npm - @cosmicdrift/kumiko-framework - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-framework 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (388) hide show

package/README.md +159 -0
package/package.json +91 -0
package/src/__tests__/anonymous-access.integration.ts +325 -0
package/src/__tests__/error-contract.integration.ts +435 -0
package/src/__tests__/field-access.integration.ts +269 -0
package/src/__tests__/full-stack.integration.ts +914 -0
package/src/__tests__/ownership.integration.ts +449 -0
package/src/__tests__/reference-data.integration.ts +198 -0
package/src/__tests__/transition-guard.integration.ts +340 -0
package/src/api/__tests__/api.test.ts +337 -0
package/src/api/__tests__/auth-middleware-transport.test.ts +80 -0
package/src/api/__tests__/auth-routes-cookie.test.ts +179 -0
package/src/api/__tests__/batch.integration.ts +404 -0
package/src/api/__tests__/body-limit.test.ts +88 -0
package/src/api/__tests__/csrf-middleware.test.ts +97 -0
package/src/api/__tests__/dispatcher-live.integration.ts +216 -0
package/src/api/__tests__/metrics-endpoint.test.ts +126 -0
package/src/api/__tests__/nested-write.integration.ts +213 -0
package/src/api/__tests__/readiness.test.ts +76 -0
package/src/api/__tests__/request-id-middleware.test.ts +72 -0
package/src/api/__tests__/sse-broker.test.ts +58 -0
package/src/api/__tests__/sse-route.test.ts +112 -0
package/src/api/anonymous-cookie.ts +60 -0
package/src/api/api-constants.ts +64 -0
package/src/api/auth-middleware.ts +418 -0
package/src/api/auth-routes.ts +982 -0
package/src/api/csrf-middleware.ts +77 -0
package/src/api/index.ts +31 -0
package/src/api/jwt.ts +66 -0
package/src/api/observability-middleware.ts +89 -0
package/src/api/readiness.ts +132 -0
package/src/api/request-context.ts +49 -0
package/src/api/request-id-middleware.ts +50 -0
package/src/api/route-registrars.ts +195 -0
package/src/api/routes.ts +135 -0
package/src/api/server.ts +640 -0
package/src/api/sse-broker.ts +71 -0
package/src/api/sse-route.ts +62 -0
package/src/api/tokens.ts +16 -0
package/src/db/__tests__/apply-entity-event-tenant.integration.ts +159 -0
package/src/db/__tests__/compound-types.test.ts +114 -0
package/src/db/__tests__/connection-options.test.ts +68 -0
package/src/db/__tests__/cursor.test.ts +41 -0
package/src/db/__tests__/db-helpers.test.ts +369 -0
package/src/db/__tests__/dialect-instant.test.ts +50 -0
package/src/db/__tests__/drizzle-helpers.integration.ts +186 -0
package/src/db/__tests__/drizzle-table-types.test.ts +162 -0
package/src/db/__tests__/encryption.test.ts +39 -0
package/src/db/__tests__/event-store-executor-list.integration.ts +313 -0
package/src/db/__tests__/event-store-executor.integration.ts +235 -0
package/src/db/__tests__/implicit-projection-equivalence.integration.ts +304 -0
package/src/db/__tests__/located-timestamp.test.ts +184 -0
package/src/db/__tests__/money.test.ts +199 -0
package/src/db/__tests__/multi-row-insert.integration.ts +76 -0
package/src/db/__tests__/parse-auto-verb.test.ts +70 -0
package/src/db/__tests__/required-not-null-migration-safety.integration.ts +105 -0
package/src/db/__tests__/row-helpers.test.ts +59 -0
package/src/db/__tests__/schema-migration.integration.ts +273 -0
package/src/db/__tests__/table-builder-indexes.test.ts +153 -0
package/src/db/__tests__/table-builder-required.test.ts +216 -0
package/src/db/__tests__/tenant-db.integration.ts +606 -0
package/src/db/__tests__/unique-violation-mapping.integration.ts +166 -0
package/src/db/apply-entity-event.ts +188 -0
package/src/db/assert-exists-in.ts +59 -0
package/src/db/compound-types.ts +47 -0
package/src/db/connection.ts +104 -0
package/src/db/cursor.ts +83 -0
package/src/db/dialect.ts +109 -0
package/src/db/eagerload.ts +174 -0
package/src/db/encryption.ts +39 -0
package/src/db/event-store-executor.ts +906 -0
package/src/db/index.ts +55 -0
package/src/db/located-timestamp.ts +114 -0
package/src/db/money.ts +120 -0
package/src/db/pg-error.ts +46 -0
package/src/db/reference-data.ts +77 -0
package/src/db/row-helpers.ts +53 -0
package/src/db/schema-inspection.ts +25 -0
package/src/db/table-builder.ts +475 -0
package/src/db/tenant-db.ts +434 -0
package/src/engine/__tests__/auth-claims-registrar.test.ts +74 -0
package/src/engine/__tests__/boot-validator-located-timestamps.test.ts +108 -0
package/src/engine/__tests__/boot-validator.test.ts +1865 -0
package/src/engine/__tests__/build-app-schema.test.ts +154 -0
package/src/engine/__tests__/claim-keys.test.ts +274 -0
package/src/engine/__tests__/config-helpers.test.ts +236 -0
package/src/engine/__tests__/effective-features.test.ts +86 -0
package/src/engine/__tests__/engine.test.ts +1461 -0
package/src/engine/__tests__/entity-handlers.test.ts +274 -0
package/src/engine/__tests__/event-helpers.test.ts +68 -0
package/src/engine/__tests__/extends-registrar.test.ts +159 -0
package/src/engine/__tests__/factories-long-text.test.ts +84 -0
package/src/engine/__tests__/factories-time.test.ts +158 -0
package/src/engine/__tests__/field-predicates.test.ts +48 -0
package/src/engine/__tests__/hook-phases.test.ts +132 -0
package/src/engine/__tests__/identifiers.test.ts +35 -0
package/src/engine/__tests__/lifecycle-hooks.test.ts +237 -0
package/src/engine/__tests__/nav.test.ts +267 -0
package/src/engine/__tests__/ownership.test.ts +421 -0
package/src/engine/__tests__/parse-ref-target.test.ts +43 -0
package/src/engine/__tests__/projection-helpers.test.ts +62 -0
package/src/engine/__tests__/projection.test.ts +191 -0
package/src/engine/__tests__/qualified-name.test.ts +264 -0
package/src/engine/__tests__/resolve-config-or-param.test.ts +315 -0
package/src/engine/__tests__/run-in.test.ts +38 -0
package/src/engine/__tests__/schema-builder.test.ts +380 -0
package/src/engine/__tests__/screen.test.ts +408 -0
package/src/engine/__tests__/state-machine.test.ts +148 -0
package/src/engine/__tests__/system-user.test.ts +57 -0
package/src/engine/__tests__/validation-hooks.test.ts +71 -0
package/src/engine/access.ts +23 -0
package/src/engine/boot-validator.ts +1528 -0
package/src/engine/build-app-schema.ts +125 -0
package/src/engine/config-helpers.ts +115 -0
package/src/engine/constants.ts +85 -0
package/src/engine/create-app.ts +98 -0
package/src/engine/define-feature.ts +702 -0
package/src/engine/define-handler.ts +78 -0
package/src/engine/define-roles.ts +19 -0
package/src/engine/effective-features.ts +87 -0
package/src/engine/entity-handlers.ts +364 -0
package/src/engine/event-helpers.ts +73 -0
package/src/engine/factories.ts +328 -0
package/src/engine/feature-ast/__tests__/canonical-form.test.ts +416 -0
package/src/engine/feature-ast/__tests__/parse-happy-path.test.ts +197 -0
package/src/engine/feature-ast/__tests__/parse-real-features.test.ts +128 -0
package/src/engine/feature-ast/__tests__/parse.test.ts +888 -0
package/src/engine/feature-ast/__tests__/patch.test.ts +360 -0
package/src/engine/feature-ast/__tests__/patcher.test.ts +469 -0
package/src/engine/feature-ast/__tests__/render-roundtrip.test.ts +287 -0
package/src/engine/feature-ast/extractors.ts +2562 -0
package/src/engine/feature-ast/index.ts +105 -0
package/src/engine/feature-ast/parse.ts +369 -0
package/src/engine/feature-ast/patch.ts +525 -0
package/src/engine/feature-ast/patcher.ts +518 -0
package/src/engine/feature-ast/patterns.ts +434 -0
package/src/engine/feature-ast/render.ts +602 -0
package/src/engine/feature-ast/source-location.ts +45 -0
package/src/engine/field-access.ts +120 -0
package/src/engine/index.ts +254 -0
package/src/engine/ownership.ts +337 -0
package/src/engine/parse-ref-target.ts +22 -0
package/src/engine/pattern-library/__tests__/library.test.ts +351 -0
package/src/engine/pattern-library/index.ts +24 -0
package/src/engine/pattern-library/library.ts +1117 -0
package/src/engine/pattern-library/types.ts +255 -0
package/src/engine/projection-helpers.ts +85 -0
package/src/engine/qualified-name.ts +122 -0
package/src/engine/read-claim.ts +31 -0
package/src/engine/registry.ts +1325 -0
package/src/engine/resolve-config-or-param.ts +153 -0
package/src/engine/run-in.ts +29 -0
package/src/engine/schema-builder.ts +175 -0
package/src/engine/screen-filter-ops.ts +51 -0
package/src/engine/state-machine.ts +70 -0
package/src/engine/system-user.ts +32 -0
package/src/engine/types/config.ts +306 -0
package/src/engine/types/event-type-map.ts +37 -0
package/src/engine/types/feature.ts +574 -0
package/src/engine/types/fields.ts +422 -0
package/src/engine/types/handlers.ts +742 -0
package/src/engine/types/hooks.ts +142 -0
package/src/engine/types/http-route.ts +54 -0
package/src/engine/types/identifiers.ts +47 -0
package/src/engine/types/index.ts +208 -0
package/src/engine/types/nav.ts +46 -0
package/src/engine/types/projection.ts +132 -0
package/src/engine/types/relations.ts +51 -0
package/src/engine/types/screen.ts +452 -0
package/src/engine/types/workspace.ts +42 -0
package/src/engine/validation.ts +33 -0
package/src/entrypoint/__tests__/entrypoint-job-wiring.integration.ts +173 -0
package/src/entrypoint/__tests__/split-deploy.integration.ts +297 -0
package/src/entrypoint/index.ts +442 -0
package/src/errors/__tests__/classes.test.ts +371 -0
package/src/errors/__tests__/write-failures.test.ts +109 -0
package/src/errors/classes.ts +249 -0
package/src/errors/i18n/de.yaml +83 -0
package/src/errors/i18n/en.yaml +80 -0
package/src/errors/index.ts +41 -0
package/src/errors/kumiko-error.ts +67 -0
package/src/errors/reasons.ts +36 -0
package/src/errors/serialize.ts +136 -0
package/src/errors/transition-details.ts +30 -0
package/src/errors/write-error-info.ts +123 -0
package/src/errors/zod-bridge.ts +49 -0
package/src/event-store/__tests__/admin-api.integration.ts +361 -0
package/src/event-store/__tests__/event-store.integration.ts +584 -0
package/src/event-store/__tests__/get-stream-version-perf.integration.ts +83 -0
package/src/event-store/__tests__/perf.integration.ts +255 -0
package/src/event-store/__tests__/snapshot.integration.ts +267 -0
package/src/event-store/__tests__/upcaster-dead-letter.integration.ts +204 -0
package/src/event-store/__tests__/upcaster.integration.ts +460 -0
package/src/event-store/admin-api.ts +257 -0
package/src/event-store/archive.ts +106 -0
package/src/event-store/errors.ts +35 -0
package/src/event-store/event-store.ts +405 -0
package/src/event-store/events-schema.ts +90 -0
package/src/event-store/index.ts +50 -0
package/src/event-store/snapshot.ts +210 -0
package/src/event-store/upcaster-dead-letter.ts +119 -0
package/src/event-store/upcaster.ts +147 -0
package/src/files/__tests__/content-disposition.test.ts +123 -0
package/src/files/__tests__/file-field-column.integration.ts +103 -0
package/src/files/__tests__/file-field-pipeline.integration.ts +211 -0
package/src/files/__tests__/file-handle.test.ts +122 -0
package/src/files/__tests__/files.integration.ts +830 -0
package/src/files/__tests__/storage-tracking.integration.ts +153 -0
package/src/files/content-disposition.ts +55 -0
package/src/files/file-handle.ts +63 -0
package/src/files/file-ref-table.ts +22 -0
package/src/files/file-routes.ts +353 -0
package/src/files/in-memory-provider.ts +62 -0
package/src/files/index.ts +29 -0
package/src/files/local-provider.ts +35 -0
package/src/files/storage-tracking.ts +60 -0
package/src/files/types.ts +118 -0
package/src/i18n/__tests__/i18n.test.ts +72 -0
package/src/i18n/index.ts +29 -0
package/src/jobs/__tests__/job-event-trigger.integration.ts +172 -0
package/src/jobs/__tests__/job-multi-trigger.integration.ts +144 -0
package/src/jobs/__tests__/jobs.integration.ts +566 -0
package/src/jobs/index.ts +2 -0
package/src/jobs/job-runner.ts +574 -0
package/src/lifecycle/__tests__/create-test-lifecycle.ts +19 -0
package/src/lifecycle/__tests__/lifecycle-server.integration.ts +108 -0
package/src/lifecycle/__tests__/lifecycle.test.ts +212 -0
package/src/lifecycle/__tests__/signal-handlers.test.ts +106 -0
package/src/lifecycle/index.ts +13 -0
package/src/lifecycle/lifecycle.ts +160 -0
package/src/lifecycle/signal-handlers.ts +62 -0
package/src/logging/__tests__/pino-trace-bridge.test.ts +50 -0
package/src/logging/index.ts +3 -0
package/src/logging/pino-logger.ts +64 -0
package/src/logging/types.ts +7 -0
package/src/migrations/__tests__/compare-snapshots.test.ts +150 -0
package/src/migrations/__tests__/detect-drift.integration.ts +320 -0
package/src/migrations/__tests__/detect-projections-to-rebuild.integration.ts +134 -0
package/src/migrations/__tests__/rebuild-marker.test.ts +79 -0
package/src/migrations/index.ts +28 -0
package/src/migrations/projection-detection.ts +149 -0
package/src/migrations/rebuild-marker.ts +64 -0
package/src/migrations/schema-drift.ts +395 -0
package/src/observability/__tests__/console-provider.test.ts +67 -0
package/src/observability/__tests__/metric-validator.test.ts +87 -0
package/src/observability/__tests__/noop-provider.test.ts +82 -0
package/src/observability/__tests__/observability.integration.ts +559 -0
package/src/observability/__tests__/prometheus-meter.test.ts +144 -0
package/src/observability/__tests__/recording-meter.test.ts +101 -0
package/src/observability/__tests__/recording-tracer.test.ts +110 -0
package/src/observability/__tests__/sensitive-filter.test.ts +98 -0
package/src/observability/console-provider.ts +130 -0
package/src/observability/context.ts +26 -0
package/src/observability/fallback.ts +34 -0
package/src/observability/ids.ts +25 -0
package/src/observability/index.ts +79 -0
package/src/observability/metric-validator.ts +86 -0
package/src/observability/metrics-handle.ts +56 -0
package/src/observability/noop-provider.ts +146 -0
package/src/observability/prometheus-meter.ts +284 -0
package/src/observability/recording-meter.ts +156 -0
package/src/observability/recording-tracer.ts +198 -0
package/src/observability/redis-wrapper.ts +132 -0
package/src/observability/sensitive-filter.ts +108 -0
package/src/observability/standard-metrics.ts +213 -0
package/src/observability/types/index.ts +29 -0
package/src/observability/types/metric.ts +56 -0
package/src/observability/types/provider.ts +32 -0
package/src/observability/types/span.ts +64 -0
package/src/pipeline/__tests__/archive-stream.integration.ts +220 -0
package/src/pipeline/__tests__/auth-claims-resolver.test.ts +279 -0
package/src/pipeline/__tests__/cascade-handler.integration.ts +419 -0
package/src/pipeline/__tests__/cascade-handler.test.ts +52 -0
package/src/pipeline/__tests__/causation-chain.integration.ts +206 -0
package/src/pipeline/__tests__/ctx-bridge.integration.ts +234 -0
package/src/pipeline/__tests__/dispatcher.test.ts +379 -0
package/src/pipeline/__tests__/distributed-lock.integration.ts +67 -0
package/src/pipeline/__tests__/domain-events-projections.integration.ts +323 -0
package/src/pipeline/__tests__/event-dedup.integration.ts +153 -0
package/src/pipeline/__tests__/event-define-event-strict.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-lifecycle.integration.ts +220 -0
package/src/pipeline/__tests__/event-dispatcher-multi-instance.integration.ts +423 -0
package/src/pipeline/__tests__/event-dispatcher-pg-listen.integration.ts +123 -0
package/src/pipeline/__tests__/event-dispatcher-recovery.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-second-audit.integration.ts +290 -0
package/src/pipeline/__tests__/event-dispatcher-strict.test.ts +65 -0
package/src/pipeline/__tests__/event-dispatcher.integration.ts +287 -0
package/src/pipeline/__tests__/event-retention.integration.ts +239 -0
package/src/pipeline/__tests__/fetch-for-writing.integration.ts +281 -0
package/src/pipeline/__tests__/lifecycle-pipeline.test.ts +430 -0
package/src/pipeline/__tests__/load-aggregate-query.integration.ts +266 -0
package/src/pipeline/__tests__/msp-error-mode.integration.ts +149 -0
package/src/pipeline/__tests__/msp-multi-hop.integration.ts +228 -0
package/src/pipeline/__tests__/msp-rebuild.integration.ts +368 -0
package/src/pipeline/__tests__/multi-stream-projection.integration.ts +341 -0
package/src/pipeline/__tests__/perf-rebuild.integration.ts +147 -0
package/src/pipeline/__tests__/projection-rebuild.integration.ts +551 -0
package/src/pipeline/__tests__/query-projection.integration.ts +201 -0
package/src/pipeline/__tests__/redis-pipeline.integration.ts +306 -0
package/src/pipeline/append-event-core.ts +117 -0
package/src/pipeline/auth-claims-resolver.ts +103 -0
package/src/pipeline/cascade-handler.ts +113 -0
package/src/pipeline/dispatcher.ts +1585 -0
package/src/pipeline/distributed-lock.ts +37 -0
package/src/pipeline/entity-cache.ts +113 -0
package/src/pipeline/event-consumer-state.ts +108 -0
package/src/pipeline/event-dedup.ts +23 -0
package/src/pipeline/event-dispatcher.ts +1016 -0
package/src/pipeline/event-retention.ts +154 -0
package/src/pipeline/idempotency.ts +76 -0
package/src/pipeline/index.ts +66 -0
package/src/pipeline/lifecycle-pipeline.ts +409 -0
package/src/pipeline/msp-rebuild.ts +242 -0
package/src/pipeline/multi-stream-apply-context.ts +115 -0
package/src/pipeline/projection-rebuild.ts +334 -0
package/src/pipeline/projection-state.ts +72 -0
package/src/pipeline/projections-runner.ts +56 -0
package/src/pipeline/redis-keys.ts +11 -0
package/src/pipeline/system-hooks.ts +190 -0
package/src/random/__tests__/generate.test.ts +149 -0
package/src/random/generate.ts +141 -0
package/src/random/index.ts +8 -0
package/src/random/words.ts +392 -0
package/src/rate-limit/__tests__/dispatcher-l3.integration.ts +111 -0
package/src/rate-limit/__tests__/middleware.integration.ts +189 -0
package/src/rate-limit/__tests__/resolver.integration.ts +189 -0
package/src/rate-limit/bucket.ts +36 -0
package/src/rate-limit/index.ts +14 -0
package/src/rate-limit/middleware.ts +152 -0
package/src/rate-limit/resolver.ts +267 -0
package/src/redis/__tests__/redis-options.test.ts +54 -0
package/src/redis/index.ts +74 -0
package/src/search/__tests__/meilisearch-adapter.integration.ts +236 -0
package/src/search/__tests__/search-adapter.test.ts +256 -0
package/src/search/in-memory-adapter.ts +123 -0
package/src/search/index.ts +12 -0
package/src/search/meilisearch-adapter.ts +106 -0
package/src/search/types.ts +39 -0
package/src/secrets/__tests__/dek-cache.test.ts +213 -0
package/src/secrets/__tests__/env-master-key-provider.test.ts +119 -0
package/src/secrets/__tests__/envelope.test.ts +74 -0
package/src/secrets/__tests__/leak-guard.test.ts +92 -0
package/src/secrets/__tests__/rotation.test.ts +149 -0
package/src/secrets/dek-cache.ts +116 -0
package/src/secrets/env-master-key-provider.ts +162 -0
package/src/secrets/envelope.ts +55 -0
package/src/secrets/index.ts +19 -0
package/src/secrets/leak-guard.ts +87 -0
package/src/secrets/rotation.ts +34 -0
package/src/secrets/types.ts +107 -0
package/src/stack/db.ts +104 -0
package/src/stack/event-collector.ts +23 -0
package/src/stack/index.ts +32 -0
package/src/stack/redis.ts +44 -0
package/src/stack/request-helper.ts +168 -0
package/src/stack/table-helpers.ts +104 -0
package/src/stack/test-stack.ts +357 -0
package/src/stack/test-users.ts +37 -0
package/src/testing/__tests__/e2e-generator.test.ts +230 -0
package/src/testing/__tests__/ensure-entity-table.integration.ts +54 -0
package/src/testing/access-assertions.ts +15 -0
package/src/testing/assertions.ts +35 -0
package/src/testing/e2e-generator.ts +465 -0
package/src/testing/expect-error.ts +25 -0
package/src/testing/handler-context.ts +125 -0
package/src/testing/http-cookies.ts +52 -0
package/src/testing/index.ts +41 -0
package/src/testing/late-bound.ts +39 -0
package/src/testing/mutable-master-key-provider.ts +31 -0
package/src/testing/observability-recorder.ts +54 -0
package/src/testing/shared-entities.ts +49 -0
package/src/testing/utils.ts +1 -0
package/src/testing/wait-for.ts +31 -0
package/src/time/__tests__/polyfill.test.ts +73 -0
package/src/time/__tests__/tz-context.test.ts +121 -0
package/src/time/index.ts +21 -0
package/src/time/polyfill.ts +70 -0
package/src/time/tz-context.ts +107 -0
package/src/ui-types/app-schema.ts +57 -0
package/src/ui-types/index.ts +65 -0
package/src/utils/__tests__/assert.test.ts +17 -0
package/src/utils/__tests__/env-parse.test.ts +54 -0
package/src/utils/assert.ts +18 -0
package/src/utils/env-parse.ts +16 -0
package/src/utils/ids.ts +16 -0
package/src/utils/index.ts +5 -0
package/src/utils/safe-json.ts +30 -0
package/src/utils/serialization.ts +7 -0

package/src/__tests__/full-stack.integration.ts ADDED Viewed

@@ -0,0 +1,914 @@
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "vitest";
+import { z } from "zod";
+import { createEventStoreExecutor } from "../db/event-store-executor";
+import { defineFeature, type EntityId, type HandlerContext, type SaveContext } from "../engine";
+import { UnprocessableError, writeFailure } from "../errors";
+import { eventsTable } from "../event-store";
+import {
+  createEntityTable,
+  createTestUser,
+  setupTestStack,
+  type TestStack,
+  TestUsers,
+} from "../stack";
+import { expectErrorIncludes, sharedUserEntity, sharedUserTable } from "../testing";
+// --- Entities ---
+const userEntity = sharedUserEntity;
+const userTable = sharedUserTable;
+// --- Feature-level hook log (not a system hook, tracked separately) ---
+const featurePostSaveLog: SaveContext[] = [];
+// --- Feature definition ---
+function userExecutor(ctx: { searchAdapter?: unknown; entityCache?: unknown }) {
+  return createEventStoreExecutor(userTable, userEntity, {
+    entityName: "user",
+    ...(ctx.searchAdapter
+      ? { searchAdapter: ctx.searchAdapter as import("../search").SearchAdapter }
+      : {}),
+    ...(ctx.entityCache
+      ? { entityCache: ctx.entityCache as import("../pipeline/entity-cache").EntityCache }
+      : {}),
+  });
+}
+// Single source of truth for the user-created domain-event name + payload.
+// ctx.appendEvent writes this onto the user aggregate's own stream. The MSP
+// below picks it up via the event-dispatcher after commit.
+let USER_CREATED_EVENT: string;
+// Test-level MSP capture — populated by the multiStreamProjection apply below.
+// Declared here so tests can reset + assert against it across describe blocks.
+const domainEventSubscriberCalls: Array<{ type: string; payload: unknown }> = [];
+async function emitUserCreated(
+  ctx: Pick<HandlerContext, "appendEventUnsafe">,
+  id: EntityId,
+  email: string,
+): Promise<void> {
+  await ctx.appendEventUnsafe({
+    aggregateId: String(id),
+    aggregateType: "user",
+    type: USER_CREATED_EVENT,
+    payload: { id, email },
+  });
+}
+const userFeature = defineFeature("users", (r) => {
+  const user = r.entity("user", userEntity);
+  const userCreated = r.defineEvent("user.created", z.object({ id: z.any(), email: z.string() }));
+  USER_CREATED_EVENT = userCreated.name;
+  // r.multiStreamProjection: capture USER_CREATED_EVENT asynchronously via
+  // the event-dispatcher. Replaces the old r.postEvent path (removed in E2).
+  r.multiStreamProjection({
+    name: "user-created-capture",
+    apply: {
+      [userCreated.name]: async (event) => {
+        domainEventSubscriberCalls.push({ type: event.type, payload: event.payload });
+      },
+    },
+  });
+  const createHandler = r.writeHandler(
+    "user:create",
+    z.object({
+      email: z.email(),
+      firstName: z.string().optional(),
+      lastName: z.string().optional(),
+    }),
+    async (event, ctx) => userExecutor(ctx).create(event.payload, event.user, ctx.db),
+    { access: { roles: ["Admin"] } },
+  );
+  // Variant used by the ctx.appendEvent test block — creates the user AND
+  // appends a domain event (`users:event:user.created`) to the user's own
+  // aggregate stream. Separate from `user:create` so the CRUD-only happy-path
+  // tests don't unnecessarily bump the stream version past what the client
+  // sees in the response.
+  r.writeHandler(
+    "user:create-and-signal",
+    z.object({
+      email: z.email(),
+      firstName: z.string().optional(),
+      lastName: z.string().optional(),
+    }),
+    async (event, ctx) => {
+      const result = await userExecutor(ctx).create(event.payload, event.user, ctx.db);
+      if (result.isSuccess) {
+        await emitUserCreated(ctx, result.data.id, event.payload.email);
+      }
+      return result;
+    },
+    { access: { roles: ["Admin"] } },
+  );
+  // Rollback via controlled failure: writes to the user table AND appends a
+  // domain event, then deliberately returns isSuccess:false. The dispatcher
+  // raises BatchRollback, the surrounding tx rolls back — so NEITHER the user
+  // row NOR the domain event survive. Proves the controlled-failure path.
+  r.writeHandler(
+    "user:create-rollback",
+    z.object({ email: z.email() }),
+    async (event, ctx) => {
+      const created = await userExecutor(ctx).create(event.payload, event.user, ctx.db);
+      if (created.isSuccess) {
+        await emitUserCreated(ctx, created.data.id, event.payload.email);
+      }
+      return writeFailure(new UnprocessableError("intentional_rollback"));
+    },
+    { access: { roles: ["Admin"] } },
+  );
+  // Rollback via uncaught throw: appends TWICE, then throws. Exercises a
+  // different dispatcher branch than isSuccess:false — the generic catch block
+  // that wraps BatchRollback. Proves that:
+  //   (a) an uncaught error rolls the tx back just like a controlled failure,
+  //   (b) multiple domain event rows from the same handler roll back together.
+  r.writeHandler(
+    "user:create-throw",
+    z.object({ email: z.email() }),
+    async (event, ctx) => {
+      const created = await userExecutor(ctx).create(event.payload, event.user, ctx.db);
+      if (!created.isSuccess) return created;
+      await emitUserCreated(ctx, created.data.id, event.payload.email);
+      await emitUserCreated(ctx, created.data.id, `${event.payload.email}.secondary`);
+      throw new Error("unexpected_handler_failure");
+    },
+    { access: { roles: ["Admin"] } },
+  );
+  r.writeHandler(
+    "user:update",
+    z.object({
+      id: z.uuid(),
+      version: z.number().optional(),
+      changes: z.record(z.string(), z.unknown()),
+    }),
+    async (event, ctx) => userExecutor(ctx).update(event.payload, event.user, ctx.db),
+    { access: { roles: ["Admin"] } },
+  );
+  r.writeHandler(
+    "user:delete",
+    z.object({ id: z.uuid() }),
+    async (event, ctx) => userExecutor(ctx).delete(event.payload, event.user, ctx.db),
+    { access: { roles: ["Admin"] } },
+  );
+  r.queryHandler(
+    "user:list",
+    z.object({
+      search: z.string().optional(),
+      limit: z.number().optional(),
+      sort: z.string().optional(),
+      sortDirection: z.enum(["asc", "desc"]).optional(),
+    }),
+    async (query, ctx) => userExecutor(ctx).list(query.payload, query.user, ctx.db),
+    { access: { openToAll: true } },
+  );
+  r.queryHandler(
+    "user:detail",
+    z.object({ id: z.uuid() }),
+    async (query, ctx) => userExecutor(ctx).detail(query.payload, query.user, ctx.db),
+    { access: { openToAll: true } },
+  );
+  r.entityHook("postSave", user, async (result) => {
+    featurePostSaveLog.push(result);
+  });
+  r.hook("validation", createHandler, (data) => {
+    if (data["email"] === "banned@evil.com") return [{ field: "email", error: "banned_domain" }];
+    return null;
+  });
+});
+// --- Stack + Users ---
+let stack: TestStack;
+const adminUser = TestUsers.admin;
+const guestUser = createTestUser({ id: 2, roles: ["Guest"] });
+const otherTenantAdmin = createTestUser({
+  id: 3,
+  tenantId: "00000000-0000-4000-8000-000000000002",
+});
+beforeAll(async () => {
+  stack = await setupTestStack({ features: [userFeature] });
+  await createEntityTable(stack.db, userEntity, "user");
+});
+afterAll(async () => {
+  await stack.cleanup();
+});
+beforeEach(async () => {
+  // Advance the event-dispatcher cursor past all events from earlier tests
+  // FIRST, then reset the in-memory collector. This keeps per-test SSE +
+  // pubsub assertions honest — otherwise the dispatcher would replay every
+  // prior test's events and inflate counts.
+  await stack.eventDispatcher?.runOnce();
+  stack.events.reset();
+  featurePostSaveLog.length = 0;
+  domainEventSubscriberCalls.length = 0;
+});
+// =============================================================================
+// CRUD
+// =============================================================================
+describe("full stack: CRUD", () => {
+  test("create and read back", async () => {
+    const data = await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "marc@test.de",
+        firstName: "Marc",
+        lastName: "Test",
+      },
+      adminUser,
+    );
+    expect(data["isNew"]).toBe(true);
+    const detail = await stack.http.queryOk<Record<string, unknown>>(
+      "users:query:user:detail",
+      { id: data["id"] },
+      adminUser,
+    );
+    expect(detail["email"]).toBe("marc@test.de");
+    expect(detail["version"]).toBe(1);
+  });
+  test("soft delete removes from queries", async () => {
+    const created = await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "del@test.de",
+      },
+      adminUser,
+    );
+    const del = await stack.http.writeOk(
+      "users:write:user:delete",
+      {
+        id: created["id"],
+      },
+      adminUser,
+    );
+    expect(del).toBeDefined();
+    const detail = await stack.http.queryOk<null>(
+      "users:query:user:detail",
+      { id: created["id"] },
+      adminUser,
+    );
+    expect(detail).toBeNull();
+  });
+});
+// =============================================================================
+// SaveContext
+// =============================================================================
+describe("full stack: SaveContext changes + previous", () => {
+  test("update returns exact changes and previous state", async () => {
+    const created = await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "ctx@test.de",
+        firstName: "Before",
+        lastName: "Keep",
+      },
+      adminUser,
+    );
+    const updated = await stack.http.writeOk<{
+      isNew: boolean;
+      changes: { firstName: string };
+      previous: { firstName: string; lastName: string };
+      data: { firstName: string };
+    }>(
+      "users:write:user:update",
+      {
+        id: created["id"],
+        changes: { firstName: "After" },
+        version: 1,
+      },
+      adminUser,
+    );
+    expect(updated.isNew).toBe(false);
+    expect(updated.changes).toEqual({ firstName: "After" });
+    expect(updated.previous.firstName).toBe("Before");
+    expect(updated.previous.lastName).toBe("Keep");
+    expect(updated.data.firstName).toBe("After");
+  });
+});
+// =============================================================================
+// Optimistic Locking
+// =============================================================================
+describe("full stack: optimistic locking", () => {
+  test("stale version returns version_conflict", async () => {
+    const created = await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "lock@test.de",
+      },
+      adminUser,
+    );
+    await stack.http.writeOk(
+      "users:write:user:update",
+      {
+        id: created["id"],
+        version: 1,
+        changes: { firstName: "V2" },
+      },
+      adminUser,
+    );
+    const error = await stack.http.writeErr(
+      "users:write:user:update",
+      {
+        id: created["id"],
+        version: 1,
+        changes: { firstName: "Stale" },
+      },
+      adminUser,
+    );
+    expect(error.code).toBe("version_conflict");
+  });
+});
+// =============================================================================
+// System Hooks ACTUALLY FIRE
+// =============================================================================
+describe("full stack: lifecycle pipeline — system hooks fire", () => {
+  test("feature postSave hook receives SaveContext", async () => {
+    await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "hook@test.de",
+        firstName: "Hooked",
+      },
+      adminUser,
+    );
+    expect(featurePostSaveLog).toHaveLength(1);
+    expect(featurePostSaveLog[0]?.data["email"]).toBe("hook@test.de");
+    expect(featurePostSaveLog[0]?.isNew).toBe(true);
+  });
+  test("SSE broadcast fires on create (via async event-dispatcher)", async () => {
+    await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "sse@test.de",
+      },
+      adminUser,
+    );
+    // SSE runs as an async subscriber on the event-dispatcher since D.3.
+    // Drain deterministically instead of sleeping.
+    await stack.eventDispatcher?.runOnce();
+    expect(stack.events.sse).toHaveLength(1);
+    // New shape: event.type directly (no "system:event:" wrapper).
+    expect(stack.events.sse[0]?.type).toBe("user.created");
+    expect(stack.events.sse[0]?.data["id"]).toBeDefined();
+  });
+  test("SSE broadcast fires on update (via async event-dispatcher)", async () => {
+    const created = await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "sse-upd@test.de",
+      },
+      adminUser,
+    );
+    // Drain the create event first, then reset + update.
+    await stack.eventDispatcher?.runOnce();
+    stack.events.reset();
+    await stack.http.writeOk(
+      "users:write:user:update",
+      {
+        id: created["id"],
+        changes: { firstName: "SSE" },
+        version: 1,
+      },
+      adminUser,
+    );
+    await stack.eventDispatcher?.runOnce();
+    const updateEvent = stack.events.sse.find((e) => e.type === "user.updated");
+    expect(updateEvent).toBeDefined();
+    // Shape carries the full event.payload (changes + previous) under data.payload.
+    const payload = updateEvent!.data["payload"] as { changes: { firstName: string } };
+    expect(payload.changes).toEqual({ firstName: "SSE" });
+  });
+  test("search index updated via async event-dispatcher after create", async () => {
+    await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "indexed@test.de",
+        firstName: "Indexed",
+      },
+      adminUser,
+    );
+    await stack.eventDispatcher?.runOnce();
+    const results = await stack.search.search("00000000-0000-4000-8000-000000000001", "indexed", {
+      filterType: "user",
+    });
+    expect(results.some((r) => r.entityType === "user")).toBe(true);
+  });
+});
+// =============================================================================
+// Auth + Access + Validation + Tenant Isolation
+// =============================================================================
+describe("full stack: auth + access + validation", () => {
+  test("unauthenticated → 401", async () => {
+    const res = await stack.app.request("/api/write", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ type: "users:write:user:create", payload: { email: "x@x.de" } }),
+    });
+    expect(res.status).toBe(401);
+  });
+  test("guest → access denied", async () => {
+    const error = await stack.http.writeErr(
+      "users:write:user:create",
+      {
+        email: "guest@test.de",
+      },
+      guestUser,
+    );
+    expect(error.code).toBe("access_denied");
+  });
+  test("other tenant cannot see data", async () => {
+    const created = await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "secret@test.de",
+      },
+      adminUser,
+    );
+    const detail = await stack.http.queryOk<null>(
+      "users:query:user:detail",
+      { id: created["id"] },
+      otherTenantAdmin,
+    );
+    expect(detail).toBeNull();
+  });
+  test("validation hook rejects banned domain", async () => {
+    const error = await stack.http.writeErr(
+      "users:write:user:create",
+      {
+        email: "banned@evil.com",
+      },
+      adminUser,
+    );
+    expectErrorIncludes(error, "banned_domain");
+  });
+});
+// =============================================================================
+// Search + Sort
+// =============================================================================
+describe("full stack: search + sort", () => {
+  test("search finds via SearchAdapter", async () => {
+    await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "findable@test.de",
+        firstName: "Findable",
+      },
+      adminUser,
+    );
+    // Search indexing is async (D.4) — drain before querying.
+    await stack.eventDispatcher?.runOnce();
+    const res = await stack.http.queryOk<{ rows: Record<string, unknown>[] }>(
+      "users:query:user:list",
+      { search: "findable" },
+      adminUser,
+    );
+    expect(res.rows.some((r) => r["email"] === "findable@test.de")).toBe(true);
+  });
+  test("sort by lastName ASC", async () => {
+    await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "sz@test.de",
+        lastName: "Zebra",
+      },
+      adminUser,
+    );
+    await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "sa@test.de",
+        lastName: "Alpha",
+      },
+      adminUser,
+    );
+    const res = await stack.http.queryOk<{ rows: Record<string, unknown>[] }>(
+      "users:query:user:list",
+      { sort: "lastName", sortDirection: "asc" },
+      adminUser,
+    );
+    const names = res.rows.map((r) => r["lastName"]).filter(Boolean);
+    const sorted = [...names].sort();
+    expect(names).toEqual(sorted);
+  });
+});
+// =============================================================================
+// SSE Route + Health
+// =============================================================================
+describe("full stack: SSE route", () => {
+  test("requires auth", async () => {
+    expect((await stack.app.request("/api/sse")).status).toBe(401);
+  });
+  test("returns event stream", async () => {
+    const token = await stack.jwt.sign(adminUser);
+    const res = await stack.app.request("/api/sse", {
+      headers: { Authorization: `Bearer ${token}` },
+    });
+    expect(res.status).toBe(200);
+    expect(res.headers.get("content-type")).toContain("text/event-stream");
+  });
+});
+// =============================================================================
+// Idempotency (Redis-backed, end-to-end)
+// =============================================================================
+describe("full stack: idempotency", () => {
+  test("duplicate requestId returns cached result, no double insert", async () => {
+    const requestId = "idem-fullstack-001";
+    const res1 = await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "idem@test.de",
+      },
+      adminUser,
+      requestId,
+    );
+    const firstId = res1["id"];
+    // Same requestId → should return cached result, NOT create a second user
+    const res2 = await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "idem@test.de",
+      },
+      adminUser,
+      requestId,
+    );
+    expect(res2["id"]).toBe(firstId);
+  });
+  test("different requestIds create separate records", async () => {
+    const res1 = await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "idem-a@test.de",
+      },
+      adminUser,
+      "idem-a",
+    );
+    const res2 = await stack.http.writeOk(
+      "users:write:user:create",
+      {
+        email: "idem-b@test.de",
+      },
+      adminUser,
+      "idem-b",
+    );
+    expect(res1["id"]).not.toBe(res2["id"]);
+  });
+});
+// =============================================================================
+// Request Context (X-Request-ID)
+// =============================================================================
+describe("full stack: request context", () => {
+  test("response contains X-Request-ID header", async () => {
+    const token = await stack.jwt.sign(adminUser);
+    const res = await stack.app.request("/api/write", {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        type: "users:write:user:create",
+        payload: { email: "reqid@test.de" },
+      }),
+    });
+    expect(res.status).toBe(200);
+    expect(res.headers.get("X-Request-ID")).toBeDefined();
+    expect(res.headers.get("X-Request-ID")?.length).toBeGreaterThan(0);
+  });
+  test("echoes back client-provided X-Request-ID", async () => {
+    const token = await stack.jwt.sign(adminUser);
+    const res = await stack.app.request("/api/write", {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json",
+        "X-Request-ID": "client-req-42",
+      },
+      body: JSON.stringify({
+        type: "users:write:user:create",
+        payload: { email: "echoid@test.de" },
+      }),
+    });
+    expect(res.headers.get("X-Request-ID")).toBe("client-req-42");
+  });
+  test("error responses include requestId", async () => {
+    const token = await stack.jwt.sign(guestUser);
+    const res = await stack.app.request("/api/write", {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json",
+        "X-Request-ID": "err-req-99",
+      },
+      body: JSON.stringify({
+        type: "users:write:user:create",
+        payload: { email: "denied@test.de" },
+      }),
+    });
+    const body = (await res.json()) as { isSuccess: boolean; error: { requestId?: string } };
+    expect(body.isSuccess).toBe(false);
+    // requestId lives inside the serialized error body under the new contract
+    expect(body.error.requestId).toBe("err-req-99");
+  });
+});
+// =============================================================================
+// Entity Cache
+// =============================================================================
+describe("full stack: entity cache", () => {
+  test("detail returns cached data after create (no second DB hit needed)", async () => {
+    const created = await stack.http.writeOk(
+      "users:write:user:create",
+      { email: "cached@test.de", firstName: "Cached" },
+      adminUser,
+    );
+    // Detail should return the same data (from cache or DB — both valid)
+    const detail = await stack.http.queryOk<Record<string, unknown>>(
+      "users:query:user:detail",
+      { id: created["id"] },
+      adminUser,
+    );
+    expect(detail["email"]).toBe("cached@test.de");
+  });
+  test("cache serves stale data until invalidated by update", async () => {
+    const created = await stack.http.writeOk(
+      "users:write:user:create",
+      { email: "stale@test.de", firstName: "Before" },
+      adminUser,
+    );
+    const id = created["id"] as string;
+    // First detail populates cache
+    await stack.http.queryOk("users:query:user:detail", { id }, adminUser);
+    // Raw DB update — bypasses cache invalidation
+    const { eq } = await import("drizzle-orm");
+    await stack.db
+      .update(userTable)
+      .set({ firstName: "RawDbChange" })
+      .where(eq(userTable["id"], id));
+    // Detail still returns cached (old) value
+    const stale = await stack.http.queryOk<Record<string, unknown>>(
+      "users:query:user:detail",
+      { id },
+      adminUser,
+    );
+    expect(stale["firstName"]).toBe("Before");
+    // Update via API — invalidates cache
+    await stack.http.writeOk(
+      "users:write:user:update",
+      { id, changes: { firstName: "AfterUpdate" }, version: 1 },
+      adminUser,
+    );
+    // Now detail returns fresh data
+    const fresh = await stack.http.queryOk<Record<string, unknown>>(
+      "users:query:user:detail",
+      { id },
+      adminUser,
+    );
+    expect(fresh["firstName"]).toBe("AfterUpdate");
+  });
+  test("delete invalidates cache", async () => {
+    const created = await stack.http.writeOk(
+      "users:write:user:create",
+      { email: "delcache@test.de" },
+      adminUser,
+    );
+    const id = created["id"] as string;
+    // Populate cache
+    await stack.http.queryOk("users:query:user:detail", { id }, adminUser);
+    // Delete via API
+    await stack.http.writeOk("users:write:user:delete", { id }, adminUser);
+    // Detail returns null (soft deleted + cache invalidated)
+    const gone = await stack.http.queryOk<null>("users:query:user:detail", { id }, adminUser);
+    expect(gone).toBeNull();
+  });
+});
+// =============================================================================
+// Health
+// =============================================================================
+describe("full stack: health", () => {
+  test("GET /health", async () => {
+    expect(await (await stack.app.request("/health")).json()).toEqual({ status: "ok" });
+  });
+});
+// =============================================================================
+// ctx.appendEvent — domain events on the user aggregate stream
+// =============================================================================
+//
+// ctx.appendEvent writes the event onto the user aggregate's own stream (same
+// aggregateId as the CRUD row). The event-dispatcher picks it up and delivers
+// to r.multiStreamProjection consumers after commit. Proves the full
+// TX-atomicity: user row + domain event + feature postSave + SSE + search —
+// all commit-or-rollback together.
+describe("full stack: ctx.appendEvent via event-dispatcher", () => {
+  // Filter the appended domain-event rows by type AND payload.email — the
+  // events table is shared across tests so we pick out just the ones this
+  // test appended.
+  async function domainEventsForEmail(email: string) {
+    const rows = await stack.db
+      .select()
+      .from(eventsTable)
+      .where(
+        // eq + and via a lazy dynamic import keeps the top-level imports lean.
+        (await import("drizzle-orm")).and(
+          (await import("drizzle-orm")).eq(eventsTable.aggregateType, "user"),
+          (await import("drizzle-orm")).eq(eventsTable.type, USER_CREATED_EVENT),
+        ),
+      );
+    return rows.filter((r) => (r.payload as { email?: string }).email === email);
+  }
+  test("commit path: user row, domain event, feature postSave, SSE, search, subscriber — all consistent", async () => {
+    const data = await stack.http.writeOk(
+      "users:write:user:create-and-signal",
+      { email: "emit-happy@test.de", firstName: "Happy", lastName: "Path" },
+      adminUser,
+    );
+    // Business row committed
+    expect(data["isNew"]).toBe(true);
+    const userId = data["id"] as string;
+    // Domain event row committed on the SAME aggregate stream as the CRUD event
+    const domainRows = await domainEventsForEmail("emit-happy@test.de");
+    expect(domainRows).toHaveLength(1);
+    expect(domainRows[0]).toMatchObject({
+      tenantId: adminUser.tenantId,
+      type: USER_CREATED_EVENT,
+      aggregateType: "user",
+      aggregateId: userId,
+    });
+    expect(domainRows[0]?.payload).toMatchObject({ id: userId, email: "emit-happy@test.de" });
+    // Feature postSave ran inline
+    expect(featurePostSaveLog).toHaveLength(1);
+    expect(featurePostSaveLog[0]).toMatchObject({ kind: "save", id: userId, isNew: true });
+    // System consumers + MSP subscriber fire on the next dispatcher pass
+    expect(domainEventSubscriberCalls).toHaveLength(0);
+    await stack.eventDispatcher?.runOnce();
+    // Search + SSE saw the user.created aggregate event
+    expect(stack.events.sse.some((e) => e.type === "user.created")).toBe(true);
+    const searchHits = await stack.search.search(adminUser.tenantId, "emit-happy");
+    expect(searchHits.map((h) => h.entityId)).toContain(userId);
+    // Subscriber saw the domain event
+    expect(domainEventSubscriberCalls).toHaveLength(1);
+    expect(domainEventSubscriberCalls[0]).toMatchObject({
+      type: USER_CREATED_EVENT,
+      payload: { id: userId, email: "emit-happy@test.de" },
+    });
+  });
+  test("rollback path: handler returns isSuccess:false after append+insert → no user, no event, no side-effects", async () => {
+    const res = await stack.http.write(
+      "users:write:user:create-rollback",
+      { email: "emit-rollback@test.de" },
+      adminUser,
+    );
+    const body = (await res.json()) as {
+      isSuccess: boolean;
+      error: { code: string; details: { reason: string } };
+    };
+    expect(body.isSuccess).toBe(false);
+    expect(body.error.code).toBe("unprocessable");
+    expect(body.error.details.reason).toBe("intentional_rollback");
+    // User table: the insert rolled back
+    const users = await stack.http.queryOk<{ rows: Array<Record<string, unknown>> }>(
+      "users:query:user:list",
+      { search: "emit-rollback" },
+      adminUser,
+    );
+    expect(users.rows.some((u) => u["email"] === "emit-rollback@test.de")).toBe(false);
+    // Domain event rolled back too — nothing in events table for this email
+    expect(await domainEventsForEmail("emit-rollback@test.de")).toHaveLength(0);
+    // Side-effects: feature postSave ran inline in the tx that rolled back →
+    // no entry. Dispatcher drains nothing (no committed event). Subscriber
+    // never saw the rolled-back append.
+    expect(featurePostSaveLog).toHaveLength(0);
+    await stack.eventDispatcher?.runOnce();
+    const searchHits = await stack.search.search(adminUser.tenantId, "emit-rollback");
+    expect(searchHits).toHaveLength(0);
+    expect(domainEventSubscriberCalls).toHaveLength(0);
+  });
+  test("uncaught throw + multi-append: both domain events roll back, error reported, no side-effects", async () => {
+    const res = await stack.http.write(
+      "users:write:user:create-throw",
+      { email: "emit-throw@test.de" },
+      adminUser,
+    );
+    const body = (await res.json()) as { isSuccess: boolean; error: unknown };
+    expect(body.isSuccess).toBe(false);
+    // Uncaught Error → auto-wrapped to InternalError.
+    expect((body.error as { code: string }).code).toBe("internal_error");
+    // User row rolled back
+    const users = await stack.http.queryOk<{ rows: Array<Record<string, unknown>> }>(
+      "users:query:user:list",
+      { search: "emit-throw" },
+      adminUser,
+    );
+    expect(users.rows.some((u) => u["email"] === "emit-throw@test.de")).toBe(false);
+    // BOTH domain event rows rolled back — multi-append in one tx is atomic.
+    // Primary + secondary email variants should both be absent.
+    expect(await domainEventsForEmail("emit-throw@test.de")).toHaveLength(0);
+    expect(await domainEventsForEmail("emit-throw@test.de.secondary")).toHaveLength(0);
+    // Subscribers + system consumers stayed idle
+    expect(featurePostSaveLog).toHaveLength(0);
+    await stack.eventDispatcher?.runOnce();
+    const searchHits = await stack.search.search(adminUser.tenantId, "emit-throw");
+    expect(searchHits).toHaveLength(0);
+    expect(domainEventSubscriberCalls).toHaveLength(0);
+  });
+});