@terreno/api 0.20.1 → 0.21.0

package/.ai/guidelines/core.md

@@ -0,0 +1,71 @@
+### @terreno/api
+
+REST API framework providing:
+
+- **modelRouter**: Auto-generates CRUD endpoints for Mongoose models
+- **Permissions**: `IsAuthenticated`, `IsOwner`, `IsAdmin`, `IsAuthenticatedOrReadOnly`
+- **Query Filters**: `OwnerQueryFilter` for filtering list queries by owner
+- **setupServer**: Express server setup with auth, OpenAPI, and middleware
+- **APIError**: Standardized error handling
+- **logger**: Winston-based logging
+
+Key imports:
+
+```typescript
+import {
+  modelRouter,
+  setupServer,
+  Permissions,
+  OwnerQueryFilter,
+  APIError,
+  logger,
+  asyncHandler,
+  authenticateMiddleware,
+} from "@terreno/api";
+```
+
+#### modelRouter Usage
+
+```typescript
+import {modelRouter, modelRouterOptions, Permissions} from "@terreno/api";
+
+const router = modelRouter(YourModel, {
+  permissions: {
+    list: [Permissions.IsAuthenticated],
+    create: [Permissions.IsAuthenticated],
+    read: [Permissions.IsOwner],
+    update: [Permissions.IsOwner],
+    delete: [], // Disabled
+  },
+  sort: "-created",
+  queryFields: ["_id", "type", "name"],
+});
+```
+
+#### Custom Routes
+
+For non-CRUD endpoints, use the OpenAPI builder:
+
+```typescript
+import {asyncHandler, authenticateMiddleware, createOpenApiBuilder} from "@terreno/api";
+
+router.get("/yourRoute/:id", [
+  authenticateMiddleware(),
+  createOpenApiBuilder(options)
+    .withTags(["yourTag"])
+    .withSummary("Brief summary")
+    .withPathParameter("id", {type: "string"})
+    .withResponse(200, {data: {type: "object"}})
+    .build(),
+], asyncHandler(async (req, res) => {
+  return res.json({data: result});
+}));
+```
+
+#### API Conventions
+
+- Throw `APIError` with appropriate status codes: `throw new APIError({status: 400, title: "Message"})`
+- Do not use `Model.findOne` — use `Model.findExactlyOne` or `Model.findOneOrThrow`
+- Define statics/methods by direct assignment: `schema.methods = {bar() {}}`
+- All model types live in `src/types/models/`
+- In routes: `req.user` is `UserDocument | undefined`

package/.ai/skills/mongoose-schema-safety/SKILL.md

@@ -0,0 +1,143 @@
+---
+name: mongoose-schema-safety
+description: >-
+  Invoke when making any Mongoose schema change: adding/removing/renaming
+  fields, creating a new model, adding indexes, or writing a backfill migration.
+  Provides the five-type pattern, risk matrix, type file checklist, and rollout
+  safety steps for Terreno backends.
+---
+# Mongoose Schema Safety — Terreno
+
+Typical Terreno apps keep models under `backend/src/models/` and types under `backend/src/types/models/`. The Terreno monorepo also uses `example-backend/` and `@terreno/ai` — adjust paths below to match your repo.
+
+## Where Schemas and Types Live
+
+| Package | Schemas | Types |
+|---------|---------|-------|
+| `@terreno/api` (built-in models like `User`, `ConsentForm`) | `api/src/models/*.ts` | `api/src/types/*.ts` (or co-located in the model file via `mongoose.Schema<Doc, Model, Methods>` generics) |
+| `example-backend` (`User`, `Todo`, `Configuration`) | `example-backend/src/models/*.ts` | `example-backend/src/types/models/*.ts` (`userTypes.ts`, `todoTypes.ts`, …) |
+| `@terreno/ai` (`AIRequest`, `GptHistory`) | `ai/src/models/*.ts` | `ai/src/types/index.ts` |
+
+Every field in every schema **must** have a `description` (see the API rule `01-model-field-descriptions.md`). Descriptions flow through to the OpenAPI spec via `mongoose-to-swagger`.
+
+## The Five-Type Pattern
+
+Every model has manually-maintained TypeScript types. **Types are NOT auto-generated** — every schema change must include a matching type update in the same commit/PR.
+
+```typescript
+import type {DefaultDoc, DefaultModel, DefaultStatics} from "@terreno/api";
+
+// 1. Instance methods (on the document)
+export type YourModelMethods = {
+  customMethod: (this: YourModelDocument, param: string) => Promise<void>;
+};
+
+// 2. Static methods (on the model class) — extend DefaultStatics for findExactlyOne / findOneOrNone
+export type YourModelStatics = DefaultStatics<YourModelDocument> & {
+  customStatic: (this: YourModelModel, param: string) => Promise<YourModelDocument>;
+};
+
+// 3. Model type combining document + statics
+export type YourModelModel = DefaultModel<YourModelDocument> & YourModelStatics;
+
+// 4. Schema type
+export type YourModelSchema = mongoose.Schema<YourModelDocument, YourModelModel, YourModelMethods>;
+
+// 5. Document type (the shape of a single record)
+export type YourModelDocument = DefaultDoc & YourModelMethods & {
+  fieldName: string;
+  optionalField?: number;
+  enumField: "value1" | "value2";
+};
+```
+
+Follow existing type files in `example-backend/src/types/models/` and `ai/src/types/index.ts` for naming and structure.
+
+## Statics & Methods — Direct Assignment
+
+Define statics and methods by direct assignment on the schema — not via `.method()` / `.static()` / `.add()`:
+
+```typescript
+schema.methods = {
+  getDisplayName(this: YourModelDocument): string {
+    return this.name;
+  },
+};
+schema.statics = {
+  async findByEmail(this: YourModelModel, email: string) {
+    return this.findOneOrNone({email});
+  },
+};
+```
+
+## Critical Mongoose Rules
+
+- **Never use `Model.findOne`** — use `Model.findExactlyOne` (throws on 0 or many) or `Model.findOneOrNone` (throws on many). These come from the `findExactlyOne` / `findOneOrNone` plugins in `@terreno/api`.
+- Apply the standard plugins (`createdUpdatedPlugin`, `isDeletedPlugin`, `findOneOrNone`, `findExactlyOne`) on every new model. Most existing models go through `addDefaultPlugins`.
+- `checkModelsStrict()` runs at non-prod startup (`server.ts`) and validates schema consistency — keep it passing.
+
+## Schema Change Risk Matrix
+
+| Change Type | Risk Level | Required Mitigation |
+|-------------|-----------|---------------------|
+| Add optional field | Low | Safe to ship directly (still requires `description`) |
+| Add required field | High | Must provide a default value, OR write a backfill migration script first |
+| Remove field | Medium | Soft-remove first (mark optional, stop writing); hard-remove in next PR after deploys settle |
+| Rename field | High | Three-step: add new → backfill → remove old (separate PRs) |
+| Change field type | Critical | Treat as rename: new field + migration + remove old |
+| Add index | Medium | Safe in code, but build can slow writes on large collections — coordinate with ops |
+| Remove index | Low | Safe to ship directly |
+| Add unique index | High | Dedup migration must run first; otherwise the index build fails on existing duplicates |
+
+## Migration Scripts
+
+Migration / backfill scripts live in `example-backend/src/scripts/` (e.g. `syncConsents.ts`, `seedConsents.ts`). They use the `ScriptRunner` type and `BackgroundTask` model from `@terreno/api` (`api/src/scriptRunner.ts`):
+
+```typescript
+import type {ScriptContext, ScriptResult, ScriptRunner} from "@terreno/api";
+
+export const run: ScriptRunner = async (wetRun, ctx) => {
+  const results: string[] = [];
+  // ... do work ...
+  if (wetRun) {
+    // commit changes
+  }
+  return {success: true, results};
+};
+```
+
+Always run with `wetRun = false` first to verify the dry-run output. Use `ctx.checkCancellation()`, `ctx.addLog()`, and `ctx.updateProgress()` for long-running tasks.
+
+## Cross-Package Ripple
+
+A schema change in one place often ripples:
+
+- **API surface affected?** Regenerate the SDK with `cd example-frontend && bun run sdk` (or invoke the `generate-sdk` skill). The OpenAPI spec is derived from the schema, so the frontend hooks will go stale otherwise.
+- **`modelRouter` config?** If you added/removed a field, update `queryFields`, `populatePaths`, and `responseHandler` for any router that touches the model.
+- **Admin panel?** If the model is registered in `AdminApp`, update `listFields` so the table reflects the new shape.
+- **Populated refs?** If another model references this one via `ObjectId` + `ref`, and the referenced document shape changed, the consumer's populated type may need updating.
+
+## Post-Change Checklist
+
+- [ ] All new fields have a `description` (flows to OpenAPI)
+- [ ] Type file updated in the same commit/PR — field names, optionality, enum values, array types, refs, statics/methods all match the schema
+- [ ] For a new model: all five types (`Document`, `Methods`, `Statics`, `Model`, `Schema`) created
+- [ ] Statics/methods assigned directly on schema (`schema.statics = {...}`, `schema.methods = {...}`) — not `.static()` / `.method()`
+- [ ] Other model type files checked — any model that populates this one updated if its shape changed
+- [ ] Migration script written (and dry-run verified with `wetRun = false`) for any backfill
+- [ ] `modelRouter` config updated (`queryFields`, `populatePaths`, `responseHandler`) if needed
+- [ ] `AdminApp` `listFields` updated if the model is in the admin panel
+- [ ] `bun run sdk` run from `example-frontend/` if the API response shape changed
+- [ ] Test covers old-format document behavior (missing new field) if the change rolls out before a backfill
+- [ ] Unique index: dedup migration written and run before the index is added
+- [ ] `checkModelsStrict()` still passes (it runs on non-prod startup)
+- [ ] No `Model.findOne` introduced — use `findExactlyOne` / `findOneOrNone`
+
+## Common Pitfalls
+
+- Adding a required field without a default — first deploy fails for documents that pre-date the field
+- Skipping the type file update — TS happily compiles older callers but new ones break at runtime
+- Adding a `unique` index without dedup — index build fails on collections with existing duplicates
+- Renaming a field in one PR — frontend gets old field, backend writes new field, neither side is happy
+- Forgetting to regenerate the SDK after a shape change — frontend types drift from reality
+- Using `.method()` / `.static()` API — terreno's convention is direct assignment, and mixing styles makes types hard to maintain

package/README.md

@@ -15,7 +15,7 @@ model instances.
 - **Authentication** — JWT with email/password and GitHub OAuth support
 - **Permissions** — Fine-grained access control (IsAuthenticated, IsOwner, IsAdmin, etc.)
 - **OpenAPI** — Automatic spec generation from models and routes
-- **Logging** — Winston-based logging with Google Cloud and Sentry support
+- **Logging** — Winston-based logging with scoped & feature-flagged loggers, automatic request correlation, and Google Cloud / Sentry support
 
 ## Getting started
 
@@ -165,6 +165,59 @@ setupServer({
 
 **Learn more:** See the [GitHub OAuth how-to guide](../docs/how-to/add-github-oauth.md) for complete setup instructions.
 
+## Logging
+
+@terreno/api provides a Winston-based `logger`, two helpers (`createScopedLogger` and
+`createFeatureFlaggedLogger`), and automatic request/job correlation. Always use these instead of
+`console.log` for permanent server logs.
+
+```typescript
+import {createFeatureFlaggedLogger, createScopedLogger, logger} from "@terreno/api";
+
+// Global logger
+logger.info("Server started", {port: 4000});
+logger.error("Failed to process", {error});
+await chargeCard(id).catch(logger.catch); // logs + captures the exception
+
+// Scoped logger: a stable prefix + labels on every line, ideal for multi-step workflows
+const log = createScopedLogger({
+  prefix: "[InvoicePay]",
+  labels: {invoiceId: invoice._id.toString()},
+});
+log.info("Starting capture"); // -> "[InvoicePay] Starting capture invoiceId=… requestId=…"
+
+// Feature-flagged logger: silent until isEnabled() returns true (no redeploy needed)
+const debugLog = createFeatureFlaggedLogger({
+  isEnabled: () => process.env.DEBUG_BILLING === "true",
+  target: log,
+});
+debugLog.debug("optional detail");
+```
+
+### Correlation
+
+While a request or job scope is active, every log line is automatically tagged with `requestId`,
+`userId`, `traceId`, and related fields, so all lines for one request can be grouped together. HTTP
+requests get a scope automatically (the framework also echoes an `X-Request-ID` response header).
+For background jobs, scripts, and cron tasks, open a scope with `runWithRequestContext`:
+
+```typescript
+import {createScopedLogger, runWithRequestContext} from "@terreno/api";
+
+await runWithRequestContext({jobId: "nightly-sync"}, async () => {
+  const log = createScopedLogger({prefix: "[NightlySync]"});
+  log.info("started"); // includes jobId + a generated requestId on every line
+  await sync();
+});
+```
+
+In production, pass a structured transport (e.g. `@google-cloud/logging-winston`) via
+`loggingOptions`/`setupLogging` so the correlation fields and labels reach Log Explorer as
+`jsonPayload`.
+
+**Learn more:** See the [Logging & Tracing reference](../docs/reference/api.md#logging--tracing) for
+the full API, label conventions, and Google Cloud Logging / Sentry details.
+
 ## Sentry
 To enable Sentry, create a "src/sentryInstrumment.ts" file in your project.
 

package/dist/__tests__/versionCheckPlugin.test.js

@@ -114,7 +114,11 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 1:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
-                    (0, bun_test_1.expect)(res.body).toEqual({ pollingIntervalMs: 86400000, status: "ok" });
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
+                    (0, bun_test_1.expect)(res.body).toEqual(bun_test_1.expect.objectContaining({
+                        pollingIntervalMs: 86400000,
+                        status: "ok",
+                    }));
                     return [2 /*return*/];
             }
         });
@@ -127,7 +131,8 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 1:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
-                    (0, bun_test_1.expect)(res.body).toEqual({ status: "ok" });
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
+                    (0, bun_test_1.expect)(res.body).toEqual(bun_test_1.expect.objectContaining({ status: "ok" }));
                     return [2 /*return*/];
             }
         });
@@ -140,7 +145,8 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 1:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
-                    (0, bun_test_1.expect)(res.body).toEqual({ status: "ok" });
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
+                    (0, bun_test_1.expect)(res.body).toEqual(bun_test_1.expect.objectContaining({ status: "ok" }));
                     return [2 /*return*/];
             }
         });
@@ -159,12 +165,13 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 2:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
-                    (0, bun_test_1.expect)(res.body).toEqual({
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
+                    (0, bun_test_1.expect)(res.body).toEqual(bun_test_1.expect.objectContaining({
                         pollingIntervalMs: 86400000,
                         requiredVersion: 50,
                         status: "ok",
                         warningVersion: 100,
-                    });
+                    }));
                     return [2 /*return*/];
             }
         });
@@ -184,6 +191,7 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 2:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
                     (0, bun_test_1.expect)(res.body.status).toBe("warning");
                     (0, bun_test_1.expect)(res.body.message).toBe("Please update!");
                     return [2 /*return*/];
@@ -206,6 +214,7 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 2:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
                     (0, bun_test_1.expect)(res.body.status).toBe("required");
                     (0, bun_test_1.expect)(res.body.message).toBe("Update required");
                     (0, bun_test_1.expect)(res.body.updateUrl).toBe("https://example.com/update");
@@ -228,10 +237,12 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                     return [4 /*yield*/, app.get("/version-check").query({ platform: "web", version: 100 })];
                 case 2:
                     webRes = _a.sent();
+                    (0, bun_test_1.expect)(webRes.body.requestId).toBe(webRes.headers["x-request-id"]);
                     (0, bun_test_1.expect)(webRes.body.status).toBe("ok");
                     return [4 /*yield*/, app.get("/version-check").query({ platform: "mobile", version: 100 })];
                 case 3:
                     mobileRes = _a.sent();
+                    (0, bun_test_1.expect)(mobileRes.body.requestId).toBe(mobileRes.headers["x-request-id"]);
                     (0, bun_test_1.expect)(mobileRes.body.status).toBe("required");
                     return [2 /*return*/];
             }
@@ -250,6 +261,7 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                     return [4 /*yield*/, app.get("/version-check").query({ platform: "invalid", version: 50 })];
                 case 2:
                     res = _a.sent();
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
                     (0, bun_test_1.expect)(res.body.status).toBe("required");
                     return [2 /*return*/];
             }
@@ -269,12 +281,13 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 2:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
-                    (0, bun_test_1.expect)(res.body).toEqual({
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
+                    (0, bun_test_1.expect)(res.body).toEqual(bun_test_1.expect.objectContaining({
                         pollingIntervalMs: 86400000,
                         requiredVersion: 50,
                         status: "ok",
                         warningVersion: 100,
-                    });
+                    }));
                     return [2 /*return*/];
             }
         });
@@ -294,6 +307,7 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 2:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
                     (0, bun_test_1.expect)(res.body.pollingIntervalMs).toBe(3600000);
                     return [2 /*return*/];
             }
@@ -313,6 +327,7 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 2:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
                     (0, bun_test_1.expect)(res.body.pollingIntervalMs).toBe(86400000);
                     return [2 /*return*/];
             }
@@ -332,6 +347,7 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 2:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
                     (0, bun_test_1.expect)(res.body.status).toBe("required");
                     return [2 /*return*/];
             }
@@ -351,6 +367,7 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 2:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
                     (0, bun_test_1.expect)(res.body.status).toBe("warning");
                     (0, bun_test_1.expect)(res.body.message).toBe("A new version is available. Please update for the best experience.");
                     return [2 /*return*/];
@@ -371,6 +388,7 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 2:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
                     (0, bun_test_1.expect)(res.body.status).toBe("required");
                     (0, bun_test_1.expect)(res.body.message).toBe("This version is no longer supported. Please update to continue.");
                     return [2 /*return*/];
@@ -391,6 +409,7 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 2:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
                     (0, bun_test_1.expect)(res.body.status).toBe("warning");
                     return [2 /*return*/];
             }
@@ -409,11 +428,13 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                     return [4 /*yield*/, app.get("/version-check").query({ platform: "web", version: 150 })];
                 case 2:
                     warningRes = _a.sent();
+                    (0, bun_test_1.expect)(warningRes.body.requestId).toBe(warningRes.headers["x-request-id"]);
                     (0, bun_test_1.expect)(warningRes.body.status).toBe("warning");
                     (0, bun_test_1.expect)(warningRes.body.message).toBe("A new version is available. Please update for the best experience.");
                     return [4 /*yield*/, app.get("/version-check").query({ platform: "web", version: 50 })];
                 case 3:
                     requiredRes = _a.sent();
+                    (0, bun_test_1.expect)(requiredRes.body.requestId).toBe(requiredRes.headers["x-request-id"]);
                     (0, bun_test_1.expect)(requiredRes.body.status).toBe("required");
                     (0, bun_test_1.expect)(requiredRes.body.message).toBe("This version is no longer supported. Please update to continue.");
                     return [2 /*return*/];
@@ -428,6 +449,7 @@ var versionCheckPlugin_1 = require("../versionCheckPlugin");
                 case 1:
                     res = _a.sent();
                     (0, bun_test_1.expect)(res.status).toBe(200);
+                    (0, bun_test_1.expect)(res.body.requestId).toBe(res.headers["x-request-id"]);
                     return [2 /*return*/];
             }
         });

package/dist/actions.openApi.test.js

@@ -70,8 +70,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 var bun_test_1 = require("bun:test");
 var supertest_1 = __importDefault(require("supertest"));
 var api_1 = require("./api");
-var auth_1 = require("./auth");
-var expressServer_1 = require("./expressServer");
 var permissions_1 = require("./permissions");
 var terrenoApp_1 = require("./terrenoApp");
 var tests_1 = require("./tests");
@@ -137,6 +135,7 @@ var primeActionOpenApiRoutes = function (server, foodId) { return __awaiter(void
 }); };
 var assertActionOpenApiSpec = function (spec) {
     var _a, _b, _c, _d, _e;
+    (0, bun_test_1.expect)(spec.requestId).toBeUndefined();
     var paths = spec.paths;
     var collectionPath = paths["/food/summarize"];
     var instancePath = paths["/food/{id}/ping"];
@@ -193,7 +192,7 @@ var assertActionOpenApiSpec = function (spec) {
     }); });
     (0, bun_test_1.describe)("TerrenoApp", function () {
         (0, bun_test_1.it)("includes action operations in openapi.json after first request", function () { return __awaiter(void 0, void 0, void 0, function () {
-            var foodRegistration, app, server, specRes;
+            var foodRegistration, app, server, specRes, pingRes;
             return __generator(this, function (_a) {
                 switch (_a.label) {
                     case 0:
@@ -212,26 +211,29 @@ var assertActionOpenApiSpec = function (spec) {
                     case 2:
                         specRes = _a.sent();
                         assertActionOpenApiSpec(specRes.body);
+                        return [4 /*yield*/, server.get("/food/".concat(foodId, "/ping")).expect(200)];
+                    case 3:
+                        pingRes = _a.sent();
+                        (0, bun_test_1.expect)(pingRes.body.data).toEqual({ id: foodId });
+                        (0, bun_test_1.expect)(pingRes.body.requestId).toBe(pingRes.headers["x-request-id"]);
                         return [2 /*return*/];
                 }
             });
         }); });
     });
-    (0, bun_test_1.describe)("setupServer", function () {
+    (0, bun_test_1.describe)("configureApp", function () {
         var app;
         (0, bun_test_1.beforeEach)(function () {
-            var addRoutes = function (router, routerOptions) {
+            var configureApp = function (router, routerOptions) {
                 router.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, __assign(__assign({}, foodActionRouterOptions), routerOptions)));
             };
-            app = (0, expressServer_1.setupServer)({
-                addRoutes: addRoutes,
+            app = new terrenoApp_1.TerrenoApp({
+                configureApp: configureApp,
                 skipListen: true,
                 userModel: tests_1.UserModel,
-            });
-            (0, auth_1.setupAuth)(app, tests_1.UserModel);
-            (0, auth_1.addAuthRoutes)(app, tests_1.UserModel);
+            }).build();
         });
-        (0, bun_test_1.it)("emits the same action operations on first hit via legacy setupServer", function () { return __awaiter(void 0, void 0, void 0, function () {
+        (0, bun_test_1.it)("emits the same action operations on first hit via configureApp", function () { return __awaiter(void 0, void 0, void 0, function () {
             var server, specRes;
             return __generator(this, function (_a) {
                 switch (_a.label) {