@specverse/engines 6.65.0 → 6.75.0

package/dist/libs/instance-factories/services/templates/postgres-native/controller-generator.js

@@ -15,12 +15,13 @@ function generatePgNativeController(context) {
     Object.assign(modelRegistry, models);
   }
   const customActions = generateCustomActions(controller, modelRegistry);
-  const validate = generateValidateMethod(model, modelName);
-  const create = curedOps.create ? generateCreateMethod(modelName, modelVar) : "";
+  const hasConstraints = Array.isArray(model.constraints) && model.constraints.length > 0;
+  const validate = generateValidateMethod(model, modelName, hasConstraints);
+  const create = curedOps.create ? generateCreateMethod(model, modelName, modelVar, hasConstraints) : "";
   const retrieve = curedOps.retrieve ? generateRetrieveMethod(modelName, modelVar) : "";
-  const update = curedOps.update ? generateUpdateMethod(modelName, modelVar) : "";
-  const evolve = curedOps.evolve ? generateEvolveMethod(model, modelName, modelVar) : "";
-  const del = curedOps.delete ? generateDeleteMethod(modelName, modelVar) : "";
+  const update = curedOps.update ? generateUpdateMethod(modelName, modelVar, hasConstraints) : "";
+  const evolve = curedOps.evolve ? generateEvolveMethod(model, modelName, modelVar, hasConstraints) : "";
+  const del = curedOps.delete ? generateDeleteMethod(modelName, modelVar, hasConstraints) : "";
   const hasEventPublishing = curedOps.create || curedOps.update || curedOps.evolve || curedOps.delete;
   const helperImports = [
     "insertOne",
@@ -40,6 +41,7 @@ function generatePgNativeController(context) {
 import { ${helperImports} } from '../db/pgClient.js';
 ${hasEventPublishing || customActions.needsAiBehaviors ? `import { eventBus } from '../events/eventBus.js';` : ""}
 ${customActions.needsAiBehaviors ? `import * as aiBehaviors from '../behaviors/${controllerName}.ai.js';` : ""}
+${hasConstraints ? `import { runGuards as runConstraintGuards } from './${modelName}.guards.js';` : ""}
 
 const TABLE_NAME = '${table}';
 
@@ -64,17 +66,32 @@ function tableName(model) {
   if (model?.storage?.table) return String(model.storage.table);
   return model.name.toLowerCase() + "s";
 }
-function generateValidateMethod(model, modelName) {
+function generateValidateMethod(model, modelName, hasConstraints) {
+  const opTypeUnion = hasConstraints ? `'create' | 'update' | 'evolve' | 'delete' | \`evolve.\${string}\`` : `'create' | 'update' | 'evolve'`;
+  const constraintsCheck = hasConstraints ? `
+    // Phase 2 \u2014 run model.constraints[] guards matching this operation.
+    // Slice 15b \u2014 ctx carries a per-model query helper for subquery sugars.
+    const __guardCtx = {
+      query: (modelName: string) => ({
+        exists: async (predicate: (e: any) => boolean) => {
+          const all = await findAll(modelName);
+          return all.some(predicate);
+        },
+      }),
+    };
+    const constraintViolations = await runConstraintGuards(_data, _context.operation, _actor, __guardCtx);
+    for (const v of constraintViolations) errors.push(v.message);` : "";
   return `
   /**
-   * Validate ${modelName} data \u2014 runs before create / update / evolve.
+   * Validate ${modelName} data \u2014 runs before create / update / evolve / delete.
    */
-  public validate(
+  public async validate(
     _data: any,
-    _context: { operation: 'create' | 'update' | 'evolve' }
-  ): { valid: boolean; errors: string[] } {
+    _context: { operation: ${opTypeUnion} },
+    _actor: any = null
+  ): Promise<{ valid: boolean; errors: string[] }> {
     const errors: string[] = [];
-${generateValidationLogic(model)}
+${generateValidationLogic(model)}${constraintsCheck}
     return { valid: errors.length === 0, errors };
   }
 `;
@@ -101,13 +118,23 @@ function generateValidationLogic(model) {
   });
   return out.join("\n") || "    // No validation rules defined";
 }
-function generateCreateMethod(modelName, modelVar) {
+function generateCreateMethod(model, modelName, modelVar, hasConstraints = false) {
+  const belongsToLoad = hasConstraints ? generatePgBelongsToLoad(model) : "";
+  const validateSelf = belongsToLoad ? "__mergedSelf" : "data";
   return `
   /**
    * Create a new ${modelName}.
    */
-  public async create(data: any): Promise<any> {
-    const validation = this.validate(data, { operation: 'create' });
+  public async create(data: any, _actor: any = null): Promise<any> {
+${belongsToLoad ? `
+    // Phase 2 Slice 15 \u2014 Create-time relation loading. Mirrors prisma's
+    // pattern: for each belongsTo FK in input, load the related row and
+    // merge into self for constraint guards.
+    const __loadedRels: Record<string, any> = {};
+    ${belongsToLoad}
+    const __mergedSelf = { ...data, ...__loadedRels };
+` : ""}
+    const validation = await this.validate(${validateSelf}, { operation: 'create' }, _actor);
     if (!validation.valid) throw new Error(\`Validation failed: \${validation.errors.join(', ')}\`);
 
     const ${modelVar} = await insertOne(TABLE_NAME, { ...data });
@@ -117,6 +144,19 @@ function generateCreateMethod(modelName, modelVar) {
   }
 `;
 }
+function generatePgBelongsToLoad(model) {
+  const rels = Array.isArray(model.relationships) ? model.relationships : Object.values(model.relationships || {});
+  const belongsToRels = rels.filter((r) => r.type === "belongsTo");
+  if (belongsToRels.length === 0) return "";
+  return belongsToRels.map((rel) => {
+    const relName = rel.name;
+    const targetName = rel.target;
+    const fkField = `${relName}Id`;
+    return `if (data.${fkField}) {
+      __loadedRels.${relName} = await findOneByField('${targetName}', 'id', data.${fkField});
+    }`;
+  }).join("\n    ");
+}
 function generateRetrieveMethod(modelName, _modelVar) {
   return `
   /**
@@ -140,13 +180,22 @@ function generateRetrieveMethod(modelName, _modelVar) {
   }
 `;
 }
-function generateUpdateMethod(modelName, modelVar) {
+function generateUpdateMethod(modelName, modelVar, hasConstraints = false) {
   return `
   /**
    * Update ${modelName}.
    */
-  public async update(id: string, data: any): Promise<any> {
-    const validation = this.validate(data, { operation: 'update' });
+  public async update(id: string, data: any, _actor: any = null): Promise<any> {
+${hasConstraints ? `
+    // Phase 2 \u2014 Update self-from-DB. Load + merge before validate so
+    // update-time constraints see the full entity, not just partial input.
+    const __existing = await findOneByField(TABLE_NAME, 'id', id);
+    if (!__existing) throw new Error('${modelName} not found');
+    const __merged = { ...__existing, ...data };
+    const validation = await this.validate(__merged, { operation: 'update' }, _actor);
+` : `
+    const validation = await this.validate(data, { operation: 'update' }, _actor);
+`}
     if (!validation.valid) throw new Error(\`Validation failed: \${validation.errors.join(', ')}\`);
 
     // Strip nested objects + id \u2014 only scalar fields are written.
@@ -167,7 +216,7 @@ function generateUpdateMethod(modelName, modelVar) {
   }
 `;
 }
-function generateEvolveMethod(model, modelName, modelVar) {
+function generateEvolveMethod(model, modelName, modelVar, hasConstraints = false) {
   const lifecycles = Array.isArray(model.lifecycles) ? model.lifecycles : model.lifecycles ? Object.entries(model.lifecycles).map(([name, lc]) => ({ name, ...lc })) : [];
   const lifecycle = lifecycles[0];
   const lifecycleName = lifecycle?.name || "status";
@@ -176,12 +225,23 @@ function generateEvolveMethod(model, modelName, modelVar) {
     ...Object.keys(validTransitions),
     ...Object.values(validTransitions).flat()
   ]));
+  const evolveOpsMap = {};
+  if (lifecycle?.transitions) {
+    for (const [actionName, t] of Object.entries(lifecycle.transitions)) {
+      const from = t.from;
+      const to = t.to;
+      if (typeof from === "string" && typeof to === "string") {
+        evolveOpsMap[from] = evolveOpsMap[from] ?? {};
+        evolveOpsMap[from][to] = actionName;
+      }
+    }
+  }
   return `
   /**
    * Evolve ${modelName} through lifecycle "${lifecycleName}"
    * States: ${states.join(" \u2192 ") || "(none declared)"}
    */
-  public async evolve(id: string, data: any): Promise<any> {
+  public async evolve(id: string, data: any, _actor: any = null): Promise<any> {
     const current = await findOneByField(TABLE_NAME, 'id', id);
     if (!current) throw new Error('${modelName} not found');
 
@@ -197,7 +257,20 @@ function generateEvolveMethod(model, modelName, modelVar) {
       throw new Error(\`Invalid transition: \${currentState} \u2192 \${targetState}. Allowed: \${allowed.join(', ') || 'none'}\`);
     }
     ` : ""}
-
+${hasConstraints ? `
+    // Phase 2 \u2014 resolve transition action name + call validate with evolve.<action>.
+    const EVOLVE_OPS: Record<string, Record<string, string>> = ${JSON.stringify(evolveOpsMap)};
+    const currentStateForOp = (current as any)[targetLifecycle];
+    const actionName = EVOLVE_OPS[currentStateForOp]?.[targetState] ?? targetState;
+    const evolveValidation = await this.validate(
+      { ...data, ...current, [targetLifecycle]: targetState },
+      { operation: \`evolve.\${actionName}\` as any },
+      _actor
+    );
+    if (!evolveValidation.valid) {
+      throw new Error(\`Validation failed: \${evolveValidation.errors.join(', ')}\`);
+    }
+` : ""}
     await updateOneById(TABLE_NAME, id, { [targetLifecycle]: targetState });
     const ${modelVar} = await findOneByField(TABLE_NAME, 'id', id);
     if (!${modelVar}) throw new Error('${modelName} not found after evolve');
@@ -207,13 +280,22 @@ function generateEvolveMethod(model, modelName, modelVar) {
   }
 `;
 }
-function generateDeleteMethod(modelName, modelVar) {
+function generateDeleteMethod(modelName, modelVar, hasConstraints = false) {
   return `
   /**
    * Delete ${modelName}.
    */
-  public async delete(id: string): Promise<void> {
+  public async delete(id: string, _actor: any = null): Promise<void> {
     const ${modelVar} = await findOneByField(TABLE_NAME, 'id', id);
+${hasConstraints ? `
+    // Phase 2 \u2014 run delete-scoped constraint guards against the loaded record.
+    if (${modelVar}) {
+      const deleteValidation = await this.validate(${modelVar}, { operation: 'delete' }, _actor);
+      if (!deleteValidation.valid) {
+        throw new Error(\`Validation failed: \${deleteValidation.errors.join(', ')}\`);
+      }
+    }
+` : ""}
     await deleteOneById(TABLE_NAME, id);
     if (${modelVar}) {
       await eventBus.publish('${modelName}Deleted', { ...${modelVar}, timestamp: new Date().toISOString() } as any);

package/dist/libs/instance-factories/services/templates/prisma/controller-generator.js

@@ -19,13 +19,14 @@ function generatePrismaController(context) {
   const idType = idAttr?.type || "UUID";
   const needsIntParse = idType === "Integer" || idType === "Int" || idType === "Number";
   const customActions = generateCustomActions(controller, modelName, modelVar);
+  const hasConstraints = Array.isArray(model.constraints) && model.constraints.length > 0;
   const classBody = [
-    generateValidateMethod(model, modelName),
-    curedOps.create ? generateCreateMethod(model, modelName, modelVar, prismaDelegate, controller, allModels) : "",
+    generateValidateMethod(model, modelName, hasConstraints),
+    curedOps.create ? generateCreateMethod(model, modelName, modelVar, prismaDelegate, controller, allModels, hasConstraints) : "",
     curedOps.retrieve ? generateRetrieveMethod(model, modelName, modelVar, prismaDelegate) : "",
-    curedOps.update ? generateUpdateMethod(model, modelName, modelVar, prismaDelegate, controller, allModels) : "",
-    curedOps.evolve ? generateEvolveMethod(model, modelName, modelVar, prismaDelegate, controller) : "",
-    curedOps.delete ? generateDeleteMethod(model, modelName, modelVar, prismaDelegate, controller) : "",
+    curedOps.update ? generateUpdateMethod(model, modelName, modelVar, prismaDelegate, controller, allModels, hasConstraints) : "",
+    curedOps.evolve ? generateEvolveMethod(model, modelName, modelVar, prismaDelegate, controller, hasConstraints) : "",
+    curedOps.delete ? generateDeleteMethod(model, modelName, modelVar, prismaDelegate, controller, hasConstraints) : "",
     customActions.code
   ].filter(Boolean).join("\n  ");
   const usesPrisma = /\bprisma\b/.test(classBody);
@@ -35,7 +36,8 @@ function generatePrismaController(context) {
   const imports = [
     usesPrisma ? `import { PrismaClient } from '@prisma/client';` : "",
     usesEventBus ? `import { eventBus } from '../events/eventBus.js';` : "",
-    usesAiBehaviors ? `import * as aiBehaviors from '../behaviors/${modelName}Controller.ai.js';` : ""
+    usesAiBehaviors ? `import * as aiBehaviors from '../behaviors/${modelName}Controller.ai.js';` : "",
+    hasConstraints ? `import { runGuards as runConstraintGuards } from './${modelName}.guards.js';` : ""
   ].filter(Boolean).join("\n");
   const declarations = [
     usesPrisma ? `const prisma = new PrismaClient();` : "",
@@ -62,19 +64,39 @@ export const ${modelVar}Controller = new ${controllerName}();
 export default ${modelVar}Controller;
 `;
 }
-function generateValidateMethod(model, modelName) {
+function generateValidateMethod(model, modelName, hasConstraints) {
+  const opTypeUnion = hasConstraints ? `'create' | 'update' | 'evolve' | 'delete' | \`evolve.\${string}\`` : `'create' | 'update' | 'evolve'`;
+  const constraintsCheck = hasConstraints ? `
+    // Phase 2 \u2014 run model.constraints[] guards matching this operation.
+    // ctx carries a per-model query helper so subquery sugars (rewritten
+    // to async guards by guards-generator) can run their findFirst calls.
+    const __guardCtx = {
+      query: (modelName: string) => {
+        const delegate = (prisma as any)[modelName.charAt(0).toLowerCase() + modelName.slice(1)];
+        if (!delegate) return undefined;
+        return {
+          exists: async (predicate: (e: any) => boolean) => {
+            const all = await delegate.findMany();
+            return all.some(predicate);
+          },
+        };
+      },
+    };
+    const constraintViolations = await runConstraintGuards(_data, _context.operation, _actor, __guardCtx);
+    for (const v of constraintViolations) errors.push(v.message);` : "";
   return `
   /**
    * Validate ${modelName} data
    * Unified validation method for all operations
    */
-  public validate(
+  public async validate(
     _data: any,
-    _context: { operation: 'create' | 'update' | 'evolve' }
-  ): { valid: boolean; errors: string[] } {
+    _context: { operation: ${opTypeUnion} },
+    _actor: any = null
+  ): Promise<{ valid: boolean; errors: string[] }> {
     const errors: string[] = [];
 
-    ${generateValidationLogic(model, "_data", "_context")}
+    ${generateValidationLogic(model, "_data", "_context")}${constraintsCheck}
 
     return {
       valid: errors.length === 0,
@@ -125,14 +147,27 @@ function generateValidationLogic(model, dataParam = "_data", contextParam = "_co
   });
   return validations.join("\n") || "// No validation rules defined";
 }
-function generateCreateMethod(model, modelName, modelVar, prismaDelegate, controller, allModels) {
+function generateCreateMethod(model, modelName, modelVar, prismaDelegate, controller, allModels, hasConstraints = false) {
+  const belongsToLoad = hasConstraints ? generateBelongsToLoad(model, allModels) : "";
+  const validateSelf = belongsToLoad ? "__mergedSelf" : "data";
   return `
   /**
    * Create a new ${modelName}
    */
-  public async create(data: any): Promise<any> {
+  public async create(data: any, _actor: any = null): Promise<any> {
+${belongsToLoad ? `
+    // Phase 2 Slice 15 \u2014 Create-time relation loading. For each belongsTo
+    // FK present in input, load the related entity and merge into self
+    // so constraints traversing self.<rel>.<field> see the full related
+    // record (not just the FK id). Mirrors Slice 8's Update pattern but
+    // for the create path. Only fires when the model has declared
+    // constraints; one extra round-trip per FK in input.
+    const __loadedRels: Record<string, any> = {};
+    ${belongsToLoad}
+    const __mergedSelf = { ...data, ...__loadedRels };
+` : ""}
     // Validate input
-    const validationResult = this.validate(data, { operation: 'create' });
+    const validationResult = await this.validate(${validateSelf}, { operation: 'create' }, _actor);
     if (!validationResult.valid) {
       throw new Error(\`Validation failed: \${validationResult.errors.join(', ')}\`);
     }
@@ -153,6 +188,33 @@ function generateCreateMethod(model, modelName, modelVar, prismaDelegate, contro
   }
 `;
 }
+function generateBelongsToLoad(model, allModels) {
+  const rels = Array.isArray(model.relationships) ? model.relationships : Object.values(model.relationships || {});
+  const belongsToRels = rels.filter((r) => r.type === "belongsTo");
+  if (belongsToRels.length === 0) return "";
+  const RESERVED_WORDS = /* @__PURE__ */ new Set(["import", "export", "default", "class", "function", "return", "delete", "new", "this", "switch", "case", "break", "continue", "for", "while", "do", "if", "else", "try", "catch", "finally", "throw", "typeof", "instanceof", "in", "of", "let", "const", "var", "void", "with", "yield", "async", "await", "enum", "implements", "interface", "package", "private", "protected", "public", "static", "super", "extends"]);
+  return belongsToRels.map((rel) => {
+    const relName = rel.name;
+    const targetName = rel.target;
+    const fkField = `${relName}Id`;
+    const targetVar = targetName.charAt(0).toLowerCase() + targetName.slice(1);
+    const targetDelegate = RESERVED_WORDS.has(targetVar) ? `prisma['${targetVar}']` : `prisma.${targetVar}`;
+    let idExpr = `data.${fkField}`;
+    if (allModels) {
+      const targetModel = allModels.find((m) => m.name === targetName);
+      if (targetModel) {
+        const idAttr = (Array.isArray(targetModel.attributes) ? targetModel.attributes : Object.values(targetModel.attributes || {})).find((a) => a.name === "id");
+        const idType = idAttr?.type || "String";
+        if (idType === "Integer" || idType === "Int" || idType === "Number") {
+          idExpr = `parseInt(data.${fkField}, 10)`;
+        }
+      }
+    }
+    return `if (data.${fkField}) {
+      __loadedRels.${relName} = await ${targetDelegate}.findUnique({ where: { id: ${idExpr} } });
+    }`;
+  }).join("\n    ");
+}
 function generateRetrieveMethod(model, modelName, modelVar, prismaDelegate) {
   return `
   /**
@@ -176,14 +238,26 @@ function generateRetrieveMethod(model, modelName, modelVar, prismaDelegate) {
   }
 `;
 }
-function generateUpdateMethod(model, modelName, modelVar, prismaDelegate, controller, allModels) {
+function generateUpdateMethod(model, modelName, modelVar, prismaDelegate, controller, allModels, hasConstraints = false) {
   return `
   /**
    * Update ${modelName}
    */
-  public async update(id: string, data: any): Promise<any> {
+  public async update(id: string, data: any, _actor: any = null): Promise<any> {
+${hasConstraints ? `
+    // Phase 2 \u2014 Update self-from-DB: load the entity first and validate
+    // against the MERGED \`loaded + input\` shape so update-time constraints
+    // like \`self.poll.votingStatus == "open"\` see the full record even
+    // when the caller only sent a partial payload. Costs one extra DB
+    // round-trip; only fires for models with declared constraints.
+    const __existing = await ${prismaDelegate}.findUnique({ where: { id: parseId(id) }${generateIncludeRelationships(model)} });
+    if (!__existing) throw new Error('${modelName} not found');
+    const __merged = { ...__existing, ...data };
+    const validationResult = await this.validate(__merged, { operation: 'update' }, _actor);
+` : `
     // Validate input
-    const validationResult = this.validate(data, { operation: 'update' });
+    const validationResult = await this.validate(data, { operation: 'update' }, _actor);
+`}
     if (!validationResult.valid) {
       throw new Error(\`Validation failed: \${validationResult.errors.join(', ')}\`);
     }
@@ -213,12 +287,23 @@ function generateUpdateMethod(model, modelName, modelVar, prismaDelegate, contro
   }
 `;
 }
-function generateEvolveMethod(model, modelName, modelVar, prismaDelegate, controller) {
+function generateEvolveMethod(model, modelName, modelVar, prismaDelegate, controller, hasConstraints = false) {
   const lifecycles = Array.isArray(model.lifecycles) ? model.lifecycles : model.lifecycles ? Object.entries(model.lifecycles).map(([name, lc]) => ({ name, ...lc })) : [];
   const lifecycle = lifecycles[0];
   const lifecycleName = lifecycle?.name || "status";
   const states = lifecycle?.states || [];
   const validTransitions = lifecycle ? buildTransitionMap(lifecycle) : {};
+  const evolveOpsMap = {};
+  if (lifecycle?.transitions) {
+    for (const [actionName, t] of Object.entries(lifecycle.transitions)) {
+      const from = t.from;
+      const to = t.to;
+      if (typeof from === "string" && typeof to === "string") {
+        evolveOpsMap[from] = evolveOpsMap[from] ?? {};
+        evolveOpsMap[from][to] = actionName;
+      }
+    }
+  }
   return `
   /**
    * Evolve ${modelName} through lifecycle "${lifecycleName}"
@@ -229,7 +314,7 @@ function generateEvolveMethod(model, modelName, modelVar, prismaDelegate, contro
    * runtime's useTransitionStateMutation always sends the former; the
    * realized smoke-parity script can send either.
    */
-  public async evolve(id: string, data: any): Promise<any> {
+  public async evolve(id: string, data: any, _actor: any = null): Promise<any> {
     // Get current record to check lifecycle state
     const current = await ${prismaDelegate}.findUnique({ where: { id: parseId(id) } });
     if (!current) {
@@ -254,7 +339,22 @@ function generateEvolveMethod(model, modelName, modelVar, prismaDelegate, contro
       throw new Error(\`Invalid transition: \${currentState} \u2192 \${targetState}. Allowed: \${allowed.join(', ') || 'none'}\`);
     }
     ` : ""}
-
+${hasConstraints ? `
+    // Phase 2 \u2014 resolve the transition's action name so constraints scoped
+    // to \`on: 'evolve.<action>'\` match correctly. EVOLVE_OPS is baked at
+    // codegen from the lifecycle definition.
+    const EVOLVE_OPS: Record<string, Record<string, string>> = ${JSON.stringify(evolveOpsMap)};
+    const currentStateForOp = (current as any)[targetLifecycle];
+    const actionName = EVOLVE_OPS[currentStateForOp]?.[targetState] ?? targetState;
+    const evolveValidation = await this.validate(
+      { ...data, ...current, [targetLifecycle]: targetState },
+      { operation: \`evolve.\${actionName}\` as any },
+      _actor
+    );
+    if (!evolveValidation.valid) {
+      throw new Error(\`Validation failed: \${evolveValidation.errors.join(', ')}\`);
+    }
+` : ""}
     // Build the Prisma update payload \u2014 only the lifecycle column
     // changes. Strips toState/lifecycleName/state so Prisma doesn't
     // reject unknown fields.
@@ -273,15 +373,25 @@ function generateEvolveMethod(model, modelName, modelVar, prismaDelegate, contro
   }
 `;
 }
-function generateDeleteMethod(model, modelName, modelVar, prismaDelegate, controller) {
+function generateDeleteMethod(model, modelName, modelVar, prismaDelegate, controller, hasConstraints = false) {
   return `
   /**
    * Delete ${modelName}
    */
-  public async delete(id: string): Promise<void> {
+  public async delete(id: string, _actor: any = null): Promise<void> {
     // Get record before deletion for event
     const ${modelVar} = await ${prismaDelegate}.findUnique({ where: { id: parseId(id) } });
-
+${hasConstraints ? `
+    // Phase 2 \u2014 run delete-scoped constraint guards against the loaded
+    // record. \`self\` is the entity being deleted (loaded above), giving
+    // delete-time constraints access to the entity's current field values.
+    if (${modelVar}) {
+      const deleteValidation = await this.validate(${modelVar}, { operation: 'delete' }, _actor);
+      if (!deleteValidation.valid) {
+        throw new Error(\`Validation failed: \${deleteValidation.errors.join(', ')}\`);
+      }
+    }
+` : ""}
     await ${prismaDelegate}.delete({
       where: { id: parseId(id) }
     });

package/dist/libs/instance-factories/services/templates/prisma/guards-generator.js

@@ -0,0 +1,151 @@
+import { transpilePhase2Guard } from "@specverse/engines/inference";
+function generatePrismaGuards(context) {
+  const { model } = context;
+  if (!model) {
+    throw new Error("Model is required for guards generation");
+  }
+  const constraints = model.constraints ?? [];
+  if (constraints.length === 0) {
+    return generateEmptyGuardsModule(model.name);
+  }
+  const guardFns = [];
+  const constraintsTable = [];
+  for (const c of constraints) {
+    const transpiled = transpilePhase2Guard(
+      c.requires.name,
+      c.requires.params ?? `self: any, actor: any`,
+      c.requires.body
+    );
+    guardFns.push(transpiled.typescript);
+    const onArrayLiteral = `[${c.on.map((o) => JSON.stringify(o)).join(", ")}]`;
+    const sourceLiteral = JSON.stringify(
+      c.requires.source.input ?? ""
+    );
+    constraintsTable.push(
+      `  {
+    on: ${onArrayLiteral},
+    guard: ${c.requires.name},
+    name: ${JSON.stringify(c.requires.name)},
+    source: ${sourceLiteral}
+  }`
+    );
+  }
+  return `/**
+ * Auto-generated by SpecVerse Phase 2 (Validate-Centric Constraints).
+ *
+ * Guard functions for ${model.name}'s declared constraints.
+ * DO NOT EDIT \u2014 regenerated on every \`spv realize all\`.
+ *
+ * Slice 1 limitations:
+ *   - \`self\` is the input payload (not the loaded entity). For Update/Delete/
+ *     Evolve, paths through \`self\` see only the fields the caller sent.
+ *   - \`actor\` defaults to null. Constraints using \`actor.*\` paths fail at
+ *     runtime when called without a user context.
+ */
+
+export interface Violation {
+  constraint: string;
+  scope: string;
+  source: string;
+  message: string;
+}
+
+export interface ConstraintRecord {
+  on: string[];
+  guard: (self: any, actor: any) => boolean;
+  name: string;
+  source: string;
+}
+
+${guardFns.join("\n\n")}
+
+export const MODEL_CONSTRAINTS: ConstraintRecord[] = [
+${constraintsTable.join(",\n")}
+];
+
+/**
+ * Match a runtime operation against a constraint's \`on:\` array.
+ *
+ * Op shapes:
+ *   - exact string: 'create', 'update', 'delete', 'retrieve'
+ *   - 'evolve.<transition>': specific lifecycle transition
+ *
+ * \`on:\` entry shapes:
+ *   - '*': always matches
+ *   - 'evolve.*': matches any 'evolve.X' op
+ *   - else: exact-string equality
+ */
+export function matchesOp(constraintOn: string[], op: string): boolean {
+  for (const o of constraintOn) {
+    if (o === '*') return true;
+    if (o === op) return true;
+    if (o === 'evolve.*' && op.startsWith('evolve.')) return true;
+  }
+  return false;
+}
+
+/**
+ * Run all constraints whose \`on:\` matches the requested op. Each guard
+ * is invoked with (input, actor). Returns the collected violations.
+ *
+ * A guard that returns false produces one Violation; a guard that throws
+ * (e.g. actor=null with an actor.* path) is caught and surfaced as a
+ * violation with the thrown message \u2014 fail closed.
+ */
+export function runGuards(
+  input: any,
+  op: string,
+  actor: any = null,
+): Violation[] {
+  const violations: Violation[] = [];
+  for (const c of MODEL_CONSTRAINTS) {
+    if (!matchesOp(c.on, op)) continue;
+    let passed = false;
+    let thrown: string | null = null;
+    try {
+      passed = c.guard(input, actor);
+    } catch (e: any) {
+      thrown = e?.message ?? String(e);
+    }
+    if (!passed) {
+      violations.push({
+        constraint: c.name,
+        scope: op,
+        source: c.source,
+        message: thrown
+          ? \`Constraint "\${c.source}" could not be evaluated: \${thrown}\`
+          : \`Constraint "\${c.source}" failed\`,
+      });
+    }
+  }
+  return violations;
+}
+`;
+}
+function generateEmptyGuardsModule(modelName) {
+  return `/**
+ * Auto-generated by SpecVerse Phase 2 \u2014 no constraints declared on ${modelName}.
+ * Empty stub kept for symmetry; controllers gate their imports on this file.
+ */
+
+export interface Violation {
+  constraint: string;
+  scope: string;
+  source: string;
+  message: string;
+}
+
+export const MODEL_CONSTRAINTS: any[] = [];
+
+export function matchesOp(_constraintOn: string[], _op: string): boolean {
+  return false;
+}
+
+export function runGuards(_input: any, _op: string, _actor: any = null): Violation[] {
+  return [];
+}
+`;
+}
+export {
+  generatePrismaGuards as default
+};