npm - @wopr-network/platform-core - Versions diffs - 1.68.0 → 1.70.0 - Mend

@wopr-network/platform-core 1.68.0 → 1.70.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/dist/backup/types.d.ts +1 -1
package/dist/db/schema/pool-config.d.ts +41 -0
package/dist/db/schema/pool-config.js +5 -0
package/dist/db/schema/pool-instances.d.ts +126 -0
package/dist/db/schema/pool-instances.js +10 -0
package/dist/server/__tests__/build-container.test.d.ts +1 -0
package/dist/server/__tests__/build-container.test.js +339 -0
package/dist/server/__tests__/container.test.d.ts +1 -0
package/dist/server/__tests__/container.test.js +173 -0
package/dist/server/__tests__/lifecycle.test.d.ts +1 -0
package/dist/server/__tests__/lifecycle.test.js +90 -0
package/dist/server/__tests__/mount-routes.test.d.ts +1 -0
package/dist/server/__tests__/mount-routes.test.js +151 -0
package/dist/server/boot-config.d.ts +51 -0
package/dist/server/boot-config.js +7 -0
package/dist/server/container.d.ts +97 -0
package/dist/server/container.js +148 -0
package/dist/server/index.d.ts +33 -0
package/dist/server/index.js +66 -0
package/dist/server/lifecycle.d.ts +25 -0
package/dist/server/lifecycle.js +56 -0
package/dist/server/middleware/__tests__/admin-auth.test.d.ts +1 -0
package/dist/server/middleware/__tests__/admin-auth.test.js +59 -0
package/dist/server/middleware/__tests__/tenant-proxy.test.d.ts +1 -0
package/dist/server/middleware/__tests__/tenant-proxy.test.js +268 -0
package/dist/server/middleware/admin-auth.d.ts +18 -0
package/dist/server/middleware/admin-auth.js +38 -0
package/dist/server/middleware/tenant-proxy.d.ts +56 -0
package/dist/server/middleware/tenant-proxy.js +162 -0
package/dist/server/mount-routes.d.ts +30 -0
package/dist/server/mount-routes.js +74 -0
package/dist/server/routes/__tests__/admin.test.d.ts +1 -0
package/dist/server/routes/__tests__/admin.test.js +267 -0
package/dist/server/routes/__tests__/crypto-webhook.test.d.ts +1 -0
package/dist/server/routes/__tests__/crypto-webhook.test.js +137 -0
package/dist/server/routes/__tests__/provision-webhook.test.d.ts +1 -0
package/dist/server/routes/__tests__/provision-webhook.test.js +212 -0
package/dist/server/routes/__tests__/stripe-webhook.test.d.ts +1 -0
package/dist/server/routes/__tests__/stripe-webhook.test.js +65 -0
package/dist/server/routes/admin.d.ts +129 -0
package/dist/server/routes/admin.js +294 -0
package/dist/server/routes/crypto-webhook.d.ts +23 -0
package/dist/server/routes/crypto-webhook.js +82 -0
package/dist/server/routes/provision-webhook.d.ts +38 -0
package/dist/server/routes/provision-webhook.js +160 -0
package/dist/server/routes/stripe-webhook.d.ts +10 -0
package/dist/server/routes/stripe-webhook.js +29 -0
package/dist/server/services/hot-pool-claim.d.ts +30 -0
package/dist/server/services/hot-pool-claim.js +92 -0
package/dist/server/services/hot-pool.d.ts +25 -0
package/dist/server/services/hot-pool.js +129 -0
package/dist/server/services/pool-repository.d.ts +44 -0
package/dist/server/services/pool-repository.js +72 -0
package/dist/server/test-container.d.ts +15 -0
package/dist/server/test-container.js +103 -0
package/dist/trpc/auth-helpers.d.ts +17 -0
package/dist/trpc/auth-helpers.js +26 -0
package/dist/trpc/container-factories.d.ts +300 -0
package/dist/trpc/container-factories.js +80 -0
package/dist/trpc/index.d.ts +2 -0
package/dist/trpc/index.js +2 -0
package/drizzle/migrations/0025_hot_pool_tables.sql +29 -0
package/package.json +5 -1
package/src/db/schema/pool-config.ts +6 -0
package/src/db/schema/pool-instances.ts +11 -0
package/src/server/__tests__/build-container.test.ts +402 -0
package/src/server/__tests__/container.test.ts +207 -0
package/src/server/__tests__/lifecycle.test.ts +106 -0
package/src/server/__tests__/mount-routes.test.ts +169 -0
package/src/server/boot-config.ts +84 -0
package/src/server/container.ts +264 -0
package/src/server/index.ts +92 -0
package/src/server/lifecycle.ts +72 -0
package/src/server/middleware/__tests__/admin-auth.test.ts +67 -0
package/src/server/middleware/__tests__/tenant-proxy.test.ts +308 -0
package/src/server/middleware/admin-auth.ts +51 -0
package/src/server/middleware/tenant-proxy.ts +192 -0
package/src/server/mount-routes.ts +113 -0
package/src/server/routes/__tests__/admin.test.ts +320 -0
package/src/server/routes/__tests__/crypto-webhook.test.ts +167 -0
package/src/server/routes/__tests__/provision-webhook.test.ts +323 -0
package/src/server/routes/__tests__/stripe-webhook.test.ts +73 -0
package/src/server/routes/admin.ts +360 -0
package/src/server/routes/crypto-webhook.ts +110 -0
package/src/server/routes/provision-webhook.ts +212 -0
package/src/server/routes/stripe-webhook.ts +36 -0
package/src/server/services/hot-pool-claim.ts +130 -0
package/src/server/services/hot-pool.ts +174 -0
package/src/server/services/pool-repository.ts +107 -0
package/src/server/test-container.ts +120 -0
package/src/trpc/auth-helpers.ts +28 -0
package/src/trpc/container-factories.ts +114 -0
package/src/trpc/index.ts +9 -0

package/src/server/__tests__/build-container.test.ts ADDED Viewed

@@ -0,0 +1,402 @@
+import { describe, expect, it, vi } from "vitest";
+import type { BootConfig } from "../boot-config.js";
+// ---------------------------------------------------------------------------
+// Mocks — all class mocks use real classes (not arrow fns) so `new` works.
+// ---------------------------------------------------------------------------
+// Mock pg.Pool
+const mockPoolEnd = vi.fn().mockResolvedValue(undefined);
+const poolConstructorCalls: Array<{ connectionString: string }> = [];
+class MockPoolClass {
+  connectionString: string;
+  end = mockPoolEnd;
+  query = vi.fn().mockResolvedValue({ rows: [] });
+  constructor(opts: { connectionString: string }) {
+    this.connectionString = opts.connectionString;
+    poolConstructorCalls.push(opts);
+  }
+}
+vi.mock("pg", () => ({ Pool: MockPoolClass }));
+// Mock drizzle db creation
+const mockDb = { __brand: "drizzle-db" } as never;
+vi.mock("../../db/index.js", () => ({
+  createDb: vi.fn(() => mockDb),
+}));
+// Mock drizzle migrator
+const mockMigrate = vi.fn().mockResolvedValue(undefined);
+vi.mock("drizzle-orm/node-postgres/migrator", () => ({
+  migrate: mockMigrate,
+}));
+// Mock platformBoot
+const mockProductConfig = {
+  product: {
+    slug: "test",
+    brandName: "Test",
+    domain: "test.dev",
+    appDomain: "app.test.dev",
+    fromEmail: "hi@test.dev",
+    emailSupport: "support@test.dev",
+  },
+  navItems: [],
+  domains: [],
+  features: null,
+  fleet: null,
+  billing: null,
+};
+const mockPlatformBoot = vi.fn().mockResolvedValue({
+  service: {},
+  config: mockProductConfig,
+  corsOrigins: ["https://test.dev"],
+  seeded: false,
+});
+vi.mock("../../product-config/boot.js", () => ({
+  platformBoot: (...args: unknown[]) => mockPlatformBoot(...args),
+}));
+// Mock DrizzleLedger
+const mockSeedSystemAccounts = vi.fn().mockResolvedValue(undefined);
+class MockDrizzleLedgerClass {
+  seedSystemAccounts = mockSeedSystemAccounts;
+  balance = vi.fn().mockResolvedValue(0);
+  credit = vi.fn();
+  debit = vi.fn();
+  post = vi.fn();
+  hasReferenceId = vi.fn().mockResolvedValue(false);
+  history = vi.fn().mockResolvedValue([]);
+  tenantsWithBalance = vi.fn().mockResolvedValue([]);
+  memberUsage = vi.fn().mockResolvedValue([]);
+  lifetimeSpend = vi.fn().mockResolvedValue(0);
+  lifetimeSpendBatch = vi.fn().mockResolvedValue(new Map());
+  expiredCredits = vi.fn().mockResolvedValue([]);
+  trialBalance = vi.fn().mockResolvedValue({ balanced: true });
+  accountBalance = vi.fn().mockResolvedValue(0);
+  existsByReferenceIdLike = vi.fn().mockResolvedValue(false);
+  sumPurchasesForPeriod = vi.fn().mockResolvedValue(0);
+  getActiveTenantIdsInWindow = vi.fn().mockResolvedValue([]);
+  debitCapped = vi.fn().mockResolvedValue(null);
+}
+vi.mock("../../credits/ledger.js", async (importOriginal) => {
+  const orig = await importOriginal<Record<string, unknown>>();
+  return { ...orig, DrizzleLedger: MockDrizzleLedgerClass };
+});
+// Mock org/tenancy
+class MockDrizzleOrgMemberRepositoryClass {
+  listMembers = vi.fn().mockResolvedValue([]);
+  addMember = vi.fn();
+}
+vi.mock("../../tenancy/org-member-repository.js", () => ({
+  DrizzleOrgMemberRepository: MockDrizzleOrgMemberRepositoryClass,
+}));
+class MockDrizzleOrgRepositoryClass {}
+vi.mock("../../tenancy/drizzle-org-repository.js", () => ({
+  DrizzleOrgRepository: MockDrizzleOrgRepositoryClass,
+}));
+const orgServiceConstructorCalls: unknown[][] = [];
+class MockOrgServiceClass {
+  getOrCreatePersonalOrg = vi.fn();
+  constructor(...args: unknown[]) {
+    orgServiceConstructorCalls.push(args);
+  }
+}
+vi.mock("../../tenancy/org-service.js", () => ({
+  OrgService: MockOrgServiceClass,
+}));
+// Mock auth
+class MockBetterAuthUserRepositoryClass {}
+vi.mock("../../db/auth-user-repository.js", () => ({
+  BetterAuthUserRepository: MockBetterAuthUserRepositoryClass,
+}));
+class MockDrizzleUserRoleRepositoryClass {
+  isPlatformAdmin = vi.fn().mockResolvedValue(false);
+  listRolesByUser = vi.fn().mockResolvedValue([]);
+  getTenantIdByUserId = vi.fn().mockResolvedValue(null);
+  grantRole = vi.fn();
+  revokeRole = vi.fn().mockResolvedValue(false);
+  listUsersByRole = vi.fn().mockResolvedValue([]);
+}
+vi.mock("../../auth/user-role-repository.js", () => ({
+  DrizzleUserRoleRepository: MockDrizzleUserRoleRepositoryClass,
+}));
+// Mock fleet deps (only imported when fleet is enabled)
+class MockFleetManagerClass {
+  __brand = "fleet-manager";
+}
+vi.mock("../../fleet/fleet-manager.js", () => ({
+  FleetManager: MockFleetManagerClass,
+}));
+class MockProfileStoreClass {
+  __brand = "profile-store";
+}
+vi.mock("../../fleet/profile-store.js", () => ({
+  ProfileStore: MockProfileStoreClass,
+}));
+class MockProxyManagerClass {
+  __brand = "proxy-manager";
+}
+vi.mock("../../proxy/manager.js", () => ({
+  ProxyManager: MockProxyManagerClass,
+}));
+class MockDrizzleServiceKeyRepositoryClass {
+  __brand = "service-key-repo";
+}
+vi.mock("../../gateway/service-key-repository.js", () => ({
+  DrizzleServiceKeyRepository: MockDrizzleServiceKeyRepositoryClass,
+}));
+class MockDockerClass {
+  __brand = "docker";
+}
+vi.mock("dockerode", () => ({
+  default: MockDockerClass,
+}));
+// Mock crypto deps
+class MockDrizzleCryptoChargeRepositoryClass {
+  __brand = "charge-repo";
+}
+vi.mock("../../billing/crypto/charge-store.js", () => ({
+  DrizzleCryptoChargeRepository: MockDrizzleCryptoChargeRepositoryClass,
+}));
+class MockDrizzleWebhookSeenRepositoryClass {
+  __brand = "webhook-seen-repo";
+}
+vi.mock("../../billing/drizzle-webhook-seen-repository.js", () => ({
+  DrizzleWebhookSeenRepository: MockDrizzleWebhookSeenRepositoryClass,
+}));
+// Mock stripe deps
+class MockStripeClass {
+  __brand = "stripe-client";
+}
+vi.mock("stripe", () => ({
+  default: MockStripeClass,
+}));
+class MockDrizzleTenantCustomerRepositoryClass {
+  __brand = "tenant-customer-repo";
+}
+vi.mock("../../billing/stripe/tenant-store.js", () => ({
+  DrizzleTenantCustomerRepository: MockDrizzleTenantCustomerRepositoryClass,
+}));
+vi.mock("../../billing/stripe/credit-prices.js", () => ({
+  loadCreditPriceMap: vi.fn(() => new Map()),
+}));
+class MockStripePaymentProcessorClass {
+  __brand = "stripe-processor";
+  handleWebhook = vi.fn();
+}
+vi.mock("../../billing/stripe/stripe-payment-processor.js", () => ({
+  StripePaymentProcessor: MockStripePaymentProcessorClass,
+}));
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function baseBootConfig(overrides?: Partial<BootConfig>): BootConfig {
+  return {
+    slug: "test-product",
+    databaseUrl: "postgres://localhost:5432/testdb",
+    provisionSecret: "test-secret",
+    features: {
+      fleet: false,
+      crypto: false,
+      stripe: false,
+      gateway: false,
+      hotPool: false,
+    },
+    ...overrides,
+  };
+}
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+describe("buildContainer", () => {
+  // Dynamic import so mocks are registered before the module loads
+  async function loadBuildContainer() {
+    const mod = await import("../container.js");
+    return mod.buildContainer;
+  }
+  it("throws on empty databaseUrl", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig({ databaseUrl: "" });
+    await expect(buildContainer(config)).rejects.toThrow("databaseUrl is required");
+  });
+  it("creates pool with correct connectionString", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig();
+    poolConstructorCalls.length = 0;
+    const container = await buildContainer(config);
+    expect(poolConstructorCalls).toContainEqual({
+      connectionString: "postgres://localhost:5432/testdb",
+    });
+    expect(container.pool).toBeDefined();
+  });
+  it("calls platformBoot with correct slug", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig({ slug: "paperclip" });
+    await buildContainer(config);
+    expect(mockPlatformBoot).toHaveBeenCalledWith(expect.objectContaining({ slug: "paperclip" }));
+  });
+  it("seeds system accounts after creating ledger", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig();
+    await buildContainer(config);
+    expect(mockSeedSystemAccounts).toHaveBeenCalled();
+  });
+  it("core services are always present", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig();
+    const container = await buildContainer(config);
+    expect(container.db).toBeDefined();
+    expect(container.pool).toBeDefined();
+    expect(container.productConfig).toBeDefined();
+    expect(container.creditLedger).toBeDefined();
+    expect(container.orgMemberRepo).toBeDefined();
+    expect(container.orgService).toBeDefined();
+    expect(container.userRoleRepo).toBeDefined();
+  });
+  it("returns null for all disabled features", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig();
+    const container = await buildContainer(config);
+    expect(container.fleet).toBeNull();
+    expect(container.crypto).toBeNull();
+    expect(container.stripe).toBeNull();
+    expect(container.gateway).toBeNull();
+    expect(container.hotPool).toBeNull();
+  });
+  it("builds fleet services when feature is enabled", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig({
+      features: { fleet: true, crypto: false, stripe: false, gateway: false, hotPool: false },
+    });
+    const container = await buildContainer(config);
+    expect(container.fleet).not.toBeNull();
+    expect(container.fleet?.manager).toBeDefined();
+    expect(container.fleet?.docker).toBeDefined();
+    expect(container.fleet?.proxy).toBeDefined();
+    expect(container.fleet?.profileStore).toBeDefined();
+    expect(container.fleet?.serviceKeyRepo).toBeDefined();
+  });
+  it("builds crypto services when feature is enabled", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig({
+      features: { fleet: false, crypto: true, stripe: false, gateway: false, hotPool: false },
+    });
+    const container = await buildContainer(config);
+    expect(container.crypto).not.toBeNull();
+    expect(container.crypto?.chargeRepo).toBeDefined();
+    expect(container.crypto?.webhookSeenRepo).toBeDefined();
+  });
+  it("builds stripe services when feature is enabled and key provided", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig({
+      features: { fleet: false, crypto: false, stripe: true, gateway: false, hotPool: false },
+      stripeSecretKey: "sk_test_123",
+      stripeWebhookSecret: "whsec_test_456",
+    });
+    const container = await buildContainer(config);
+    expect(container.stripe).not.toBeNull();
+    expect(container.stripe?.stripe).toBeDefined();
+    expect(container.stripe?.webhookSecret).toBe("whsec_test_456");
+    expect(container.stripe?.customerRepo).toBeDefined();
+    expect(container.stripe?.processor).toBeDefined();
+  });
+  it("returns null stripe when feature enabled but no secret key", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig({
+      features: { fleet: false, crypto: false, stripe: true, gateway: false, hotPool: false },
+      // stripeSecretKey intentionally omitted
+    });
+    const container = await buildContainer(config);
+    expect(container.stripe).toBeNull();
+  });
+  it("builds gateway services when feature is enabled", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig({
+      features: { fleet: false, crypto: false, stripe: false, gateway: true, hotPool: false },
+    });
+    const container = await buildContainer(config);
+    expect(container.gateway).not.toBeNull();
+    expect(container.gateway?.serviceKeyRepo).toBeDefined();
+  });
+  it("runs migrations before building services", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig();
+    await buildContainer(config);
+    expect(mockMigrate).toHaveBeenCalled();
+    // Migration should be called before platformBoot
+    const migrateOrder = mockMigrate.mock.invocationCallOrder[0];
+    const bootOrder = mockPlatformBoot.mock.invocationCallOrder[0];
+    expect(migrateOrder).toBeLessThan(bootOrder);
+  });
+  it("constructs OrgService with orgRepo, memberRepo, db, and authUserRepo", async () => {
+    const buildContainer = await loadBuildContainer();
+    const config = baseBootConfig();
+    orgServiceConstructorCalls.length = 0;
+    await buildContainer(config);
+    expect(orgServiceConstructorCalls.length).toBeGreaterThan(0);
+    const [orgRepo, memberRepo, db, options] = orgServiceConstructorCalls[0];
+    expect(orgRepo).toBeInstanceOf(MockDrizzleOrgRepositoryClass);
+    expect(memberRepo).toBeInstanceOf(MockDrizzleOrgMemberRepositoryClass);
+    expect(db).toBe(mockDb);
+    expect(options).toEqual(expect.objectContaining({ userRepo: expect.any(MockBetterAuthUserRepositoryClass) }));
+  });
+});

package/src/server/__tests__/container.test.ts ADDED Viewed

@@ -0,0 +1,207 @@
+import { describe, expect, it } from "vitest";
+import type { BootConfig, FeatureFlags } from "../boot-config.js";
+import type { CryptoServices, FleetServices, GatewayServices, HotPoolServices, StripeServices } from "../container.js";
+import { createTestContainer } from "../test-container.js";
+// ---------------------------------------------------------------------------
+// PlatformContainer interface
+// ---------------------------------------------------------------------------
+describe("PlatformContainer", () => {
+  it("allows null feature services", () => {
+    const c = createTestContainer();
+    expect(c.fleet).toBeNull();
+    expect(c.crypto).toBeNull();
+    expect(c.stripe).toBeNull();
+    expect(c.gateway).toBeNull();
+    expect(c.hotPool).toBeNull();
+  });
+  it("requires core services to be present", () => {
+    const c = createTestContainer();
+    expect(c.db).toBeDefined();
+    expect(c.pool).toBeDefined();
+    expect(c.productConfig).toBeDefined();
+    expect(c.creditLedger).toBeDefined();
+    expect(c.orgMemberRepo).toBeDefined();
+    expect(c.orgService).toBeDefined();
+    expect(c.userRoleRepo).toBeDefined();
+  });
+});
+// ---------------------------------------------------------------------------
+// BootConfig shape
+// ---------------------------------------------------------------------------
+describe("BootConfig", () => {
+  it("requires slug and provisionSecret", () => {
+    const config: BootConfig = {
+      slug: "test-product",
+      databaseUrl: "postgres://localhost/test",
+      provisionSecret: "s3cret",
+      features: {
+        fleet: false,
+        crypto: false,
+        stripe: false,
+        gateway: false,
+        hotPool: false,
+      },
+    };
+    expect(config.slug).toBe("test-product");
+    expect(config.provisionSecret).toBe("s3cret");
+  });
+  it("accepts optional fields", () => {
+    const config: BootConfig = {
+      slug: "full",
+      databaseUrl: "postgres://localhost/full",
+      provisionSecret: "secret",
+      host: "127.0.0.1",
+      port: 4000,
+      features: {
+        fleet: true,
+        crypto: true,
+        stripe: true,
+        gateway: true,
+        hotPool: true,
+      },
+      stripeSecretKey: "sk_test_xxx",
+      stripeWebhookSecret: "whsec_xxx",
+      cryptoServiceKey: "csk_xxx",
+      routes: [],
+    };
+    expect(config.host).toBe("127.0.0.1");
+    expect(config.port).toBe(4000);
+    expect(config.features.fleet).toBe(true);
+  });
+  it("FeatureFlags has all five toggles", () => {
+    const flags: FeatureFlags = {
+      fleet: true,
+      crypto: false,
+      stripe: true,
+      gateway: false,
+      hotPool: true,
+    };
+    expect(Object.keys(flags)).toHaveLength(5);
+  });
+});
+// ---------------------------------------------------------------------------
+// createTestContainer
+// ---------------------------------------------------------------------------
+describe("createTestContainer", () => {
+  it("returns valid defaults", () => {
+    const c = createTestContainer();
+    expect(c.fleet).toBeNull();
+    expect(c.crypto).toBeNull();
+    expect(c.stripe).toBeNull();
+    expect(c.gateway).toBeNull();
+    expect(c.hotPool).toBeNull();
+    expect(c.productConfig.product).toBeDefined();
+  });
+  it("allows overrides for core services", () => {
+    const customConfig = {
+      product: { slug: "custom", name: "Custom" } as never,
+      navItems: [],
+      domains: [],
+      features: null,
+      fleet: null,
+      billing: null,
+    };
+    const c = createTestContainer({ productConfig: customConfig });
+    expect(c.productConfig.product).toEqual({ slug: "custom", name: "Custom" });
+  });
+  it("stub ledger methods return sensible defaults", async () => {
+    const c = createTestContainer();
+    expect(await c.creditLedger.balance("t1")).toBe(0);
+    expect(await c.creditLedger.hasReferenceId("ref")).toBe(false);
+    expect(await c.creditLedger.history("t1")).toEqual([]);
+    expect(await c.creditLedger.tenantsWithBalance()).toEqual([]);
+    expect(await c.creditLedger.lifetimeSpendBatch([])).toEqual(new Map());
+  });
+  it("stub orgMemberRepo methods return sensible defaults", async () => {
+    const c = createTestContainer();
+    expect(await c.orgMemberRepo.findMember("org1", "u1")).toBeNull();
+    expect(await c.orgMemberRepo.listMembers("org1")).toEqual([]);
+    expect(await c.orgMemberRepo.countAdminsAndOwners("org1")).toBe(0);
+  });
+  it("stub userRoleRepo methods return sensible defaults", async () => {
+    const c = createTestContainer();
+    expect(await c.userRoleRepo.getTenantIdByUserId("u1")).toBeNull();
+    expect(await c.userRoleRepo.isPlatformAdmin("u1")).toBe(false);
+    expect(await c.userRoleRepo.listRolesByUser("u1")).toEqual([]);
+  });
+  it("allows enabling feature services via overrides", () => {
+    const fleet: FleetServices = {
+      manager: {} as never,
+      docker: {} as never,
+      proxy: {} as never,
+      profileStore: {} as never,
+      serviceKeyRepo: {} as never,
+    };
+    const crypto: CryptoServices = {
+      chargeRepo: {} as never,
+      webhookSeenRepo: {} as never,
+    };
+    const stripe: StripeServices = {
+      stripe: {} as never,
+      webhookSecret: "whsec_test",
+      customerRepo: {} as never,
+      processor: {} as never,
+    };
+    const gateway: GatewayServices = {
+      serviceKeyRepo: {} as never,
+    };
+    const hotPool: HotPoolServices = {
+      start: async () => ({ stop: () => {} }),
+      claim: async () => null,
+      getPoolSize: async () => 2,
+      setPoolSize: async () => {},
+    };
+    const c = createTestContainer({ fleet, crypto, stripe, gateway, hotPool });
+    expect(c.fleet).not.toBeNull();
+    expect(c.crypto).not.toBeNull();
+    expect(c.stripe).not.toBeNull();
+    expect(c.stripe?.webhookSecret).toBe("whsec_test");
+    expect(c.gateway).not.toBeNull();
+    expect(c.hotPool).not.toBeNull();
+  });
+  it("overrides merge without affecting other defaults", () => {
+    const c = createTestContainer({ gateway: { serviceKeyRepo: {} as never } });
+    // Overridden field
+    expect(c.gateway).not.toBeNull();
+    // Other feature services remain null
+    expect(c.fleet).toBeNull();
+    expect(c.crypto).toBeNull();
+    expect(c.stripe).toBeNull();
+    expect(c.hotPool).toBeNull();
+    // Core services still present
+    expect(c.creditLedger).toBeDefined();
+    expect(c.orgMemberRepo).toBeDefined();
+  });
+});