npm - @cosmicdrift/kumiko-bundled-features - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-bundled-features 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/package.json +90 -0
package/src/audit/__tests__/audit.integration.ts +328 -0
package/src/audit/constants.ts +7 -0
package/src/audit/feature.ts +23 -0
package/src/audit/handlers/list.query.ts +98 -0
package/src/audit/index.ts +2 -0
package/src/auth-email-password/__tests__/account-lockout-no-redis.integration.ts +149 -0
package/src/auth-email-password/__tests__/account-lockout.integration.ts +308 -0
package/src/auth-email-password/__tests__/auth-claims.integration.ts +512 -0
package/src/auth-email-password/__tests__/auth.integration.ts +610 -0
package/src/auth-email-password/__tests__/confirm-token-flow.test.ts +67 -0
package/src/auth-email-password/__tests__/email-templates.test.ts +106 -0
package/src/auth-email-password/__tests__/email-verification.integration.ts +327 -0
package/src/auth-email-password/__tests__/identity-v3-hash.test.ts +174 -0
package/src/auth-email-password/__tests__/identity-v3-login.integration.ts +150 -0
package/src/auth-email-password/__tests__/invite-flow.integration.ts +458 -0
package/src/auth-email-password/__tests__/multi-roles.integration.ts +256 -0
package/src/auth-email-password/__tests__/password-reset.integration.ts +346 -0
package/src/auth-email-password/__tests__/public-routes-rate-limit.integration.ts +144 -0
package/src/auth-email-password/__tests__/seed-admin.integration.ts +176 -0
package/src/auth-email-password/__tests__/session-callbacks.integration.ts +310 -0
package/src/auth-email-password/__tests__/session-strict-mode.integration.ts +101 -0
package/src/auth-email-password/__tests__/signed-token.test.ts +78 -0
package/src/auth-email-password/__tests__/signup-flow.integration.ts +259 -0
package/src/auth-email-password/auth-user-row.ts +41 -0
package/src/auth-email-password/constants.ts +101 -0
package/src/auth-email-password/email-templates.ts +283 -0
package/src/auth-email-password/feature.ts +140 -0
package/src/auth-email-password/handlers/change-password.write.ts +58 -0
package/src/auth-email-password/handlers/confirm-token-flow.ts +191 -0
package/src/auth-email-password/handlers/invite-accept-with-login.write.ts +203 -0
package/src/auth-email-password/handlers/invite-accept.write.ts +189 -0
package/src/auth-email-password/handlers/invite-create.write.ts +145 -0
package/src/auth-email-password/handlers/invite-signup-complete.write.ts +192 -0
package/src/auth-email-password/handlers/login.write.ts +208 -0
package/src/auth-email-password/handlers/logout.write.ts +12 -0
package/src/auth-email-password/handlers/request-email-verification.write.ts +29 -0
package/src/auth-email-password/handlers/request-password-reset.write.ts +31 -0
package/src/auth-email-password/handlers/reset-password.write.ts +61 -0
package/src/auth-email-password/handlers/signup-confirm.write.ts +170 -0
package/src/auth-email-password/handlers/signup-request.write.ts +104 -0
package/src/auth-email-password/handlers/token-request-handler.ts +114 -0
package/src/auth-email-password/handlers/verify-email.write.ts +62 -0
package/src/auth-email-password/i18n.ts +211 -0
package/src/auth-email-password/identity-v3-hash.ts +97 -0
package/src/auth-email-password/index.ts +35 -0
package/src/auth-email-password/invite-token-store.ts +92 -0
package/src/auth-email-password/lockout-store.ts +118 -0
package/src/auth-email-password/password-hashing.ts +43 -0
package/src/auth-email-password/reset-token.ts +28 -0
package/src/auth-email-password/seeding.ts +183 -0
package/src/auth-email-password/signed-token.ts +85 -0
package/src/auth-email-password/signup-token-store.ts +104 -0
package/src/auth-email-password/stream-tenant.ts +31 -0
package/src/auth-email-password/testing.ts +5 -0
package/src/auth-email-password/token-burn-store.ts +57 -0
package/src/auth-email-password/verification-token.ts +27 -0
package/src/auth-email-password/web/__tests__/auth-gate.test.tsx +51 -0
package/src/auth-email-password/web/__tests__/forgot-password-screen.test.tsx +80 -0
package/src/auth-email-password/web/__tests__/login-screen.test.tsx +94 -0
package/src/auth-email-password/web/__tests__/reset-password-screen.test.tsx +108 -0
package/src/auth-email-password/web/__tests__/session-roles.test.ts +54 -0
package/src/auth-email-password/web/__tests__/tenant-switcher.test.tsx +100 -0
package/src/auth-email-password/web/__tests__/test-utils.tsx +73 -0
package/src/auth-email-password/web/__tests__/user-menu.test.tsx +55 -0
package/src/auth-email-password/web/__tests__/verify-email-screen.test.tsx +59 -0
package/src/auth-email-password/web/auth-client.ts +350 -0
package/src/auth-email-password/web/auth-form-primitives.tsx +70 -0
package/src/auth-email-password/web/auth-gate.tsx +33 -0
package/src/auth-email-password/web/client-plugin.ts +48 -0
package/src/auth-email-password/web/default-topbar-actions.tsx +47 -0
package/src/auth-email-password/web/forgot-password-screen.tsx +110 -0
package/src/auth-email-password/web/index.ts +56 -0
package/src/auth-email-password/web/invite-accept-screen.tsx +220 -0
package/src/auth-email-password/web/login-screen.tsx +150 -0
package/src/auth-email-password/web/reset-password-screen.tsx +152 -0
package/src/auth-email-password/web/session.tsx +171 -0
package/src/auth-email-password/web/signup-complete-screen.tsx +150 -0
package/src/auth-email-password/web/signup-screen.tsx +130 -0
package/src/auth-email-password/web/tenant-switcher.tsx +116 -0
package/src/auth-email-password/web/use-shell-user.ts +34 -0
package/src/auth-email-password/web/user-menu.tsx +89 -0
package/src/auth-email-password/web/verify-email-screen.tsx +102 -0
package/src/billing-foundation/__tests__/billing-foundation.integration.ts +568 -0
package/src/billing-foundation/__tests__/feature.test.ts +110 -0
package/src/billing-foundation/__tests__/webhook-handler.test.ts +199 -0
package/src/billing-foundation/aggregate-id.ts +21 -0
package/src/billing-foundation/constants.ts +70 -0
package/src/billing-foundation/entities.ts +50 -0
package/src/billing-foundation/events.ts +71 -0
package/src/billing-foundation/feature.ts +122 -0
package/src/billing-foundation/get-subscription-for-tenant.ts +39 -0
package/src/billing-foundation/handlers/create-checkout-session.write.ts +79 -0
package/src/billing-foundation/handlers/create-portal-session.write.ts +73 -0
package/src/billing-foundation/handlers/list-subscriptions.query.ts +20 -0
package/src/billing-foundation/handlers/process-event.write.ts +160 -0
package/src/billing-foundation/index.ts +42 -0
package/src/billing-foundation/projection.ts +135 -0
package/src/billing-foundation/types.ts +157 -0
package/src/billing-foundation/webhook-handler.ts +184 -0
package/src/cap-counter/__tests__/cap-counter.integration.ts +566 -0
package/src/cap-counter/__tests__/enforce-cap.test.ts +422 -0
package/src/cap-counter/__tests__/with-cap-enforcement.integration.ts +265 -0
package/src/cap-counter/aggregate-id.ts +61 -0
package/src/cap-counter/constants.ts +32 -0
package/src/cap-counter/enforce-cap.ts +404 -0
package/src/cap-counter/entity.ts +48 -0
package/src/cap-counter/feature.ts +90 -0
package/src/cap-counter/handlers/get-counter.query.ts +43 -0
package/src/cap-counter/handlers/increment-rolling.write.ts +79 -0
package/src/cap-counter/handlers/increment.write.ts +92 -0
package/src/cap-counter/handlers/mark-soft-warned.write.ts +57 -0
package/src/cap-counter/index.ts +34 -0
package/src/cap-counter/with-cap-enforcement.ts +179 -0
package/src/channel-email/email-channel.ts +48 -0
package/src/channel-email/feature.ts +15 -0
package/src/channel-email/index.ts +4 -0
package/src/channel-email/smtp-transport.ts +65 -0
package/src/channel-email/types.ts +34 -0
package/src/channel-in-app/constants.ts +11 -0
package/src/channel-in-app/feature.ts +30 -0
package/src/channel-in-app/handlers/inbox.query.ts +28 -0
package/src/channel-in-app/handlers/mark-all-read.write.ts +21 -0
package/src/channel-in-app/handlers/mark-read.write.ts +32 -0
package/src/channel-in-app/handlers/unread-count.query.ts +20 -0
package/src/channel-in-app/in-app-channel.ts +44 -0
package/src/channel-in-app/index.ts +4 -0
package/src/channel-in-app/tables.ts +22 -0
package/src/channel-push/feature.ts +15 -0
package/src/channel-push/index.ts +3 -0
package/src/channel-push/push-channel.ts +33 -0
package/src/channel-push/types.ts +22 -0
package/src/config/__tests__/app-overrides.test.ts +118 -0
package/src/config/__tests__/config.integration.ts +1246 -0
package/src/config/constants.ts +23 -0
package/src/config/feature.ts +117 -0
package/src/config/handlers/__tests__/prepare-config-write.test.ts +209 -0
package/src/config/handlers/reset.write.ts +45 -0
package/src/config/handlers/schema.query.ts +22 -0
package/src/config/handlers/set.write.ts +93 -0
package/src/config/handlers/values.query.ts +43 -0
package/src/config/index.ts +15 -0
package/src/config/resolver.ts +283 -0
package/src/config/table.ts +35 -0
package/src/config/write-helpers.ts +268 -0
package/src/delivery/__tests__/delivery-events.integration.ts +166 -0
package/src/delivery/__tests__/delivery.integration.ts +1405 -0
package/src/delivery/constants.ts +33 -0
package/src/delivery/delivery-service.ts +489 -0
package/src/delivery/events.ts +18 -0
package/src/delivery/feature.ts +70 -0
package/src/delivery/handlers/log.query.ts +21 -0
package/src/delivery/handlers/preferences.query.ts +18 -0
package/src/delivery/handlers/set-preference.write.ts +28 -0
package/src/delivery/index.ts +35 -0
package/src/delivery/tables.ts +74 -0
package/src/delivery/testing.ts +47 -0
package/src/delivery/types.ts +71 -0
package/src/delivery/unsubscribe.ts +99 -0
package/src/delivery/upsert-preference.ts +145 -0
package/src/feature-toggles/__tests__/feature-toggles.integration.ts +687 -0
package/src/feature-toggles/constants.ts +20 -0
package/src/feature-toggles/events.ts +18 -0
package/src/feature-toggles/feature.ts +98 -0
package/src/feature-toggles/global-feature-state-table.ts +28 -0
package/src/feature-toggles/handlers/list.query.ts +26 -0
package/src/feature-toggles/handlers/registered.query.ts +56 -0
package/src/feature-toggles/handlers/set.write.ts +158 -0
package/src/feature-toggles/index.ts +9 -0
package/src/feature-toggles/toggle-runtime.ts +73 -0
package/src/file-foundation/__tests__/feature.test.ts +35 -0
package/src/file-foundation/__tests__/file-foundation.integration.ts +235 -0
package/src/file-foundation/feature.ts +123 -0
package/src/file-foundation/index.ts +7 -0
package/src/file-provider-inmemory/__tests__/feature.test.ts +35 -0
package/src/file-provider-inmemory/feature.ts +73 -0
package/src/file-provider-inmemory/index.ts +3 -0
package/src/file-provider-s3/__tests__/feature.test.ts +54 -0
package/src/file-provider-s3/feature.ts +169 -0
package/src/file-provider-s3/index.ts +3 -0
package/src/files-provider-s3/__tests__/env-helper.test.ts +161 -0
package/src/files-provider-s3/__tests__/s3-provider.integration.ts +134 -0
package/src/files-provider-s3/__tests__/s3-provider.test.ts +36 -0
package/src/files-provider-s3/env-helper.ts +49 -0
package/src/files-provider-s3/index.ts +3 -0
package/src/files-provider-s3/s3-provider.ts +114 -0
package/src/foundation-shared/config-helpers.ts +67 -0
package/src/foundation-shared/index.ts +4 -0
package/src/jobs/__tests__/job-system-user.integration.ts +194 -0
package/src/jobs/__tests__/jobs-events.integration.ts +143 -0
package/src/jobs/__tests__/jobs-feature.integration.ts +342 -0
package/src/jobs/constants.ts +21 -0
package/src/jobs/events.ts +39 -0
package/src/jobs/feature.ts +150 -0
package/src/jobs/handlers/detail.query.ts +30 -0
package/src/jobs/handlers/list.query.ts +36 -0
package/src/jobs/handlers/retry.write.ts +69 -0
package/src/jobs/handlers/trigger.write.ts +39 -0
package/src/jobs/index.ts +5 -0
package/src/jobs/job-run-logger.ts +213 -0
package/src/jobs/job-run-table.ts +55 -0
package/src/legal-pages/README.md +195 -0
package/src/legal-pages/__tests__/legal-pages.integration.ts +361 -0
package/src/legal-pages/constants.ts +36 -0
package/src/legal-pages/feature.ts +187 -0
package/src/legal-pages/index.ts +13 -0
package/src/legal-pages/markdown.ts +69 -0
package/src/mail-foundation/__tests__/feature.test.ts +46 -0
package/src/mail-foundation/__tests__/mail-foundation.integration.ts +247 -0
package/src/mail-foundation/feature.ts +160 -0
package/src/mail-foundation/index.ts +14 -0
package/src/mail-transport-inmemory/__tests__/feature.test.ts +37 -0
package/src/mail-transport-inmemory/feature.ts +90 -0
package/src/mail-transport-inmemory/index.ts +3 -0
package/src/mail-transport-smtp/__tests__/feature.test.ts +61 -0
package/src/mail-transport-smtp/feature.ts +182 -0
package/src/mail-transport-smtp/index.ts +3 -0
package/src/rate-limiting/__tests__/rate-limiting.integration.ts +84 -0
package/src/rate-limiting/constants.ts +9 -0
package/src/rate-limiting/feature.ts +16 -0
package/src/rate-limiting/handlers/status.query.ts +52 -0
package/src/rate-limiting/index.ts +2 -0
package/src/renderer-simple/__tests__/simple-renderer.test.ts +97 -0
package/src/renderer-simple/feature.ts +12 -0
package/src/renderer-simple/index.ts +2 -0
package/src/renderer-simple/simple-renderer.ts +72 -0
package/src/secrets/__tests__/rotate.integration.ts +176 -0
package/src/secrets/__tests__/secrets-events.integration.ts +125 -0
package/src/secrets/__tests__/secrets.integration.ts +118 -0
package/src/secrets/feature.ts +84 -0
package/src/secrets/handlers/delete.write.ts +20 -0
package/src/secrets/handlers/list.query.ts +38 -0
package/src/secrets/handlers/rotate.job.ts +193 -0
package/src/secrets/handlers/set.write.ts +50 -0
package/src/secrets/index.ts +16 -0
package/src/secrets/secrets-context.ts +296 -0
package/src/secrets/table.ts +68 -0
package/src/sessions/__tests__/cleanup.integration.ts +175 -0
package/src/sessions/__tests__/password-auto-revoke.integration.ts +202 -0
package/src/sessions/__tests__/sessions.integration.ts +472 -0
package/src/sessions/__tests__/test-helpers.ts +66 -0
package/src/sessions/constants.ts +43 -0
package/src/sessions/feature.ts +84 -0
package/src/sessions/handlers/cleanup.job.ts +109 -0
package/src/sessions/handlers/list.query.ts +35 -0
package/src/sessions/handlers/mine.query.ts +37 -0
package/src/sessions/handlers/revoke-all-others.write.ts +42 -0
package/src/sessions/handlers/revoke.write.ts +76 -0
package/src/sessions/index.ts +17 -0
package/src/sessions/schema/index.ts +5 -0
package/src/sessions/schema/user-session.ts +67 -0
package/src/sessions/session-callbacks.ts +110 -0
package/src/sessions/testing.ts +42 -0
package/src/subscription-mollie/__tests__/feature.test.ts +106 -0
package/src/subscription-mollie/__tests__/mollie-foundation.integration.ts +421 -0
package/src/subscription-mollie/__tests__/verify-webhook.test.ts +388 -0
package/src/subscription-mollie/constants.ts +33 -0
package/src/subscription-mollie/feature.ts +144 -0
package/src/subscription-mollie/index.ts +13 -0
package/src/subscription-mollie/plugin-methods.ts +79 -0
package/src/subscription-mollie/verify-webhook.ts +244 -0
package/src/subscription-stripe/__tests__/feature.test.ts +98 -0
package/src/subscription-stripe/__tests__/plugin-methods.test.ts +161 -0
package/src/subscription-stripe/__tests__/stripe-foundation.integration.ts +315 -0
package/src/subscription-stripe/__tests__/verify-webhook.test.ts +306 -0
package/src/subscription-stripe/constants.ts +20 -0
package/src/subscription-stripe/feature.ts +120 -0
package/src/subscription-stripe/index.ts +14 -0
package/src/subscription-stripe/plugin-methods.ts +91 -0
package/src/subscription-stripe/verify-webhook.ts +235 -0
package/src/tenant/__tests__/multi-tenant.integration.ts +278 -0
package/src/tenant/__tests__/seed-testing.integration.ts +229 -0
package/src/tenant/__tests__/tenant.integration.ts +347 -0
package/src/tenant/command-schemas.ts +37 -0
package/src/tenant/constants.ts +37 -0
package/src/tenant/feature.ts +109 -0
package/src/tenant/handlers/active-tenant-ids.query.ts +19 -0
package/src/tenant/handlers/add-member.write.ts +53 -0
package/src/tenant/handlers/cancel-invitation.write.ts +87 -0
package/src/tenant/handlers/create.write.ts +21 -0
package/src/tenant/handlers/disable.write.ts +18 -0
package/src/tenant/handlers/invitations.query.ts +31 -0
package/src/tenant/handlers/list.query.ts +17 -0
package/src/tenant/handlers/me.query.ts +17 -0
package/src/tenant/handlers/members.query.ts +22 -0
package/src/tenant/handlers/memberships.query.ts +24 -0
package/src/tenant/handlers/remove-member.write.ts +40 -0
package/src/tenant/handlers/resolve-user-ids.query.ts +43 -0
package/src/tenant/handlers/update-member-roles.write.ts +54 -0
package/src/tenant/handlers/update.write.ts +20 -0
package/src/tenant/index.ts +12 -0
package/src/tenant/invitation-table.ts +93 -0
package/src/tenant/membership-table.ts +35 -0
package/src/tenant/schema/index.ts +5 -0
package/src/tenant/schema/tenant.ts +27 -0
package/src/tenant/seeding.ts +155 -0
package/src/tenant/testing.ts +8 -0
package/src/text-content/README.md +190 -0
package/src/text-content/__tests__/text-content.integration.ts +415 -0
package/src/text-content/api.ts +92 -0
package/src/text-content/constants.ts +19 -0
package/src/text-content/feature.ts +29 -0
package/src/text-content/handlers/by-slug.query.ts +55 -0
package/src/text-content/handlers/set.write.ts +118 -0
package/src/text-content/index.ts +14 -0
package/src/text-content/seeding.ts +91 -0
package/src/text-content/table.ts +45 -0
package/src/tier-engine/__tests__/compose-app.test.ts +182 -0
package/src/tier-engine/__tests__/drift.test.ts +42 -0
package/src/tier-engine/__tests__/tier-engine.integration.ts +241 -0
package/src/tier-engine/aggregate-id.ts +27 -0
package/src/tier-engine/compose-app.ts +150 -0
package/src/tier-engine/constants.ts +15 -0
package/src/tier-engine/entity.ts +30 -0
package/src/tier-engine/feature.ts +72 -0
package/src/tier-engine/handlers/active-tier.query.ts +23 -0
package/src/tier-engine/index.ts +22 -0
package/src/user/__tests__/seed-testing.integration.ts +127 -0
package/src/user/__tests__/user.integration.ts +198 -0
package/src/user/command-schemas.ts +15 -0
package/src/user/constants.ts +23 -0
package/src/user/feature.ts +32 -0
package/src/user/handlers/create.write.ts +54 -0
package/src/user/handlers/detail.query.ts +9 -0
package/src/user/handlers/find-for-auth.query.ts +38 -0
package/src/user/handlers/list.query.ts +8 -0
package/src/user/handlers/me.query.ts +15 -0
package/src/user/handlers/update.write.ts +54 -0
package/src/user/index.ts +4 -0
package/src/user/schema/index.ts +5 -0
package/src/user/schema/user.ts +69 -0
package/src/user/seeding.ts +93 -0
package/src/user/testing.ts +5 -0

package/src/cap-counter/__tests__/enforce-cap.test.ts ADDED Viewed

@@ -0,0 +1,422 @@
+// Pure unit tests for the enforce-cap helpers. Mocks ctx.db's
+// select-chains via tiny in-memory stubs so we hit every branch
+// without spinning up the test-stack — the real event-store +
+// dispatcher integration is exercised in cap-counter.integration.ts.
+import { describe, expect, test, vi } from "vitest";
+// Temporal: rely on the global ambient declaration from temporal-spec.
+// The framework polyfill is loaded by setupTestStack, but pure unit
+// tests (no stack) need a manual polyfill — vitest.setup.ts does that.
+import {
+  CAP_TOLERANCES,
+  CapExceededError,
+  currentCalendarMonthStartIso,
+  enforceCap,
+  enforceCapAndMaybeNotify,
+  enforceRollingCap,
+  enforceRollingCapAndMaybeNotify,
+} from "../enforce-cap";
+// --- Calendar-Period stub: db.select().from(...).where(...).limit(1) ---
+function stubCalendarCtx(rows: { value: number; lastSoftWarnedAt: unknown }[]) {
+  const ctx = {
+    db: {
+      select: () => ({
+        from: () => ({
+          where: () => ({
+            limit: async () => rows,
+          }),
+        }),
+      }),
+    },
+    user: { tenantId: "tenant-test" },
+  };
+  return ctx as unknown as Parameters<typeof enforceCap>[0];
+}
+// --- Rolling-Window stub: db.select(...).from(...).where(...) returns rows ---
+function stubRollingCtx(eventPayloads: { amount: number }[]) {
+  const ctx = {
+    db: {
+      select: () => ({
+        from: () => ({
+          where: async () => eventPayloads.map((p) => ({ payload: p })),
+        }),
+      }),
+    },
+    user: { tenantId: "tenant-test" },
+  };
+  return ctx as unknown as Parameters<typeof enforceRollingCap>[0];
+}
+const PERIOD = "2026-05-01T00:00:00Z";
+// =============================================================================
+// enforceCap — calendar-period
+// =============================================================================
+describe("enforceCap — burstable profile (mails / tokens)", () => {
+  const opts = {
+    capName: "mails-per-month",
+    periodStartIso: PERIOD,
+    limit: 1000,
+    profile: "burstable" as const,
+  };
+  test("value below soft-threshold → ok", async () => {
+    const ctx = stubCalendarCtx([{ value: 500, lastSoftWarnedAt: null }]);
+    const result = await enforceCap(ctx, opts);
+    expect(result.state).toBe("ok");
+    if (result.state === "ok") {
+      expect(result.value).toBe(500);
+    }
+  });
+  test("no row exists yet → value=0, ok", async () => {
+    const ctx = stubCalendarCtx([]);
+    const result = await enforceCap(ctx, opts);
+    expect(result.state).toBe("ok");
+    if (result.state === "ok") {
+      expect(result.value).toBe(0);
+    }
+  });
+  test("value at soft-threshold (1100, soft=1.1) → soft-hit, crossed=true on first warn", async () => {
+    const ctx = stubCalendarCtx([{ value: 1100, lastSoftWarnedAt: null }]);
+    const result = await enforceCap(ctx, opts);
+    expect(result.state).toBe("soft-hit");
+    if (result.state === "soft-hit") {
+      expect(result.value).toBe(1100);
+      expect(result.crossed).toBe(true);
+    }
+  });
+  test("value past soft, already warned → soft-hit, crossed=false (no re-notification)", async () => {
+    const ctx = stubCalendarCtx([{ value: 1150, lastSoftWarnedAt: "2026-05-15T12:00:00Z" }]);
+    const result = await enforceCap(ctx, opts);
+    expect(result.state).toBe("soft-hit");
+    if (result.state === "soft-hit") {
+      expect(result.crossed).toBe(false);
+    }
+  });
+  test("value at hard-threshold (1200, hard=1.2) → throws CapExceededError", async () => {
+    const ctx = stubCalendarCtx([{ value: 1200, lastSoftWarnedAt: null }]);
+    await expect(enforceCap(ctx, opts)).rejects.toThrow(CapExceededError);
+  });
+  test("CapExceededError carries cap-name + limit + currentValue", async () => {
+    const ctx = stubCalendarCtx([{ value: 1500, lastSoftWarnedAt: null }]);
+    try {
+      await enforceCap(ctx, opts);
+      throw new Error("expected throw");
+    } catch (e) {
+      expect(e).toBeInstanceOf(CapExceededError);
+      const err = e as CapExceededError;
+      expect(err.code).toBe("cap_exceeded");
+      expect(err.capName).toBe("mails-per-month");
+      expect(err.limit).toBe(1000);
+      expect(err.currentValue).toBe(1500);
+    }
+  });
+});
+describe("enforceCap — storage profile (DB / files)", () => {
+  test("storage profile is stricter — soft@100% hard@105%", async () => {
+    expect(CAP_TOLERANCES.storage.soft).toBe(1.0);
+    expect(CAP_TOLERANCES.storage.hard).toBe(1.05);
+  });
+  test("at exactly limit (storage soft=1.0) → soft-hit", async () => {
+    const ctx = stubCalendarCtx([{ value: 10240, lastSoftWarnedAt: null }]);
+    const result = await enforceCap(ctx, {
+      capName: "db-storage-mb",
+      periodStartIso: PERIOD,
+      limit: 10240,
+      profile: "storage",
+    });
+    expect(result.state).toBe("soft-hit");
+  });
+  test("at 1.05× limit (storage hard) → throws", async () => {
+    const ctx = stubCalendarCtx([{ value: 10752, lastSoftWarnedAt: null }]);
+    await expect(
+      enforceCap(ctx, {
+        capName: "db-storage-mb",
+        periodStartIso: PERIOD,
+        limit: 10240,
+        profile: "storage",
+      }),
+    ).rejects.toThrow(CapExceededError);
+  });
+});
+describe("enforceCap — hardSlot profile (apps-count)", () => {
+  test("hardSlot has zero buffer — hard@100%", async () => {
+    expect(CAP_TOLERANCES.hardSlot.hard).toBe(1.0);
+  });
+  test("at exactly limit → throws (hardSlot is hard)", async () => {
+    const ctx = stubCalendarCtx([{ value: 5, lastSoftWarnedAt: null }]);
+    await expect(
+      enforceCap(ctx, {
+        capName: "apps-count",
+        periodStartIso: PERIOD,
+        limit: 5,
+        profile: "hardSlot",
+      }),
+    ).rejects.toThrow(CapExceededError);
+  });
+});
+describe("enforceCap — egress profile", () => {
+  test("egress has the largest hard-buffer (130%) — bursty traffic legitimate", async () => {
+    expect(CAP_TOLERANCES.egress.hard).toBe(1.3);
+  });
+});
+// =============================================================================
+// enforceRollingCap — Sprint 4: window-based read über Increment-Events
+// =============================================================================
+describe("enforceRollingCap — burstable profile (KI-tokens-7d)", () => {
+  // limit=10000 chosen weil 10000 × 1.1 = 11000 und × 1.2 = 12000 als
+  // exact integer floating-point bleiben (50000 × 1.1 wäre 55000.00000000001).
+  const opts = {
+    capName: "ai-tokens-7d",
+    windowDays: 7,
+    limit: 10000,
+    profile: "burstable" as const,
+  };
+  test("no events in window → value=0, ok", async () => {
+    const ctx = stubRollingCtx([]);
+    const result = await enforceRollingCap(ctx, opts);
+    expect(result.state).toBe("ok");
+    if (result.state === "ok") {
+      expect(result.value).toBe(0);
+    }
+  });
+  test("sums amounts across multiple events", async () => {
+    const ctx = stubRollingCtx([{ amount: 1000 }, { amount: 2500 }, { amount: 500 }]);
+    const result = await enforceRollingCap(ctx, opts);
+    expect(result.state).toBe("ok");
+    if (result.state === "ok") {
+      expect(result.value).toBe(4000);
+    }
+  });
+  test("sum at soft-threshold (11000, soft=1.1×10000) → soft-hit, crossed=false", async () => {
+    const ctx = stubRollingCtx([{ amount: 6000 }, { amount: 5000 }]);
+    const result = await enforceRollingCap(ctx, opts);
+    expect(result.state).toBe("soft-hit");
+    if (result.state === "soft-hit") {
+      expect(result.value).toBe(11000);
+      // Rolling-counter trackt kein lastSoftWarnedAt — crossed ist immer false.
+      expect(result.crossed).toBe(false);
+    }
+  });
+  test("sum at hard-threshold (12000, hard=1.2×10000) → throws CapExceededError", async () => {
+    const ctx = stubRollingCtx([{ amount: 6000 }, { amount: 6000 }]);
+    await expect(enforceRollingCap(ctx, opts)).rejects.toThrow(CapExceededError);
+  });
+  test("ignores malformed payloads (no `amount` field) — defensive against schema-drift", async () => {
+    // Sums only the well-formed events. If a future event-shape lands
+    // with a different field name, we don't blow up — just under-count.
+    const ctx = stubRollingCtx([
+      { amount: 1000 },
+      // @ts-expect-error — testing defensive read
+      { other: 9999 },
+      { amount: 2000 },
+    ]);
+    const result = await enforceRollingCap(ctx, opts);
+    expect(result.state).toBe("ok");
+    if (result.state === "ok") {
+      expect(result.value).toBe(3000);
+    }
+  });
+});
+describe("enforceRollingCap — input validation", () => {
+  test("missing ctx.db → throws clear error", async () => {
+    const ctx = { user: { tenantId: "t" } } as unknown as Parameters<typeof enforceRollingCap>[0];
+    await expect(
+      enforceRollingCap(ctx, {
+        capName: "x",
+        windowDays: 7,
+        limit: 1,
+        profile: "burstable",
+      }),
+    ).rejects.toThrow(/ctx\.db missing/);
+  });
+  test("missing ctx.user.tenantId → throws clear error", async () => {
+    const ctx = stubRollingCtx([]);
+    delete (ctx as { user?: unknown }).user;
+    await expect(
+      enforceRollingCap(ctx, {
+        capName: "x",
+        windowDays: 7,
+        limit: 1,
+        profile: "burstable",
+      }),
+    ).rejects.toThrow(/tenantId missing/);
+  });
+});
+// =============================================================================
+// enforceCapAndMaybeNotify — Calendar + Notification-Wiring
+// =============================================================================
+describe("enforceCapAndMaybeNotify — calendar", () => {
+  const baseOpts = {
+    capName: "mails-per-month",
+    periodStartIso: PERIOD,
+    limit: 1000,
+    profile: "burstable" as const,
+  };
+  test("ok → notifier NICHT aufgerufen", async () => {
+    const ctx = stubCalendarCtx([{ value: 100, lastSoftWarnedAt: null }]);
+    const notify = vi.fn();
+    const result = await enforceCapAndMaybeNotify(ctx, { ...baseOpts, notify });
+    expect(result.state).toBe("ok");
+    expect(notify).not.toHaveBeenCalled();
+  });
+  test("soft-hit, crossed=true → notifier mit info-payload + ctx.write markSoftWarned", async () => {
+    const ctx = stubCalendarCtx([{ value: 1100, lastSoftWarnedAt: null }]);
+    const write = vi.fn(async () => ({ isSuccess: true, data: {} }));
+    (ctx as unknown as { write: typeof write }).write = write;
+    const notify = vi.fn();
+    const result = await enforceCapAndMaybeNotify(ctx, { ...baseOpts, notify });
+    expect(result.state).toBe("soft-hit");
+    expect(notify).toHaveBeenCalledExactlyOnceWith({
+      capName: "mails-per-month",
+      value: 1100,
+      limit: 1000,
+      tenantId: "tenant-test",
+    });
+    expect(write).toHaveBeenCalledExactlyOnceWith("cap-counter:write:mark-soft-warned", {
+      capName: "mails-per-month",
+      periodStartIso: PERIOD,
+    });
+  });
+  test("soft-hit, crossed=false (already warned) → notifier NICHT erneut aufgerufen", async () => {
+    const ctx = stubCalendarCtx([{ value: 1150, lastSoftWarnedAt: "2026-05-15T12:00:00Z" }]);
+    const notify = vi.fn();
+    const result = await enforceCapAndMaybeNotify(ctx, { ...baseOpts, notify });
+    expect(result.state).toBe("soft-hit");
+    expect(notify).not.toHaveBeenCalled();
+  });
+  test("hard-hit → throws CapExceededError BEVOR notifier feuert", async () => {
+    const ctx = stubCalendarCtx([{ value: 1500, lastSoftWarnedAt: null }]);
+    const notify = vi.fn();
+    await expect(enforceCapAndMaybeNotify(ctx, { ...baseOpts, notify })).rejects.toThrow(
+      CapExceededError,
+    );
+    expect(notify).not.toHaveBeenCalled();
+  });
+});
+// =============================================================================
+// enforceRollingCapAndMaybeNotify — Rolling + Notification (no dedup)
+// =============================================================================
+describe("enforceRollingCapAndMaybeNotify — rolling", () => {
+  const baseOpts = {
+    capName: "ai-tokens-7d",
+    windowDays: 7,
+    limit: 10000,
+    profile: "burstable" as const,
+  };
+  test("ok → notifier NICHT aufgerufen", async () => {
+    const ctx = stubRollingCtx([{ amount: 100 }]);
+    const notify = vi.fn();
+    const result = await enforceRollingCapAndMaybeNotify(ctx, { ...baseOpts, notify });
+    expect(result.state).toBe("ok");
+    expect(notify).not.toHaveBeenCalled();
+  });
+  test("soft-hit → notifier feuert (ohne dedup, Caller-Verantwortung)", async () => {
+    const ctx = stubRollingCtx([{ amount: 6000 }, { amount: 5000 }]);
+    const notify = vi.fn();
+    const result = await enforceRollingCapAndMaybeNotify(ctx, { ...baseOpts, notify });
+    expect(result.state).toBe("soft-hit");
+    expect(notify).toHaveBeenCalledExactlyOnceWith({
+      capName: "ai-tokens-7d",
+      value: 11000,
+      limit: 10000,
+      tenantId: "tenant-test",
+    });
+  });
+  test("zwei aufeinanderfolgende soft-hit-Calls → notifier 2× (kein Dedup)", async () => {
+    // Drift-Pin: rolling-counter trackt KEIN lastSoftWarnedAt; Caller
+    // muss selbst dedup'en (Cache-Eintrag, Hourly-Cron etc.). Wenn
+    // ein Refactor heimlich Dedup einbaut ohne projection-row, fällt
+    // das hier auf.
+    const ctx = stubRollingCtx([{ amount: 11000 }]);
+    const notify = vi.fn();
+    await enforceRollingCapAndMaybeNotify(ctx, { ...baseOpts, notify });
+    await enforceRollingCapAndMaybeNotify(ctx, { ...baseOpts, notify });
+    expect(notify).toHaveBeenCalledTimes(2);
+  });
+});
+// =============================================================================
+// Period-Helpers
+// =============================================================================
+describe("currentCalendarMonthStartIso", () => {
+  test("returns 1st of month at 00:00 UTC, ISO format", () => {
+    const midMay = Temporal.Instant.from("2026-05-15T14:32:11Z");
+    const result = currentCalendarMonthStartIso(midMay);
+    expect(result).toBe("2026-05-01T00:00:00Z");
+  });
+});
+// =============================================================================
+// Aggregate-ID drift-pins — Namespace-Wechsel würde tenant-stored
+// Counter-History komplett re-keyen. Pinning der UUIDs.
+// =============================================================================
+describe("aggregate-id namespaces — drift-pin", () => {
+  test("calendar capCounterAggregateId stable für (tenant, capName, period)", async () => {
+    const { capCounterAggregateId } = await import("../aggregate-id");
+    expect(capCounterAggregateId("tenant-1", "cap-x", "2026-05-01T00:00:00Z")).toBe(
+      "2e74a706-7cc1-51ca-a1a7-89e5c5bccb7e",
+    );
+  });
+  test("rolling rollingCapAggregateId stable für (tenant, capName)", async () => {
+    const { rollingCapAggregateId } = await import("../aggregate-id");
+    // Pinne den exakten UUID-output. Wenn jemand den Namespace-uuid in
+    // aggregate-id.ts ändert, kollabiert die ganze rolling-counter-
+    // history des Tenants — Test fängt's vor dem Deploy.
+    expect(rollingCapAggregateId("tenant-1", "ai-tokens-7d")).toBe(
+      "7d3dc5df-561f-555f-96d7-e9542d0de679",
+    );
+  });
+  test("calendar und rolling produzieren UNTERSCHIEDLICHE UUIDs für gleiches Tupel", async () => {
+    const { capCounterAggregateId, rollingCapAggregateId } = await import("../aggregate-id");
+    // Selbst wenn jemand "1970-01-01..." als periodStart in den
+    // calendar-Pfad reinpasst, soll die UUID NICHT mit dem rolling-
+    // aggregate kollidieren — sonst würden sich die beiden Streams
+    // vermischen und Counter wären falsch.
+    const calendarId = capCounterAggregateId("tenant-1", "ai-tokens-7d", "1970-01-01T00:00:00Z");
+    const rollingId = rollingCapAggregateId("tenant-1", "ai-tokens-7d");
+    expect(calendarId).not.toBe(rollingId);
+  });
+});

package/src/cap-counter/__tests__/with-cap-enforcement.integration.ts ADDED Viewed

@@ -0,0 +1,265 @@
+// Integration-test for withCapEnforcement / withRollingCapEnforcement.
+// Beweist die Wrapper-Verdrahtung end-to-end:
+//   1. Pre-call: enforceCapAndMaybeNotify dispatched (notifier feuert,
+//      mark-soft-warned-handler kippt das DB-Flag)
+//   2. Handler runs — only when below hard-cap
+//   3. Post-success: ctx.write(increment) — counter steigt um `amount`
+//   4. Hard-hit: handler runs NICHT, counter NICHT inkrementiert
+//   5. Failed handler: counter NICHT inkrementiert (cap-quota nicht
+//      verbrannt für gescheiterte writes)
+import type { DbConnection } from "@cosmicdrift/kumiko-framework/db";
+import { defineFeature, type WriteHandlerDef } from "@cosmicdrift/kumiko-framework/engine";
+import { createEventsTable } from "@cosmicdrift/kumiko-framework/event-store";
+import {
+  createEntityTable,
+  createTestUser,
+  setupTestStack,
+  type TestStack,
+  testTenantId,
+} from "@cosmicdrift/kumiko-framework/stack";
+import { afterAll, beforeAll, describe, expect, test } from "vitest";
+import { z } from "zod";
+import { CapCounterQueries } from "../constants";
+import type { SoftHitNotifier } from "../enforce-cap";
+import { capCounterEntity } from "../entity";
+import { capCounterFeature } from "../feature";
+import { withCapEnforcement, withRollingCapEnforcement } from "../with-cap-enforcement";
+// =============================================================================
+// Test-Probe — newsletter-send-Handler with cap-enforcement
+// =============================================================================
+//
+// Module-level state für die Tests:
+//   - sendCallCount: wie oft der gewrappte Handler tatsächlich gerufen wurde
+//     (Drift-Pin: bei hard-hit darf das NICHT inkrementieren)
+//   - recordedNotifications: Notifier-callback firings
+//   - failNextSend: simuliert handler-Fehler — Drift-Pin: Counter darf
+//     bei failure nicht inkrementieren
+let sendCallCount = 0;
+let failNextSend = false;
+const recordedNotifications: Array<{ capName: string; value: number }> = [];
+const recordingNotifier: SoftHitNotifier = (info) => {
+  recordedNotifications.push({ capName: info.capName, value: info.value });
+};
+const innerSendHandler: WriteHandlerDef = {
+  name: "send-newsletter",
+  schema: z.object({ to: z.string() }),
+  access: { roles: ["TenantAdmin", "SystemAdmin"] },
+  handler: async (_event, _ctx) => {
+    sendCallCount += 1;
+    if (failNextSend) {
+      failNextSend = false;
+      throw new Error("send-failed-on-purpose");
+    }
+    return { isSuccess: true as const, data: { sent: true } };
+  },
+};
+const PERIOD = "2026-07-01T00:00:00Z";
+const wrappedCalendar = withCapEnforcement(innerSendHandler, () => ({
+  capName: "newsletter-cap",
+  periodStartIso: PERIOD,
+  limit: 5,
+  profile: "burstable",
+  notify: recordingNotifier,
+}));
+const wrappedRolling = withRollingCapEnforcement(
+  { ...innerSendHandler, name: "send-rolling" },
+  () => ({
+    capName: "newsletter-rolling-cap",
+    windowDays: 7,
+    limit: 5,
+    profile: "burstable",
+    notify: recordingNotifier,
+  }),
+);
+const NEWSLETTER_QN = "newsletter:write:send-newsletter";
+const NEWSLETTER_ROLLING_QN = "newsletter:write:send-rolling";
+const newsletterFeature = defineFeature("newsletter", (r) => {
+  r.writeHandler(wrappedCalendar);
+  r.writeHandler(wrappedRolling);
+});
+// =============================================================================
+// Setup
+// =============================================================================
+let stack: TestStack;
+let db: DbConnection;
+beforeAll(async () => {
+  stack = await setupTestStack({ features: [capCounterFeature, newsletterFeature] });
+  db = stack.db;
+  await createEntityTable(db, capCounterEntity);
+  await createEventsTable(db);
+});
+afterAll(async () => {
+  await stack.cleanup();
+});
+function adminFor(tenantNumber: number) {
+  return createTestUser({
+    id: tenantNumber,
+    tenantId: testTenantId(tenantNumber),
+    roles: ["TenantAdmin", "SystemAdmin"],
+  });
+}
+async function readCounter(user: ReturnType<typeof adminFor>, capName: string, period: string) {
+  return (await stack.http.queryOk(
+    CapCounterQueries.getCounter,
+    { capName, periodStartIso: period },
+    user,
+  )) as Record<string, unknown> | null;
+}
+function resetState() {
+  sendCallCount = 0;
+  failNextSend = false;
+  recordedNotifications.length = 0;
+}
+// =============================================================================
+// Calendar-wrapper scenarios
+// =============================================================================
+describe("withCapEnforcement — calendar", () => {
+  test("under-cap: handler läuft, counter inkrementiert um 1 pro success", async () => {
+    resetState();
+    const admin = adminFor(1201);
+    await stack.http.writeOk(NEWSLETTER_QN, { to: "a@x.de" }, admin);
+    await stack.http.writeOk(NEWSLETTER_QN, { to: "b@x.de" }, admin);
+    await stack.http.writeOk(NEWSLETTER_QN, { to: "c@x.de" }, admin);
+    expect(sendCallCount).toBe(3);
+    const row = await readCounter(admin, "newsletter-cap", PERIOD);
+    expect(row).not.toBeNull();
+    expect(row!["value"]).toBe(3);
+    expect(recordedNotifications).toHaveLength(0);
+  });
+  test("hard-hit: handler läuft NICHT, counter NICHT weiter inkrementiert", async () => {
+    resetState();
+    const admin = adminFor(1203);
+    // limit=5, soft=1.1×5=5.5, hard=1.2×5=6. Da Counter int ist, springt
+    // value(5)→6 direkt in den hard-Bereich (keine intermediate soft-zone
+    // bei limit=5). Soft-hit-Verhalten ist im enforce-cap-Integration-Test
+    // mit limit=1000 schon gepinnt; hier liegt der Fokus auf hard-block.
+    for (let i = 0; i < 6; i++) {
+      await stack.http.writeOk(NEWSLETTER_QN, { to: `${i}@x.de` }, admin);
+    }
+    expect(sendCallCount).toBe(6);
+    const beforeBlocked = await readCounter(admin, "newsletter-cap", PERIOD);
+    expect(beforeBlocked!["value"]).toBe(6);
+    // 7. send: pre-call sieht value=6 ≥ hard=6 → CapExceededError, der
+    // dispatcher wickelt's als internal_error mit causeName=CapExceededError.
+    const error = await stack.http.writeErr(NEWSLETTER_QN, { to: "blocked@x.de" }, admin);
+    expect(JSON.stringify(error)).toMatch(/CapExceededError/);
+    // Drift-Pin: handler darf NICHT gelaufen sein (sendCallCount unverändert)
+    expect(sendCallCount).toBe(6);
+    // Drift-Pin: counter NICHT weiter inkrementiert (immer noch 6)
+    const afterBlocked = await readCounter(admin, "newsletter-cap", PERIOD);
+    expect(afterBlocked!["value"]).toBe(6);
+  });
+  test("failed handler: counter NICHT inkrementiert (cap-quota nicht verbrannt)", async () => {
+    resetState();
+    const admin = adminFor(1204);
+    // Erster send: success, counter → 1
+    await stack.http.writeOk(NEWSLETTER_QN, { to: "first@x.de" }, admin);
+    expect(sendCallCount).toBe(1);
+    // Zweiter send schlägt fehl im inner-handler (failNextSend=true).
+    // Wrapper soll NICHT inkrementieren.
+    failNextSend = true;
+    await stack.http.writeErr(NEWSLETTER_QN, { to: "fail@x.de" }, admin);
+    expect(sendCallCount).toBe(2);
+    // Counter bleibt bei 1 — der gescheiterte send hat keine quota verbrannt.
+    const row = await readCounter(admin, "newsletter-cap", PERIOD);
+    expect(row!["value"]).toBe(1);
+  });
+});
+// =============================================================================
+// Rolling-wrapper scenarios — kürzer, weil Notification-Wiring + base-flow
+// schon vom calendar-Test abgedeckt sind.
+// =============================================================================
+describe("withRollingCapEnforcement — rolling", () => {
+  test("under-cap: handler läuft, increment-rolling-events accumulieren", async () => {
+    resetState();
+    const admin = adminFor(1301);
+    await stack.http.writeOk(NEWSLETTER_ROLLING_QN, { to: "a@x.de" }, admin);
+    await stack.http.writeOk(NEWSLETTER_ROLLING_QN, { to: "b@x.de" }, admin);
+    expect(sendCallCount).toBe(2);
+    // Read via enforceRollingCap — kein direct-getter, aber wir können
+    // einen weiteren write absetzen und das Ergebnis prüfen ist
+    // upstream. Wichtig: handler ist aufgerufen.
+  });
+  test("hard-hit: rolling-counter blockiert weitere sends", async () => {
+    resetState();
+    const admin = adminFor(1302);
+    // limit=5, soft=5.5, hard=6. 6 sends bringen value=6 → 7. send blockiert.
+    for (let i = 0; i < 6; i++) {
+      await stack.http.writeOk(NEWSLETTER_ROLLING_QN, { to: `${i}@x.de` }, admin);
+    }
+    expect(sendCallCount).toBe(6);
+    const error = await stack.http.writeErr(NEWSLETTER_ROLLING_QN, { to: "blocked@x.de" }, admin);
+    expect(JSON.stringify(error)).toMatch(/CapExceededError/);
+    expect(sendCallCount).toBe(6); // handler wurde NICHT erneut aufgerufen
+  });
+  test("failed handler: kein increment-rolling-event hinzugefügt (cap-quota nicht verbrannt)", async () => {
+    // Symmetrisch zum calendar-Test "failed handler: counter NICHT
+    // inkrementiert". Beweist dass der rolling-Wrapper denselben
+    // Atomicity-Vertrag erfüllt: nur erfolgreiche handler verbrennen
+    // quota.
+    resetState();
+    const admin = adminFor(1303);
+    // 1. send: success → increment-rolling-event #1
+    await stack.http.writeOk(NEWSLETTER_ROLLING_QN, { to: "first@x.de" }, admin);
+    expect(sendCallCount).toBe(1);
+    // 2. send: handler wirft → kein increment-rolling-event
+    failNextSend = true;
+    await stack.http.writeErr(NEWSLETTER_ROLLING_QN, { to: "fail@x.de" }, admin);
+    expect(sendCallCount).toBe(2);
+    // 3. send: success → increment-rolling-event #2 (Drift-Pin: counter
+    // steht bei 2, NICHT bei 3 — der gescheiterte send #2 hat keine
+    // quota verbrannt). Wir treiben den counter bis genau hard-1, das
+    // funktioniert NUR wenn #2 nicht gezählt wurde.
+    for (let i = 0; i < 4; i++) {
+      await stack.http.writeOk(NEWSLETTER_ROLLING_QN, { to: `s-${i}@x.de` }, admin);
+    }
+    expect(sendCallCount).toBe(6);
+    // 7. send (= hard@6): blockiert. counter steht bei 5 (1 + 4),
+    // pre-call sieht 5 < hard@6 → handler läuft + increment, counter
+    // steigt auf 6. Direkt danach blockiert der nächste send.
+    // Wenn der gescheiterte send fälschlich gezählt hätte, wäre der
+    // counter schon bei 6 und der jetzt-erlaubte send würde blockieren.
+    await stack.http.writeOk(NEWSLETTER_ROLLING_QN, { to: "last-allowed@x.de" }, admin);
+    expect(sendCallCount).toBe(7);
+    const blocked = await stack.http.writeErr(NEWSLETTER_ROLLING_QN, { to: "blocked@x.de" }, admin);
+    expect(JSON.stringify(blocked)).toMatch(/CapExceededError/);
+    expect(sendCallCount).toBe(7); // wrapper hat den blockierten handler NICHT gerufen
+  });
+});