npm - @rangka/core - Versions diffs - 0.1.0 → 0.1.2 - Mend

@rangka/core 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (197) hide show

package/package.json +6 -2
package/.claude/skills/extend-core/SKILL.md +0 -133
package/.turbo/turbo-build.log +0 -4
package/CHANGELOG.md +0 -18
package/CLAUDE.md +0 -180
package/src/__tests__/coerce.test.ts +0 -154
package/src/__tests__/context.test.ts +0 -111
package/src/__tests__/helpers.ts +0 -21
package/src/__tests__/index.test.ts +0 -7
package/src/__tests__/widgets.test.ts +0 -197
package/src/api/__tests__/handlers.test.ts +0 -389
package/src/api/__tests__/include-resolver.test.ts +0 -393
package/src/api/__tests__/middleware.test.ts +0 -100
package/src/api/__tests__/openapi-schema.test.ts +0 -210
package/src/api/__tests__/query-parser.test.ts +0 -291
package/src/api/__tests__/route-generator.test.ts +0 -137
package/src/api/__tests__/server.test.ts +0 -73
package/src/api/__tests__/swagger.test.ts +0 -166
package/src/api/handlers.ts +0 -274
package/src/api/include-resolver.ts +0 -27
package/src/api/index.ts +0 -4
package/src/api/meta-handler.ts +0 -254
package/src/api/openapi-schema.ts +0 -99
package/src/api/query-parser.ts +0 -315
package/src/api/route-generator.ts +0 -448
package/src/api/server.ts +0 -147
package/src/api/types.ts +0 -16
package/src/audit/__tests__/audit.test.ts +0 -144
package/src/audit/index.ts +0 -3
package/src/audit/record.ts +0 -69
package/src/audit/tables.ts +0 -48
package/src/audit/types.ts +0 -26
package/src/auth/__tests__/core-module.test.ts +0 -54
package/src/auth/__tests__/debug.test.ts +0 -47
package/src/auth/__tests__/field-permissions.test.ts +0 -245
package/src/auth/__tests__/integration.test.ts +0 -208
package/src/auth/__tests__/meta-boot.test.ts +0 -538
package/src/auth/__tests__/model-permissions.test.ts +0 -205
package/src/auth/__tests__/password.test.ts +0 -29
package/src/auth/__tests__/permission-registry.test.ts +0 -313
package/src/auth/__tests__/scope-hook.test.ts +0 -509
package/src/auth/__tests__/scope-registry.test.ts +0 -297
package/src/auth/__tests__/scopes.test.ts +0 -66
package/src/auth/__tests__/session.test.ts +0 -214
package/src/auth/core-models.ts +0 -52
package/src/auth/core-module.ts +0 -59
package/src/auth/debug.ts +0 -157
package/src/auth/field-permissions.ts +0 -116
package/src/auth/index.ts +0 -37
package/src/auth/model-permissions.ts +0 -59
package/src/auth/password.ts +0 -22
package/src/auth/permission-registry.ts +0 -171
package/src/auth/scope-filters.ts +0 -11
package/src/auth/scope-registry.ts +0 -121
package/src/auth/scopes.ts +0 -146
package/src/auth/seed.ts +0 -44
package/src/auth/session.ts +0 -178
package/src/auth/types.ts +0 -50
package/src/boot/__tests__/page-scanning.test.ts +0 -170
package/src/boot/__tests__/page-utils.test.ts +0 -225
package/src/boot/__tests__/project-scanner.test.ts +0 -88
package/src/boot/dependency-sort.ts +0 -82
package/src/boot/discovery.ts +0 -85
package/src/boot/index.ts +0 -457
package/src/boot/page-utils.ts +0 -110
package/src/boot/project-scanner.ts +0 -397
package/src/boot/schema-loader.ts +0 -26
package/src/boot/schema-merger.ts +0 -125
package/src/boot/traits.ts +0 -25
package/src/boot/types.ts +0 -73
package/src/context.ts +0 -105
package/src/db/__tests__/cascade-delete.test.ts +0 -182
package/src/db/__tests__/desired-state.test.ts +0 -136
package/src/db/__tests__/diff-engine.test.ts +0 -635
package/src/db/__tests__/field-mapper.test.ts +0 -355
package/src/db/__tests__/introspect.test.ts +0 -70
package/src/db/__tests__/search-filter.test.ts +0 -45
package/src/db/__tests__/sequence.test.ts +0 -221
package/src/db/auto-sync.ts +0 -133
package/src/db/client.ts +0 -147
package/src/db/desired-state.ts +0 -98
package/src/db/diff-engine.ts +0 -305
package/src/db/field-mapper.ts +0 -504
package/src/db/filter-applier.ts +0 -89
package/src/db/include-resolver.ts +0 -40
package/src/db/index.ts +0 -23
package/src/db/introspect.ts +0 -265
package/src/db/model-include-resolver.ts +0 -327
package/src/db/model-ops.ts +0 -281
package/src/db/scope-enforcer.ts +0 -37
package/src/db/types.ts +0 -98
package/src/errors.ts +0 -41
package/src/events/__tests__/bus.test.ts +0 -105
package/src/events/bus.ts +0 -89
package/src/events/index.ts +0 -2
package/src/events/types.ts +0 -9
package/src/external-model/__tests__/computed-fields.test.ts +0 -106
package/src/external-model/__tests__/field-mapper.test.ts +0 -160
package/src/external-model/__tests__/in-memory-ops.test.ts +0 -247
package/src/external-model/__tests__/mutation-executor.test.ts +0 -160
package/src/external-model/__tests__/query-executor.test.ts +0 -284
package/src/external-model/__tests__/schema-converter.test.ts +0 -174
package/src/external-model/computed-fields.ts +0 -15
package/src/external-model/define.ts +0 -5
package/src/external-model/external-model-ops.ts +0 -108
package/src/external-model/field-mapper.ts +0 -66
package/src/external-model/in-memory-ops.ts +0 -107
package/src/external-model/index.ts +0 -7
package/src/external-model/mutation-executor.ts +0 -71
package/src/external-model/query-executor.ts +0 -100
package/src/external-model/schema-converter.ts +0 -53
package/src/external-model/types.ts +0 -32
package/src/fixtures/__tests__/fixtures.test.ts +0 -203
package/src/fixtures/index.ts +0 -10
package/src/fixtures/loader.ts +0 -196
package/src/fixtures/registry.ts +0 -125
package/src/fixtures/types.ts +0 -33
package/src/helpers/assert-ownership.ts +0 -19
package/src/helpers/coerce.ts +0 -28
package/src/helpers/stamping.ts +0 -28
package/src/helpers/validation.ts +0 -14
package/src/hooks/__tests__/context.test.ts +0 -73
package/src/hooks/__tests__/executor.test.ts +0 -433
package/src/hooks/__tests__/middleware.test.ts +0 -224
package/src/hooks/__tests__/registry.test.ts +0 -50
package/src/hooks/context.ts +0 -89
package/src/hooks/errors.ts +0 -11
package/src/hooks/executor.ts +0 -115
package/src/hooks/index.ts +0 -10
package/src/hooks/middleware.ts +0 -220
package/src/hooks/registry.ts +0 -20
package/src/hooks/types.ts +0 -32
package/src/index.ts +0 -172
package/src/jobs/__tests__/enqueue.test.ts +0 -77
package/src/jobs/__tests__/integration.test.ts +0 -71
package/src/jobs/__tests__/registry.test.ts +0 -103
package/src/jobs/__tests__/scheduler.test.ts +0 -92
package/src/jobs/__tests__/worker-execution.test.ts +0 -202
package/src/jobs/__tests__/worker.test.ts +0 -119
package/src/jobs/enqueue.ts +0 -93
package/src/jobs/index.ts +0 -14
package/src/jobs/registry.ts +0 -92
package/src/jobs/scheduler.ts +0 -205
package/src/jobs/tables.ts +0 -132
package/src/jobs/types.ts +0 -62
package/src/jobs/worker.ts +0 -272
package/src/model-api/__tests__/cross-boundary-includes.test.ts +0 -366
package/src/model-api/__tests__/extended-api.test.ts +0 -244
package/src/model-api/__tests__/filter-applier.test.ts +0 -177
package/src/model-api/__tests__/filter-translator.test.ts +0 -186
package/src/model-api/__tests__/include-resolver.test.ts +0 -226
package/src/model-api/__tests__/model-access.test.ts +0 -284
package/src/model-api/__tests__/query-builder.test.ts +0 -224
package/src/model-api/__tests__/scope-enforcer.test.ts +0 -268
package/src/model-api/field-access.ts +0 -28
package/src/model-api/filter-applier.ts +0 -1
package/src/model-api/filter-translator.ts +0 -67
package/src/model-api/include-resolver.ts +0 -2
package/src/model-api/index.ts +0 -86
package/src/model-api/query-builder.ts +0 -155
package/src/model-api/scope-enforcer.ts +0 -3
package/src/model-api/types.ts +0 -139
package/src/plugins/__tests__/adapter-registry.test.ts +0 -92
package/src/plugins/__tests__/lifecycle.test.ts +0 -96
package/src/plugins/__tests__/loader.test.ts +0 -273
package/src/plugins/__tests__/validator.test.ts +0 -275
package/src/plugins/adapter-registry.ts +0 -42
package/src/plugins/define.ts +0 -5
package/src/plugins/index.ts +0 -28
package/src/plugins/lifecycle.ts +0 -27
package/src/plugins/loader.ts +0 -126
package/src/plugins/types.ts +0 -76
package/src/plugins/validator.ts +0 -141
package/src/schema/__tests__/registry-models-by-module.test.ts +0 -58
package/src/schema/registry.ts +0 -93
package/src/schema/relationships.ts +0 -93
package/src/schema/types.ts +0 -43
package/src/services/__tests__/integration.test.ts +0 -63
package/src/services/__tests__/registry.test.ts +0 -175
package/src/services/index.ts +0 -13
package/src/services/registry.ts +0 -156
package/src/services/types.ts +0 -27
package/src/validation/__tests__/field-validator.test.ts +0 -195
package/src/validation/field-validator.ts +0 -113
package/src/validation/index.ts +0 -1
package/src/widgets/index.ts +0 -3
package/src/widgets/slot-validator.ts +0 -87
package/src/widgets/widget-registry.ts +0 -32
package/tests/boot.test.ts +0 -323
package/tests/dependency-sort.test.ts +0 -99
package/tests/discovery.test.ts +0 -126
package/tests/registry.test.ts +0 -216
package/tests/schema-loader.test.ts +0 -52
package/tests/schema-merger.test.ts +0 -180
package/tsconfig.json +0 -9
package/tsconfig.tsbuildinfo +0 -1
package/vitest.config.ts +0 -14

package/src/auth/__tests__/scope-hook.test.ts DELETED Viewed

@@ -1,509 +0,0 @@
-import { describe, it, expect, vi } from 'vitest';
-import { createScopeHook, createScopeWriteGuard } from '../scopes.js';
-import type { FilterProvider } from '../scopes.js';
-import { ScopeRegistry } from '../scope-registry.js';
-import { SchemaRegistry } from '../../schema/registry.js';
-import type { ResolvedModel } from '../../schema/types.js';
-import type { ModuleConfig } from '@rangka/shared';
-import type { FastifyRequest, FastifyReply } from 'fastify';
-import { AppError } from '../../errors.js';
-function makeModel(overrides: Partial<ResolvedModel> & { qualifiedName: string }): ResolvedModel {
-  return {
-    app: overrides.module ?? 'test',
-    module: overrides.module ?? 'test',
-    name: overrides.qualifiedName.split('.')[1],
-    auditLog: false,
-    traits: [],
-    fields: [],
-    indexes: [],
-    ...overrides,
-  };
-}
-function linkField(name: string, model: string) {
-  return {
-    name,
-    config: { type: 'link' as const, model },
-    provenance: { source: 'base' as const },
-  };
-}
-function createMockDb(existingIds: string[] = []) {
-  return {
-    selectFrom: vi.fn().mockReturnValue({
-      where: vi.fn().mockReturnValue({
-        selectAll: vi.fn().mockReturnValue({
-          executeTakeFirst: vi.fn().mockImplementation(async () => {
-            return existingIds.length > 0 ? { id: existingIds[0] } : undefined;
-          }),
-        }),
-      }),
-    }),
-  } as any;
-}
-function createMockRequest(options: {
-  headers?: Record<string, string>;
-  method?: string;
-  body?: Record<string, unknown>;
-  authContext?: Record<string, unknown>;
-}): FastifyRequest {
-  const req = {
-    headers: options.headers ?? {},
-    method: options.method ?? 'GET',
-    body: options.body,
-    authContext: options.authContext ?? {
-      user: {
-        id: 'user-1',
-        email: 'test@test.com',
-        full_name: 'Test',
-        enabled: true,
-        password_hash: '',
-      },
-      permissions: { models: {}, pages: [], version: 1 },
-      roles: ['admin'],
-    },
-  } as any;
-  return req;
-}
-function createMockReply() {
-  const reply: any = {
-    statusCode: 200,
-    body: null,
-    status: vi.fn().mockImplementation((code: number) => {
-      reply.statusCode = code;
-      return reply;
-    }),
-    send: vi.fn().mockImplementation((body: unknown) => {
-      reply.body = body;
-      return reply;
-    }),
-  };
-  return reply as FastifyReply & { statusCode: number; body: any };
-}
-function buildScopeContext() {
-  const modules: ModuleConfig[] = [
-    {
-      name: 'core',
-      label: 'Core',
-      scopes: {
-        company: { model: 'core.company', default: 'user.default_company', switchable: true },
-      },
-    },
-  ];
-  const companyModel = makeModel({ qualifiedName: 'core.company', module: 'core' });
-  const invoiceModel = makeModel({
-    qualifiedName: 'sales.invoice',
-    module: 'sales',
-    scope: 'company',
-    fields: [linkField('company', 'core.company')],
-  });
-  const unscopedModel = makeModel({
-    qualifiedName: 'sales.customer',
-    module: 'sales',
-    fields: [],
-  });
-  const schemaRegistry = new SchemaRegistry([companyModel, invoiceModel, unscopedModel]);
-  const scopeRegistry = new ScopeRegistry(modules, schemaRegistry);
-  return { scopeRegistry, invoiceModel, unscopedModel, schemaRegistry };
-}
-describe('createScopeHook', () => {
-  it('attaches scope filter from X-Active-Scope header', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb(['company-1']);
-    const hook = createScopeHook({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({
-      headers: { 'x-active-scope': JSON.stringify({ company: 'company-1' }) },
-    });
-    const reply = createMockReply();
-    await hook(request, reply);
-    const authCtx = (request as any).authContext;
-    expect(authCtx.scopeFilters).toEqual([
-      { field: 'company', operator: 'eq', value: 'company-1' },
-    ]);
-  });
-  it('falls back to user default field when header is missing', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb(['company-default']);
-    const hook = createScopeHook({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({
-      authContext: {
-        user: {
-          id: 'user-1',
-          email: 'test@test.com',
-          full_name: 'Test',
-          enabled: true,
-          password_hash: '',
-          default_company: 'company-default',
-        },
-        permissions: { models: {}, pages: [], version: 1 },
-        roles: ['admin'],
-      },
-    });
-    const reply = createMockReply();
-    await hook(request, reply);
-    const authCtx = (request as any).authContext;
-    expect(authCtx.scopeFilters).toEqual([
-      { field: 'company', operator: 'eq', value: 'company-default' },
-    ]);
-  });
-  it('returns 400 when no scope value available', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const hook = createScopeHook({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({ headers: {} });
-    const reply = createMockReply();
-    const error = await hook(request, reply).catch((e) => e);
-    expect(error).toBeInstanceOf(AppError);
-    expect(error.statusCode).toBe(400);
-    expect(error.code).toBe('MISSING_SCOPE');
-  });
-  it('returns 400 when scope value does not exist in DB', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const hook = createScopeHook({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({
-      headers: { 'x-active-scope': JSON.stringify({ company: 'nonexistent' }) },
-    });
-    const reply = createMockReply();
-    const error = await hook(request, reply).catch((e) => e);
-    expect(error).toBeInstanceOf(AppError);
-    expect(error.statusCode).toBe(400);
-    expect(error.code).toBe('INVALID_SCOPE');
-  });
-  it('skips scope filtering for unscoped models', async () => {
-    const { scopeRegistry, unscopedModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const hook = createScopeHook({ model: unscopedModel, scopeRegistry, db });
-    const request = createMockRequest({});
-    const reply = createMockReply();
-    await hook(request, reply);
-    const authCtx = (request as any).authContext;
-    expect(authCtx.scopeFilters).toEqual([]);
-  });
-  it('skips when no auth context', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const hook = createScopeHook({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({ authContext: {} });
-    const reply = createMockReply();
-    await hook(request, reply);
-    expect(reply.status).not.toHaveBeenCalled();
-  });
-  it('header takes precedence over user default', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb(['from-header']);
-    const hook = createScopeHook({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({
-      headers: { 'x-active-scope': JSON.stringify({ company: 'from-header' }) },
-      authContext: {
-        user: {
-          id: 'user-1',
-          email: 'test@test.com',
-          full_name: 'Test',
-          enabled: true,
-          password_hash: '',
-          default_company: 'from-user',
-        },
-        permissions: { models: {}, pages: [], version: 1 },
-        roles: ['admin'],
-      },
-    });
-    const reply = createMockReply();
-    await hook(request, reply);
-    const authCtx = (request as any).authContext;
-    expect(authCtx.scopeFilters).toEqual([
-      { field: 'company', operator: 'eq', value: 'from-header' },
-    ]);
-  });
-  it('appends filters from filter providers', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb(['company-1']);
-    const territoryProvider: FilterProvider = (_model, authCtx, _request) => {
-      const territory = (authCtx.user as any)?.territory;
-      if (territory) {
-        return [{ field: 'territory', operator: 'eq', value: territory }];
-      }
-      return [];
-    };
-    const hook = createScopeHook({
-      model: invoiceModel,
-      scopeRegistry,
-      db,
-      filterProviders: [territoryProvider],
-    });
-    const request = createMockRequest({
-      headers: { 'x-active-scope': JSON.stringify({ company: 'company-1' }) },
-      authContext: {
-        user: {
-          id: 'user-1',
-          email: 'test@test.com',
-          full_name: 'Test',
-          enabled: true,
-          password_hash: '',
-          territory: 'North',
-        },
-        permissions: { models: {}, pages: [], version: 1 },
-        roles: ['admin'],
-      },
-    });
-    const reply = createMockReply();
-    await hook(request, reply);
-    const authCtx = (request as any).authContext;
-    expect(authCtx.scopeFilters).toEqual([
-      { field: 'company', operator: 'eq', value: 'company-1' },
-      { field: 'territory', operator: 'eq', value: 'North' },
-    ]);
-  });
-  it('filter providers run even on unscoped models', async () => {
-    const { scopeRegistry, unscopedModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const staticProvider: FilterProvider = () => [{ field: 'active', operator: 'eq', value: true }];
-    const hook = createScopeHook({
-      model: unscopedModel,
-      scopeRegistry,
-      db,
-      filterProviders: [staticProvider],
-    });
-    const request = createMockRequest({});
-    const reply = createMockReply();
-    await hook(request, reply);
-    const authCtx = (request as any).authContext;
-    expect(authCtx.scopeFilters).toEqual([{ field: 'active', operator: 'eq', value: true }]);
-  });
-});
-describe('createScopeWriteGuard', () => {
-  it('auto-stamps scope value on POST when body is missing scope field', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const body: Record<string, unknown> = { total: 100 };
-    const guard = createScopeWriteGuard({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({
-      method: 'POST',
-      body,
-      authContext: {
-        user: {
-          id: 'user-1',
-          email: 'test@test.com',
-          full_name: 'Test',
-          enabled: true,
-          password_hash: '',
-        },
-        permissions: { models: {}, pages: [], version: 1 },
-        roles: ['admin'],
-        scopeFilters: [{ field: 'company', operator: 'eq', value: 'company-1' }],
-      },
-    });
-    const reply = createMockReply();
-    await guard(request, reply);
-    expect(body.company).toBe('company-1');
-    expect(reply.status).not.toHaveBeenCalled();
-  });
-  it('allows POST when body includes correct scope value', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const body: Record<string, unknown> = { total: 100, company: 'company-1' };
-    const guard = createScopeWriteGuard({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({
-      method: 'POST',
-      body,
-      authContext: {
-        user: {
-          id: 'user-1',
-          email: 'test@test.com',
-          full_name: 'Test',
-          enabled: true,
-          password_hash: '',
-        },
-        permissions: { models: {}, pages: [], version: 1 },
-        roles: ['admin'],
-        scopeFilters: [{ field: 'company', operator: 'eq', value: 'company-1' }],
-      },
-    });
-    const reply = createMockReply();
-    await guard(request, reply);
-    expect(reply.status).not.toHaveBeenCalled();
-  });
-  it('rejects POST when body has different scope value', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const body: Record<string, unknown> = { total: 100, company: 'other-company' };
-    const guard = createScopeWriteGuard({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({
-      method: 'POST',
-      body,
-      authContext: {
-        user: {
-          id: 'user-1',
-          email: 'test@test.com',
-          full_name: 'Test',
-          enabled: true,
-          password_hash: '',
-        },
-        permissions: { models: {}, pages: [], version: 1 },
-        roles: ['admin'],
-        scopeFilters: [{ field: 'company', operator: 'eq', value: 'company-1' }],
-      },
-    });
-    const reply = createMockReply();
-    const error = await guard(request, reply).catch((e) => e);
-    expect(error).toBeInstanceOf(AppError);
-    expect(error.statusCode).toBe(403);
-    expect(error.code).toBe('SCOPE_VIOLATION');
-  });
-  it('rejects PUT when trying to change scope field', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const body: Record<string, unknown> = { company: 'other-company' };
-    const guard = createScopeWriteGuard({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({
-      method: 'PUT',
-      body,
-      authContext: {
-        user: {
-          id: 'user-1',
-          email: 'test@test.com',
-          full_name: 'Test',
-          enabled: true,
-          password_hash: '',
-        },
-        permissions: { models: {}, pages: [], version: 1 },
-        roles: ['admin'],
-        scopeFilters: [{ field: 'company', operator: 'eq', value: 'company-1' }],
-      },
-    });
-    const reply = createMockReply();
-    const error = await guard(request, reply).catch((e) => e);
-    expect(error).toBeInstanceOf(AppError);
-    expect(error.statusCode).toBe(403);
-    expect(error.code).toBe('SCOPE_VIOLATION');
-  });
-  it('allows PUT when scope field is not in body', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const body: Record<string, unknown> = { total: 200 };
-    const guard = createScopeWriteGuard({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({
-      method: 'PUT',
-      body,
-      authContext: {
-        user: {
-          id: 'user-1',
-          email: 'test@test.com',
-          full_name: 'Test',
-          enabled: true,
-          password_hash: '',
-        },
-        permissions: { models: {}, pages: [], version: 1 },
-        roles: ['admin'],
-        scopeFilters: [{ field: 'company', operator: 'eq', value: 'company-1' }],
-      },
-    });
-    const reply = createMockReply();
-    await guard(request, reply);
-    expect(reply.status).not.toHaveBeenCalled();
-  });
-  it('skips for GET requests', async () => {
-    const { scopeRegistry, invoiceModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const guard = createScopeWriteGuard({ model: invoiceModel, scopeRegistry, db });
-    const request = createMockRequest({ method: 'GET' });
-    const reply = createMockReply();
-    await guard(request, reply);
-    expect(reply.status).not.toHaveBeenCalled();
-  });
-  it('skips for unscoped models', async () => {
-    const { scopeRegistry, unscopedModel } = buildScopeContext();
-    const db = createMockDb([]);
-    const body: Record<string, unknown> = { name: 'test' };
-    const guard = createScopeWriteGuard({ model: unscopedModel, scopeRegistry, db });
-    const request = createMockRequest({
-      method: 'POST',
-      body,
-      authContext: {
-        user: {
-          id: 'user-1',
-          email: 'test@test.com',
-          full_name: 'Test',
-          enabled: true,
-          password_hash: '',
-        },
-        permissions: { models: {}, pages: [], version: 1 },
-        roles: ['admin'],
-        scopeFilters: [],
-      },
-    });
-    const reply = createMockReply();
-    await guard(request, reply);
-    expect(reply.status).not.toHaveBeenCalled();
-  });
-});