@elevasis/core 0.8.3 → 0.10.0

package/dist/test-utils/index.d.ts

@@ -1,312 +1,8 @@
-import { FunctionsClient } from '@supabase/functions-js';
-import { PostgrestClient, PostgrestQueryBuilder, PostgrestFilterBuilder } from '@supabase/postgrest-js';
-import { RealtimeClientOptions, RealtimeClient, RealtimeChannelOptions, RealtimeChannel } from '@supabase/realtime-js';
-import { StorageClientOptions, StorageClient } from '@supabase/storage-js';
-import { GoTrueClientOptions, AuthClient } from '@supabase/auth-js';
-
-type GenericRelationship = {
-    foreignKeyName: string;
-    columns: string[];
-    isOneToOne?: boolean;
-    referencedRelation: string;
-    referencedColumns: string[];
-};
-type GenericTable = {
-    Row: Record<string, unknown>;
-    Insert: Record<string, unknown>;
-    Update: Record<string, unknown>;
-    Relationships: GenericRelationship[];
-};
-type GenericUpdatableView = {
-    Row: Record<string, unknown>;
-    Insert: Record<string, unknown>;
-    Update: Record<string, unknown>;
-    Relationships: GenericRelationship[];
-};
-type GenericNonUpdatableView = {
-    Row: Record<string, unknown>;
-    Relationships: GenericRelationship[];
-};
-type GenericView = GenericUpdatableView | GenericNonUpdatableView;
-type GenericSetofOption = {
-    isSetofReturn?: boolean | undefined;
-    isOneToOne?: boolean | undefined;
-    isNotNullable?: boolean | undefined;
-    to: string;
-    from: string;
-};
-type GenericFunction = {
-    Args: Record<string, unknown> | never;
-    Returns: unknown;
-    SetofOptions?: GenericSetofOption;
-};
-type GenericSchema = {
-    Tables: Record<string, GenericTable>;
-    Views: Record<string, GenericView>;
-    Functions: Record<string, GenericFunction>;
-};
-
-interface SupabaseAuthClientOptions extends GoTrueClientOptions {
-}
-type Fetch = typeof fetch;
-type SupabaseClientOptions<SchemaName> = {
-    /**
-     * The Postgres schema which your tables belong to. Must be on the list of exposed schemas in Supabase. Defaults to `public`.
-     */
-    db?: {
-        schema?: SchemaName;
-    };
-    auth?: {
-        /**
-         * Automatically refreshes the token for logged-in users. Defaults to true.
-         */
-        autoRefreshToken?: boolean;
-        /**
-         * Optional key name used for storing tokens in local storage.
-         */
-        storageKey?: string;
-        /**
-         * Whether to persist a logged-in session to storage. Defaults to true.
-         */
-        persistSession?: boolean;
-        /**
-         * Detect a session from the URL. Used for OAuth login callbacks. Defaults to true.
-         */
-        detectSessionInUrl?: boolean;
-        /**
-         * A storage provider. Used to store the logged-in session.
-         */
-        storage?: SupabaseAuthClientOptions['storage'];
-        /**
-         * A storage provider to store the user profile separately from the session.
-         * Useful when you need to store the session information in cookies,
-         * without bloating the data with the redundant user object.
-         *
-         * @experimental
-         */
-        userStorage?: SupabaseAuthClientOptions['userStorage'];
-        /**
-         * OAuth flow to use - defaults to implicit flow. PKCE is recommended for mobile and server-side applications.
-         */
-        flowType?: SupabaseAuthClientOptions['flowType'];
-        /**
-         * If debug messages for authentication client are emitted. Can be used to inspect the behavior of the library.
-         */
-        debug?: SupabaseAuthClientOptions['debug'];
-        /**
-         * Provide your own locking mechanism based on the environment. By default no locking is done at this time.
-         *
-         * @experimental
-         */
-        lock?: SupabaseAuthClientOptions['lock'];
-        /**
-         * If there is an error with the query, throwOnError will reject the promise by
-         * throwing the error instead of returning it as part of a successful response.
-         */
-        throwOnError?: SupabaseAuthClientOptions['throwOnError'];
-    };
-    /**
-     * Options passed to the realtime-js instance
-     */
-    realtime?: RealtimeClientOptions;
-    storage?: StorageClientOptions;
-    global?: {
-        /**
-         * A custom `fetch` implementation.
-         */
-        fetch?: Fetch;
-        /**
-         * Optional headers for initializing the client.
-         */
-        headers?: Record<string, string>;
-    };
-    /**
-     * Optional function for using a third-party authentication system with
-     * Supabase. The function should return an access token or ID token (JWT) by
-     * obtaining it from the third-party auth SDK. Note that this
-     * function may be called concurrently and many times. Use memoization and
-     * locking techniques if this is not supported by the SDKs.
-     *
-     * When set, the `auth` namespace of the Supabase client cannot be used.
-     * Create another client if you wish to use Supabase Auth and third-party
-     * authentications concurrently in the same application.
-     */
-    accessToken?: () => Promise<string | null>;
-};
-
-declare class SupabaseAuthClient extends AuthClient {
-    constructor(options: SupabaseAuthClientOptions);
-}
-
-/**
- * AUTO-GENERATED FILE - DO NOT EDIT
- *
- * This file is automatically synchronized from @supabase/postgrest-js
- * Source: packages/core/postgrest-js/src/types/common/
- *
- * To update this file, modify the source in postgrest-js and run:
- *   npm run codegen
- */
-
-type IsMatchingArgs<FnArgs extends GenericFunction['Args'], PassedArgs extends GenericFunction['Args']> = [FnArgs] extends [Record<PropertyKey, never>] ? PassedArgs extends Record<PropertyKey, never> ? true : false : keyof PassedArgs extends keyof FnArgs ? PassedArgs extends FnArgs ? true : false : false;
-type MatchingFunctionArgs<Fn extends GenericFunction, Args extends GenericFunction['Args']> = Fn extends {
-    Args: infer A extends GenericFunction['Args'];
-} ? IsMatchingArgs<A, Args> extends true ? Fn : never : false;
-type FindMatchingFunctionByArgs<FnUnion, Args extends GenericFunction['Args']> = FnUnion extends infer Fn extends GenericFunction ? MatchingFunctionArgs<Fn, Args> : false;
-type TablesAndViews<Schema extends GenericSchema> = Schema['Tables'] & Exclude<Schema['Views'], ''>;
-type UnionToIntersection<U> = (U extends any ? (k: U) => void : never) extends (k: infer I) => void ? I : never;
-type LastOf<T> = UnionToIntersection<T extends any ? () => T : never> extends () => infer R ? R : never;
-type IsAny<T> = 0 extends 1 & T ? true : false;
-type ExactMatch<T, S> = [T] extends [S] ? ([S] extends [T] ? true : false) : false;
-type ExtractExactFunction<Fns, Args> = Fns extends infer F ? F extends GenericFunction ? ExactMatch<F['Args'], Args> extends true ? F : never : never : never;
-type IsNever<T> = [T] extends [never] ? true : false;
-type RpcFunctionNotFound<FnName> = {
-    Row: any;
-    Result: {
-        error: true;
-    } & "Couldn't infer function definition matching provided arguments";
-    RelationName: FnName;
-    Relationships: null;
-};
-type GetRpcFunctionFilterBuilderByArgs<Schema extends GenericSchema, FnName extends string & keyof Schema['Functions'], Args> = {
-    0: Schema['Functions'][FnName];
-    1: IsAny<Schema> extends true ? any : IsNever<Args> extends true ? IsNever<ExtractExactFunction<Schema['Functions'][FnName], Args>> extends true ? LastOf<Schema['Functions'][FnName]> : ExtractExactFunction<Schema['Functions'][FnName], Args> : Args extends Record<PropertyKey, never> ? LastOf<Schema['Functions'][FnName]> : Args extends GenericFunction['Args'] ? IsNever<LastOf<FindMatchingFunctionByArgs<Schema['Functions'][FnName], Args>>> extends true ? LastOf<Schema['Functions'][FnName]> : LastOf<FindMatchingFunctionByArgs<Schema['Functions'][FnName], Args>> : ExtractExactFunction<Schema['Functions'][FnName], Args> extends GenericFunction ? ExtractExactFunction<Schema['Functions'][FnName], Args> : any;
-}[1] extends infer Fn ? IsAny<Fn> extends true ? {
-    Row: any;
-    Result: any;
-    RelationName: FnName;
-    Relationships: null;
-} : Fn extends GenericFunction ? {
-    Row: Fn['SetofOptions'] extends GenericSetofOption ? Fn['SetofOptions']['isSetofReturn'] extends true ? TablesAndViews<Schema>[Fn['SetofOptions']['to']]['Row'] : TablesAndViews<Schema>[Fn['SetofOptions']['to']]['Row'] : Fn['Returns'] extends any[] ? Fn['Returns'][number] extends Record<string, unknown> ? Fn['Returns'][number] : never : Fn['Returns'] extends Record<string, unknown> ? Fn['Returns'] : never;
-    Result: Fn['SetofOptions'] extends GenericSetofOption ? Fn['SetofOptions']['isSetofReturn'] extends true ? Fn['SetofOptions']['isOneToOne'] extends true ? Fn['Returns'][] : Fn['Returns'] : Fn['Returns'] : Fn['Returns'];
-    RelationName: Fn['SetofOptions'] extends GenericSetofOption ? Fn['SetofOptions']['to'] : FnName;
-    Relationships: Fn['SetofOptions'] extends GenericSetofOption ? Fn['SetofOptions']['to'] extends keyof Schema['Tables'] ? Schema['Tables'][Fn['SetofOptions']['to']]['Relationships'] : Schema['Views'][Fn['SetofOptions']['to']]['Relationships'] : null;
-} : Fn extends false ? RpcFunctionNotFound<FnName> : RpcFunctionNotFound<FnName> : RpcFunctionNotFound<FnName>;
-
-/**
- * Supabase Client.
- *
- * An isomorphic Javascript client for interacting with Postgres.
- */
-declare class SupabaseClient<Database = any, SchemaNameOrClientOptions extends (string & keyof Omit<Database, '__InternalSupabase'>) | {
-    PostgrestVersion: string;
-} = 'public' extends keyof Omit<Database, '__InternalSupabase'> ? 'public' : string & keyof Omit<Database, '__InternalSupabase'>, SchemaName extends string & keyof Omit<Database, '__InternalSupabase'> = SchemaNameOrClientOptions extends string & keyof Omit<Database, '__InternalSupabase'> ? SchemaNameOrClientOptions : 'public' extends keyof Omit<Database, '__InternalSupabase'> ? 'public' : string & keyof Omit<Omit<Database, '__InternalSupabase'>, '__InternalSupabase'>, Schema extends Omit<Database, '__InternalSupabase'>[SchemaName] extends GenericSchema ? Omit<Database, '__InternalSupabase'>[SchemaName] : never = Omit<Database, '__InternalSupabase'>[SchemaName] extends GenericSchema ? Omit<Database, '__InternalSupabase'>[SchemaName] : never, ClientOptions extends {
-    PostgrestVersion: string;
-} = SchemaNameOrClientOptions extends string & keyof Omit<Database, '__InternalSupabase'> ? Database extends {
-    __InternalSupabase: {
-        PostgrestVersion: string;
-    };
-} ? Database['__InternalSupabase'] : {
-    PostgrestVersion: '12';
-} : SchemaNameOrClientOptions extends {
-    PostgrestVersion: string;
-} ? SchemaNameOrClientOptions : never> {
-    protected supabaseUrl: string;
-    protected supabaseKey: string;
-    /**
-     * Supabase Auth allows you to create and manage user sessions for access to data that is secured by access policies.
-     */
-    auth: SupabaseAuthClient;
-    realtime: RealtimeClient;
-    /**
-     * Supabase Storage allows you to manage user-generated content, such as photos or videos.
-     */
-    storage: StorageClient;
-    protected realtimeUrl: URL;
-    protected authUrl: URL;
-    protected storageUrl: URL;
-    protected functionsUrl: URL;
-    protected rest: PostgrestClient<Database, ClientOptions, SchemaName>;
-    protected storageKey: string;
-    protected fetch?: Fetch;
-    protected changedAccessToken?: string;
-    protected accessToken?: () => Promise<string | null>;
-    protected headers: Record<string, string>;
-    /**
-     * Create a new client for use in the browser.
-     * @param supabaseUrl The unique Supabase URL which is supplied when you create a new project in your project dashboard.
-     * @param supabaseKey The unique Supabase Key which is supplied when you create a new project in your project dashboard.
-     * @param options.db.schema You can switch in between schemas. The schema needs to be on the list of exposed schemas inside Supabase.
-     * @param options.auth.autoRefreshToken Set to "true" if you want to automatically refresh the token before expiring.
-     * @param options.auth.persistSession Set to "true" if you want to automatically save the user session into local storage.
-     * @param options.auth.detectSessionInUrl Set to "true" if you want to automatically detects OAuth grants in the URL and signs in the user.
-     * @param options.realtime Options passed along to realtime-js constructor.
-     * @param options.storage Options passed along to the storage-js constructor.
-     * @param options.global.fetch A custom fetch implementation.
-     * @param options.global.headers Any additional headers to send with each network request.
-     */
-    constructor(supabaseUrl: string, supabaseKey: string, options?: SupabaseClientOptions<SchemaName>);
-    /**
-     * Supabase Functions allows you to deploy and invoke edge functions.
-     */
-    get functions(): FunctionsClient;
-    from<TableName extends string & keyof Schema['Tables'], Table extends Schema['Tables'][TableName]>(relation: TableName): PostgrestQueryBuilder<ClientOptions, Schema, Table, TableName>;
-    from<ViewName extends string & keyof Schema['Views'], View extends Schema['Views'][ViewName]>(relation: ViewName): PostgrestQueryBuilder<ClientOptions, Schema, View, ViewName>;
-    /**
-     * Select a schema to query or perform an function (rpc) call.
-     *
-     * The schema needs to be on the list of exposed schemas inside Supabase.
-     *
-     * @param schema - The schema to query
-     */
-    schema<DynamicSchema extends string & keyof Omit<Database, '__InternalSupabase'>>(schema: DynamicSchema): PostgrestClient<Database, ClientOptions, DynamicSchema, Database[DynamicSchema] extends GenericSchema ? Database[DynamicSchema] : any>;
-    /**
-     * Perform a function call.
-     *
-     * @param fn - The function name to call
-     * @param args - The arguments to pass to the function call
-     * @param options - Named parameters
-     * @param options.head - When set to `true`, `data` will not be returned.
-     * Useful if you only need the count.
-     * @param options.get - When set to `true`, the function will be called with
-     * read-only access mode.
-     * @param options.count - Count algorithm to use to count rows returned by the
-     * function. Only applicable for [set-returning
-     * functions](https://www.postgresql.org/docs/current/functions-srf.html).
-     *
-     * `"exact"`: Exact but slow count algorithm. Performs a `COUNT(*)` under the
-     * hood.
-     *
-     * `"planned"`: Approximated but fast count algorithm. Uses the Postgres
-     * statistics under the hood.
-     *
-     * `"estimated"`: Uses exact count for low numbers and planned count for high
-     * numbers.
-     */
-    rpc<FnName extends string & keyof Schema['Functions'], Args extends Schema['Functions'][FnName]['Args'] = never, FilterBuilder extends GetRpcFunctionFilterBuilderByArgs<Schema, FnName, Args> = GetRpcFunctionFilterBuilderByArgs<Schema, FnName, Args>>(fn: FnName, args?: Args, options?: {
-        head?: boolean;
-        get?: boolean;
-        count?: 'exact' | 'planned' | 'estimated';
-    }): PostgrestFilterBuilder<ClientOptions, Schema, FilterBuilder['Row'], FilterBuilder['Result'], FilterBuilder['RelationName'], FilterBuilder['Relationships'], 'RPC'>;
-    /**
-     * Creates a Realtime channel with Broadcast, Presence, and Postgres Changes.
-     *
-     * @param {string} name - The name of the Realtime channel.
-     * @param {Object} opts - The options to pass to the Realtime channel.
-     *
-     */
-    channel(name: string, opts?: RealtimeChannelOptions): RealtimeChannel;
-    /**
-     * Returns all Realtime channels.
-     */
-    getChannels(): RealtimeChannel[];
-    /**
-     * Unsubscribes and removes Realtime channel from Realtime client.
-     *
-     * @param {RealtimeChannel} channel - The name of the Realtime channel.
-     *
-     */
-    removeChannel(channel: RealtimeChannel): Promise<'ok' | 'timed out' | 'error'>;
-    /**
-     * Unsubscribes and removes all Realtime channels from Realtime client.
-     */
-    removeAllChannels(): Promise<('ok' | 'timed out' | 'error')[]>;
-    private _getAccessToken;
-    private _initSupabaseAuthClient;
-    private _initRealtimeClient;
-    private _listenForAuthEvents;
-    private _handleTokenChanged;
-}
+import * as _supabase_supabase_js from '@supabase/supabase-js';
+import { SupabaseClient as SupabaseClient$1 } from '@supabase/supabase-js';
+import * as vitest from 'vitest';
+import { vi } from 'vitest';
+import { z } from 'zod';
 
 type Json = string | number | boolean | null | {
     [key: string]: Json | undefined;
@@ -2944,6 +2640,19 @@ type Database = {
         };
     };
 };
+type DatabaseWithoutInternals = Omit<Database, "__InternalSupabase">;
+type DefaultSchema = DatabaseWithoutInternals[Extract<keyof Database, "public">];
+type Tables<DefaultSchemaTableNameOrOptions extends keyof (DefaultSchema["Tables"] & DefaultSchema["Views"]) | {
+    schema: keyof DatabaseWithoutInternals;
+}, TableName extends DefaultSchemaTableNameOrOptions extends {
+    schema: keyof DatabaseWithoutInternals;
+} ? keyof (DatabaseWithoutInternals[DefaultSchemaTableNameOrOptions["schema"]]["Tables"] & DatabaseWithoutInternals[DefaultSchemaTableNameOrOptions["schema"]]["Views"]) : never = never> = DefaultSchemaTableNameOrOptions extends {
+    schema: keyof DatabaseWithoutInternals;
+} ? (DatabaseWithoutInternals[DefaultSchemaTableNameOrOptions["schema"]]["Tables"] & DatabaseWithoutInternals[DefaultSchemaTableNameOrOptions["schema"]]["Views"])[TableName] extends {
+    Row: infer R;
+} ? R : never : DefaultSchemaTableNameOrOptions extends keyof (DefaultSchema["Tables"] & DefaultSchema["Views"]) ? (DefaultSchema["Tables"] & DefaultSchema["Views"])[DefaultSchemaTableNameOrOptions] extends {
+    Row: infer R;
+} ? R : never : never;
 
 /**
  * RLS Test Context Manager
@@ -2989,7 +2698,7 @@ interface Membership {
     role_slug: Role;
 }
 declare class RLSTestContext {
-    adminClient: SupabaseClient<Database>;
+    adminClient: SupabaseClient$1<Database>;
     testPrefix: string;
     createdIds: {
         users: string[];
@@ -3039,19 +2748,19 @@ declare class RLSTestContext {
      * Create a Supabase client for a specific user (respects RLS)
      * This client will have the user's JWT token, so RLS policies will apply
      */
-    createUserClient(workosUserId: string): SupabaseClient<Database>;
+    createUserClient(workosUserId: string): SupabaseClient$1<Database>;
     /**
      * Create a Supabase client for a pre-provisioned user (respects RLS)
      * Uses a dummy workos_user_id but includes the email claim for RLS matching
      * The email claim is what matters for pre-provisioned user RLS policies
      */
-    createPreProvisionedUserClient(email: string): SupabaseClient<Database>;
+    createPreProvisionedUserClient(email: string): SupabaseClient$1<Database>;
     /** Create an organization with an admin user and authenticated client. */
     createOrgWithAdmin(name: string, email: string): Promise<{
         org: Organization;
         user: UserWithWorkosId;
         membership: Membership;
-        client: SupabaseClient<Database>;
+        client: SupabaseClient$1<Database>;
     }>;
     /** Create two isolated organizations with admin users for cross-org isolation tests. */
     createCrossOrgFixture(nameA?: string, nameB?: string): Promise<{
@@ -3061,8 +2770,8 @@ declare class RLSTestContext {
         userB: UserWithWorkosId;
         membershipA: Membership;
         membershipB: Membership;
-        clientA: SupabaseClient<Database>;
-        clientB: SupabaseClient<Database>;
+        clientA: SupabaseClient$1<Database>;
+        clientB: SupabaseClient$1<Database>;
     }>;
     /**
      * Clean up all test data created during the test run
@@ -3119,4 +2828,622 @@ declare function setupResizeObserver(): void;
  */
 declare function setupBrowserMocks(): void;
 
-export { RLSTestContext, setupBrowserMocks, setupMatchMedia, setupResizeObserver };
+type SupabaseClient = _supabase_supabase_js.SupabaseClient<Database>;
+type SupabaseUserProfile = Tables<'users'>;
+type SupabaseOrganization = Tables<'organizations'>;
+type SupabaseOrgMembership = Tables<'org_memberships'>;
+type SupabaseApiKey = Tables<'api_keys'>;
+type SupabaseMembershipWithOrganization = SupabaseOrgMembership & {
+    organization: SupabaseOrganization | null;
+};
+
+/**
+ * Test user fixtures using actual Supabase types
+ * All timestamps use ISO 8601 format matching Supabase defaults
+ */
+declare const TEST_USERS: Record<string, SupabaseUserProfile>;
+/**
+ * Helper to create custom user fixture
+ */
+declare function createTestUser(overrides: Partial<SupabaseUserProfile>): SupabaseUserProfile;
+
+/**
+ * Test organization fixtures using actual Supabase types
+ */
+declare const TEST_ORGS: Record<string, SupabaseOrganization>;
+/**
+ * Helper to create custom organization fixture
+ */
+declare function createTestOrg(overrides: Partial<SupabaseOrganization>): SupabaseOrganization;
+
+/**
+ * Test membership fixtures using actual Supabase types
+ */
+declare const TEST_MEMBERSHIPS: Record<string, SupabaseOrgMembership>;
+/**
+ * Composite memberships with organization data (for joined queries)
+ */
+declare const TEST_MEMBERSHIPS_WITH_ORG: Record<string, SupabaseMembershipWithOrganization>;
+/**
+ * Helper to create custom membership fixture
+ */
+declare function createTestMembership(overrides: Partial<SupabaseOrgMembership>): SupabaseOrgMembership;
+
+/**
+ * Test API key fixtures using actual Supabase types
+ * Note: key_hash is bcrypt hash of the plaintext key shown in comments
+ */
+declare const TEST_API_KEYS: Record<string, SupabaseApiKey>;
+/**
+ * Plaintext API keys for testing (matches hashes above conceptually)
+ * In real tests, use these for Authorization: Bearer headers
+ */
+declare const TEST_API_KEY_PLAINTEXTS: Record<string, string>;
+/**
+ * Helper to create custom API key fixture
+ */
+declare function createTestApiKey(overrides: Partial<SupabaseApiKey>): SupabaseApiKey;
+
+/**
+ * Fixture data structure for mock Supabase client
+ */
+interface MockSupabaseFixtures {
+    users?: SupabaseUserProfile[];
+    organizations?: SupabaseOrganization[];
+    org_memberships?: SupabaseOrgMembership[];
+    api_keys?: SupabaseApiKey[];
+}
+/**
+ * Mock Supabase client with query builder pattern
+ *
+ * Supports common query patterns:
+ * - .from(table).select().eq(column, value).single()
+ * - .from(table).select().eq(column, value).maybeSingle()
+ * - .from(table).select().eq(column1, value1).eq(column2, value2).single()
+ *
+ * Usage:
+ * ```typescript
+ * import { createMockSupabaseClient, TEST_USERS, TEST_ORGS } from '@repo/core/test-utils'
+ *
+ * const mockClient = createMockSupabaseClient({
+ *   users: [TEST_USERS.admin, TEST_USERS.regularUser],
+ *   organizations: [TEST_ORGS.acme]
+ * })
+ *
+ * vi.mock('../lib/supabase', () => ({ supabaseClient: mockClient }))
+ * ```
+ */
+declare function createMockSupabaseClient(fixtures?: MockSupabaseFixtures): Partial<SupabaseClient>;
+/**
+ * Helper to create a mock that returns specific data for a query
+ *
+ * Usage:
+ * ```typescript
+ * const mockClient = createMockSupabaseResponse('users', TEST_USERS.admin)
+ * ```
+ */
+declare function createMockSupabaseResponse<T>(_tableName: string, data: T | null, error?: unknown): {
+    from: vitest.Mock<() => {
+        select: vitest.Mock<() => {
+            eq: vitest.Mock<() => {
+                single: vitest.Mock<() => Promise<{
+                    data: T | null;
+                    error: unknown;
+                }>>;
+                maybeSingle: vitest.Mock<() => Promise<{
+                    data: T | null;
+                    error: unknown;
+                }>>;
+            }>;
+        }>;
+    }>;
+};
+
+/**
+ * UserContext type for WorkOS JWT verification
+ * Matches the structure from apps/api/src/identity/auth/jwt-verifier.ts
+ */
+interface UserContext {
+    workosId: string;
+    supabaseId: string;
+    email: string;
+    firstName?: string;
+    lastName?: string;
+    isPlatformAdmin?: boolean;
+}
+/**
+ * Mock WorkOS client for testing
+ *
+ * Usage:
+ * ```typescript
+ * import { createMockWorkOSClient, TEST_USERS } from '@repo/core/test-utils'
+ *
+ * const mockWorkOS = createMockWorkOSClient({
+ *   validTokens: {
+ *     'valid-token': {
+ *       workosId: TEST_USERS.admin.workos_user_id,
+ *       supabaseId: TEST_USERS.admin.id,
+ *       email: TEST_USERS.admin.email
+ *     }
+ *   }
+ * })
+ *
+ * vi.mock('../identity/auth/workos-client', () => ({ workos: mockWorkOS }))
+ * ```
+ */
+declare function createMockWorkOSClient(options?: {
+    validTokens?: Record<string, UserContext>;
+    shouldFail?: boolean;
+}): {
+    userManagement: {
+        authenticateWithSessionCookie: vitest.Mock<({ sessionData }: {
+            sessionData: string;
+            cookiePassword?: string;
+        }) => Promise<{
+            user: {
+                id: string;
+                email: string;
+                firstName: string | undefined;
+                lastName: string | undefined;
+            };
+            sessionId: string;
+            organizationId: null;
+        } | null>>;
+    };
+};
+/**
+ * Helper to create mock verifyJWT function
+ * This mocks the actual verifyJWT function from jwt-verifier.ts
+ *
+ * Usage:
+ * ```typescript
+ * import { createMockVerifyJWT, TEST_USERS } from '@repo/core/test-utils'
+ *
+ * const mockVerifyJWT = createMockVerifyJWT({
+ *   'valid-token': {
+ *     workosId: TEST_USERS.admin.workos_user_id,
+ *     supabaseId: TEST_USERS.admin.id,
+ *     email: TEST_USERS.admin.email
+ *   }
+ * })
+ *
+ * vi.mock('../identity/auth/jwt-verifier', () => ({
+ *   verifyJWT: mockVerifyJWT,
+ *   extractToken: vi.fn((header) => header?.replace('Bearer ', ''))
+ * }))
+ * ```
+ */
+declare function createMockVerifyJWT(validTokens?: Record<string, UserContext>): ReturnType<typeof vi.fn>;
+/**
+ * Pre-configured mock for extractToken helper
+ */
+declare const mockExtractToken: vitest.Mock<(authHeader?: string) => string | null>;
+
+/**
+ * Base Zod schema for a project record.
+ * Extend with `BaseProjectSchema.extend({ metadata: ProjectMetaSchema })`.
+ */
+declare const BaseProjectSchema: z.ZodObject<{
+    id: z.ZodString;
+    organizationId: z.ZodString;
+    name: z.ZodString;
+    kind: z.ZodString;
+    status: z.ZodString;
+    description: z.ZodNullable<z.ZodString>;
+    metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    createdAt: z.ZodString;
+    updatedAt: z.ZodString;
+}, z.core.$strip>;
+/**
+ * Base Zod schema for a milestone record.
+ * Extend with `BaseMilestoneSchema.extend({ metadata: MilestoneMetaSchema })`.
+ */
+declare const BaseMilestoneSchema: z.ZodObject<{
+    id: z.ZodString;
+    organizationId: z.ZodString;
+    projectId: z.ZodString;
+    name: z.ZodString;
+    status: z.ZodString;
+    description: z.ZodNullable<z.ZodString>;
+    metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    createdAt: z.ZodString;
+    updatedAt: z.ZodString;
+}, z.core.$strip>;
+/**
+ * Base Zod schema for a task record.
+ * Extend with `BaseTaskSchema.extend({ metadata: TaskMetaSchema })`.
+ */
+declare const BaseTaskSchema: z.ZodObject<{
+    id: z.ZodString;
+    organizationId: z.ZodString;
+    projectId: z.ZodString;
+    name: z.ZodString;
+    status: z.ZodString;
+    type: z.ZodString;
+    description: z.ZodNullable<z.ZodString>;
+    metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    createdAt: z.ZodString;
+    updatedAt: z.ZodString;
+}, z.core.$strip>;
+/**
+ * Base Zod schema for a deal record.
+ * Extend with `BaseDealSchema.extend({ metadata: DealMetaSchema })`.
+ */
+declare const BaseDealSchema: z.ZodObject<{
+    id: z.ZodString;
+    organizationId: z.ZodString;
+    contactEmail: z.ZodString;
+    stage: z.ZodNullable<z.ZodString>;
+    metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    createdAt: z.ZodString;
+    updatedAt: z.ZodString;
+}, z.core.$strip>;
+/**
+ * Base Zod schema for a company record.
+ * Extend with `BaseCompanySchema.extend({ metadata: CompanyMetaSchema })`.
+ */
+declare const BaseCompanySchema: z.ZodObject<{
+    id: z.ZodString;
+    organizationId: z.ZodString;
+    name: z.ZodString;
+    domain: z.ZodNullable<z.ZodString>;
+    status: z.ZodString;
+    metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    createdAt: z.ZodString;
+    updatedAt: z.ZodString;
+}, z.core.$strip>;
+/**
+ * Base Zod schema for a contact record.
+ * Extend with `BaseContactSchema.extend({ metadata: ContactMetaSchema })`.
+ */
+declare const BaseContactSchema: z.ZodObject<{
+    id: z.ZodString;
+    organizationId: z.ZodString;
+    email: z.ZodString;
+    firstName: z.ZodNullable<z.ZodString>;
+    lastName: z.ZodNullable<z.ZodString>;
+    status: z.ZodString;
+    metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    createdAt: z.ZodString;
+    updatedAt: z.ZodString;
+}, z.core.$strip>;
+
+type BaseProjectFixture = z.infer<typeof BaseProjectSchema>;
+type BaseDealFixture = z.infer<typeof BaseDealSchema>;
+type BaseCompanyFixture = z.infer<typeof BaseCompanySchema>;
+type BaseContactFixture = z.infer<typeof BaseContactSchema>;
+type BaseMilestoneFixture = z.infer<typeof BaseMilestoneSchema>;
+type BaseTaskFixture = z.infer<typeof BaseTaskSchema>;
+declare function makeProject(overrides?: Partial<BaseProjectFixture>): BaseProjectFixture;
+declare function makeDeal(overrides?: Partial<BaseDealFixture>): BaseDealFixture;
+declare function makeCompany(overrides?: Partial<BaseCompanyFixture>): BaseCompanyFixture;
+declare function makeContact(overrides?: Partial<BaseContactFixture>): BaseContactFixture;
+declare function makeMilestone(overrides?: Partial<BaseMilestoneFixture>): BaseMilestoneFixture;
+declare function makeTask(overrides?: Partial<BaseTaskFixture>): BaseTaskFixture;
+
+declare const OrganizationModelSchema: z.ZodObject<{
+    version: z.ZodDefault<z.ZodLiteral<1>>;
+    features: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        label: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        color: z.ZodOptional<z.ZodString>;
+        icon: z.ZodOptional<z.ZodString>;
+        entityIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        surfaceIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        resourceIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        capabilityIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    }, z.core.$strip>>>;
+    branding: z.ZodObject<{
+        organizationName: z.ZodString;
+        productName: z.ZodString;
+        shortName: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        logos: z.ZodDefault<z.ZodObject<{
+            light: z.ZodOptional<z.ZodString>;
+            dark: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>;
+    }, z.core.$strip>;
+    navigation: z.ZodObject<{
+        defaultSurfaceId: z.ZodOptional<z.ZodString>;
+        surfaces: z.ZodDefault<z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            label: z.ZodString;
+            path: z.ZodString;
+            surfaceType: z.ZodEnum<{
+                list: "list";
+                settings: "settings";
+                page: "page";
+                dashboard: "dashboard";
+                graph: "graph";
+                detail: "detail";
+            }>;
+            description: z.ZodOptional<z.ZodString>;
+            enabled: z.ZodDefault<z.ZodBoolean>;
+            icon: z.ZodOptional<z.ZodString>;
+            featureId: z.ZodOptional<z.ZodString>;
+            featureIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+            entityIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+            resourceIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+            capabilityIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+            parentId: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+        groups: z.ZodDefault<z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            label: z.ZodString;
+            placement: z.ZodString;
+            surfaceIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>;
+    sales: z.ZodObject<{
+        entityId: z.ZodString;
+        defaultPipelineId: z.ZodString;
+        pipelines: z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            label: z.ZodString;
+            description: z.ZodOptional<z.ZodString>;
+            entityId: z.ZodString;
+            stages: z.ZodArray<z.ZodObject<{
+                label: z.ZodString;
+                description: z.ZodOptional<z.ZodString>;
+                color: z.ZodOptional<z.ZodString>;
+                icon: z.ZodOptional<z.ZodString>;
+                id: z.ZodString;
+                order: z.ZodNumber;
+                semanticClass: z.ZodEnum<{
+                    open: "open";
+                    active: "active";
+                    closed_won: "closed_won";
+                    closed_lost: "closed_lost";
+                    nurturing: "nurturing";
+                }>;
+                surfaceIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+                resourceIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+            }, z.core.$strip>>;
+        }, z.core.$strip>>;
+    }, z.core.$strip>;
+    prospecting: z.ZodObject<{
+        listEntityId: z.ZodString;
+        companyEntityId: z.ZodString;
+        contactEntityId: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        companyStages: z.ZodArray<z.ZodObject<{
+            label: z.ZodString;
+            description: z.ZodOptional<z.ZodString>;
+            color: z.ZodOptional<z.ZodString>;
+            icon: z.ZodOptional<z.ZodString>;
+            id: z.ZodString;
+            order: z.ZodNumber;
+        }, z.core.$strip>>;
+        contactStages: z.ZodArray<z.ZodObject<{
+            label: z.ZodString;
+            description: z.ZodOptional<z.ZodString>;
+            color: z.ZodOptional<z.ZodString>;
+            icon: z.ZodOptional<z.ZodString>;
+            id: z.ZodString;
+            order: z.ZodNumber;
+        }, z.core.$strip>>;
+    }, z.core.$strip>;
+    projects: z.ZodObject<{
+        projectEntityId: z.ZodString;
+        milestoneEntityId: z.ZodString;
+        taskEntityId: z.ZodString;
+        projectStatuses: z.ZodArray<z.ZodObject<{
+            label: z.ZodString;
+            description: z.ZodOptional<z.ZodString>;
+            color: z.ZodOptional<z.ZodString>;
+            icon: z.ZodOptional<z.ZodString>;
+            id: z.ZodString;
+            order: z.ZodNumber;
+        }, z.core.$strip>>;
+        milestoneStatuses: z.ZodArray<z.ZodObject<{
+            label: z.ZodString;
+            description: z.ZodOptional<z.ZodString>;
+            color: z.ZodOptional<z.ZodString>;
+            icon: z.ZodOptional<z.ZodString>;
+            id: z.ZodString;
+            order: z.ZodNumber;
+        }, z.core.$strip>>;
+        taskStatuses: z.ZodArray<z.ZodObject<{
+            label: z.ZodString;
+            description: z.ZodOptional<z.ZodString>;
+            color: z.ZodOptional<z.ZodString>;
+            icon: z.ZodOptional<z.ZodString>;
+            id: z.ZodString;
+            order: z.ZodNumber;
+        }, z.core.$strip>>;
+    }, z.core.$strip>;
+    identity: z.ZodDefault<z.ZodObject<{
+        mission: z.ZodDefault<z.ZodString>;
+        vision: z.ZodDefault<z.ZodString>;
+        legalName: z.ZodDefault<z.ZodString>;
+        entityType: z.ZodDefault<z.ZodString>;
+        jurisdiction: z.ZodDefault<z.ZodString>;
+        industryCategory: z.ZodDefault<z.ZodString>;
+        geographicFocus: z.ZodDefault<z.ZodString>;
+        timeZone: z.ZodDefault<z.ZodString>;
+        businessHours: z.ZodDefault<z.ZodObject<{
+            monday: z.ZodOptional<z.ZodObject<{
+                open: z.ZodString;
+                close: z.ZodString;
+            }, z.core.$strip>>;
+            tuesday: z.ZodOptional<z.ZodObject<{
+                open: z.ZodString;
+                close: z.ZodString;
+            }, z.core.$strip>>;
+            wednesday: z.ZodOptional<z.ZodObject<{
+                open: z.ZodString;
+                close: z.ZodString;
+            }, z.core.$strip>>;
+            thursday: z.ZodOptional<z.ZodObject<{
+                open: z.ZodString;
+                close: z.ZodString;
+            }, z.core.$strip>>;
+            friday: z.ZodOptional<z.ZodObject<{
+                open: z.ZodString;
+                close: z.ZodString;
+            }, z.core.$strip>>;
+            saturday: z.ZodOptional<z.ZodObject<{
+                open: z.ZodString;
+                close: z.ZodString;
+            }, z.core.$strip>>;
+            sunday: z.ZodOptional<z.ZodObject<{
+                open: z.ZodString;
+                close: z.ZodString;
+            }, z.core.$strip>>;
+        }, z.core.$strip>>;
+        clientBrief: z.ZodDefault<z.ZodString>;
+    }, z.core.$strip>>;
+    customers: z.ZodDefault<z.ZodObject<{
+        segments: z.ZodDefault<z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            name: z.ZodDefault<z.ZodString>;
+            description: z.ZodDefault<z.ZodString>;
+            jobsToBeDone: z.ZodDefault<z.ZodString>;
+            pains: z.ZodDefault<z.ZodArray<z.ZodString>>;
+            gains: z.ZodDefault<z.ZodArray<z.ZodString>>;
+            firmographics: z.ZodDefault<z.ZodObject<{
+                industry: z.ZodOptional<z.ZodString>;
+                companySize: z.ZodOptional<z.ZodString>;
+                region: z.ZodOptional<z.ZodString>;
+            }, z.core.$strip>>;
+            valueProp: z.ZodDefault<z.ZodString>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
+    offerings: z.ZodDefault<z.ZodObject<{
+        products: z.ZodDefault<z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            name: z.ZodDefault<z.ZodString>;
+            description: z.ZodDefault<z.ZodString>;
+            pricingModel: z.ZodDefault<z.ZodEnum<{
+                custom: "custom";
+                "one-time": "one-time";
+                subscription: "subscription";
+                "usage-based": "usage-based";
+            }>>;
+            price: z.ZodDefault<z.ZodNumber>;
+            currency: z.ZodDefault<z.ZodString>;
+            targetSegmentIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+            deliveryFeatureId: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
+    roles: z.ZodDefault<z.ZodObject<{
+        roles: z.ZodDefault<z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            title: z.ZodString;
+            responsibilities: z.ZodDefault<z.ZodArray<z.ZodString>>;
+            reportsToId: z.ZodOptional<z.ZodString>;
+            heldBy: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
+    goals: z.ZodDefault<z.ZodObject<{
+        objectives: z.ZodDefault<z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            description: z.ZodString;
+            periodStart: z.ZodString;
+            periodEnd: z.ZodString;
+            keyResults: z.ZodDefault<z.ZodArray<z.ZodObject<{
+                id: z.ZodString;
+                description: z.ZodString;
+                targetMetric: z.ZodString;
+                currentValue: z.ZodDefault<z.ZodNumber>;
+                targetValue: z.ZodOptional<z.ZodNumber>;
+            }, z.core.$strip>>>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
+    statuses: z.ZodDefault<z.ZodObject<{
+        entries: z.ZodDefault<z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            label: z.ZodString;
+            semanticClass: z.ZodEnum<{
+                execution: "execution";
+                schedule: "schedule";
+                queue: "queue";
+                "delivery.project": "delivery.project";
+                "delivery.milestone": "delivery.milestone";
+                "delivery.task": "delivery.task";
+                "schedule.run": "schedule.run";
+                request: "request";
+            }>;
+            category: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
+    operations: z.ZodDefault<z.ZodObject<{
+        entries: z.ZodDefault<z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            label: z.ZodString;
+            semanticClass: z.ZodEnum<{
+                sessions: "sessions";
+                notifications: "notifications";
+                schedules: "schedules";
+                executions: "executions";
+                queue: "queue";
+            }>;
+            featureId: z.ZodOptional<z.ZodString>;
+            supportedStatusSemanticClass: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
+    resourceMappings: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        label: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        color: z.ZodOptional<z.ZodString>;
+        icon: z.ZodOptional<z.ZodString>;
+        id: z.ZodString;
+        resourceId: z.ZodString;
+        resourceType: z.ZodEnum<{
+            agent: "agent";
+            workflow: "workflow";
+            trigger: "trigger";
+            integration: "integration";
+            external: "external";
+            human_checkpoint: "human_checkpoint";
+        }>;
+        featureIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        entityIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        surfaceIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        capabilityIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        techStack: z.ZodOptional<z.ZodObject<{
+            platform: z.ZodString;
+            purpose: z.ZodString;
+            credentialStatus: z.ZodEnum<{
+                pending: "pending";
+                configured: "configured";
+                expired: "expired";
+                missing: "missing";
+            }>;
+            isSystemOfRecord: z.ZodDefault<z.ZodBoolean>;
+        }, z.core.$strip>>;
+    }, z.core.$strip>>>;
+}, z.core.$strip>;
+
+type OrganizationModel = z.infer<typeof OrganizationModelSchema>;
+type DeepPartial<T> = T extends Array<infer U> ? Array<DeepPartial<U>> : T extends object ? {
+    [K in keyof T]?: DeepPartial<T[K]>;
+} : T;
+
+interface TestInitializationError {
+    layer: 'auth' | 'profile' | 'organization';
+    message: string;
+    originalError?: Error;
+}
+interface TestInitializationState {
+    userReady: boolean;
+    organizationReady: boolean;
+    allReady: boolean;
+    isInitializing: boolean;
+    error: TestInitializationError | null;
+    retry: () => void;
+    profile: SupabaseUserProfile | null;
+}
+type TestInitializationStateOverrides = Partial<Omit<TestInitializationState, 'error' | 'profile' | 'retry'>> & {
+    error?: TestInitializationError | null;
+    profile?: Partial<SupabaseUserProfile> | SupabaseUserProfile | null;
+    retry?: () => void;
+};
+declare function makeOrganizationModel(overrides?: DeepPartial<OrganizationModel>): OrganizationModel;
+declare function makeUserProfile(overrides?: Partial<SupabaseUserProfile>): SupabaseUserProfile;
+declare function makeInitializationState(overrides?: TestInitializationStateOverrides): TestInitializationState;
+
+export { RLSTestContext, TEST_API_KEYS, TEST_API_KEY_PLAINTEXTS, TEST_MEMBERSHIPS, TEST_MEMBERSHIPS_WITH_ORG, TEST_ORGS, TEST_USERS, createMockSupabaseClient, createMockSupabaseResponse, createMockVerifyJWT, createMockWorkOSClient, createTestApiKey, createTestMembership, createTestOrg, createTestUser, makeCompany, makeContact, makeDeal, makeInitializationState, makeMilestone, makeOrganizationModel, makeProject, makeTask, makeUserProfile, mockExtractToken, setupBrowserMocks, setupMatchMedia, setupResizeObserver };
+export type { MockSupabaseFixtures, TestInitializationError, TestInitializationState, TestInitializationStateOverrides, UserContext };