"
-				]).toContain(step._type);
-			});
-			it(`${step._type} '${step.name}' should have a handler function`, () => {
-				expect(typeof step.handler).toBe("function");
-			});
-			if (step.operations?.length) it(`${step._type} '${step.name}' should target valid operations`, () => {
-				for (const op of step.operations) expect(validOps.has(op)).toBe(true);
-			});
-		}
-	});
-}
-function runEventTests(resourceName, displayName, events) {
-	describe(`${displayName} Events`, () => {
-		for (const [action, def] of Object.entries(events)) {
-			it(`event '${resourceName}:${action}' should have a handler function`, () => {
-				expect(typeof def.handler).toBe("function");
-			});
-			it(`event '${resourceName}:${action}' should have a name`, () => {
-				expect(def.name).toBeTruthy();
-			});
-			if (def.schema) it(`event '${resourceName}:${action}' schema should be an object`, () => {
-				expect(typeof def.schema).toBe("object");
-				expect(def.schema).not.toBeNull();
-			});
-		}
-	});
-}
-
-//#endregion
-//#region src/testing/dbHelpers.ts
-/**
-* Testing Utilities - Database Helpers
-*
-* Utilities for managing test databases and fixtures
-*/
-/**
-* Test database manager
-*/
-var TestDatabase = class {
+var TestTransaction = class {
+	session;
 	connection;
-	dbName;
-	constructor(dbName = `test_${Date.now()}`) {
-		this.dbName = dbName;
+	constructor(connection) {
+		this.connection = connection;
 	}
 	/**
-	* Connect to test database
+	* Start transaction
 	*/
-	async connect(uri) {
-		const fullUri = `${uri || process.env.MONGO_TEST_URI || "mongodb://localhost:27017"}/${this.dbName}`;
-		this.connection = await mongoose.createConnection(fullUri).asPromise();
-		return this.connection;
+	async start() {
+		this.session = await this.connection.startSession();
+		this.session.startTransaction();
 	}
 	/**
-	* Disconnect and cleanup
+	* Commit transaction
 	*/
-	async disconnect() {
-		if (this.connection) {
-			await this.connection.dropDatabase();
-			await this.connection.close();
-			this.connection = void 0;
-		}
+	async commit() {
+		if (!this.session) throw new Error("Transaction not started");
+		await this.session.commitTransaction();
+		await this.session.endSession();
+		this.session = void 0;
 	}
 	/**
-	* Clear all collections
+	* Rollback transaction
 	*/
-	async clear() {
-		if (!this.connection?.db) throw new Error("Database not connected");
-		const collections = await this.connection.db.collections();
-		await Promise.all(collections.map((collection) => collection.deleteMany({})));
+	async rollback() {
+		if (!this.session) throw new Error("Transaction not started");
+		await this.session.abortTransaction();
+		await this.session.endSession();
+		this.session = void 0;
 	}
 	/**
-	* Get connection
+	* Get session
 	*/
-	getConnection() {
-		if (!this.connection) throw new Error("Database not connected");
-		return this.connection;
+	getSession() {
+		if (!this.session) throw new Error("Transaction not started");
+		return this.session;
 	}
 };
 /**
-* Higher-order function to wrap tests with database setup/teardown
-*
-* @example
-* describe('Product Tests', () => {
-*   withTestDb(async (db) => {
-*     test('create product', async () => {
-*       const Product = db.getConnection().model('Product', schema);
-*       const product = await Product.create({ name: 'Test' });
-*       expect(product.name).toBe('Test');
-*     });
-*   });
-* });
-*/
-function withTestDb(tests, options = {}) {
-	const db = new TestDatabase(options.dbName);
-	beforeAll(async () => {
-		await db.connect(options.uri);
-	});
-	afterAll(async () => {
-		await db.disconnect();
-	});
-	afterEach(async () => {
-		await db.clear();
-	});
-	tests(db);
-}
-/**
-* Create test fixtures
-*
-* @example
-* const fixtures = new TestFixtures(connection);
-*
-* await fixtures.load('products', [
-*   { name: 'Product 1', price: 100 },
-*   { name: 'Product 2', price: 200 },
-* ]);
-*
-* const products = await fixtures.get('products');
+* Seed data helper
 */
-var TestFixtures = class {
-	fixtures = /* @__PURE__ */ new Map();
+var TestSeeder = class {
 	connection;
 	constructor(connection) {
 		this.connection = connection;
 	}
 	/**
-	* Load fixtures into a collection
+	* Seed collection with data
 	*/
-	async load(collectionName, data) {
+	async seed(collectionName, generator, count = 10) {
+		const data = Array.from({ length: count }, () => generator()).flat();
 		const result = await this.connection.collection(collectionName).insertMany(data);
-		const insertedDocs = Object.values(result.insertedIds).map((id, index) => ({
+		return Object.values(result.insertedIds).map((id, index) => ({
 			...data[index],
 			_id: id
 		}));
-		this.fixtures.set(collectionName, insertedDocs);
-		return insertedDocs;
 	}
 	/**
-	* Get loaded fixtures
+	* Clear collection
 	*/
-	get(collectionName) {
-		return this.fixtures.get(collectionName) || [];
+	async clear(collectionName) {
+		await this.connection.collection(collectionName).deleteMany({});
 	}
 	/**
-	* Get first fixture
+	* Clear all collections
 	*/
-	getFirst(collectionName) {
-		return this.get(collectionName)[0] || null;
+	async clearAll() {
+		if (!this.connection.db) throw new Error("Database not connected");
+		const collections = await this.connection.db.collections();
+		await Promise.all(collections.map((collection) => collection.deleteMany({})));
+	}
+};
+/**
+* Database snapshot helper for rollback testing
+*/
+var DatabaseSnapshot = class {
+	snapshots = /* @__PURE__ */ new Map();
+	connection;
+	constructor(connection) {
+		this.connection = connection;
 	}
 	/**
-	* Clear all fixtures
+	* Take snapshot of current database state
 	*/
-	async clear() {
-		for (const collectionName of this.fixtures.keys()) {
-			const collection = this.connection.collection(collectionName);
-			const ids = this.fixtures.get(collectionName)?.map((item) => item._id) || [];
-			await collection.deleteMany({ _id: { $in: ids } });
+	async take() {
+		if (!this.connection.db) throw new Error("Database not connected");
+		const collections = await this.connection.db.collections();
+		for (const collection of collections) {
+			const data = await collection.find({}).toArray();
+			this.snapshots.set(collection.collectionName, data);
 		}
-		this.fixtures.clear();
+	}
+	/**
+	* Restore database to snapshot
+	*/
+	async restore() {
+		if (!this.connection.db) throw new Error("Database not connected");
+		const collections = await this.connection.db.collections();
+		await Promise.all(collections.map((collection) => collection.deleteMany({})));
+		for (const [collectionName, data] of this.snapshots.entries()) if (data.length > 0) await this.connection.collection(collectionName).insertMany(data);
+	}
+	/**
+	* Clear snapshot
+	*/
+	clear() {
+		this.snapshots.clear();
 	}
 };
+//#endregion
+//#region src/testing/HttpTestHarness.ts
 /**
-* In-memory MongoDB for ultra-fast tests
+* Create an auth provider for JWT-based apps.
 *
-* Requires: mongodb-memory-server
+* Generates JWT tokens on the fly using the app's JWT plugin.
 *
 * @example
-* import { InMemoryDatabase } from '@classytic/arc/testing';
-*
-* describe('Fast Tests', () => {
-*   const memoryDb = new InMemoryDatabase();
-*
-*   beforeAll(async () => {
-*     await memoryDb.start();
-*   });
-*
-*   afterAll(async () => {
-*     await memoryDb.stop();
-*   });
-*
-*   test('create user', async () => {
-*     const uri = memoryDb.getUri();
-*     // Use uri for connection
-*   });
+* ```typescript
+* const auth = createJwtAuthProvider({
+*   app,
+*   users: {
+*     admin: { payload: { id: '1', roles: ['admin'] }, organizationId: 'org1' },
+*     viewer: { payload: { id: '2', roles: ['viewer'] } },
+*   },
+*   adminRole: 'admin',
 * });
+* ```
 */
-var InMemoryDatabase = class {
-	mongod;
-	uri;
-	/**
-	* Start in-memory MongoDB
-	*/
-	async start() {
-		try {
-			const { MongoMemoryServer } = await import("mongodb-memory-server");
-			this.mongod = await MongoMemoryServer.create();
-			const uri = this.mongod.getUri();
-			this.uri = uri;
-			return uri;
-		} catch {
-			throw new Error("mongodb-memory-server not installed. Install with: npm install -D mongodb-memory-server");
-		}
-	}
-	/**
-	* Stop in-memory MongoDB
-	*/
-	async stop() {
-		if (this.mongod) {
-			await this.mongod.stop();
-			this.mongod = void 0;
-			this.uri = void 0;
-		}
-	}
-	/**
-	* Get connection URI
-	*/
-	getUri() {
-		if (!this.uri) throw new Error("In-memory database not started");
-		return this.uri;
-	}
-};
+function createJwtAuthProvider(options) {
+	const { app, users, adminRole } = options;
+	return {
+		getHeaders(role) {
+			const user = users[role];
+			if (!user) throw new Error(`createJwtAuthProvider: Unknown role '${role}'. Available: ${Object.keys(users).join(", ")}`);
+			const headers = { authorization: `Bearer ${app.jwt?.sign?.(user.payload) || "mock-token"}` };
+			if (user.organizationId) headers["x-organization-id"] = user.organizationId;
+			return headers;
+		},
+		availableRoles: Object.keys(users),
+		adminRole
+	};
+}
 /**
-* Database transaction helper for testing
+* Create an auth provider for Better Auth apps.
+*
+* Uses pre-existing tokens (from signUp/signIn) rather than generating them.
+*
+* @example
+* ```typescript
+* const auth = createBetterAuthProvider({
+*   tokens: {
+*     admin: ctx.users.admin.token,
+*     member: ctx.users.member.token,
+*   },
+*   orgId: ctx.orgId,
+*   adminRole: 'admin',
+* });
+* ```
 */
-var TestTransaction = class {
-	session;
-	connection;
-	constructor(connection) {
-		this.connection = connection;
-	}
-	/**
-	* Start transaction
-	*/
-	async start() {
-		this.session = await this.connection.startSession();
-		this.session.startTransaction();
-	}
-	/**
-	* Commit transaction
-	*/
-	async commit() {
-		if (!this.session) throw new Error("Transaction not started");
-		await this.session.commitTransaction();
-		await this.session.endSession();
-		this.session = void 0;
-	}
-	/**
-	* Rollback transaction
-	*/
-	async rollback() {
-		if (!this.session) throw new Error("Transaction not started");
-		await this.session.abortTransaction();
-		await this.session.endSession();
-		this.session = void 0;
-	}
-	/**
-	* Get session
-	*/
-	getSession() {
-		if (!this.session) throw new Error("Transaction not started");
-		return this.session;
-	}
-};
+function createBetterAuthProvider(options) {
+	const { tokens, orgId, adminRole } = options;
+	return {
+		getHeaders(role) {
+			const token = tokens[role];
+			if (!token) throw new Error(`createBetterAuthProvider: No token for role '${role}'. Available: ${Object.keys(tokens).join(", ")}`);
+			return {
+				authorization: `Bearer ${token}`,
+				"x-organization-id": orgId
+			};
+		},
+		availableRoles: Object.keys(tokens),
+		adminRole
+	};
+}
 /**
-* Seed data helper
+* HTTP-level test harness for Arc resources.
+*
+* Generates tests that exercise the full HTTP lifecycle:
+* routes, auth, permissions, pipeline, and response envelope.
+*
+* Supports deferred options via a getter function, which is essential
+* when the app instance comes from async `beforeAll()` setup.
 */
-var TestSeeder = class {
-	connection;
-	constructor(connection) {
-		this.connection = connection;
-	}
-	/**
-	* Seed collection with data
-	*/
-	async seed(collectionName, generator, count = 10) {
-		const data = Array.from({ length: count }, () => generator()).flat();
-		const result = await this.connection.collection(collectionName).insertMany(data);
-		return Object.values(result.insertedIds).map((id, index) => ({
-			...data[index],
-			_id: id
-		}));
-	}
-	/**
-	* Clear collection
-	*/
-	async clear(collectionName) {
-		await this.connection.collection(collectionName).deleteMany({});
-	}
-	/**
-	* Clear all collections
-	*/
-	async clearAll() {
-		if (!this.connection.db) throw new Error("Database not connected");
-		const collections = await this.connection.db.collections();
-		await Promise.all(collections.map((collection) => collection.deleteMany({})));
+var HttpTestHarness = class {
+	resource;
+	optionsOrGetter;
+	eagerBaseUrl;
+	enabledRoutes;
+	updateMethod;
+	constructor(resource, optionsOrGetter) {
+		this.resource = resource;
+		this.optionsOrGetter = optionsOrGetter;
+		if (typeof optionsOrGetter === "function") this.eagerBaseUrl = null;
+		else this.eagerBaseUrl = `${optionsOrGetter.apiPrefix ?? "/api"}${resource.prefix}`;
+		const disabled = new Set(resource.disabledRoutes ?? []);
+		this.enabledRoutes = new Set(resource.disableDefaultRoutes ? [] : CRUD_OPERATIONS.filter((op) => !disabled.has(op)));
+		this.updateMethod = resource.updateMethod === "PUT" ? "PUT" : "PATCH";
 	}
-};
-/**
-* Database snapshot helper for rollback testing
-*/
-var DatabaseSnapshot = class {
-	snapshots = /* @__PURE__ */ new Map();
-	connection;
-	constructor(connection) {
-		this.connection = connection;
+	/** Resolve options (supports both direct and deferred) */
+	getOptions() {
+		return typeof this.optionsOrGetter === "function" ? this.optionsOrGetter() : this.optionsOrGetter;
 	}
 	/**
-	* Take snapshot of current database state
+	* Resolve the base URL for requests.
+	*
+	* - Eager mode: uses pre-computed baseUrl from constructor
+	* - Deferred mode: reads apiPrefix from the getter options at runtime
+	*
+	* Must only be called inside it()/afterAll() callbacks (after beforeAll has run).
 	*/
-	async take() {
-		if (!this.connection.db) throw new Error("Database not connected");
-		const collections = await this.connection.db.collections();
-		for (const collection of collections) {
-			const data = await collection.find({}).toArray();
-			this.snapshots.set(collection.collectionName, data);
-		}
+	getBaseUrl() {
+		if (this.eagerBaseUrl !== null) return this.eagerBaseUrl;
+		return `${this.getOptions().apiPrefix ?? ""}${this.resource.prefix}`;
 	}
 	/**
-	* Restore database to snapshot
+	* Run all test suites: CRUD + permissions + validation
 	*/
-	async restore() {
-		if (!this.connection.db) throw new Error("Database not connected");
-		const collections = await this.connection.db.collections();
-		await Promise.all(collections.map((collection) => collection.deleteMany({})));
-		for (const [collectionName, data] of this.snapshots.entries()) if (data.length > 0) await this.connection.collection(collectionName).insertMany(data);
+	runAll() {
+		this.runCrud();
+		this.runPermissions();
+		this.runValidation();
 	}
 	/**
-	* Clear snapshot
+	* Run HTTP-level CRUD tests.
+	*
+	* Tests each enabled CRUD operation through app.inject():
+	* - POST (create) → 200/201 with { success: true, data }
+	* - GET (list) → 200 with array or paginated response
+	* - GET /:id → 200 with { success: true, data }
+	* - PATCH/PUT /:id → 200 with { success: true, data }
+	* - DELETE /:id → 200
+	* - GET /:id with non-existent ID → 404
 	*/
-	clear() {
-		this.snapshots.clear();
-	}
-};
-
-//#endregion
-//#region src/testing/testFactory.ts
-/**
-* Testing Utilities - Test App Factory
-*
-* Create Fastify test instances with Arc configuration
-*/
-/**
-* Create a test application instance with optional in-memory MongoDB
-*
-* **Performance Boost**: Uses in-memory MongoDB by default for 10x faster tests.
-*
-* @example Basic usage with in-memory DB
-* ```typescript
-* import { createTestApp } from '@classytic/arc/testing';
-*
-* describe('API Tests', () => {
-*   let testApp: TestAppResult;
+	runCrud() {
+		const { resource, enabledRoutes, updateMethod } = this;
+		let createdId = null;
+		describe(`${resource.displayName} HTTP CRUD`, () => {
+			afterAll(async () => {
+				if (createdId && enabledRoutes.has("delete")) {
+					const { app, auth } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
+					await app.inject({
+						method: "DELETE",
+						url: `${baseUrl}/${createdId}`,
+						headers: auth.getHeaders(auth.adminRole)
+					});
+				}
+			});
+			if (enabledRoutes.has("create")) it("POST should create a resource", async () => {
+				const { app, auth, fixtures } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
+				const adminHeaders = auth.getHeaders(auth.adminRole);
+				const res = await app.inject({
+					method: "POST",
+					url: baseUrl,
+					headers: adminHeaders,
+					payload: fixtures.valid
+				});
+				expect(res.statusCode).toBeLessThan(300);
+				const body = JSON.parse(res.body);
+				expect(body.success).toBe(true);
+				expect(body.data).toBeDefined();
+				expect(body.data._id).toBeDefined();
+				createdId = body.data._id;
+			});
+			if (enabledRoutes.has("list")) it("GET should list resources", async () => {
+				const { app, auth } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
+				const res = await app.inject({
+					method: "GET",
+					url: baseUrl,
+					headers: auth.getHeaders(auth.adminRole)
+				});
+				expect(res.statusCode).toBe(200);
+				const body = JSON.parse(res.body);
+				expect(body.success).toBe(true);
+				const list = body.data ?? body.docs;
+				expect(list).toBeDefined();
+				expect(Array.isArray(list)).toBe(true);
+			});
+			if (enabledRoutes.has("get")) {
+				it("GET /:id should return the resource", async () => {
+					if (!createdId) return;
+					const { app, auth } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
+					const res = await app.inject({
+						method: "GET",
+						url: `${baseUrl}/${createdId}`,
+						headers: auth.getHeaders(auth.adminRole)
+					});
+					expect(res.statusCode).toBe(200);
+					const body = JSON.parse(res.body);
+					expect(body.success).toBe(true);
+					expect(body.data).toBeDefined();
+					expect(body.data._id).toBe(createdId);
+				});
+				it("GET /:id with non-existent ID should return 404", async () => {
+					const { app, auth } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
+					const res = await app.inject({
+						method: "GET",
+						url: `${baseUrl}/000000000000000000000000`,
+						headers: auth.getHeaders(auth.adminRole)
+					});
+					expect(res.statusCode).toBe(404);
+					expect(JSON.parse(res.body).success).toBe(false);
+				});
+			}
+			if (enabledRoutes.has("update")) {
+				it(`${updateMethod} /:id should update the resource`, async () => {
+					if (!createdId) return;
+					const { app, auth, fixtures } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
+					const updatePayload = fixtures.update || fixtures.valid;
+					const res = await app.inject({
+						method: updateMethod,
+						url: `${baseUrl}/${createdId}`,
+						headers: auth.getHeaders(auth.adminRole),
+						payload: updatePayload
+					});
+					expect(res.statusCode).toBe(200);
+					const body = JSON.parse(res.body);
+					expect(body.success).toBe(true);
+					expect(body.data).toBeDefined();
+				});
+				it(`${updateMethod} /:id with non-existent ID should return 404`, async () => {
+					const { app, auth, fixtures } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
+					expect((await app.inject({
+						method: updateMethod,
+						url: `${baseUrl}/000000000000000000000000`,
+						headers: auth.getHeaders(auth.adminRole),
+						payload: fixtures.update || fixtures.valid
+					})).statusCode).toBe(404);
+				});
+			}
+			if (enabledRoutes.has("delete")) {
+				it("DELETE /:id should delete the resource", async () => {
+					const { app, auth, fixtures } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
+					const adminHeaders = auth.getHeaders(auth.adminRole);
+					let deleteId;
+					if (enabledRoutes.has("create")) {
+						const createRes = await app.inject({
+							method: "POST",
+							url: baseUrl,
+							headers: adminHeaders,
+							payload: fixtures.valid
+						});
+						deleteId = JSON.parse(createRes.body).data?._id;
+					}
+					if (!deleteId) return;
+					expect((await app.inject({
+						method: "DELETE",
+						url: `${baseUrl}/${deleteId}`,
+						headers: adminHeaders
+					})).statusCode).toBe(200);
+					if (enabledRoutes.has("get")) expect((await app.inject({
+						method: "GET",
+						url: `${baseUrl}/${deleteId}`,
+						headers: adminHeaders
+					})).statusCode).toBe(404);
+				});
+				it("DELETE /:id with non-existent ID should return 404", async () => {
+					const { app, auth } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
+					expect((await app.inject({
+						method: "DELETE",
+						url: `${baseUrl}/000000000000000000000000`,
+						headers: auth.getHeaders(auth.adminRole)
+					})).statusCode).toBe(404);
+				});
+			}
+		});
+	}
+	/**
+	* Run permission tests.
+	*
+	* Tests that:
+	* - Unauthenticated requests return 401
+	* - Admin role gets 2xx for all operations
+	*/
+	runPermissions() {
+		const { resource, enabledRoutes, updateMethod } = this;
+		describe(`${resource.displayName} HTTP Permissions`, () => {
+			if (enabledRoutes.has("list")) it("GET list without auth should return 401", async () => {
+				const { app } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
+				expect((await app.inject({
+					method: "GET",
+					url: baseUrl
+				})).statusCode).toBe(401);
+			});
+			if (enabledRoutes.has("get")) it("GET get without auth should return 401", async () => {
+				const { app } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
+				expect((await app.inject({
+					method: "GET",
+					url: `${baseUrl}/000000000000000000000000`
+				})).statusCode).toBe(401);
+			});
+			if (enabledRoutes.has("create")) it("POST create without auth should return 401", async () => {
+				const { app, fixtures } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
+				expect((await app.inject({
+					method: "POST",
+					url: baseUrl,
+					payload: fixtures.valid
+				})).statusCode).toBe(401);
+			});
+			if (enabledRoutes.has("update")) it(`${updateMethod} update without auth should return 401`, async () => {
+				const { app, fixtures } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
+				expect((await app.inject({
+					method: updateMethod,
+					url: `${baseUrl}/000000000000000000000000`,
+					payload: fixtures.update || fixtures.valid
+				})).statusCode).toBe(401);
+			});
+			if (enabledRoutes.has("delete")) it("DELETE delete without auth should return 401", async () => {
+				const { app } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
+				expect((await app.inject({
+					method: "DELETE",
+					url: `${baseUrl}/000000000000000000000000`
+				})).statusCode).toBe(401);
+			});
+			if (enabledRoutes.has("list")) it("admin should access list endpoint", async () => {
+				const { app, auth } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
+				expect((await app.inject({
+					method: "GET",
+					url: baseUrl,
+					headers: auth.getHeaders(auth.adminRole)
+				})).statusCode).toBeLessThan(400);
+			});
+			if (enabledRoutes.has("create")) it("admin should access create endpoint", async () => {
+				const { app, auth, fixtures } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
+				const res = await app.inject({
+					method: "POST",
+					url: baseUrl,
+					headers: auth.getHeaders(auth.adminRole),
+					payload: fixtures.valid
+				});
+				expect(res.statusCode).toBeLessThan(400);
+				const body = JSON.parse(res.body);
+				if (body.data?._id && enabledRoutes.has("delete")) await app.inject({
+					method: "DELETE",
+					url: `${baseUrl}/${body.data._id}`,
+					headers: auth.getHeaders(auth.adminRole)
+				});
+			});
+		});
+	}
+	/**
+	* Run validation tests.
+	*
+	* Tests that invalid payloads return 400.
+	*/
+	runValidation() {
+		const { resource, enabledRoutes } = this;
+		if (!enabledRoutes.has("create")) return;
+		describe(`${resource.displayName} HTTP Validation`, () => {
+			it("POST with invalid payload should not return 2xx", async () => {
+				const { app, auth, fixtures } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
+				if (!fixtures.invalid) return;
+				const res = await app.inject({
+					method: "POST",
+					url: baseUrl,
+					headers: auth.getHeaders(auth.adminRole),
+					payload: fixtures.invalid
+				});
+				expect(res.statusCode).toBeGreaterThanOrEqual(400);
+				expect(JSON.parse(res.body).success).toBe(false);
+			});
+		});
+	}
+};
+/**
+* Create an HTTP test harness for an Arc resource.
 *
-*   beforeAll(async () => {
-*     testApp = await createTestApp({
-*       auth: { type: 'jwt', jwt: { secret: 'test-secret' } },
-*     });
-*   });
+* Accepts options directly or as a getter function for deferred resolution.
 *
-*   afterAll(async () => {
-*     await testApp.close(); // Cleans up DB and disconnects
-*   });
+* @example Deferred (recommended for async setup)
+* ```typescript
+* let ctx: TestContext;
+* beforeAll(async () => { ctx = await setupTestOrg(); });
 *
-*   test('GET /health', async () => {
-*     const response = await testApp.app.inject({
-*       method: 'GET',
-*       url: '/health',
-*     });
-*     expect(response.statusCode).toBe(200);
-*   });
-* });
+* createHttpTestHarness(jobResource, () => ({
+*   app: ctx.app,
+*   apiPrefix: '',
+*   fixtures: { valid: { title: 'Test' } },
+*   auth: createBetterAuthProvider({ ... }),
+* })).runAll();
 * ```
+*/
+function createHttpTestHarness(resource, optionsOrGetter) {
+	return new HttpTestHarness(resource, optionsOrGetter);
+}
+//#endregion
+//#region src/testing/mocks.ts
+/**
+* Testing Utilities - Mock Factories
 *
-* @example Using external MongoDB
-* ```typescript
-* const testApp = await createTestApp({
-*   auth: { type: 'jwt', jwt: { secret: 'test-secret' } },
-*   useInMemoryDb: false,
-*   mongoUri: 'mongodb://localhost:27017/test-db',
-* });
-* ```
+* Create mock repositories, controllers, and services for testing.
+* Uses Vitest for mocking (compatible with Jest API).
+*/
+/**
+* Create a mock repository for testing
 *
-* @example Accessing MongoDB URI for model connections
-* ```typescript
-* const testApp = await createTestApp({
-*   auth: { type: 'jwt', jwt: { secret: 'test-secret' } },
+* @example
+* const mockRepo = createMockRepository<Product>({
+*   getById: vi.fn().mockResolvedValue({ id: '1', name: 'Test' }),
+*   create: vi.fn().mockImplementation(data => Promise.resolve({ id: '1', ...data })),
 * });
-* await mongoose.connect(testApp.mongoUri); // Connect your models
-* ```
+*
+* await mockRepo.getById('1'); // Returns mocked product
 */
-async function createTestApp(options = {}) {
-	const { createApp } = await import("../createApp-CgKOPhA4.mjs").then((n) => n.r);
-	const { useInMemoryDb = true, mongoUri: providedMongoUri, ...appOptions } = options;
-	const defaultAuth = {
-		type: "jwt",
-		jwt: { secret: "test-secret-32-chars-minimum-len" }
+function createMockRepository(overrides = {}) {
+	return {
+		getAll: vi.fn().mockResolvedValue({
+			docs: [],
+			total: 0,
+			page: 1,
+			limit: 20,
+			pages: 0,
+			hasNext: false,
+			hasPrev: false
+		}),
+		getById: vi.fn().mockResolvedValue(null),
+		create: vi.fn().mockImplementation((data) => Promise.resolve({
+			_id: "mock-id",
+			...data
+		})),
+		update: vi.fn().mockImplementation((_id, data) => Promise.resolve({
+			_id: "mock-id",
+			...data
+		})),
+		delete: vi.fn().mockResolvedValue({
+			success: true,
+			message: "Deleted"
+		}),
+		getBySlug: vi.fn().mockResolvedValue(null),
+		getDeleted: vi.fn().mockResolvedValue([]),
+		restore: vi.fn().mockResolvedValue(null),
+		getTree: vi.fn().mockResolvedValue([]),
+		getChildren: vi.fn().mockResolvedValue([]),
+		...overrides
 	};
-	let inMemoryDb = null;
-	let mongoUri = providedMongoUri;
-	if (useInMemoryDb && !providedMongoUri) try {
-		inMemoryDb = new InMemoryDatabase();
-		mongoUri = await inMemoryDb.start();
-	} catch (err) {
-		console.warn("[createTestApp] Failed to start in-memory MongoDB:", err.message, "\nFalling back to external MongoDB or no DB connection.");
-	}
-	const app = await createApp({
-		preset: "testing",
-		logger: false,
-		helmet: false,
-		cors: false,
-		rateLimit: false,
-		underPressure: false,
-		auth: defaultAuth,
-		...appOptions
-	});
+}
+/**
+* Create a mock user for authentication testing
+*/
+function createMockUser(overrides = {}) {
 	return {
-		app,
-		mongoUri,
-		async close() {
-			await app.close();
-			if (inMemoryDb) await inMemoryDb.stop();
-		}
+		_id: "mock-user-id",
+		id: "mock-user-id",
+		email: "test@example.com",
+		roles: ["user"],
+		organizationId: null,
+		...overrides
 	};
 }
 /**
-* Create a minimal Fastify instance for unit tests
-*
-* Use when you don't need Arc's full plugin stack
-*
-* @example
-* const app = createMinimalTestApp();
-* app.get('/test', async () => ({ success: true }));
-*
-* const response = await app.inject({ method: 'GET', url: '/test' });
-* expect(response.json()).toEqual({ success: true });
+* Create a mock Fastify request
 */
-function createMinimalTestApp(options = {}) {
-	return Fastify({
-		logger: false,
-		...options
-	});
+function createMockRequest(overrides = {}) {
+	return {
+		body: {},
+		params: {},
+		query: {},
+		headers: {},
+		user: createMockUser(),
+		context: {},
+		log: {
+			info: vi.fn(),
+			warn: vi.fn(),
+			error: vi.fn(),
+			debug: vi.fn()
+		},
+		...overrides
+	};
 }
 /**
-* Test request builder for cleaner tests
+* Create a mock Fastify reply
+*/
+function createMockReply() {
+	return {
+		code: vi.fn().mockReturnThis(),
+		send: vi.fn().mockReturnThis(),
+		header: vi.fn().mockReturnThis(),
+		headers: vi.fn().mockReturnThis(),
+		status: vi.fn().mockReturnThis(),
+		type: vi.fn().mockReturnThis(),
+		redirect: vi.fn().mockReturnThis(),
+		callNotFound: vi.fn().mockReturnThis(),
+		sent: false
+	};
+}
+/**
+* Create a mock controller for testing
+*/
+function createMockController(repository) {
+	return {
+		repository,
+		list: vi.fn(),
+		get: vi.fn(),
+		create: vi.fn(),
+		update: vi.fn(),
+		delete: vi.fn()
+	};
+}
+/**
+* Create mock data factory
 *
 * @example
-* const request = new TestRequestBuilder(app)
-*   .get('/products')
-*   .withAuth(mockUser)
-*   .withQuery({ page: 1, limit: 10 });
+* const productFactory = createDataFactory<Product>({
+*   name: () => faker.commerce.productName(),
+*   price: () => faker.number.int({ min: 10, max: 1000 }),
+*   sku: (i) => `SKU-${i}`,
+* });
 *
-* const response = await request.send();
-* expect(response.statusCode).toBe(200);
+* const product = productFactory.build();
+* const products = productFactory.buildMany(10);
 */
-var TestRequestBuilder = class {
-	method = "GET";
-	url = "/";
-	body;
-	query;
-	headers = {};
-	app;
-	constructor(app) {
-		this.app = app;
-	}
-	get(url) {
-		this.method = "GET";
-		this.url = url;
-		return this;
-	}
-	post(url) {
-		this.method = "POST";
-		this.url = url;
-		return this;
-	}
-	put(url) {
-		this.method = "PUT";
-		this.url = url;
-		return this;
-	}
-	patch(url) {
-		this.method = "PATCH";
-		this.url = url;
-		return this;
-	}
-	delete(url) {
-		this.method = "DELETE";
-		this.url = url;
-		return this;
-	}
-	withBody(body) {
-		this.body = body;
-		return this;
-	}
-	withQuery(query) {
-		this.query = query;
-		return this;
-	}
-	withHeader(key, value) {
-		this.headers[key] = value;
-		return this;
-	}
-	withAuth(userOrHeaders) {
-		if ("authorization" in userOrHeaders || "Authorization" in userOrHeaders) {
-			for (const [key, value] of Object.entries(userOrHeaders)) if (typeof value === "string") this.headers[key] = value;
-		} else {
-			const token = this.app.jwt?.sign?.(userOrHeaders) || "mock-token";
-			this.headers["Authorization"] = `Bearer ${token}`;
+function createDataFactory(template) {
+	let counter = 0;
+	return {
+		build(overrides = {}) {
+			const index = counter++;
+			const data = {};
+			for (const [key, generator] of Object.entries(template)) data[key] = generator(index);
+			return {
+				...data,
+				...overrides
+			};
+		},
+		buildMany(count, overrides = {}) {
+			return Array.from({ length: count }, () => this.build(overrides));
+		},
+		reset() {
+			counter = 0;
 		}
-		return this;
-	}
-	withContentType(type) {
-		this.headers["Content-Type"] = type;
-		return this;
-	}
-	async send() {
-		return this.app.inject({
-			method: this.method,
-			url: this.url,
-			payload: this.body,
-			query: this.query,
-			headers: this.headers
-		});
-	}
-};
+	};
+}
 /**
-* Helper to create a test request builder
+* Create a spy that tracks function calls
+*
+* Useful for testing side effects without full mocking
+*/
+function createSpy(_name = "spy") {
+	const calls = [];
+	const spy = vi.fn((...args) => {
+		calls.push(args);
+	});
+	spy.getCalls = () => calls;
+	spy.getLastCall = () => calls[calls.length - 1] || [];
+	return spy;
+}
+/**
+* Wait for a condition to be true
+*
+* Useful for async testing
 */
-function request(app) {
-	return new TestRequestBuilder(app);
+async function waitFor(condition, options = {}) {
+	const { timeout = 5e3, interval = 100 } = options;
+	const startTime = Date.now();
+	while (Date.now() - startTime < timeout) {
+		if (await condition()) return;
+		await new Promise((resolve) => setTimeout(resolve, interval));
+	}
+	throw new Error(`Timeout waiting for condition after ${timeout}ms`);
 }
 /**
-* Test helper for authentication
+* Create a test timer that can be controlled
 */
-function createTestAuth(app) {
+function createTestTimer() {
+	let time = Date.now();
 	return {
-		generateToken(user) {
-			if (!app.jwt) throw new Error("JWT plugin not registered");
-			return app.jwt.sign(user);
+		now: () => time,
+		advance: (ms) => {
+			time += ms;
 		},
-		decodeToken(token) {
-			if (!app.jwt) throw new Error("JWT plugin not registered");
-			return app.jwt.decode(token);
+		set: (timestamp) => {
+			time = timestamp;
 		},
-		async verifyToken(token) {
-			if (!app.jwt) throw new Error("JWT plugin not registered");
-			return app.jwt.verify(token);
+		reset: () => {
+			time = Date.now();
 		}
 	};
 }
+//#endregion
+//#region src/testing/TestHarness.ts
 /**
-* Snapshot testing helper for API responses
-*/
-function createSnapshotMatcher() {
-	return { matchStructure(response, expected) {
-		if (typeof response !== typeof expected) return false;
-		if (Array.isArray(response) && Array.isArray(expected)) return response.length === expected.length;
-		if (typeof response === "object" && response !== null) {
-			const responseKeys = Object.keys(response).sort();
-			const expectedKeys = Object.keys(expected).sort();
-			if (JSON.stringify(responseKeys) !== JSON.stringify(expectedKeys)) return false;
-			for (const key of responseKeys) if (!this.matchStructure(response[key], expected[key])) return false;
-			return true;
-		}
-		return true;
-	} };
-}
-/**
-* Bulk test data loader
+* Resource Test Harness
+*
+* Generates baseline tests for Arc resources automatically.
+* Tests CRUD operations + preset routes with minimal configuration.
+*
+* @example
+* import { createTestHarness } from '@classytic/arc/testing';
+* import productResource from './product.resource.js';
+*
+* const harness = createTestHarness(productResource, {
+*   fixtures: {
+*     valid: { name: 'Test Product', price: 100 },
+*     update: { name: 'Updated Product' },
+*   },
+* });
+*
+* // Run all baseline tests (50+ auto-generated)
+* harness.runAll();
+*
+* // Or run specific test suites
+* harness.runCrud();
+* harness.runPresets();
 */
-var TestDataLoader = class {
-	data = /* @__PURE__ */ new Map();
-	app;
-	constructor(app) {
-		this.app = app;
+var TestHarness = class {
+	resource;
+	Model;
+	fixtures;
+	setupFn;
+	teardownFn;
+	mongoUri;
+	_createdIds = [];
+	constructor(resource, options) {
+		this.resource = resource;
+		this.fixtures = options.fixtures;
+		this.setupFn = options.setupFn;
+		this.teardownFn = options.teardownFn;
+		this.mongoUri = options.mongoUri || process.env.MONGO_URI || "mongodb://localhost:27017/test";
+		if (!resource.adapter) throw new Error(`TestHarness requires a resource with a database adapter`);
+		if (resource.adapter.type !== "mongoose") throw new Error(`TestHarness currently only supports Mongoose adapters`);
+		const model = resource.adapter.model;
+		if (!model) throw new Error(`Mongoose adapter for ${resource.name} does not have a model`);
+		this.Model = model;
+	}
+	/**
+	* Run all baseline tests
+	*
+	* Executes CRUD, validation, and preset tests
+	*/
+	runAll() {
+		this.runCrud();
+		this.runValidation();
+		this.runPresets();
+		this.runFieldPermissions();
+		this.runPipeline();
+		this.runEvents();
+	}
+	/**
+	* Run CRUD operation tests (model-level)
+	*
+	* Tests: create, read (list + getById), update, delete
+	*
+	* @deprecated Use `HttpTestHarness.runCrud()` for HTTP-level CRUD tests.
+	* This method tests Mongoose models directly and does not exercise
+	* HTTP routes, authentication, permissions, or the Arc pipeline.
+	*/
+	runCrud() {
+		const { resource, fixtures, Model } = this;
+		describe(`${resource.displayName} CRUD Operations`, () => {
+			beforeAll(async () => {
+				await mongoose.connect(this.mongoUri);
+				if (this.setupFn) await this.setupFn();
+			});
+			afterAll(async () => {
+				if (this._createdIds.length > 0) await Model.deleteMany({ _id: { $in: this._createdIds } });
+				if (this.teardownFn) await this.teardownFn();
+				await mongoose.disconnect();
+			});
+			describe("Create", () => {
+				it("should create a new document with valid data", async () => {
+					const doc = await Model.create(fixtures.valid);
+					this._createdIds.push(doc._id);
+					expect(doc).toBeDefined();
+					expect(doc._id).toBeDefined();
+					for (const [key, value] of Object.entries(fixtures.valid)) if (typeof value !== "object") expect(doc[key]).toEqual(value);
+				});
+				it("should have timestamps", async () => {
+					const doc = await Model.findById(this._createdIds[0]);
+					expect(doc).toBeDefined();
+					expect(doc?.createdAt).toBeDefined();
+					expect(doc?.updatedAt).toBeDefined();
+				});
+			});
+			describe("Read", () => {
+				it("should find document by ID", async () => {
+					expect(await Model.findById(this._createdIds[0])).toBeDefined();
+				});
+				it("should list documents", async () => {
+					const docs = await Model.find({});
+					expect(Array.isArray(docs)).toBe(true);
+					expect(docs.length).toBeGreaterThan(0);
+				});
+			});
+			describe("Update", () => {
+				it("should update document", async () => {
+					const updateData = fixtures.update || { updatedAt: /* @__PURE__ */ new Date() };
+					expect(await Model.findByIdAndUpdate(this._createdIds[0], updateData, { new: true })).toBeDefined();
+				});
+			});
+			describe("Delete", () => {
+				it("should delete document", async () => {
+					const toDelete = await Model.create(fixtures.valid);
+					await Model.findByIdAndDelete(toDelete._id);
+					expect(await Model.findById(toDelete._id)).toBeNull();
+				});
+			});
+		});
+	}
+	/**
+	* Run validation tests
+	*
+	* Tests schema validation, required fields, etc.
+	*/
+	runValidation() {
+		const { resource, fixtures, Model } = this;
+		describe(`${resource.displayName} Validation`, () => {
+			beforeAll(async () => {
+				await mongoose.connect(this.mongoUri);
+			});
+			afterAll(async () => {
+				await mongoose.disconnect();
+			});
+			it("should reject empty document", async () => {
+				await expect(Model.create({})).rejects.toThrow();
+			});
+			if (fixtures.invalid) it("should reject invalid data", async () => {
+				await expect(Model.create(fixtures.invalid)).rejects.toThrow();
+			});
+		});
+	}
+	/**
+	* Run preset-specific tests
+	*
+	* Auto-detects applied presets and tests their functionality:
+	* - softDelete: deletedAt field, soft delete/restore
+	* - slugLookup: slug generation
+	* - tree: parent references, displayOrder
+	* - multiTenant: organizationId requirement
+	* - ownedByUser: userId requirement
+	*/
+	runPresets() {
+		const { resource, fixtures, Model } = this;
+		const presets = resource._appliedPresets || [];
+		if (presets.length === 0) return;
+		describe(`${resource.displayName} Preset Tests`, () => {
+			beforeAll(async () => {
+				await mongoose.connect(this.mongoUri);
+			});
+			afterAll(async () => {
+				await mongoose.disconnect();
+			});
+			if (presets.includes("softDelete")) describe("Soft Delete", () => {
+				let testDoc;
+				beforeEach(async () => {
+					testDoc = await Model.create(fixtures.valid);
+					this._createdIds.push(testDoc._id);
+				});
+				it("should have deletedAt field", () => {
+					expect(testDoc.deletedAt).toBeDefined();
+					expect(testDoc.deletedAt).toBeNull();
+				});
+				it("should soft delete (set deletedAt)", async () => {
+					await Model.findByIdAndUpdate(testDoc._id, { deletedAt: /* @__PURE__ */ new Date() });
+					expect((await Model.findById(testDoc._id))?.deletedAt).not.toBeNull();
+				});
+				it("should restore (clear deletedAt)", async () => {
+					await Model.findByIdAndUpdate(testDoc._id, { deletedAt: /* @__PURE__ */ new Date() });
+					await Model.findByIdAndUpdate(testDoc._id, { deletedAt: null });
+					expect((await Model.findById(testDoc._id))?.deletedAt).toBeNull();
+				});
+			});
+			if (presets.includes("slugLookup")) describe("Slug Lookup", () => {
+				it("should have slug field", async () => {
+					const doc = await Model.create(fixtures.valid);
+					this._createdIds.push(doc._id);
+					expect(doc.slug).toBeDefined();
+				});
+				it("should generate slug from name", async () => {
+					const doc = await Model.create({
+						...fixtures.valid,
+						name: "Test Slug Name"
+					});
+					this._createdIds.push(doc._id);
+					expect(doc.slug).toMatch(/test-slug-name/i);
+				});
+			});
+			if (presets.includes("tree")) describe("Tree Structure", () => {
+				it("should allow parent reference", async () => {
+					const parent = await Model.create(fixtures.valid);
+					this._createdIds.push(parent._id);
+					const child = await Model.create({
+						...fixtures.valid,
+						parent: parent._id
+					});
+					this._createdIds.push(child._id);
+					expect(String(child.parent)).toEqual(String(parent._id));
+				});
+				it("should support displayOrder", async () => {
+					const doc = await Model.create({
+						...fixtures.valid,
+						displayOrder: 5
+					});
+					this._createdIds.push(doc._id);
+					expect(doc.displayOrder).toEqual(5);
+				});
+			});
+			if (presets.includes("multiTenant")) describe("Multi-Tenant", () => {
+				it("should require organizationId", async () => {
+					const docWithoutOrg = { ...fixtures.valid };
+					delete docWithoutOrg.organizationId;
+					await expect(Model.create(docWithoutOrg)).rejects.toThrow();
+				});
+			});
+			if (presets.includes("ownedByUser")) describe("Owned By User", () => {
+				it("should require userId", async () => {
+					const docWithoutUser = { ...fixtures.valid };
+					delete docWithoutUser.userId;
+					await expect(Model.create(docWithoutUser)).rejects.toThrow();
+				});
+			});
+		});
 	}
 	/**
-	* Load test data into database
+	* Run field-level permission tests
+	*
+	* Auto-generates tests for each field permission:
+	* - hidden: field is stripped from responses
+	* - visibleTo: field only shown to specified roles
+	* - writableBy: field stripped from writes by non-privileged users
+	* - redactFor: field shows redacted value for specified roles
 	*/
-	async load(collection, items) {
-		this.data.set(collection, items);
-		return items;
+	runFieldPermissions() {
+		const { resource } = this;
+		const fieldPerms = resource.fields;
+		if (!fieldPerms || Object.keys(fieldPerms).length === 0) return;
+		describe(`${resource.displayName} Field Permissions`, () => {
+			for (const [field, rawPerm] of Object.entries(fieldPerms)) {
+				const perm = rawPerm;
+				switch (perm._type) {
+					case "hidden":
+						it(`should always hide field '${field}'`, () => {
+							const result = applyFieldReadPermissions({
+								[field]: "secret",
+								otherField: "visible"
+							}, fieldPerms, []);
+							expect(result[field]).toBeUndefined();
+							expect(result.otherField).toBe("visible");
+						});
+						it(`should strip hidden field '${field}' from writes`, () => {
+							const result = applyFieldWritePermissions({
+								[field]: "attempt",
+								name: "test"
+							}, fieldPerms, []);
+							expect(result[field]).toBeUndefined();
+							expect(result.name).toBe("test");
+						});
+						break;
+					case "visibleTo":
+						it(`should hide field '${field}' from non-privileged users`, () => {
+							expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, ["viewer"])[field]).toBeUndefined();
+						});
+						if (perm.roles && perm.roles.length > 0) {
+							const allowedRole = perm.roles[0];
+							it(`should show field '${field}' to roles: ${[...perm.roles].join(", ")}`, () => {
+								expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, [allowedRole])[field]).toBe("sensitive");
+							});
+						}
+						break;
+					case "writableBy":
+						it(`should strip field '${field}' from writes by non-privileged users`, () => {
+							const result = applyFieldWritePermissions({
+								[field]: "new-value",
+								name: "test"
+							}, fieldPerms, ["viewer"]);
+							expect(result[field]).toBeUndefined();
+							expect(result.name).toBe("test");
+						});
+						if (perm.roles && perm.roles.length > 0) {
+							const writeRole = perm.roles[0];
+							it(`should allow writing field '${field}' by roles: ${[...perm.roles].join(", ")}`, () => {
+								expect(applyFieldWritePermissions({ [field]: "new-value" }, fieldPerms, [writeRole])[field]).toBe("new-value");
+							});
+						}
+						break;
+					case "redactFor":
+						if (perm.roles && perm.roles.length > 0) {
+							const redactRole = perm.roles[0];
+							it(`should redact field '${field}' for roles: ${[...perm.roles].join(", ")}`, () => {
+								expect(applyFieldReadPermissions({ [field]: "real-value" }, fieldPerms, [redactRole])[field]).toBe(perm.redactValue ?? "***");
+							});
+						}
+						it(`should show real value of field '${field}' to non-redacted roles`, () => {
+							expect(applyFieldReadPermissions({ [field]: "real-value" }, fieldPerms, ["unrelated-role"])[field]).toBe("real-value");
+						});
+						break;
+				}
+			}
+		});
 	}
 	/**
-	* Clear all loaded test data
+	* Run pipeline configuration tests
+	*
+	* Validates that pipeline steps are properly configured:
+	* - All steps have names
+	* - All steps have valid _type discriminants
+	* - Operation filters (if set) use valid CRUD operation names
 	*/
-	async cleanup() {
-		for (const [collection, items] of this.data.entries());
-		this.data.clear();
+	runPipeline() {
+		const { resource } = this;
+		const pipe = resource.pipe;
+		if (!pipe) return;
+		const validOps = new Set(CRUD_OPERATIONS);
+		describe(`${resource.displayName} Pipeline`, () => {
+			const steps = collectPipelineSteps(pipe);
+			it("should have at least one pipeline step", () => {
+				expect(steps.length).toBeGreaterThan(0);
+			});
+			for (const step of steps) {
+				it(`${step._type} '${step.name}' should have a valid type`, () => {
+					expect([
+						"guard",
+						"transform",
+						"interceptor"
+					]).toContain(step._type);
+				});
+				it(`${step._type} '${step.name}' should have a name`, () => {
+					expect(step.name).toBeTruthy();
+					expect(typeof step.name).toBe("string");
+				});
+				it(`${step._type} '${step.name}' should have a handler function`, () => {
+					expect(typeof step.handler).toBe("function");
+				});
+				if (step.operations?.length) it(`${step._type} '${step.name}' should target valid operations`, () => {
+					for (const op of step.operations) expect(validOps.has(op)).toBe(true);
+				});
+			}
+		});
+	}
+	/**
+	* Run event definition tests
+	*
+	* Validates that events are properly defined:
+	* - All events have handler functions
+	* - Event names follow resource:action convention
+	* - Schema definitions (if present) are valid objects
+	*/
+	runEvents() {
+		const { resource } = this;
+		const events = resource.events;
+		if (!events || Object.keys(events).length === 0) return;
+		describe(`${resource.displayName} Events`, () => {
+			for (const [action, rawDef] of Object.entries(events)) {
+				const def = rawDef;
+				it(`event '${resource.name}:${action}' should have a handler function`, () => {
+					expect(typeof def.handler).toBe("function");
+				});
+				it(`event '${resource.name}:${action}' should have a name`, () => {
+					expect(def.name).toBeTruthy();
+					expect(typeof def.name).toBe("string");
+				});
+				if (def.schema) it(`event '${resource.name}:${action}' schema should be an object`, () => {
+					expect(typeof def.schema).toBe("object");
+					expect(def.schema).not.toBeNull();
+				});
+			}
+		});
 	}
 };
-
-//#endregion
-//#region src/testing/mocks.ts
-/**
-* Testing Utilities - Mock Factories
-*
-* Create mock repositories, controllers, and services for testing.
-* Uses Vitest for mocking (compatible with Jest API).
-*/
-/**
-* Create a mock repository for testing
-*
-* @example
-* const mockRepo = createMockRepository<Product>({
-*   getById: vi.fn().mockResolvedValue({ id: '1', name: 'Test' }),
-*   create: vi.fn().mockImplementation(data => Promise.resolve({ id: '1', ...data })),
-* });
-*
-* await mockRepo.getById('1'); // Returns mocked product
-*/
-function createMockRepository(overrides = {}) {
-	return {
-		getAll: vi.fn().mockResolvedValue({
-			docs: [],
-			total: 0,
-			page: 1,
-			limit: 20,
-			pages: 0,
-			hasNext: false,
-			hasPrev: false
-		}),
-		getById: vi.fn().mockResolvedValue(null),
-		create: vi.fn().mockImplementation((data) => Promise.resolve({
-			_id: "mock-id",
-			...data
-		})),
-		update: vi.fn().mockImplementation((_id, data) => Promise.resolve({
-			_id: "mock-id",
-			...data
-		})),
-		delete: vi.fn().mockResolvedValue({
-			success: true,
-			message: "Deleted"
-		}),
-		getBySlug: vi.fn().mockResolvedValue(null),
-		getDeleted: vi.fn().mockResolvedValue([]),
-		restore: vi.fn().mockResolvedValue(null),
-		getTree: vi.fn().mockResolvedValue([]),
-		getChildren: vi.fn().mockResolvedValue([]),
-		...overrides
-	};
-}
-/**
-* Create a mock user for authentication testing
-*/
-function createMockUser(overrides = {}) {
-	return {
-		_id: "mock-user-id",
-		id: "mock-user-id",
-		email: "test@example.com",
-		roles: ["user"],
-		organizationId: null,
-		...overrides
-	};
-}
-/**
-* Create a mock Fastify request
-*/
-function createMockRequest(overrides = {}) {
-	return {
-		body: {},
-		params: {},
-		query: {},
-		headers: {},
-		user: createMockUser(),
-		context: {},
-		log: {
-			info: vi.fn(),
-			warn: vi.fn(),
-			error: vi.fn(),
-			debug: vi.fn()
-		},
-		...overrides
-	};
-}
-/**
-* Create a mock Fastify reply
-*/
-function createMockReply() {
-	return {
-		code: vi.fn().mockReturnThis(),
-		send: vi.fn().mockReturnThis(),
-		header: vi.fn().mockReturnThis(),
-		headers: vi.fn().mockReturnThis(),
-		status: vi.fn().mockReturnThis(),
-		type: vi.fn().mockReturnThis(),
-		redirect: vi.fn().mockReturnThis(),
-		callNotFound: vi.fn().mockReturnThis(),
-		sent: false
-	};
-}
-/**
-* Create a mock controller for testing
-*/
-function createMockController(repository) {
-	return {
-		repository,
-		list: vi.fn(),
-		get: vi.fn(),
-		create: vi.fn(),
-		update: vi.fn(),
-		delete: vi.fn()
-	};
-}
 /**
-* Create mock data factory
-*
-* @example
-* const productFactory = createDataFactory<Product>({
-*   name: () => faker.commerce.productName(),
-*   price: () => faker.number.int({ min: 10, max: 1000 }),
-*   sku: (i) => `SKU-${i}`,
-* });
-*
-* const product = productFactory.build();
-* const products = productFactory.buildMany(10);
+* Collect all pipeline steps from a PipelineConfig (flat array or per-operation map)
 */
-function createDataFactory(template) {
-	let counter = 0;
-	return {
-		build(overrides = {}) {
-			const index = counter++;
-			const data = {};
-			for (const [key, generator] of Object.entries(template)) data[key] = generator(index);
-			return {
-				...data,
-				...overrides
-			};
-		},
-		buildMany(count, overrides = {}) {
-			return Array.from({ length: count }, () => this.build(overrides));
-		},
-		reset() {
-			counter = 0;
+function collectPipelineSteps(pipe) {
+	if (Array.isArray(pipe)) return pipe;
+	const seen = /* @__PURE__ */ new Set();
+	const steps = [];
+	for (const opSteps of Object.values(pipe)) if (Array.isArray(opSteps)) for (const step of opSteps) {
+		const key = `${step._type}:${step.name}`;
+		if (!seen.has(key)) {
+			seen.add(key);
+			steps.push(step);
 		}
-	};
+	}
+	return steps;
 }
 /**
-* Create a spy that tracks function calls
+* Create a test harness for an Arc resource
 *
-* Useful for testing side effects without full mocking
-*/
-function createSpy(_name = "spy") {
-	const calls = [];
-	const spy = vi.fn((...args) => {
-		calls.push(args);
-	});
-	spy.getCalls = () => calls;
-	spy.getLastCall = () => calls[calls.length - 1] || [];
-	return spy;
-}
-/**
-* Wait for a condition to be true
+* @param resource - The Arc resource definition to test
+* @param options - Test harness configuration
+* @returns Test harness instance
 *
-* Useful for async testing
+* @example
+* import { createTestHarness } from '@classytic/arc/testing';
+*
+* const harness = createTestHarness(productResource, {
+*   fixtures: {
+*     valid: { name: 'Product', price: 100 },
+*     update: { name: 'Updated' },
+*   },
+* });
+*
+* harness.runAll(); // Generates 50+ baseline tests
 */
-async function waitFor(condition, options = {}) {
-	const { timeout = 5e3, interval = 100 } = options;
-	const startTime = Date.now();
-	while (Date.now() - startTime < timeout) {
-		if (await condition()) return;
-		await new Promise((resolve) => setTimeout(resolve, interval));
-	}
-	throw new Error(`Timeout waiting for condition after ${timeout}ms`);
+function createTestHarness(resource, options) {
+	return new TestHarness(resource, options);
 }
 /**
-* Create a test timer that can be controlled
+* Generate test file content for a resource
+*
+* Useful for scaffolding new resource tests via CLI
+*
+* @param resourceName - Resource name in kebab-case (e.g., 'product')
+* @param options - Generation options
+* @returns Complete test file content as string
+*
+* @example
+* const testContent = generateTestFile('product', {
+*   presets: ['softDelete'],
+*   modulePath: './modules/catalog',
+* });
+* fs.writeFileSync('product.test.js', testContent);
 */
-function createTestTimer() {
-	let time = Date.now();
-	return {
-		now: () => time,
-		advance: (ms) => {
-			time += ms;
-		},
-		set: (timestamp) => {
-			time = timestamp;
-		},
-		reset: () => {
-			time = Date.now();
-		}
-	};
-}
+function generateTestFile(resourceName, options = {}) {
+	const { presets = [], modulePath = "." } = options;
+	const className = resourceName.split("-").map((s) => s.charAt(0).toUpperCase() + s.slice(1)).join("");
+	const varName = className.charAt(0).toLowerCase() + className.slice(1);
+	return `/**
+ * ${className} Resource Tests
+ *
+ * Auto-generated baseline tests. Customize as needed.
+ */
 
-//#endregion
-//#region src/testing/authHelpers.ts
-/**
-* Safely parse a JSON response body.
-* Returns null if parsing fails.
-*/
-function safeParseBody(body) {
-	try {
-		return JSON.parse(body);
-	} catch {
-		return null;
-	}
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import mongoose from 'mongoose';
+import { createTestHarness } from '@classytic/arc/testing';
+import ${varName}Resource from '${modulePath}/${resourceName}.resource.js';
+import ${className} from '${modulePath}/${resourceName}.model.js';
+
+const MONGO_URI = process.env.MONGO_TEST_URI || 'mongodb://localhost:27017/${resourceName}-test';
+
+// Test fixtures
+const fixtures = {
+  valid: {
+    name: 'Test ${className}',
+    // Add required fields here
+  },
+  update: {
+    name: 'Updated ${className}',
+  },
+  invalid: {
+    // Empty or invalid data
+  },
+};
+
+// Create test harness
+const harness = createTestHarness(${varName}Resource, {
+  fixtures,
+  mongoUri: MONGO_URI,
+});
+
+// Run all baseline tests
+harness.runAll();
+
+// Custom tests
+describe('${className} Custom Tests', () => {
+  let testId;
+
+  beforeAll(async () => {
+    await mongoose.connect(MONGO_URI);
+  });
+
+  afterAll(async () => {
+    if (testId) {
+      await ${className}.findByIdAndDelete(testId);
+    }
+    await mongoose.disconnect();
+  });
+
+  // Add your custom tests here
+  it('should pass custom validation', async () => {
+    // Example: const doc = await ${className}.create(fixtures.valid);
+    // testId = doc._id;
+    // expect(doc.someField).toBe('expectedValue');
+    expect(true).toBe(true);
+  });
+});
+`;
 }
 /**
-* Create stateless Better Auth test helpers.
+* Run config-level tests for a resource (no DB required)
 *
-* All methods take the app instance as a parameter, making them
-* safe to use across multiple test suites.
+* Tests field permissions, pipeline configuration, and event definitions.
+* Works with any adapter — no Mongoose dependency.
+*
+* @param resource - The Arc resource definition to test
+*
+* @example
+* ```typescript
+* import { createConfigTestSuite } from '@classytic/arc/testing';
+* import productResource from './product.resource.js';
+*
+* // Generates field permission, pipeline, and event tests
+* createConfigTestSuite(productResource);
+* ```
 */
-function createBetterAuthTestHelpers(options = {}) {
-	const basePath = options.basePath ?? "/api/auth";
-	return {
-		async signUp(app, data) {
-			const res = await app.inject({
-				method: "POST",
-				url: `${basePath}/sign-up/email`,
-				payload: data
+function createConfigTestSuite(resource) {
+	const fieldPerms = resource.fields;
+	const pipe = resource.pipe;
+	const events = resource.events;
+	if (fieldPerms && Object.keys(fieldPerms).length > 0) runFieldPermissionTests(resource.displayName, fieldPerms);
+	if (pipe) runPipelineTests(resource.displayName, pipe);
+	if (events && Object.keys(events).length > 0) runEventTests(resource.name, resource.displayName, events);
+	if (resource.permissions && Object.keys(resource.permissions).length > 0) describe(`${resource.displayName} Permission Config`, () => {
+		for (const op of CRUD_OPERATIONS) {
+			const check = resource.permissions[op];
+			if (check) it(`${op} permission should be a function`, () => {
+				expect(typeof check).toBe("function");
 			});
-			const token = res.headers["set-auth-token"];
-			const body = safeParseBody(res.body);
-			return {
-				statusCode: res.statusCode,
-				token: token || "",
-				user: body?.user || body,
-				body
-			};
-		},
-		async signIn(app, data) {
-			const res = await app.inject({
-				method: "POST",
-				url: `${basePath}/sign-in/email`,
-				payload: data
+		}
+	});
+}
+function runFieldPermissionTests(displayName, fieldPerms) {
+	describe(`${displayName} Field Permissions`, () => {
+		for (const [field, perm] of Object.entries(fieldPerms)) switch (perm._type) {
+			case "hidden":
+				it(`should always hide field '${field}'`, () => {
+					expect(applyFieldReadPermissions({
+						[field]: "secret",
+						other: "visible"
+					}, fieldPerms, [])[field]).toBeUndefined();
+				});
+				it(`should strip hidden field '${field}' from writes`, () => {
+					expect(applyFieldWritePermissions({
+						[field]: "attempt",
+						name: "test"
+					}, fieldPerms, [])[field]).toBeUndefined();
+				});
+				break;
+			case "visibleTo":
+				it(`should hide field '${field}' from non-privileged users`, () => {
+					expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, ["_no_role_"])[field]).toBeUndefined();
+				});
+				if (perm.roles && perm.roles.length > 0) {
+					const allowedRole = perm.roles[0];
+					it(`should show field '${field}' to roles: ${[...perm.roles].join(", ")}`, () => {
+						expect(applyFieldReadPermissions({ [field]: "sensitive" }, fieldPerms, [allowedRole])[field]).toBe("sensitive");
+					});
+				}
+				break;
+			case "writableBy":
+				it(`should strip field '${field}' from writes by non-privileged users`, () => {
+					expect(applyFieldWritePermissions({
+						[field]: "v",
+						name: "test"
+					}, fieldPerms, ["_no_role_"])[field]).toBeUndefined();
+				});
+				if (perm.roles && perm.roles.length > 0) {
+					const writeRole = perm.roles[0];
+					it(`should allow writing field '${field}' by roles: ${[...perm.roles].join(", ")}`, () => {
+						expect(applyFieldWritePermissions({ [field]: "v" }, fieldPerms, [writeRole])[field]).toBe("v");
+					});
+				}
+				break;
+			case "redactFor":
+				if (perm.roles && perm.roles.length > 0) {
+					const redactRole = perm.roles[0];
+					it(`should redact field '${field}' for roles: ${[...perm.roles].join(", ")}`, () => {
+						expect(applyFieldReadPermissions({ [field]: "real" }, fieldPerms, [redactRole])[field]).toBe(perm.redactValue ?? "***");
+					});
+				}
+				it(`should show real value of field '${field}' to non-redacted roles`, () => {
+					expect(applyFieldReadPermissions({ [field]: "real" }, fieldPerms, ["_other_"])[field]).toBe("real");
+				});
+				break;
+		}
+	});
+}
+function runPipelineTests(displayName, pipe) {
+	const steps = collectPipelineSteps(pipe);
+	if (steps.length === 0) return;
+	const validOps = new Set(CRUD_OPERATIONS);
+	describe(`${displayName} Pipeline`, () => {
+		it("should have at least one pipeline step", () => {
+			expect(steps.length).toBeGreaterThan(0);
+		});
+		for (const step of steps) {
+			it(`${step._type} '${step.name}' should have a valid type`, () => {
+				expect([
+					"guard",
+					"transform",
+					"interceptor"
+				]).toContain(step._type);
 			});
-			const token = res.headers["set-auth-token"];
-			const body = safeParseBody(res.body);
-			return {
-				statusCode: res.statusCode,
-				token: token || "",
-				user: body?.user || body,
-				body
-			};
-		},
-		async createOrg(app, token, data) {
-			const res = await app.inject({
-				method: "POST",
-				url: `${basePath}/organization/create`,
-				headers: { authorization: `Bearer ${token}` },
-				payload: data
+			it(`${step._type} '${step.name}' should have a handler function`, () => {
+				expect(typeof step.handler).toBe("function");
 			});
-			const body = safeParseBody(res.body);
-			return {
-				statusCode: res.statusCode,
-				orgId: body?.id,
-				body
-			};
-		},
-		async setActiveOrg(app, token, orgId) {
-			const res = await app.inject({
-				method: "POST",
-				url: `${basePath}/organization/set-active`,
-				headers: { authorization: `Bearer ${token}` },
-				payload: { organizationId: orgId }
+			if (step.operations?.length) it(`${step._type} '${step.name}' should target valid operations`, () => {
+				for (const op of step.operations) expect(validOps.has(op)).toBe(true);
 			});
-			return {
-				statusCode: res.statusCode,
-				body: safeParseBody(res.body)
-			};
-		},
-		authHeaders(token, orgId) {
-			const h = { authorization: `Bearer ${token}` };
-			if (orgId) h["x-organization-id"] = orgId;
-			return h;
 		}
-	};
+	});
 }
-/**
-* Set up a complete test organization with users.
-*
-* Creates the app, signs up users, creates an org, adds members,
-* and returns a context object with tokens and a teardown function.
-*
-* @example
-* ```typescript
-* const ctx = await setupBetterAuthOrg({
-*   createApp: () => createAppInstance(),
-*   org: { name: 'Test Corp', slug: 'test-corp' },
-*   users: [
-*     { key: 'admin', email: 'admin@test.com', password: 'pass', name: 'Admin', role: 'admin', isCreator: true },
-*     { key: 'member', email: 'user@test.com', password: 'pass', name: 'User', role: 'member' },
-*   ],
-*   addMember: async (data) => {
-*     await auth.api.addMember({ body: data });
-*     return { statusCode: 200 };
-*   },
-* });
-*
-* // Use in tests:
-* const res = await ctx.app.inject({
-*   method: 'GET',
-*   url: '/api/products',
-*   headers: auth.authHeaders(ctx.users.admin.token, ctx.orgId),
-* });
-*
-* // Cleanup:
-* await ctx.teardown();
-* ```
-*/
-async function setupBetterAuthOrg(options) {
-	const { createApp, org, users: userConfigs, addMember, afterSetup, authHelpers: helpersOptions } = options;
-	const helpers = createBetterAuthTestHelpers(helpersOptions);
-	const creators = userConfigs.filter((u) => u.isCreator);
-	if (creators.length !== 1) throw new Error(`setupBetterAuthOrg: Exactly one user must have isCreator: true (found ${creators.length})`);
-	const app = await createApp();
-	await app.ready();
-	const signups = /* @__PURE__ */ new Map();
-	for (const userConfig of userConfigs) {
-		const signup = await helpers.signUp(app, {
-			email: userConfig.email,
-			password: userConfig.password,
-			name: userConfig.name
-		});
-		if (signup.statusCode !== 200) throw new Error(`setupBetterAuthOrg: Failed to sign up ${userConfig.email} (status ${signup.statusCode})`);
-		signups.set(userConfig.key, signup);
-	}
-	const creatorConfig = creators[0];
-	const creatorSignup = signups.get(creatorConfig.key);
-	const orgResult = await helpers.createOrg(app, creatorSignup.token, org);
-	if (orgResult.statusCode !== 200) throw new Error(`setupBetterAuthOrg: Failed to create org (status ${orgResult.statusCode})`);
-	const orgId = orgResult.orgId;
-	for (const userConfig of userConfigs) {
-		if (userConfig.isCreator) continue;
-		const result = await addMember({
-			organizationId: orgId,
-			userId: signups.get(userConfig.key).user?.id,
-			role: userConfig.role
-		});
-		if (result.statusCode !== 200) throw new Error(`setupBetterAuthOrg: Failed to add member ${userConfig.email} (status ${result.statusCode})`);
-	}
-	await helpers.setActiveOrg(app, creatorSignup.token, orgId);
-	const users = {};
-	for (const userConfig of userConfigs) if (userConfig.isCreator) {
-		const signup = signups.get(userConfig.key);
-		users[userConfig.key] = {
-			token: signup.token,
-			userId: signup.user?.id,
-			email: userConfig.email
-		};
-	} else {
-		const login = await helpers.signIn(app, {
-			email: userConfig.email,
-			password: userConfig.password
-		});
-		await helpers.setActiveOrg(app, login.token, orgId);
-		users[userConfig.key] = {
-			token: login.token,
-			userId: signups.get(userConfig.key).user?.id,
-			email: userConfig.email
-		};
-	}
-	const ctx = {
-		app,
-		orgId,
-		users,
-		async teardown() {
-			await app.close();
+function runEventTests(resourceName, displayName, events) {
+	describe(`${displayName} Events`, () => {
+		for (const [action, def] of Object.entries(events)) {
+			it(`event '${resourceName}:${action}' should have a handler function`, () => {
+				expect(typeof def.handler).toBe("function");
+			});
+			it(`event '${resourceName}:${action}' should have a name`, () => {
+				expect(def.name).toBeTruthy();
+			});
+			if (def.schema) it(`event '${resourceName}:${action}' schema should be an object`, () => {
+				expect(typeof def.schema).toBe("object");
+				expect(def.schema).not.toBeNull();
+			});
 		}
-	};
-	if (afterSetup) await afterSetup(ctx);
-	return ctx;
+	});
 }
-
 //#endregion
-//#region src/testing/HttpTestHarness.ts
+//#region src/testing/testFactory.ts
 /**
-* HTTP Test Harness
+* Testing Utilities - Test App Factory
 *
-* Generates HTTP-level CRUD tests for Arc resources using `app.inject()`.
-* Unlike TestHarness (which tests Mongoose models directly), this exercises
-* the full request lifecycle: HTTP routes, auth, permissions, pipeline,
-* field permissions, and the Arc response envelope.
+* Create Fastify test instances with Arc configuration
+*/
+/**
+* Create a test application instance with optional in-memory MongoDB
 *
-* Supports both eager and deferred options:
-* - **Eager**: Pass options directly when app is available at construction time
-* - **Deferred**: Pass a getter function when app comes from async setup (beforeAll)
+* **Performance Boost**: Uses in-memory MongoDB by default for 10x faster tests.
 *
-* @example Eager (app available at module level)
+* @example Basic usage with in-memory DB
 * ```typescript
-* const harness = createHttpTestHarness(jobResource, {
-*   app,
-*   fixtures: { valid: { title: 'Test' } },
-*   auth: createJwtAuthProvider({ app, users, adminRole: 'admin' }),
-* });
-* harness.runAll();
-* ```
+* import { createTestApp } from '@classytic/arc/testing';
 *
-* @example Deferred (app from beforeAll)
-* ```typescript
-* let ctx: TestContext;
-* beforeAll(async () => { ctx = await setupTestOrg(); });
-* afterAll(async () => { await teardownTestOrg(ctx); });
+* describe('API Tests', () => {
+*   let testApp: TestAppResult;
 *
-* const harness = createHttpTestHarness(jobResource, () => ({
-*   app: ctx.app,
-*   apiPrefix: '',
-*   fixtures: { valid: { title: 'Test' } },
-*   auth: createBetterAuthProvider({ tokens: { admin: ctx.users.admin.token }, orgId: ctx.orgId, adminRole: 'admin' }),
-* }));
-* harness.runAll();
-* ```
-*/
-/**
-* Create an auth provider for JWT-based apps.
+*   beforeAll(async () => {
+*     testApp = await createTestApp({
+*       auth: { type: 'jwt', jwt: { secret: 'test-secret' } },
+*     });
+*   });
 *
-* Generates JWT tokens on the fly using the app's JWT plugin.
+*   afterAll(async () => {
+*     await testApp.close(); // Cleans up DB and disconnects
+*   });
 *
-* @example
-* ```typescript
-* const auth = createJwtAuthProvider({
-*   app,
-*   users: {
-*     admin: { payload: { id: '1', roles: ['admin'] }, organizationId: 'org1' },
-*     viewer: { payload: { id: '2', roles: ['viewer'] } },
-*   },
-*   adminRole: 'admin',
+*   test('GET /health', async () => {
+*     const response = await testApp.app.inject({
+*       method: 'GET',
+*       url: '/health',
+*     });
+*     expect(response.statusCode).toBe(200);
+*   });
 * });
 * ```
-*/
-function createJwtAuthProvider(options) {
-	const { app, users, adminRole } = options;
-	return {
-		getHeaders(role) {
-			const user = users[role];
-			if (!user) throw new Error(`createJwtAuthProvider: Unknown role '${role}'. Available: ${Object.keys(users).join(", ")}`);
-			const headers = { authorization: `Bearer ${app.jwt?.sign?.(user.payload) || "mock-token"}` };
-			if (user.organizationId) headers["x-organization-id"] = user.organizationId;
-			return headers;
-		},
-		availableRoles: Object.keys(users),
-		adminRole
-	};
-}
-/**
-* Create an auth provider for Better Auth apps.
 *
-* Uses pre-existing tokens (from signUp/signIn) rather than generating them.
+* @example Using external MongoDB
+* ```typescript
+* const testApp = await createTestApp({
+*   auth: { type: 'jwt', jwt: { secret: 'test-secret' } },
+*   useInMemoryDb: false,
+*   mongoUri: 'mongodb://localhost:27017/test-db',
+* });
+* ```
 *
-* @example
+* @example Accessing MongoDB URI for model connections
 * ```typescript
-* const auth = createBetterAuthProvider({
-*   tokens: {
-*     admin: ctx.users.admin.token,
-*     member: ctx.users.member.token,
-*   },
-*   orgId: ctx.orgId,
-*   adminRole: 'admin',
+* const testApp = await createTestApp({
+*   auth: { type: 'jwt', jwt: { secret: 'test-secret' } },
 * });
+* await mongoose.connect(testApp.mongoUri); // Connect your models
 * ```
 */
-function createBetterAuthProvider(options) {
-	const { tokens, orgId, adminRole } = options;
+async function createTestApp(options = {}) {
+	const { createApp } = await import("../createApp-ByWNRsZj.mjs").then((n) => n.r);
+	const { useInMemoryDb = true, mongoUri: providedMongoUri, ...appOptions } = options;
+	const defaultAuth = {
+		type: "jwt",
+		jwt: { secret: "test-secret-32-chars-minimum-len" }
+	};
+	let inMemoryDb = null;
+	let mongoUri = providedMongoUri;
+	if (useInMemoryDb && !providedMongoUri) try {
+		inMemoryDb = new InMemoryDatabase();
+		mongoUri = await inMemoryDb.start();
+	} catch (err) {
+		console.warn("[createTestApp] Failed to start in-memory MongoDB:", err.message, "\nFalling back to external MongoDB or no DB connection.");
+	}
+	const app = await createApp({
+		preset: "testing",
+		logger: false,
+		helmet: false,
+		cors: false,
+		rateLimit: false,
+		underPressure: false,
+		auth: defaultAuth,
+		...appOptions
+	});
 	return {
-		getHeaders(role) {
-			const token = tokens[role];
-			if (!token) throw new Error(`createBetterAuthProvider: No token for role '${role}'. Available: ${Object.keys(tokens).join(", ")}`);
-			return {
-				authorization: `Bearer ${token}`,
-				"x-organization-id": orgId
-			};
-		},
-		availableRoles: Object.keys(tokens),
-		adminRole
+		app,
+		mongoUri,
+		async close() {
+			await app.close();
+			if (inMemoryDb) await inMemoryDb.stop();
+		}
 	};
 }
 /**
-* HTTP-level test harness for Arc resources.
+* Create a minimal Fastify instance for unit tests
 *
-* Generates tests that exercise the full HTTP lifecycle:
-* routes, auth, permissions, pipeline, and response envelope.
+* Use when you don't need Arc's full plugin stack
 *
-* Supports deferred options via a getter function, which is essential
-* when the app instance comes from async `beforeAll()` setup.
-*/
-var HttpTestHarness = class {
-	resource;
-	optionsOrGetter;
-	eagerBaseUrl;
-	enabledRoutes;
-	updateMethod;
-	constructor(resource, optionsOrGetter) {
-		this.resource = resource;
-		this.optionsOrGetter = optionsOrGetter;
-		if (typeof optionsOrGetter === "function") this.eagerBaseUrl = null;
-		else this.eagerBaseUrl = `${optionsOrGetter.apiPrefix ?? "/api"}${resource.prefix}`;
-		const disabled = new Set(resource.disabledRoutes ?? []);
-		this.enabledRoutes = new Set(resource.disableDefaultRoutes ? [] : CRUD_OPERATIONS.filter((op) => !disabled.has(op)));
-		this.updateMethod = resource.updateMethod === "PUT" ? "PUT" : "PATCH";
-	}
-	/** Resolve options (supports both direct and deferred) */
-	getOptions() {
-		return typeof this.optionsOrGetter === "function" ? this.optionsOrGetter() : this.optionsOrGetter;
-	}
-	/**
-	* Resolve the base URL for requests.
-	*
-	* - Eager mode: uses pre-computed baseUrl from constructor
-	* - Deferred mode: reads apiPrefix from the getter options at runtime
-	*
-	* Must only be called inside it()/afterAll() callbacks (after beforeAll has run).
-	*/
-	getBaseUrl() {
-		if (this.eagerBaseUrl !== null) return this.eagerBaseUrl;
-		return `${this.getOptions().apiPrefix ?? ""}${this.resource.prefix}`;
-	}
-	/**
-	* Run all test suites: CRUD + permissions + validation
-	*/
-	runAll() {
-		this.runCrud();
-		this.runPermissions();
-		this.runValidation();
-	}
-	/**
-	* Run HTTP-level CRUD tests.
-	*
-	* Tests each enabled CRUD operation through app.inject():
-	* - POST (create) → 200/201 with { success: true, data }
-	* - GET (list) → 200 with array or paginated response
-	* - GET /:id → 200 with { success: true, data }
-	* - PATCH/PUT /:id → 200 with { success: true, data }
-	* - DELETE /:id → 200
-	* - GET /:id with non-existent ID → 404
-	*/
-	runCrud() {
-		const { resource, enabledRoutes, updateMethod } = this;
-		let createdId = null;
-		describe(`${resource.displayName} HTTP CRUD`, () => {
-			afterAll(async () => {
-				if (createdId && enabledRoutes.has("delete")) {
-					const { app, auth } = this.getOptions();
-					const baseUrl = this.getBaseUrl();
-					await app.inject({
-						method: "DELETE",
-						url: `${baseUrl}/${createdId}`,
-						headers: auth.getHeaders(auth.adminRole)
-					});
-				}
-			});
-			if (enabledRoutes.has("create")) it("POST should create a resource", async () => {
-				const { app, auth, fixtures } = this.getOptions();
-				const baseUrl = this.getBaseUrl();
-				const adminHeaders = auth.getHeaders(auth.adminRole);
-				const res = await app.inject({
-					method: "POST",
-					url: baseUrl,
-					headers: adminHeaders,
-					payload: fixtures.valid
-				});
-				expect(res.statusCode).toBeLessThan(300);
-				const body = JSON.parse(res.body);
-				expect(body.success).toBe(true);
-				expect(body.data).toBeDefined();
-				expect(body.data._id).toBeDefined();
-				createdId = body.data._id;
-			});
-			if (enabledRoutes.has("list")) it("GET should list resources", async () => {
-				const { app, auth } = this.getOptions();
-				const baseUrl = this.getBaseUrl();
-				const res = await app.inject({
-					method: "GET",
-					url: baseUrl,
-					headers: auth.getHeaders(auth.adminRole)
-				});
-				expect(res.statusCode).toBe(200);
-				const body = JSON.parse(res.body);
-				expect(body.success).toBe(true);
-				const list = body.data ?? body.docs;
-				expect(list).toBeDefined();
-				expect(Array.isArray(list)).toBe(true);
-			});
-			if (enabledRoutes.has("get")) {
-				it("GET /:id should return the resource", async () => {
-					if (!createdId) return;
-					const { app, auth } = this.getOptions();
-					const baseUrl = this.getBaseUrl();
-					const res = await app.inject({
-						method: "GET",
-						url: `${baseUrl}/${createdId}`,
-						headers: auth.getHeaders(auth.adminRole)
-					});
-					expect(res.statusCode).toBe(200);
-					const body = JSON.parse(res.body);
-					expect(body.success).toBe(true);
-					expect(body.data).toBeDefined();
-					expect(body.data._id).toBe(createdId);
-				});
-				it("GET /:id with non-existent ID should return 404", async () => {
-					const { app, auth } = this.getOptions();
-					const baseUrl = this.getBaseUrl();
-					const res = await app.inject({
-						method: "GET",
-						url: `${baseUrl}/000000000000000000000000`,
-						headers: auth.getHeaders(auth.adminRole)
-					});
-					expect(res.statusCode).toBe(404);
-					expect(JSON.parse(res.body).success).toBe(false);
-				});
-			}
-			if (enabledRoutes.has("update")) {
-				it(`${updateMethod} /:id should update the resource`, async () => {
-					if (!createdId) return;
-					const { app, auth, fixtures } = this.getOptions();
-					const baseUrl = this.getBaseUrl();
-					const updatePayload = fixtures.update || fixtures.valid;
-					const res = await app.inject({
-						method: updateMethod,
-						url: `${baseUrl}/${createdId}`,
-						headers: auth.getHeaders(auth.adminRole),
-						payload: updatePayload
-					});
-					expect(res.statusCode).toBe(200);
-					const body = JSON.parse(res.body);
-					expect(body.success).toBe(true);
-					expect(body.data).toBeDefined();
-				});
-				it(`${updateMethod} /:id with non-existent ID should return 404`, async () => {
-					const { app, auth, fixtures } = this.getOptions();
-					const baseUrl = this.getBaseUrl();
-					expect((await app.inject({
-						method: updateMethod,
-						url: `${baseUrl}/000000000000000000000000`,
-						headers: auth.getHeaders(auth.adminRole),
-						payload: fixtures.update || fixtures.valid
-					})).statusCode).toBe(404);
-				});
-			}
-			if (enabledRoutes.has("delete")) {
-				it("DELETE /:id should delete the resource", async () => {
-					const { app, auth, fixtures } = this.getOptions();
-					const baseUrl = this.getBaseUrl();
-					const adminHeaders = auth.getHeaders(auth.adminRole);
-					let deleteId;
-					if (enabledRoutes.has("create")) {
-						const createRes = await app.inject({
-							method: "POST",
-							url: baseUrl,
-							headers: adminHeaders,
-							payload: fixtures.valid
-						});
-						deleteId = JSON.parse(createRes.body).data?._id;
-					}
-					if (!deleteId) return;
-					expect((await app.inject({
-						method: "DELETE",
-						url: `${baseUrl}/${deleteId}`,
-						headers: adminHeaders
-					})).statusCode).toBe(200);
-					if (enabledRoutes.has("get")) expect((await app.inject({
-						method: "GET",
-						url: `${baseUrl}/${deleteId}`,
-						headers: adminHeaders
-					})).statusCode).toBe(404);
-				});
-				it("DELETE /:id with non-existent ID should return 404", async () => {
-					const { app, auth } = this.getOptions();
-					const baseUrl = this.getBaseUrl();
-					expect((await app.inject({
-						method: "DELETE",
-						url: `${baseUrl}/000000000000000000000000`,
-						headers: auth.getHeaders(auth.adminRole)
-					})).statusCode).toBe(404);
-				});
-			}
+* @example
+* const app = createMinimalTestApp();
+* app.get('/test', async () => ({ success: true }));
+*
+* const response = await app.inject({ method: 'GET', url: '/test' });
+* expect(response.json()).toEqual({ success: true });
+*/
+function createMinimalTestApp(options = {}) {
+	return Fastify({
+		logger: false,
+		...options
+	});
+}
+/**
+* Test request builder for cleaner tests
+*
+* @example
+* const request = new TestRequestBuilder(app)
+*   .get('/products')
+*   .withAuth(mockUser)
+*   .withQuery({ page: 1, limit: 10 });
+*
+* const response = await request.send();
+* expect(response.statusCode).toBe(200);
+*/
+var TestRequestBuilder = class {
+	method = "GET";
+	url = "/";
+	body;
+	query;
+	headers = {};
+	app;
+	constructor(app) {
+		this.app = app;
+	}
+	get(url) {
+		this.method = "GET";
+		this.url = url;
+		return this;
+	}
+	post(url) {
+		this.method = "POST";
+		this.url = url;
+		return this;
+	}
+	put(url) {
+		this.method = "PUT";
+		this.url = url;
+		return this;
+	}
+	patch(url) {
+		this.method = "PATCH";
+		this.url = url;
+		return this;
+	}
+	delete(url) {
+		this.method = "DELETE";
+		this.url = url;
+		return this;
+	}
+	withBody(body) {
+		this.body = body;
+		return this;
+	}
+	withQuery(query) {
+		this.query = query;
+		return this;
+	}
+	withHeader(key, value) {
+		this.headers[key] = value;
+		return this;
+	}
+	withAuth(userOrHeaders) {
+		if ("authorization" in userOrHeaders || "Authorization" in userOrHeaders) {
+			for (const [key, value] of Object.entries(userOrHeaders)) if (typeof value === "string") this.headers[key] = value;
+		} else {
+			const token = this.app.jwt?.sign?.(userOrHeaders) || "mock-token";
+			this.headers.Authorization = `Bearer ${token}`;
+		}
+		return this;
+	}
+	withContentType(type) {
+		this.headers["Content-Type"] = type;
+		return this;
+	}
+	async send() {
+		return this.app.inject({
+			method: this.method,
+			url: this.url,
+			payload: this.body,
+			query: this.query,
+			headers: this.headers
 		});
 	}
+};
+/**
+* Helper to create a test request builder
+*/
+function request(app) {
+	return new TestRequestBuilder(app);
+}
+/**
+* Test helper for authentication
+*/
+function createTestAuth(app) {
+	return {
+		generateToken(user) {
+			if (!app.jwt) throw new Error("JWT plugin not registered");
+			return app.jwt.sign(user);
+		},
+		decodeToken(token) {
+			if (!app.jwt) throw new Error("JWT plugin not registered");
+			return app.jwt.decode(token);
+		},
+		async verifyToken(token) {
+			if (!app.jwt) throw new Error("JWT plugin not registered");
+			return app.jwt.verify(token);
+		}
+	};
+}
+/**
+* Snapshot testing helper for API responses
+*/
+function createSnapshotMatcher() {
+	return { matchStructure(response, expected) {
+		if (typeof response !== typeof expected) return false;
+		if (Array.isArray(response) && Array.isArray(expected)) return response.length === expected.length;
+		if (typeof response === "object" && response !== null && typeof expected === "object" && expected !== null) {
+			const r = response;
+			const e = expected;
+			const responseKeys = Object.keys(r).sort();
+			const expectedKeys = Object.keys(e).sort();
+			if (JSON.stringify(responseKeys) !== JSON.stringify(expectedKeys)) return false;
+			for (const key of responseKeys) if (!this.matchStructure(r[key], e[key])) return false;
+			return true;
+		}
+		return true;
+	} };
+}
+/**
+* Bulk test data loader
+*/
+var TestDataLoader = class {
+	data = /* @__PURE__ */ new Map();
 	/**
-	* Run permission tests.
-	*
-	* Tests that:
-	* - Unauthenticated requests return 401
-	* - Admin role gets 2xx for all operations
+	* Load test data into database
 	*/
-	runPermissions() {
-		const { resource, enabledRoutes, updateMethod } = this;
-		describe(`${resource.displayName} HTTP Permissions`, () => {
-			if (enabledRoutes.has("list")) it("GET list without auth should return 401", async () => {
-				const { app } = this.getOptions();
-				const baseUrl = this.getBaseUrl();
-				expect((await app.inject({
-					method: "GET",
-					url: baseUrl
-				})).statusCode).toBe(401);
-			});
-			if (enabledRoutes.has("get")) it("GET get without auth should return 401", async () => {
-				const { app } = this.getOptions();
-				const baseUrl = this.getBaseUrl();
-				expect((await app.inject({
-					method: "GET",
-					url: `${baseUrl}/000000000000000000000000`
-				})).statusCode).toBe(401);
-			});
-			if (enabledRoutes.has("create")) it("POST create without auth should return 401", async () => {
-				const { app, fixtures } = this.getOptions();
-				const baseUrl = this.getBaseUrl();
-				expect((await app.inject({
-					method: "POST",
-					url: baseUrl,
-					payload: fixtures.valid
-				})).statusCode).toBe(401);
-			});
-			if (enabledRoutes.has("update")) it(`${updateMethod} update without auth should return 401`, async () => {
-				const { app, fixtures } = this.getOptions();
-				const baseUrl = this.getBaseUrl();
-				expect((await app.inject({
-					method: updateMethod,
-					url: `${baseUrl}/000000000000000000000000`,
-					payload: fixtures.update || fixtures.valid
-				})).statusCode).toBe(401);
-			});
-			if (enabledRoutes.has("delete")) it("DELETE delete without auth should return 401", async () => {
-				const { app } = this.getOptions();
-				const baseUrl = this.getBaseUrl();
-				expect((await app.inject({
-					method: "DELETE",
-					url: `${baseUrl}/000000000000000000000000`
-				})).statusCode).toBe(401);
-			});
-			if (enabledRoutes.has("list")) it("admin should access list endpoint", async () => {
-				const { app, auth } = this.getOptions();
-				const baseUrl = this.getBaseUrl();
-				expect((await app.inject({
-					method: "GET",
-					url: baseUrl,
-					headers: auth.getHeaders(auth.adminRole)
-				})).statusCode).toBeLessThan(400);
-			});
-			if (enabledRoutes.has("create")) it("admin should access create endpoint", async () => {
-				const { app, auth, fixtures } = this.getOptions();
-				const baseUrl = this.getBaseUrl();
-				const res = await app.inject({
-					method: "POST",
-					url: baseUrl,
-					headers: auth.getHeaders(auth.adminRole),
-					payload: fixtures.valid
-				});
-				expect(res.statusCode).toBeLessThan(400);
-				const body = JSON.parse(res.body);
-				if (body.data?._id && enabledRoutes.has("delete")) await app.inject({
-					method: "DELETE",
-					url: `${baseUrl}/${body.data._id}`,
-					headers: auth.getHeaders(auth.adminRole)
-				});
-			});
-		});
+	async load(collection, items) {
+		this.data.set(collection, items);
+		return items;
 	}
 	/**
-	* Run validation tests.
-	*
-	* Tests that invalid payloads return 400.
+	* Clear all loaded test data
 	*/
-	runValidation() {
-		const { resource, enabledRoutes } = this;
-		if (!enabledRoutes.has("create")) return;
-		describe(`${resource.displayName} HTTP Validation`, () => {
-			it("POST with invalid payload should not return 2xx", async () => {
-				const { app, auth, fixtures } = this.getOptions();
-				const baseUrl = this.getBaseUrl();
-				if (!fixtures.invalid) return;
-				const res = await app.inject({
-					method: "POST",
-					url: baseUrl,
-					headers: auth.getHeaders(auth.adminRole),
-					payload: fixtures.invalid
-				});
-				expect(res.statusCode).toBeGreaterThanOrEqual(400);
-				expect(JSON.parse(res.body).success).toBe(false);
-			});
-		});
+	async cleanup() {
+		for (const [_collection, _items] of this.data.entries());
+		this.data.clear();
 	}
 };
-/**
-* Create an HTTP test harness for an Arc resource.
-*
-* Accepts options directly or as a getter function for deferred resolution.
-*
-* @example Deferred (recommended for async setup)
-* ```typescript
-* let ctx: TestContext;
-* beforeAll(async () => { ctx = await setupTestOrg(); });
-*
-* createHttpTestHarness(jobResource, () => ({
-*   app: ctx.app,
-*   apiPrefix: '',
-*   fixtures: { valid: { title: 'Test' } },
-*   auth: createBetterAuthProvider({ ... }),
-* })).runAll();
-* ```
-*/
-function createHttpTestHarness(resource, optionsOrGetter) {
-	return new HttpTestHarness(resource, optionsOrGetter);
-}
-
 //#endregion
-export { DatabaseSnapshot, TestFixtures as DbTestFixtures, HttpTestHarness, InMemoryDatabase, TestDataLoader, TestDatabase, TestHarness, TestRequestBuilder, TestSeeder, TestTransaction, createBetterAuthProvider, createBetterAuthTestHelpers, createConfigTestSuite, createDataFactory, createHttpTestHarness, createJwtAuthProvider, createMinimalTestApp, createMockController, createMockReply, createMockRepository, createMockRequest, createMockUser, createSnapshotMatcher, createSpy, createTestApp, createTestAuth, createTestHarness, createTestTimer, generateTestFile, request, safeParseBody, setupBetterAuthOrg, waitFor, withTestDb };
+export { DatabaseSnapshot, TestFixtures as DbTestFixtures, HttpTestHarness, InMemoryDatabase, TestDataLoader, TestDatabase, TestHarness, TestRequestBuilder, TestSeeder, TestTransaction, createBetterAuthProvider, createBetterAuthTestHelpers, createConfigTestSuite, createDataFactory, createHttpTestHarness, createJwtAuthProvider, createMinimalTestApp, createMockController, createMockReply, createMockRepository, createMockRequest, createMockUser, createSnapshotMatcher, createSpy, createTestApp, createTestAuth, createTestHarness, createTestTimer, generateTestFile, request, safeParseBody, setupBetterAuthOrg, waitFor, withTestDb };