@specverse/engines 6.66.0 → 6.76.0

package/dist/libs/instance-factories/controllers/templates/fastify/routes-generator.js

@@ -186,7 +186,11 @@ function generateHandlerBody(operation, modelName, handlerName, isModelControlle
   switch (mappedOperation) {
     case "create":
       return `try {
-  const ${lowerModel} = await handler.create(request.body as any);
+  // Phase 2 actor wiring \u2014 pulled from request.user (decorated by auth
+  // middleware like @fastify/jwt). null when no auth wired; constraint
+  // guards that reference actor.* paths fail-open (logged, treated as pass).
+  const _actor = (request as any).user ?? null;
+  const ${lowerModel} = await handler.create(request.body as any, _actor);
   return reply.status(201).send(${lowerModel});
 } catch (error) {
   return reply.status(400).send({
@@ -214,7 +218,8 @@ function generateHandlerBody(operation, modelName, handlerName, isModelControlle
     case "evolve":
       return `try {
   const { id } = request.params as { id: string };
-  const ${lowerModel} = await handler.${operation}(id, request.body as any);
+  const _actor = (request as any).user ?? null;
+  const ${lowerModel} = await handler.${operation}(id, request.body as any, _actor);
   return reply.send(${lowerModel});
 } catch (error) {
   return reply.status(400).send({
@@ -225,7 +230,8 @@ function generateHandlerBody(operation, modelName, handlerName, isModelControlle
     case "delete":
       return `try {
   const { id } = request.params as { id: string };
-  await handler.delete(id);
+  const _actor = (request as any).user ?? null;
+  await handler.delete(id, _actor);
   return reply.status(204).send();
 } catch (error) {
   // Prisma's P2003 is the foreign-key-constraint-violated error. When
@@ -258,7 +264,9 @@ function generateHandlerBody(operation, modelName, handlerName, isModelControlle
     case "validate":
       return `try {
   const { data, operation: op } = request.body as { data: any; operation: string };
-  const result = handler.validate(data, { operation: op });
+  const _actor = (request as any).user ?? null;
+  // Slice 15b \u2014 validate() is async (awaits guard ctx subqueries).
+  const result = await handler.validate(data, { operation: op }, _actor);
   return reply.send(result);
 } catch (error) {
   return reply.status(400).send({
@@ -298,8 +306,9 @@ ${validations.join("\n")}
   const params = (request.params || {}) as Record<string, any>;
   const body = (request.body || {}) as Record<string, any>;
   const args = { ...params, ...body };
+  const _actor = (request as any).user ?? null;
 ${validationBlock}
-  const result = await handler.${operation}(args);
+  const result = await handler.${operation}(args, _actor);
   return reply.send(result || { success: true });
 } catch (error) {
   const msg = error instanceof Error ? error.message : String(error);

package/dist/libs/instance-factories/services/mongodb-native-services.yaml

@@ -59,6 +59,16 @@ codeTemplates:
     generator: "libs/instance-factories/services/templates/mongodb-native/controller-generator.ts"
     outputPattern: "{backendDir}/src/controllers/{model}Controller.ts"
 
+  # Phase 2 (Validate-Centric Constraints — 2026-05-18)
+  # Per-model guards module containing transpiled TS guard functions.
+  # Shared generator across all three ORMs (ORM-agnostic — operates on
+  # `self` + `actor`, doesn't touch the DB). Realize entry only invokes
+  # this template when the model has `constraints[]` declared.
+  guards:
+    engine: typescript
+    generator: "libs/instance-factories/services/templates/_shared/guards-generator.ts"
+    outputPattern: "{backendDir}/src/controllers/{model}.guards.ts"
+
   services:
     engine: typescript
     generator: "libs/instance-factories/services/templates/mongodb-native/service-generator.ts"

package/dist/libs/instance-factories/services/postgres-native-services.yaml

@@ -65,6 +65,16 @@ codeTemplates:
     generator: "libs/instance-factories/services/templates/postgres-native/controller-generator.ts"
     outputPattern: "{backendDir}/src/controllers/{model}Controller.ts"
 
+  # Phase 2 (Validate-Centric Constraints — 2026-05-18)
+  # Per-model guards module containing transpiled TS guard functions.
+  # Shared generator across all three ORMs (ORM-agnostic — operates on
+  # `self` + `actor`, doesn't touch the DB). Realize entry only invokes
+  # this template when the model has `constraints[]` declared.
+  guards:
+    engine: typescript
+    generator: "libs/instance-factories/services/templates/_shared/guards-generator.ts"
+    outputPattern: "{backendDir}/src/controllers/{model}.guards.ts"
+
   services:
     engine: typescript
     generator: "libs/instance-factories/services/templates/postgres-native/service-generator.ts"

package/dist/libs/instance-factories/services/prisma-services.yaml

@@ -42,6 +42,16 @@ codeTemplates:
     generator: "libs/instance-factories/services/templates/prisma/controller-generator.ts"
     outputPattern: "{backendDir}/src/controllers/{model}Controller.ts"
 
+  # Phase 2 (Validate-Centric Constraints — 2026-05-18)
+  # Per-model guards module containing transpiled TS guard functions for
+  # `model.constraints[]`. Realize entry only invokes this template when
+  # the model has constraints declared. The generator is ORM-agnostic and
+  # shared across prisma / mongodb-native / postgres-native.
+  guards:
+    engine: typescript
+    generator: "libs/instance-factories/services/templates/_shared/guards-generator.ts"
+    outputPattern: "{backendDir}/src/controllers/{model}.guards.ts"
+
   services:
     engine: typescript
     generator: "libs/instance-factories/services/templates/prisma/service-generator.ts"

package/dist/libs/instance-factories/services/templates/_shared/guards-generator.js

@@ -0,0 +1,209 @@
+import { transpilePhase2Guard } from "@specverse/engines/inference";
+function generatePrismaGuards(context) {
+  const { model } = context;
+  if (!model) {
+    throw new Error("Model is required for guards generation");
+  }
+  const constraints = model.constraints ?? [];
+  if (constraints.length === 0) {
+    return generateEmptyGuardsModule(model.name);
+  }
+  const guardFns = [];
+  const constraintsTable = [];
+  for (const c of constraints) {
+    const transpiled = transpilePhase2Guard(
+      c.requires.name,
+      c.requires.params ?? `self: any, actor: any`,
+      c.requires.body
+    );
+    const rewritten = rewriteSubqueriesAsync(transpiled.typescript, c.requires.name);
+    guardFns.push(rewritten);
+    const onArrayLiteral = `[${c.on.map((o) => JSON.stringify(o)).join(", ")}]`;
+    const sourceLiteral = JSON.stringify(
+      c.requires.source.input ?? ""
+    );
+    constraintsTable.push(
+      `  {
+    on: ${onArrayLiteral},
+    guard: ${c.requires.name},
+    name: ${JSON.stringify(c.requires.name)},
+    source: ${sourceLiteral}
+  }`
+    );
+  }
+  return `/**
+ * Auto-generated by SpecVerse Phase 2 (Validate-Centric Constraints).
+ *
+ * Guard functions for ${model.name}'s declared constraints.
+ * DO NOT EDIT \u2014 regenerated on every \`spv realize all\`.
+ *
+ * Slice 1 limitations:
+ *   - \`self\` is the input payload (not the loaded entity). For Update/Delete/
+ *     Evolve, paths through \`self\` see only the fields the caller sent.
+ *   - \`actor\` defaults to null. Constraints using \`actor.*\` paths fail at
+ *     runtime when called without a user context.
+ */
+
+export interface Violation {
+  constraint: string;
+  scope: string;
+  source: string;
+  message: string;
+}
+
+/**
+ * GuardContext is provided by the controller's validate() method. The
+ * \`query\` accessor returns a per-model helper that backs subquery sugars
+ * like \`{Actor} has not {verb} on {Target}\` (which the transpiler converts
+ * to \`<Model>.some(predicate)\`). Implementations call the ORM's findMany
+ * (or the in-memory store for dynamic interpreters).
+ */
+export interface GuardContext {
+  query?: (modelName: string) => {
+    exists: (predicate: (entity: any) => boolean) => Promise<boolean>;
+  } | undefined;
+}
+
+export interface ConstraintRecord {
+  on: string[];
+  // Pure self/actor guards stay sync; subquery guards (those that reference
+  // bare-Capitalized model names like \`Vote.some(...)\`) are rewritten by
+  // the generator into async functions that take a third ctx argument.
+  // runGuards awaits the result either way.
+  guard: (self: any, actor: any, ctx?: GuardContext) => boolean | Promise<boolean>;
+  name: string;
+  source: string;
+}
+
+${guardFns.join("\n\n")}
+
+export const MODEL_CONSTRAINTS: ConstraintRecord[] = [
+${constraintsTable.join(",\n")}
+];
+
+/**
+ * Match a runtime operation against a constraint's \`on:\` array.
+ *
+ * Op shapes:
+ *   - exact string: 'create', 'update', 'delete', 'retrieve'
+ *   - 'evolve.<transition>': specific lifecycle transition
+ *
+ * \`on:\` entry shapes:
+ *   - '*': always matches
+ *   - 'evolve.*': matches any 'evolve.X' op
+ *   - else: exact-string equality
+ */
+export function matchesOp(constraintOn: string[], op: string): boolean {
+  for (const o of constraintOn) {
+    if (o === '*') return true;
+    if (o === op) return true;
+    if (o === 'evolve.*' && op.startsWith('evolve.')) return true;
+  }
+  return false;
+}
+
+/**
+ * Run all constraints whose \`on:\` matches the requested op. Each guard
+ * is invoked with (input, actor). Returns the collected violations.
+ *
+ * Failure-mode policy (fail-OPEN on exceptions):
+ *   - Guard returns false \u2192 one Violation appended
+ *   - Guard returns true  \u2192 skip
+ *   - Guard throws        \u2192 console.error + treat as PASS (no violation)
+ *
+ * Rationale: a throw indicates a guard-internal defect (transpile bug,
+ * undefined-path traversal, type mismatch) rather than a real constraint
+ * failure. Blocking the mutation would deny legitimate user actions for
+ * a bug we already log loudly. Real data-integrity violations still fall
+ * back to database constraints + Slice 3 mode-\u03B3 preflight retries.
+ */
+export async function runGuards(
+  input: any,
+  op: string,
+  actor: any = null,
+  ctx: GuardContext | null = null,
+): Promise<Violation[]> {
+  const violations: Violation[] = [];
+  for (const c of MODEL_CONSTRAINTS) {
+    if (!matchesOp(c.on, op)) continue;
+    let passed = true;
+    try {
+      // await wraps both sync (boolean) and async (Promise<boolean>) guards
+      // uniformly. Subquery guards need ctx; sync guards ignore it.
+      passed = await c.guard(input, actor, ctx ?? undefined);
+    } catch (e: any) {
+      // Fail-open: log loudly, do NOT block the mutation. See policy above.
+      console.error(
+        \`[runGuards] constraint "\${c.name}" (source: \${c.source}) threw during op="\${op}" \u2014 treating as PASS:\`,
+        e?.stack ?? e?.message ?? e,
+      );
+      continue;
+    }
+    if (!passed) {
+      violations.push({
+        constraint: c.name,
+        scope: op,
+        source: c.source,
+        message: \`Constraint "\${c.source}" failed\`,
+      });
+    }
+  }
+  return violations;
+}
+`;
+}
+function generateEmptyGuardsModule(modelName) {
+  return `/**
+ * Auto-generated by SpecVerse Phase 2 \u2014 no constraints declared on ${modelName}.
+ * Empty stub kept for symmetry; controllers gate their imports on this file.
+ */
+
+export interface Violation {
+  constraint: string;
+  scope: string;
+  source: string;
+  message: string;
+}
+
+export const MODEL_CONSTRAINTS: any[] = [];
+
+export function matchesOp(_constraintOn: string[], _op: string): boolean {
+  return false;
+}
+
+export async function runGuards(_input: any, _op: string, _actor: any = null, _ctx: any = null): Promise<Violation[]> {
+  return [];
+}
+`;
+}
+function rewriteSubqueriesAsync(transpiled, guardName) {
+  const subqueryPattern = /(?<![\w.])([A-Z][A-Za-z0-9_]*)\.some\(/g;
+  const matches = Array.from(transpiled.matchAll(subqueryPattern));
+  if (matches.length === 0) {
+    return transpiled;
+  }
+  const modelNames = Array.from(new Set(matches.map((m) => m[1])));
+  let body = transpiled.replace(subqueryPattern, (_match, modelName) => {
+    return `await __${modelName}.exists(`;
+  });
+  body = body.replace(
+    /export\s+function\s+(\w+)\(([^)]*)\)\s*:\s*boolean\s*\{/,
+    (_match, fnName, params) => {
+      return `export async function ${fnName}(${params}, ctx?: any): Promise<boolean> {`;
+    }
+  );
+  const shimLines = modelNames.map(
+    (m) => `  const __${m} = ctx?.query?.(${JSON.stringify(m)});
+  if (!__${m}) return true; // fail-open: no query ctx, skip subquery`
+  ).join("\n");
+  body = body.replace(
+    /(:\s*Promise<boolean>\s*\{\n)/,
+    `$1${shimLines}
+`
+  );
+  void guardName;
+  return body;
+}
+export {
+  generatePrismaGuards as default
+};

package/dist/libs/instance-factories/services/templates/mongodb-native/controller-generator.js

@@ -15,12 +15,13 @@ function generateMongoNativeController(context) {
     Object.assign(modelRegistry, models);
   }
   const customActions = generateCustomActions(controller, modelRegistry);
-  const validate = generateValidateMethod(model, modelName);
-  const create = curedOps.create ? generateCreateMethod(model, modelName, modelVar, collection) : "";
+  const hasConstraints = Array.isArray(model.constraints) && model.constraints.length > 0;
+  const validate = generateValidateMethod(model, modelName, hasConstraints);
+  const create = curedOps.create ? generateCreateMethod(model, modelName, modelVar, collection, hasConstraints) : "";
   const retrieve = curedOps.retrieve ? generateRetrieveMethod(modelName, modelVar, collection) : "";
-  const update = curedOps.update ? generateUpdateMethod(modelName, modelVar, collection) : "";
-  const evolve = curedOps.evolve ? generateEvolveMethod(model, modelName, modelVar, collection) : "";
-  const del = curedOps.delete ? generateDeleteMethod(modelName, modelVar, collection) : "";
+  const update = curedOps.update ? generateUpdateMethod(modelName, modelVar, collection, hasConstraints) : "";
+  const evolve = curedOps.evolve ? generateEvolveMethod(model, modelName, modelVar, collection, hasConstraints) : "";
+  const del = curedOps.delete ? generateDeleteMethod(modelName, modelVar, collection, hasConstraints) : "";
   const hasEventPublishing = curedOps.create || curedOps.update || curedOps.evolve || curedOps.delete;
   return `/**
  * ${controllerName}
@@ -31,6 +32,7 @@ import { ObjectId, type Filter, type Document } from 'mongodb';
 import { getCollection } from '../db/mongoClient.js';
 ${hasEventPublishing || customActions.needsAiBehaviors ? `import { eventBus } from '../events/eventBus.js';` : ""}
 ${customActions.needsAiBehaviors ? `import * as aiBehaviors from '../behaviors/${controllerName}.ai.js';` : ""}
+${hasConstraints ? `import { runGuards as runConstraintGuards } from './${modelName}.guards.js';` : ""}
 
 const COLLECTION_NAME = '${collection}';
 
@@ -67,17 +69,33 @@ function collectionName(model) {
   if (model?.storage?.collection) return String(model.storage.collection);
   return model.name.toLowerCase() + "s";
 }
-function generateValidateMethod(model, modelName) {
+function generateValidateMethod(model, modelName, hasConstraints) {
+  const opTypeUnion = hasConstraints ? `'create' | 'update' | 'evolve' | 'delete' | \`evolve.\${string}\`` : `'create' | 'update' | 'evolve'`;
+  const constraintsCheck = hasConstraints ? `
+    // Phase 2 \u2014 run model.constraints[] guards matching this operation.
+    // Slice 15b \u2014 ctx carries a per-model query helper for subquery sugars.
+    const __guardCtx = {
+      query: (modelName: string) => ({
+        exists: async (predicate: (e: any) => boolean) => {
+          const __col = await getCollection(modelName.toLowerCase() + 's');
+          const all = await __col.find({}).toArray();
+          return all.some(predicate);
+        },
+      }),
+    };
+    const constraintViolations = await runConstraintGuards(_data, _context.operation, _actor, __guardCtx);
+    for (const v of constraintViolations) errors.push(v.message);` : "";
   return `
   /**
-   * Validate ${modelName} data \u2014 runs before create / update / evolve.
+   * Validate ${modelName} data \u2014 runs before create / update / evolve / delete.
    */
-  public validate(
+  public async validate(
     _data: any,
-    _context: { operation: 'create' | 'update' | 'evolve' }
-  ): { valid: boolean; errors: string[] } {
+    _context: { operation: ${opTypeUnion} },
+    _actor: any = null
+  ): Promise<{ valid: boolean; errors: string[] }> {
     const errors: string[] = [];
-${generateValidationLogic(model)}
+${generateValidationLogic(model)}${constraintsCheck}
     return { valid: errors.length === 0, errors };
   }
 `;
@@ -104,13 +122,24 @@ function generateValidationLogic(model) {
   });
   return out.join("\n") || "    // No validation rules defined";
 }
-function generateCreateMethod(model, modelName, modelVar, collection) {
+function generateCreateMethod(model, modelName, modelVar, collection, hasConstraints = false) {
+  const belongsToLoad = hasConstraints ? generateMongoBelongsToLoad(model) : "";
+  const validateSelf = belongsToLoad ? "__mergedSelf" : "data";
   return `
   /**
    * Create a new ${modelName}.
    */
-  public async create(data: any): Promise<any> {
-    const validation = this.validate(data, { operation: 'create' });
+  public async create(data: any, _actor: any = null): Promise<any> {
+${belongsToLoad ? `
+    // Phase 2 Slice 15 \u2014 Create-time relation loading. Mirrors prisma's
+    // pattern: for each belongsTo FK in input, load the related doc and
+    // merge into self so constraint guards traversing self.<rel> see
+    // the full related entity, not just the FK id.
+    const __loadedRels: Record<string, any> = {};
+    ${belongsToLoad}
+    const __mergedSelf = { ...data, ...__loadedRels };
+` : ""}
+    const validation = await this.validate(${validateSelf}, { operation: 'create' }, _actor);
     if (!validation.valid) throw new Error(\`Validation failed: \${validation.errors.join(', ')}\`);
 
     const collection = await getCollection(COLLECTION_NAME);
@@ -122,6 +151,20 @@ function generateCreateMethod(model, modelName, modelVar, collection) {
   }
 `;
 }
+function generateMongoBelongsToLoad(model) {
+  const rels = Array.isArray(model.relationships) ? model.relationships : Object.values(model.relationships || {});
+  const belongsToRels = rels.filter((r) => r.type === "belongsTo");
+  if (belongsToRels.length === 0) return "";
+  return belongsToRels.map((rel) => {
+    const relName = rel.name;
+    const targetName = rel.target;
+    const fkField = `${relName}Id`;
+    return `if (data.${fkField}) {
+      const __col_${relName} = await getCollection('${targetName.toLowerCase()}s');
+      __loadedRels.${relName} = await __col_${relName}.findOne(byId(data.${fkField}));
+    }`;
+  }).join("\n    ");
+}
 function generateRetrieveMethod(modelName, modelVar, collection) {
   return `
   /**
@@ -144,13 +187,23 @@ function generateRetrieveMethod(modelName, modelVar, collection) {
   }
 `;
 }
-function generateUpdateMethod(modelName, modelVar, collection) {
+function generateUpdateMethod(modelName, modelVar, collection, hasConstraints = false) {
   return `
   /**
    * Update ${modelName}.
    */
-  public async update(id: string, data: any): Promise<any> {
-    const validation = this.validate(data, { operation: 'update' });
+  public async update(id: string, data: any, _actor: any = null): Promise<any> {
+    const collection = await getCollection(COLLECTION_NAME);
+${hasConstraints ? `
+    // Phase 2 \u2014 Update self-from-DB. Load + merge before validate so
+    // update-time constraints see the full entity, not just the partial input.
+    const __existing = await collection.findOne(byId(id));
+    if (!__existing) throw new Error('${modelName} not found');
+    const __merged = { ...__existing, ...data };
+    const validation = await this.validate(__merged, { operation: 'update' }, _actor);
+` : `
+    const validation = await this.validate(data, { operation: 'update' }, _actor);
+`}
     if (!validation.valid) throw new Error(\`Validation failed: \${validation.errors.join(', ')}\`);
 
     // Strip nested objects + id \u2014 only scalar fields are written.
@@ -162,7 +215,6 @@ function generateUpdateMethod(modelName, modelVar, collection) {
       updateData[key] = value;
     }
 
-    const collection = await getCollection(COLLECTION_NAME);
     await collection.updateOne(byId(id), { $set: updateData });
     const ${modelVar} = await collection.findOne(byId(id));
     if (!${modelVar}) throw new Error('${modelName} not found after update');
@@ -172,7 +224,7 @@ function generateUpdateMethod(modelName, modelVar, collection) {
   }
 `;
 }
-function generateEvolveMethod(model, modelName, modelVar, collection) {
+function generateEvolveMethod(model, modelName, modelVar, collection, hasConstraints = false) {
   const lifecycles = Array.isArray(model.lifecycles) ? model.lifecycles : model.lifecycles ? Object.entries(model.lifecycles).map(([name, lc]) => ({ name, ...lc })) : [];
   const lifecycle = lifecycles[0];
   const lifecycleName = lifecycle?.name || "status";
@@ -181,12 +233,23 @@ function generateEvolveMethod(model, modelName, modelVar, collection) {
     ...Object.keys(validTransitions),
     ...Object.values(validTransitions).flat()
   ]));
+  const evolveOpsMap = {};
+  if (lifecycle?.transitions) {
+    for (const [actionName, t] of Object.entries(lifecycle.transitions)) {
+      const from = t.from;
+      const to = t.to;
+      if (typeof from === "string" && typeof to === "string") {
+        evolveOpsMap[from] = evolveOpsMap[from] ?? {};
+        evolveOpsMap[from][to] = actionName;
+      }
+    }
+  }
   return `
   /**
    * Evolve ${modelName} through lifecycle "${lifecycleName}"
    * States: ${states.join(" \u2192 ") || "(none declared)"}
    */
-  public async evolve(id: string, data: any): Promise<any> {
+  public async evolve(id: string, data: any, _actor: any = null): Promise<any> {
     const collection = await getCollection(COLLECTION_NAME);
     const current = await collection.findOne(byId(id));
     if (!current) throw new Error('${modelName} not found');
@@ -203,7 +266,22 @@ function generateEvolveMethod(model, modelName, modelVar, collection) {
       throw new Error(\`Invalid transition: \${currentState} \u2192 \${targetState}. Allowed: \${allowed.join(', ') || 'none'}\`);
     }
     ` : ""}
-
+${hasConstraints ? `
+    // Phase 2 \u2014 resolve the transition's action name so constraints
+    // scoped to \`on: 'evolve.<action>'\` match correctly. EVOLVE_OPS is
+    // baked at codegen from the lifecycle definition.
+    const EVOLVE_OPS: Record<string, Record<string, string>> = ${JSON.stringify(evolveOpsMap)};
+    const currentStateForOp = (current as any)[targetLifecycle];
+    const actionName = EVOLVE_OPS[currentStateForOp]?.[targetState] ?? targetState;
+    const evolveValidation = await this.validate(
+      { ...data, ...current, [targetLifecycle]: targetState },
+      { operation: \`evolve.\${actionName}\` as any },
+      _actor
+    );
+    if (!evolveValidation.valid) {
+      throw new Error(\`Validation failed: \${evolveValidation.errors.join(', ')}\`);
+    }
+` : ""}
     await collection.updateOne(byId(id), { $set: { [targetLifecycle]: targetState } });
     const ${modelVar} = await collection.findOne(byId(id));
     if (!${modelVar}) throw new Error('${modelName} not found after evolve');
@@ -213,14 +291,23 @@ function generateEvolveMethod(model, modelName, modelVar, collection) {
   }
 `;
 }
-function generateDeleteMethod(modelName, modelVar, collection) {
+function generateDeleteMethod(modelName, modelVar, collection, hasConstraints = false) {
   return `
   /**
    * Delete ${modelName}.
    */
-  public async delete(id: string): Promise<void> {
+  public async delete(id: string, _actor: any = null): Promise<void> {
     const collection = await getCollection(COLLECTION_NAME);
     const ${modelVar} = await collection.findOne(byId(id));
+${hasConstraints ? `
+    // Phase 2 \u2014 run delete-scoped constraint guards against the loaded record.
+    if (${modelVar}) {
+      const deleteValidation = await this.validate(${modelVar}, { operation: 'delete' }, _actor);
+      if (!deleteValidation.valid) {
+        throw new Error(\`Validation failed: \${deleteValidation.errors.join(', ')}\`);
+      }
+    }
+` : ""}
     await collection.deleteOne(byId(id));
     if (${modelVar}) {
       await eventBus.publish('${modelName}Deleted', { ...${modelVar}, timestamp: new Date().toISOString() } as any);