@cosmicdrift/kumiko-bundled-features 0.72.0 → 0.74.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cosmicdrift/kumiko-bundled-features",
-  "version": "0.72.0",
+  "version": "0.74.0",
   "description": "Built-in features — tenant, user, auth, delivery. The stuff you'd rewrite anyway, already typed.",
   "license": "BUSL-1.1",
   "author": "Marc Frost <marc@cosmicdriftgamestudio.com>",
@@ -84,11 +84,11 @@
     "./step-dispatcher": "./src/step-dispatcher/index.ts"
   },
   "dependencies": {
-    "@cosmicdrift/kumiko-dispatcher-live": "0.72.0",
-    "@cosmicdrift/kumiko-framework": "0.72.0",
-    "@cosmicdrift/kumiko-headless": "0.72.0",
-    "@cosmicdrift/kumiko-renderer": "0.72.0",
-    "@cosmicdrift/kumiko-renderer-web": "0.72.0",
+    "@cosmicdrift/kumiko-dispatcher-live": "0.74.0",
+    "@cosmicdrift/kumiko-framework": "0.74.0",
+    "@cosmicdrift/kumiko-headless": "0.74.0",
+    "@cosmicdrift/kumiko-renderer": "0.74.0",
+    "@cosmicdrift/kumiko-renderer-web": "0.74.0",
     "@mollie/api-client": "^4.5.0",
     "@node-rs/argon2": "^2.0.2",
     "@types/nodemailer": "^8.0.0",
@@ -108,5 +108,8 @@
     "src",
     "README.md",
     "LICENSE"
-  ]
+  ],
+  "devDependencies": {
+    "@testing-library/user-event": "^14.6.1"
+  }
 }

package/src/custom-fields/web/__tests__/custom-fields-form-section.test.tsx

@@ -6,7 +6,8 @@ import {
   PrimitivesProvider,
 } from "@cosmicdrift/kumiko-renderer";
 import { defaultPrimitives } from "@cosmicdrift/kumiko-renderer-web";
-import { fireEvent, render, screen, waitFor } from "@testing-library/react";
+import { render, screen, waitFor } from "@testing-library/react";
+import userEvent from "@testing-library/user-event";
 import type { ReactNode } from "react";
 import { CustomFieldsFormSection } from "../custom-fields-form-section";
 import { defaultTranslations } from "../i18n";
@@ -51,6 +52,7 @@ function Wrapper({ children }: { readonly children: ReactNode }): ReactNode {
 
 describe("CustomFieldsFormSection", () => {
   test("renders an input per matching fieldDefinition and dispatches set-custom-field on save", async () => {
+    const user = userEvent.setup();
     mockedQueryRows = [
       {
         id: "f1",
@@ -94,10 +96,10 @@ describe("CustomFieldsFormSection", () => {
     expect(document.getElementById("custom-field-rootCause")).toBeNull();
 
     // Type in vendor; tier left empty (should be skipped on save).
-    fireEvent.change(vendorInput, { target: { value: "Hetzner" } });
+    await user.type(vendorInput, "Hetzner");
 
     const saveBtn = screen.getByTestId("custom-fields-form-save");
-    fireEvent.click(saveBtn);
+    await user.click(saveBtn);
     // waitFor statt fester Promise.resolve()-Ticks — robust gegen zusätzliche
     // Microtasks im async handleSave-Loop (z.B. ein neuer dispatch-Wrapper).
     await waitFor(() => expect(dispatchSpy).toHaveBeenCalledTimes(1));
@@ -111,6 +113,7 @@ describe("CustomFieldsFormSection", () => {
   });
 
   test("pre-fills inputs from initialValues (Edit zeigt den Bestand, nicht write-only)", async () => {
+    const user = userEvent.setup();
     mockedQueryRows = [
       {
         id: "f1",
@@ -153,12 +156,11 @@ describe("CustomFieldsFormSection", () => {
     expect(saveBtn.disabled).toBe(true);
 
     // Nur das geänderte Feld wird geschrieben, nicht der unveränderte Bestand.
-    fireEvent.change(vendorInput, { target: { value: "Netcup" } });
+    await user.clear(vendorInput);
+    await user.type(vendorInput, "Netcup");
     expect(saveBtn.disabled).toBe(false);
-    fireEvent.click(saveBtn);
-    await Promise.resolve();
-    await Promise.resolve();
-    expect(dispatchSpy).toHaveBeenCalledTimes(1);
+    await user.click(saveBtn);
+    await waitFor(() => expect(dispatchSpy).toHaveBeenCalledTimes(1));
     expect(dispatchSpy).toHaveBeenCalledWith("custom-fields:write:set-custom-field", {
       entityName: "component",
       entityId: "row-42",
@@ -237,6 +239,7 @@ describe("CustomFieldsFormSection", () => {
 
 describe("CustomFieldsFormSection — clear-Pfad", () => {
   test("Leeren eines gespeicherten Werts dispatched clear-custom-field (nicht skip)", async () => {
+    const user = userEvent.setup();
     mockedQueryRows = [
       {
         id: "f1",
@@ -262,12 +265,9 @@ describe("CustomFieldsFormSection — clear-Pfad", () => {
     const vendorInput = document.getElementById("custom-field-vendor") as HTMLInputElement;
     expect(vendorInput.value).toBe("Hetzner");
 
-    fireEvent.change(vendorInput, { target: { value: "" } });
-    fireEvent.click(screen.getByTestId("custom-fields-form-save"));
-    await Promise.resolve();
-    await Promise.resolve();
-
-    expect(dispatchSpy).toHaveBeenCalledTimes(1);
+    await user.clear(vendorInput);
+    await user.click(screen.getByTestId("custom-fields-form-save"));
+    await waitFor(() => expect(dispatchSpy).toHaveBeenCalledTimes(1));
     expect(dispatchSpy).toHaveBeenCalledWith("custom-fields:write:clear-custom-field", {
       entityName: "component",
       entityId: "row-42",
@@ -276,6 +276,7 @@ describe("CustomFieldsFormSection — clear-Pfad", () => {
   });
 
   test("unveränderter Bestandswert wird beim Save NICHT erneut geschrieben", async () => {
+    const user = userEvent.setup();
     mockedQueryRows = [
       {
         id: "f1",
@@ -300,18 +301,16 @@ describe("CustomFieldsFormSection — clear-Pfad", () => {
 
     const vendorInput = document.getElementById("custom-field-vendor") as HTMLInputElement;
     // Tippen + zurück auf den Bestandswert → nicht dirty, kein Write.
-    fireEvent.change(vendorInput, { target: { value: "Hetzner2" } });
-    fireEvent.change(vendorInput, { target: { value: "Hetzner" } });
-    fireEvent.click(screen.getByTestId("custom-fields-form-save"));
-    await Promise.resolve();
-    await Promise.resolve();
-
-    expect(dispatchSpy).not.toHaveBeenCalled();
+    await user.type(vendorInput, "2");
+    await user.type(vendorInput, "{Backspace}");
+    await user.click(screen.getByTestId("custom-fields-form-save"));
+    await waitFor(() => expect(dispatchSpy).not.toHaveBeenCalled());
   });
 });
 
 describe("CustomFieldsFormSection — boolean/date-Pfade", () => {
   test("boolean: Bestand wird als true/false-String angezeigt, Save coerced zu boolean", async () => {
+    const user = userEvent.setup();
     mockedQueryRows = [
       {
         id: "f1",
@@ -340,17 +339,16 @@ describe("CustomFieldsFormSection — boolean/date-Pfade", () => {
     if (checkbox === null) throw new Error("boolean checkbox not rendered");
     expect(checkbox.getAttribute("aria-checked")).toBe("true");
 
-    fireEvent.click(checkbox);
-    fireEvent.click(screen.getByTestId("custom-fields-form-save"));
-    await Promise.resolve();
-    await Promise.resolve();
-
-    expect(dispatchSpy).toHaveBeenCalledWith("custom-fields:write:set-custom-field", {
-      entityName: "component",
-      entityId: "row-42",
-      fieldKey: "active",
-      value: false,
-    });
+    await user.click(checkbox);
+    await user.click(screen.getByTestId("custom-fields-form-save"));
+    await waitFor(() =>
+      expect(dispatchSpy).toHaveBeenCalledWith("custom-fields:write:set-custom-field", {
+        entityName: "component",
+        entityId: "row-42",
+        fieldKey: "active",
+        value: false,
+      }),
+    );
   });
 
   test("date: Bestand erreicht das DateInput-Textfeld (locale-numerisch)", () => {

package/src/tenant/__tests__/tenant.integration.test.ts

@@ -368,3 +368,68 @@ describe("scenario 7: access rules on handlers", () => {
     });
   });
 });
+
+// --- Scenario 8: entityList/entityEdit convention QNs ---
+//
+// The SystemAdmin tenant-list/tenant-edit screens resolve data through the
+// entity-suffixed convention QNs (tenant:query:tenant:{list,detail},
+// tenant:write:tenant:update), which were added alongside the legacy
+// tenant:query:list / tenant:write:update handlers. The boot-validator does NOT
+// check that an entityEdit has a matching update/detail handler, so this is the
+// only thing that proves the screens have a live data path. Literal QNs on
+// purpose — they ARE the wire contract the renderer computes.
+
+describe("scenario 8: entityList/entityEdit convention QNs", () => {
+  test("tenant:query:tenant:list returns all tenants for SystemAdmin (systemScope)", async () => {
+    const result = await stack.http.queryOk<{ rows: Record<string, unknown>[] }>(
+      "tenant:query:tenant:list",
+      {},
+      systemAdmin,
+    );
+    // acme + beta exist from earlier scenarios — systemScope yields all tenants.
+    expect(result.rows.length).toBeGreaterThanOrEqual(2);
+    expect(result.rows.map((r) => r["key"])).toEqual(expect.arrayContaining(["acme", "beta"]));
+  });
+
+  test("tenant:query:tenant:detail + tenant:write:tenant:update round-trip (entityEdit save persists)", async () => {
+    const created = await stack.http.writeOk(
+      "tenant:write:create",
+      { key: "delta", name: "Delta" },
+      systemAdmin,
+    );
+    const id = (created!["data"] as Record<string, unknown>)["id"] as string;
+
+    // entityEdit loads the row via the detail QN, edits, then saves via update.
+    const loaded = await stack.http.queryOk<Record<string, unknown>>(
+      "tenant:query:tenant:detail",
+      { id },
+      systemAdmin,
+    );
+    expect(loaded["name"]).toBe("Delta");
+
+    await stack.http.writeOk(
+      "tenant:write:tenant:update",
+      { id, version: loaded["version"], changes: { name: "Delta GmbH" } },
+      systemAdmin,
+    );
+
+    const reloaded = await stack.http.queryOk<Record<string, unknown>>(
+      "tenant:query:tenant:detail",
+      { id },
+      systemAdmin,
+    );
+    expect(reloaded["name"]).toBe("Delta GmbH");
+  });
+
+  test("the convention handlers are SystemAdmin-gated", () => {
+    expect(rolesOf(stack.registry.getQueryHandler("tenant:query:tenant:list")?.access)).toEqual([
+      "SystemAdmin",
+    ]);
+    expect(rolesOf(stack.registry.getQueryHandler("tenant:query:tenant:detail")?.access)).toEqual([
+      "SystemAdmin",
+    ]);
+    expect(rolesOf(stack.registry.getWriteHandler("tenant:write:tenant:update")?.access)).toEqual([
+      "SystemAdmin",
+    ]);
+  });
+});

package/src/tenant/feature.ts

@@ -2,6 +2,9 @@ import {
   access,
   createSystemConfig,
   createTenantConfig,
+  defineEntityDetailHandler,
+  defineEntityListHandler,
+  defineEntityUpdateHandler,
   defineFeature,
   type FeatureDefinition,
 } from "@cosmicdrift/kumiko-framework/engine";
@@ -22,6 +25,7 @@ import { updateMemberRolesWrite } from "./handlers/update-member-roles.write";
 import { tenantInvitationEntity } from "./invitation-table";
 import { tenantMembershipEntity } from "./membership-table";
 import { tenantEntity } from "./schema/tenant";
+import { tenantEditScreen, tenantListScreen } from "./screens";
 
 export { tenantEntity, tenantTable } from "./schema/tenant";
 
@@ -113,6 +117,24 @@ export function createTenantFeature(): FeatureDefinition {
       invitations: r.queryHandler(invitationsQuery),
     };
 
+    // Entity-convention handlers for the SystemAdmin entityList/entityEdit
+    // screens. The feature's original handlers predate the `<entity>:<verb>`
+    // naming (they sit on tenant:query:list / tenant:write:update); entityList/
+    // entityEdit resolve tenant:query:tenant:{list,detail} + tenant:write:tenant:
+    // update by convention, so these are added alongside (no rename = no break
+    // for existing callers). Cross-tenant because the feature is systemScope.
+    r.queryHandler(
+      defineEntityListHandler("tenant", tenantEntity, { access: { roles: ["SystemAdmin"] } }),
+    );
+    r.queryHandler(
+      defineEntityDetailHandler("tenant", tenantEntity, { access: { roles: ["SystemAdmin"] } }),
+    );
+    r.writeHandler(
+      defineEntityUpdateHandler("tenant", tenantEntity, { access: { roles: ["SystemAdmin"] } }),
+    );
+    r.screen(tenantListScreen);
+    r.screen(tenantEditScreen);
+
     return { handlers, queries };
   });
 }

package/src/tenant/screens.ts

@@ -0,0 +1,46 @@
+import type {
+  EntityEditScreenDefinition,
+  EntityListScreenDefinition,
+} from "@cosmicdrift/kumiko-framework/engine";
+
+// Cross-tenant SystemAdmin platform view of the tenants themselves. The tenant
+// feature runs with `r.systemScope()`, so the entityList returns every tenant.
+// Both screens are SystemAdmin-gated and inert until an app navs them.
+//
+// Backed by the entity-convention handlers registered in feature.ts
+// (tenant:query:tenant:{list,detail}, tenant:write:tenant:update). The legacy
+// `tenant:query:list` / `tenant:write:update` handlers stay for existing
+// callers — these screens bind to the entity-suffixed QNs by convention.
+
+export const tenantListScreen: EntityListScreenDefinition = {
+  id: "tenant-list",
+  type: "entityList",
+  entity: "tenant",
+  columns: ["key", "name", "isEnabled"],
+  rowActions: [
+    {
+      kind: "navigate",
+      id: "edit",
+      label: "kumiko.actions.edit",
+      screen: "tenant-edit",
+      entityId: "id",
+    },
+  ],
+  searchable: false,
+  access: { roles: ["SystemAdmin"] },
+};
+
+export const tenantEditScreen: EntityEditScreenDefinition = {
+  id: "tenant-edit",
+  type: "entityEdit",
+  entity: "tenant",
+  layout: {
+    // `key` is the unique admin-URL slug — shown in the list, not editable here.
+    sections: [{ columns: 2, fields: ["name", "isEnabled"] }],
+  },
+  // No raw tenant creation (onboarding owns membership/owner setup) and no
+  // hard delete (no tenant:write:tenant:delete — disable via isEnabled instead).
+  allowCreate: false,
+  allowDelete: false,
+  access: { roles: ["SystemAdmin"] },
+};

package/src/user/__tests__/admin-screens.boot.test.ts

@@ -0,0 +1,73 @@
+import { describe, expect, test } from "bun:test";
+import { validateBoot } from "@cosmicdrift/kumiko-framework/engine";
+import { createConfigFeature } from "../../config/feature";
+import { createTenantFeature } from "../../tenant/feature";
+import { createUserFeature } from "../feature";
+
+// The SystemAdmin platform screens (entityList + entityEdit for user/tenant)
+// must live IN the user/tenant features — the boot-validator forbids
+// cross-feature screen ownership. The validator checks screen STRUCTURE
+// (entity-local, columns/fields exist, rowAction targets resolve) but NOT that
+// an entityEdit has a matching update/detail handler. That convention-QN wiring
+// is the load-bearing part here, so it is asserted explicitly.
+//
+// QN convention (collectWriteHandlerQns / collectScreenQns): a handler keyed
+// "<short>" in feature "<f>" resolves to "<f>:<kind>:<short>". entityList loads
+// "<f>:query:<entity>:list", entityEdit loads "<f>:query:<entity>:detail" and
+// saves via "<f>:write:<entity>:{create,update}".
+
+describe("user + tenant SystemAdmin admin screens", () => {
+  const features = [createConfigFeature(), createUserFeature(), createTenantFeature()];
+
+  test("the assembled feature set boot-validates", () => {
+    expect(() => validateBoot(features)).not.toThrow();
+  });
+
+  test("user feature ships SystemAdmin-gated list + edit screens", () => {
+    const user = createUserFeature();
+    expect(Object.keys(user.screens)).toEqual(expect.arrayContaining(["user-list", "user-edit"]));
+    const list = user.screens["user-list"];
+    expect(list?.type).toBe("entityList");
+    expect(list?.access).toEqual({ roles: ["SystemAdmin"] });
+    expect(user.screens["user-edit"]?.type).toBe("entityEdit");
+  });
+
+  test("user list/detail/create/update handlers already sit on the screen QNs", () => {
+    const user = createUserFeature();
+    // → user:query:user:list, user:query:user:detail
+    expect(Object.keys(user.queryHandlers)).toEqual(
+      expect.arrayContaining(["user:list", "user:detail"]),
+    );
+    // → user:write:user:update (entityEdit save), user:write:user:create ("+ New")
+    expect(Object.keys(user.writeHandlers)).toEqual(
+      expect.arrayContaining(["user:update", "user:create"]),
+    );
+  });
+
+  test("tenant feature ships list + edit screens (edit-only, no hard delete)", () => {
+    const tenant = createTenantFeature();
+    expect(Object.keys(tenant.screens)).toEqual(
+      expect.arrayContaining(["tenant-list", "tenant-edit"]),
+    );
+    const edit = tenant.screens["tenant-edit"];
+    expect(edit?.type).toBe("entityEdit");
+    if (edit?.type === "entityEdit") {
+      expect(edit.allowCreate).toBe(false);
+      expect(edit.allowDelete).toBe(false);
+    }
+  });
+
+  test("tenant gains entity-convention handlers without dropping the legacy ones", () => {
+    const tenant = createTenantFeature();
+    // New: entityList/entityEdit resolve tenant:query:tenant:{list,detail} +
+    // tenant:write:tenant:update (the legacy handlers are keyed "list"/"update"
+    // → tenant:query:list / tenant:write:update, which the convention misses).
+    expect(Object.keys(tenant.queryHandlers)).toEqual(
+      expect.arrayContaining(["tenant:list", "tenant:detail"]),
+    );
+    expect(Object.keys(tenant.writeHandlers)).toContain("tenant:update");
+    // Legacy handlers stay for existing callers (no rename = no break).
+    expect(Object.keys(tenant.queryHandlers)).toContain("list");
+    expect(Object.keys(tenant.writeHandlers)).toContain("update");
+  });
+});

package/src/user/feature.ts

@@ -6,6 +6,7 @@ import { listQuery } from "./handlers/list.query";
 import { meQuery } from "./handlers/me.query";
 import { updateWrite } from "./handlers/update.write";
 import { userEntity } from "./schema/user";
+import { userEditScreen, userListScreen } from "./screens";
 
 // The user feature holds the cross-tenant user identity. `systemScope()` means
 // queries and writes bypass the tenant filter — a user exists above any tenant.
@@ -35,6 +36,13 @@ export function createUserFeature(): FeatureDefinition {
       findForAuth: r.queryHandler(findForAuthQuery),
     };
 
+    // Cross-tenant SystemAdmin platform screens. Inert until an app navs them;
+    // list/detail/create/update handlers above already sit on the QNs that
+    // entityList/entityEdit resolve by convention (user:query:user:{list,detail},
+    // user:write:user:{create,update}).
+    r.screen(userListScreen);
+    r.screen(userEditScreen);
+
     return { handlers, queries };
   });
 }

package/src/user/screens.ts

@@ -0,0 +1,57 @@
+import type {
+  EntityEditScreenDefinition,
+  EntityListScreenDefinition,
+} from "@cosmicdrift/kumiko-framework/engine";
+
+// Cross-tenant platform admin view of the user identity. Because the user
+// feature runs with `r.systemScope()`, the entityList query returns every
+// user across all tenants — the SystemAdmin platform roster. Both screens are
+// SystemAdmin-gated and stay inert until an app navs them (no auto-nav).
+//
+// Field labels come from the renderer's humanizeSlug fallback (no i18n keys
+// registered) — "Display Name", "Email Verified" etc. Apps can override via
+// their own translations under the `user:entity:user:field:*` convention.
+
+export const userListScreen: EntityListScreenDefinition = {
+  id: "user-list",
+  type: "entityList",
+  entity: "user",
+  columns: ["email", "displayName", "status", "emailVerified"],
+  rowActions: [
+    {
+      kind: "navigate",
+      id: "edit",
+      label: "kumiko.actions.edit",
+      screen: "user-edit",
+      entityId: "id",
+    },
+  ],
+  // No SearchAdapter assumption: search is opt-in per app infra, not a
+  // universal default for a bundled screen.
+  searchable: false,
+  access: { roles: ["SystemAdmin"] },
+};
+
+export const userEditScreen: EntityEditScreenDefinition = {
+  id: "user-edit",
+  type: "entityEdit",
+  entity: "user",
+  layout: {
+    sections: [
+      {
+        columns: 2,
+        fields: ["email", "displayName", "locale", "emailVerified"],
+      },
+    ],
+  },
+  // `roles` is deliberately NOT editable here: it is a raw JSON text column
+  // (`["SystemAdmin"]`) — a free-text input would let a typo corrupt the
+  // privilege column on a live platform. Role management needs a dedicated
+  // surface; the list still shows status for triage.
+  //
+  // Create dispatches user:write:user:create (email + displayName required —
+  // both in the form). Delete is suppressed: there is no user:write:user:delete
+  // — user removal is the GDPR status/forget flow, not a hard delete.
+  allowDelete: false,
+  access: { roles: ["SystemAdmin"] },
+};

package/src/user-profile/web/profile-screen.tsx

@@ -37,10 +37,8 @@ function failureKey(error: unknown): string {
   return typeof key === "string" ? key : "profile.errors.generic";
 }
 
-// gracePeriodEnd ist ein roher ISO-Instant ("2026-07-11T00:00:00.000Z"); nur
-// der Datums-Teil ist für den User relevant, die Uhrzeit/Z wäre Rauschen
-// ("…am 2026-07-11T00:00:00.000Z gelöscht"). Reiner String-Slice — kein
-// Date-API (no-date-api-Guard) und universell (RN+Web). Leer/null → "—".
+// Date-only slice of the raw ISO instant — the time/Z part is noise to the user.
+// Pure string-slice: no Date API (no-date-api guard), universal (RN+Web). Empty → "—".
 export function formatDeletionDate(iso: string | null | undefined): string {
   if (!iso) return "—";
   const tIndex = iso.indexOf("T");