chadstart 1.0.0

package/test/browser/admin-ui.spec.js

@@ -0,0 +1,127 @@
+// @ts-check
+'use strict';
+
+/**
+ * Browser tests for the Admin UI navigation.
+ * Validates that switching between Dashboard, API Keys, Config Editor and an
+ * entity shows exactly the right panel and hides all others.
+ */
+
+const { test, expect } = require('@playwright/test');
+const fs = require('fs');
+
+// ── Helpers ──────────────────────────────────────────────────────────────────
+
+/** IDs of every top-level content area in the admin UI. */
+const AREAS = ['dashboard-area', 'table-view', 'api-keys-area', 'config-area'];
+
+/**
+ * Assert that only `visibleId` is shown; all other areas must be hidden.
+ * @param {import('@playwright/test').Page} page
+ * @param {string} visibleId
+ */
+async function assertOnlyAreaVisible(page, visibleId) {
+  for (const id of AREAS) {
+    const el = page.locator(`#${id}`);
+    if (id === visibleId) {
+      await expect(el, `#${id} should be visible`).not.toHaveClass(/hidden/);
+    } else {
+      await expect(el, `#${id} should be hidden`).toHaveClass(/hidden/);
+    }
+  }
+}
+
+// ── Login fixture ─────────────────────────────────────────────────────────────
+
+/**
+ * Log in to the admin UI and return once the dashboard is visible.
+ * @param {import('@playwright/test').Page} page
+ * @param {{ email: string, password: string, collectionName: string }} creds
+ */
+async function loginToAdmin(page, creds) {
+  // The collection input is in a hidden section by default; reveal it first
+  const collectionSection = page.locator('#login-collection-section');
+  if (await collectionSection.isHidden()) {
+    await page.click('#toggle-collection-btn');
+  }
+  await page.fill('#login-collection', creds.collectionName);
+  await page.fill('#login-email', creds.email);
+  await page.fill('#login-password', creds.password);
+  await page.click('#login-btn');
+  // Wait for the login overlay to disappear
+  await expect(page.locator('#login-overlay')).toBeHidden({ timeout: 10000 });
+}
+
+// ── Tests ─────────────────────────────────────────────────────────────────────
+
+test.describe('Admin UI – navigation area switching', () => {
+  let creds;
+
+  test.beforeAll(() => {
+    const stateFile = process.env.TEST_STATE_FILE;
+    if (!stateFile || !fs.existsSync(stateFile)) {
+      throw new Error('TEST_STATE_FILE not set or missing – was global setup run?');
+    }
+    creds = JSON.parse(fs.readFileSync(stateFile, 'utf8'));
+    // Override BASE_URL from state so we target the correct port
+    process.env.TEST_BASE_URL = `http://localhost:${creds.port}`;
+  });
+
+  test.beforeEach(async ({ page }) => {
+    const baseUrl = `http://localhost:${creds.port}`;
+    await page.goto(`${baseUrl}/admin`);
+    await loginToAdmin(page, creds);
+    // The dashboard is selected by default after login
+    await expect(page.locator('#dashboard-area')).not.toHaveClass(/hidden/, { timeout: 10000 });
+  });
+
+  test('Dashboard shows only dashboard-area', async ({ page }) => {
+    // Already on dashboard after login; verify it explicitly
+    await page.click('#nav-dashboard-item');
+    await assertOnlyAreaVisible(page, 'dashboard-area');
+  });
+
+  test('API Keys shows only api-keys-area', async ({ page }) => {
+    await page.click('#nav-apikeys-item');
+    await expect(page.locator('#api-keys-area')).not.toHaveClass(/hidden/);
+    await assertOnlyAreaVisible(page, 'api-keys-area');
+  });
+
+  test('Config Editor shows only config-area', async ({ page }) => {
+    await page.click('#nav-config-item');
+    await expect(page.locator('#config-area')).not.toHaveClass(/hidden/);
+    await assertOnlyAreaVisible(page, 'config-area');
+  });
+
+  test('Clicking an entity shows only table-view', async ({ page }) => {
+    // Wait for the sidebar to be populated with entities
+    await expect(page.locator('#nav-entities')).not.toBeEmpty({ timeout: 5000 });
+    const firstEntity = page.locator('#nav-entities .nav-item').first();
+    await expect(firstEntity).toBeVisible();
+    await firstEntity.click();
+    await expect(page.locator('#table-view')).not.toHaveClass(/hidden/);
+    await assertOnlyAreaVisible(page, 'table-view');
+  });
+
+  test('Switching from entity to API Keys hides table-view', async ({ page }) => {
+    // Navigate to an entity first
+    await expect(page.locator('#nav-entities')).not.toBeEmpty({ timeout: 5000 });
+    await page.locator('#nav-entities .nav-item').first().click();
+    await expect(page.locator('#table-view')).not.toHaveClass(/hidden/);
+
+    // Now switch to API Keys
+    await page.click('#nav-apikeys-item');
+    await assertOnlyAreaVisible(page, 'api-keys-area');
+  });
+
+  test('Switching from API Keys back to an entity shows table-view', async ({ page }) => {
+    // Go to API Keys
+    await page.click('#nav-apikeys-item');
+    await assertOnlyAreaVisible(page, 'api-keys-area');
+
+    // Go back to an entity
+    await expect(page.locator('#nav-entities')).not.toBeEmpty({ timeout: 5000 });
+    await page.locator('#nav-entities .nav-item').first().click();
+    await assertOnlyAreaVisible(page, 'table-view');
+  });
+});

package/test/browser/global-setup.js

@@ -0,0 +1,71 @@
+'use strict';
+
+/**
+ * Playwright global setup: starts a chadstart server on a random port,
+ * signs up a test admin user, and writes the server URL + credentials
+ * to environment so tests can use them.
+ */
+
+const path = require('path');
+const fs   = require('fs');
+const os   = require('os');
+const http = require('http');
+
+const TMP_DIR = fs.mkdtempSync(path.join(os.tmpdir(), 'cs-browser-test-'));
+const DB_PATH = path.join(TMP_DIR, 'test.db');
+const STATE_FILE = path.join(TMP_DIR, 'server-state.json');
+
+async function httpPost(port, urlPath, body) {
+  const data = JSON.stringify(body);
+  return new Promise((resolve, reject) => {
+    const req = http.request({
+      hostname: 'localhost', port, path: urlPath, method: 'POST',
+      headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(data) },
+    }, (res) => {
+      let buf = '';
+      res.on('data', (c) => { buf += c; });
+      res.on('end', () => { try { resolve(JSON.parse(buf)); } catch { resolve(buf); } });
+    });
+    req.on('error', reject);
+    req.write(data);
+    req.end();
+  });
+}
+
+module.exports = async function globalSetup() {
+  process.env.DB_PATH = DB_PATH;
+
+  const { buildApp } = require('../../server/express-server');
+  const YAML_PATH = path.resolve(__dirname, '../../chadstart.yaml');
+
+  const { app } = await buildApp(YAML_PATH, null);
+  const server = http.createServer(app);
+  await new Promise((resolve) => server.listen(0, resolve));
+  const port = server.address().port;
+
+  // Sign up a test admin user
+  const result = await httpPost(port, '/api/auth/admin/signup', {
+    email: 'admin@test.com',
+    password: 'testpass123',
+    name: 'Test Admin',
+  });
+  if (!result.token) {
+    throw new Error('Failed to create test admin user: ' + JSON.stringify(result));
+  }
+
+  // Persist state for teardown and tests
+  fs.writeFileSync(STATE_FILE, JSON.stringify({
+    port,
+    dbPath: DB_PATH,
+    tmpDir: TMP_DIR,
+    email: 'admin@test.com',
+    password: 'testpass123',
+    collectionName: 'Admin',
+  }));
+
+  process.env.TEST_BASE_URL  = `http://localhost:${port}`;
+  process.env.TEST_STATE_FILE = STATE_FILE;
+
+  // Attach server to global so teardown can close it
+  global.__TEST_SERVER__ = server;
+};

package/test/browser/global-teardown.js

@@ -0,0 +1,11 @@
+'use strict';
+
+/**
+ * Playwright global teardown: closes the test server started in global-setup.js.
+ */
+
+module.exports = async function globalTeardown() {
+  if (global.__TEST_SERVER__) {
+    await new Promise((resolve) => global.__TEST_SERVER__.close(resolve));
+  }
+};

package/test/db.test.js

@@ -0,0 +1,227 @@
+'use strict';
+
+const assert = require('assert');
+const path = require('path');
+const fs = require('fs');
+const os = require('os');
+const { buildCore } = require('../core/entity-engine');
+const dbModule = require('../core/db');
+
+describe('db', () => {
+  let tmpDb;
+  const testCore = buildCore({ name: 'T', entities: { Widget: { properties: ['name', 'color'] } } });
+
+  before(() => {
+    tmpDb = path.join(os.tmpdir(), `chadstart-test-${Date.now()}.db`);
+    dbModule.initDb(testCore, tmpDb);
+  });
+
+  after(() => { fs.unlinkSync(tmpDb); });
+
+  it('initDb creates database file', () => { assert.ok(fs.existsSync(tmpDb)); });
+  it('create inserts a row', () => { const r = dbModule.create('widget', { name: 'Foo', color: 'red' }); assert.strictEqual(r.name, 'Foo'); assert.ok(typeof r.id === 'string' && r.id.length > 0); assert.ok(r.createdAt); assert.ok(r.updatedAt); });
+  it('findAll returns paginated result', () => { const result = dbModule.findAll('widget'); assert.ok(result.data.length >= 1); assert.ok(typeof result.total === 'number'); assert.ok(typeof result.currentPage === 'number'); });
+  it('findById works', () => { const c = dbModule.create('widget', { name: 'Bar', color: 'blue' }); assert.strictEqual(dbModule.findById('widget', c.id).name, 'Bar'); });
+  it('findById returns null for missing', () => assert.strictEqual(dbModule.findById('widget', 'nonexistent-id'), null));
+  it('update modifies row', () => { const c = dbModule.create('widget', { name: 'Baz', color: 'green' }); assert.strictEqual(dbModule.update('widget', c.id, { color: 'yellow' }).color, 'yellow'); });
+  it('remove deletes row', () => { const c = dbModule.create('widget', { name: 'Del', color: 'gray' }); dbModule.remove('widget', c.id); assert.strictEqual(dbModule.findById('widget', c.id), null); });
+  it('remove returns null for missing', () => assert.strictEqual(dbModule.remove('widget', 'nonexistent-id'), null));
+  it('findAll with filters', () => { dbModule.create('widget', { name: 'R1', color: 'red' }); const result = dbModule.findAll('widget', { color: 'red' }); assert.ok(result.data.every((r) => r.color === 'red')); });
+  it('findAll with filter suffixes', () => { dbModule.create('widget', { name: 'FilterTest', color: 'green' }); const result = dbModule.findAll('widget', { color_neq: 'red' }); assert.ok(result.data.some((r) => r.color !== 'red')); });
+  it('findAll with ordering', () => { const result = dbModule.findAll('widget', {}, { orderBy: 'name', order: 'ASC' }); assert.ok(result.data.length >= 1); });
+  it('findAll with pagination', () => { const result = dbModule.findAll('widget', {}, { page: 1, perPage: 2 }); assert.ok(result.perPage === 2); assert.ok(result.currentPage === 1); });
+  it('findAllSimple returns raw array', () => { const rows = dbModule.findAllSimple('widget'); assert.ok(Array.isArray(rows)); });
+});
+
+describe('db – authenticable entities', () => {
+  let tmp;
+
+  before(() => {
+    tmp = path.join(os.tmpdir(), `chadstart-auth-${Date.now()}.db`);
+    const core = buildCore({ name: 'T', entities: { Admin: { authenticable: true, properties: ['name'] } } });
+    dbModule.initDb(core, tmp);
+  });
+
+  after(() => { fs.unlinkSync(tmp); });
+
+  it('authenticable entity has email + password columns', () => {
+    const cols = dbModule.getDb().pragma('table_info("admin")').map((r) => r.name);
+    assert.ok(cols.includes('email') && cols.includes('password') && cols.includes('name'));
+  });
+});
+
+describe('db – belongsToMany junction tables', () => {
+  let tmp;
+
+  before(() => {
+    tmp = path.join(os.tmpdir(), `chadstart-btm-${Date.now()}.db`);
+    const core = buildCore({ name: 'T', entities: { Player: { properties: ['n'], belongsToMany: ['Skill'] }, Skill: { properties: ['n'] } } });
+    dbModule.initDb(core, tmp);
+  });
+
+  after(() => { fs.unlinkSync(tmp); });
+
+  it('creates junction table', () => {
+    const tables = dbModule.getDb().prepare("SELECT name FROM sqlite_master WHERE type='table'").all().map((t) => t.name);
+    assert.ok(tables.some((t) => t.includes('player') && t.includes('skill')));
+  });
+});
+
+describe('db – advanced filters', () => {
+  let tmp;
+
+  before(() => {
+    tmp = path.join(os.tmpdir(), `chadstart-advfilter-${Date.now()}.db`);
+    const core = buildCore({
+      name: 'T',
+      entities: { Score: { properties: [{ name: 'value', type: 'integer' }, { name: 'tag', type: 'string' }] } },
+    });
+    dbModule.initDb(core, tmp);
+    dbModule.create('score', { value: 10, tag: 'alpha' });
+    dbModule.create('score', { value: 20, tag: 'bravo' });
+    dbModule.create('score', { value: 30, tag: 'charlie' });
+    dbModule.create('score', { value: 40, tag: 'delta' });
+  });
+
+  after(() => { fs.unlinkSync(tmp); });
+
+  it('_eq filter returns exact match', () => {
+    const result = dbModule.findAll('score', { tag_eq: 'alpha' });
+    assert.ok(result.data.every((r) => r.tag === 'alpha'));
+    assert.strictEqual(result.data.length, 1);
+  });
+
+  it('_gt filter returns rows greater than value', () => {
+    const result = dbModule.findAll('score', { value_gt: '15' });
+    assert.ok(result.data.every((r) => r.value > 15));
+    assert.strictEqual(result.data.length, 3);
+  });
+
+  it('_gte filter returns rows >= value', () => {
+    const result = dbModule.findAll('score', { value_gte: '20' });
+    assert.ok(result.data.every((r) => r.value >= 20));
+    assert.strictEqual(result.data.length, 3);
+  });
+
+  it('_lt filter returns rows below value', () => {
+    const result = dbModule.findAll('score', { value_lt: '25' });
+    assert.ok(result.data.every((r) => r.value < 25));
+    assert.strictEqual(result.data.length, 2);
+  });
+
+  it('_lte filter returns rows <= value', () => {
+    const result = dbModule.findAll('score', { value_lte: '20' });
+    assert.ok(result.data.every((r) => r.value <= 20));
+    assert.strictEqual(result.data.length, 2);
+  });
+
+  it('_like filter matches pattern', () => {
+    const result = dbModule.findAll('score', { tag_like: '%lph%' });
+    assert.ok(result.data.every((r) => r.tag.includes('lph')));
+    assert.strictEqual(result.data.length, 1);
+  });
+
+  it('_in filter returns rows matching any listed value', () => {
+    const result = dbModule.findAll('score', { tag_in: 'alpha,bravo' });
+    assert.ok(result.data.every((r) => r.tag === 'alpha' || r.tag === 'bravo'));
+    assert.strictEqual(result.data.length, 2);
+  });
+
+  it('findAllSimple with filter returns matching rows', () => {
+    const rows = dbModule.findAllSimple('score', { tag: 'alpha' });
+    assert.ok(rows.every((r) => r.tag === 'alpha'));
+    assert.strictEqual(rows.length, 1);
+  });
+
+  it('findAllSimple with unknown filter key returns all rows', () => {
+    const rows = dbModule.findAllSimple('score', { nonexistent_col: 'xyz' });
+    assert.ok(Array.isArray(rows));
+    assert.ok(rows.length >= 4);
+  });
+});
+
+describe('db – relations', () => {
+  let tmp, post, commentNoPost, comment1, player, skill1, skill2;
+  let core;
+
+  before(() => {
+    tmp = path.join(os.tmpdir(), `chadstart-rel-${Date.now()}.db`);
+    core = buildCore({
+      name: 'T',
+      entities: {
+        Post:    { properties: ['title'] },
+        Comment: { properties: ['body'], belongsTo: ['Post'] },
+        Player:  { properties: ['name'], belongsToMany: ['Skill'] },
+        Skill:   { properties: ['label'] },
+      },
+    });
+    dbModule.initDb(core, tmp);
+
+    post         = dbModule.create('post',    { title: 'Hello World' });
+    dbModule.create('comment', { body: 'Great!', post_id: post.id });
+    dbModule.create('comment', { body: 'Thanks', post_id: post.id });
+    commentNoPost = dbModule.create('comment', { body: 'Orphan', post_id: null });
+    comment1      = dbModule.create('comment', { body: 'Reply', post_id: post.id });
+    player  = dbModule.create('player', { name: 'Alice' });
+    skill1  = dbModule.create('skill',  { label: 'Jump' });
+    skill2  = dbModule.create('skill',  { label: 'Swim' });
+  });
+
+  after(() => { fs.unlinkSync(tmp); });
+
+  it('loadRelations: noop when row is null', () => {
+    const result = dbModule.loadRelations(null, core.entities.Comment, 'Post');
+    assert.strictEqual(result, null);
+  });
+
+  it('loadRelations: belongsTo resolves related row', () => {
+    const row = { ...comment1 };
+    dbModule.loadRelations(row, core.entities.Comment, 'Post');
+    assert.ok(row.Post, 'related row should be attached');
+    assert.strictEqual(row.Post.id, post.id);
+    assert.strictEqual(row.Post.title, 'Hello World');
+  });
+
+  it('loadRelations: belongsTo with null FK sets null', () => {
+    const row = { ...commentNoPost };
+    dbModule.loadRelations(row, core.entities.Comment, 'Post');
+    assert.strictEqual(row.Post, null);
+  });
+
+  it('loadRelations: hasMany (reverse) resolves children', () => {
+    const row = { ...post };
+    dbModule.loadRelations(row, core.entities.Post, 'comment');
+    assert.ok(Array.isArray(row.comment));
+    assert.ok(row.comment.length >= 3);
+    assert.ok(row.comment.every((c) => c.post_id === post.id));
+  });
+
+  it('loadRelations: comma-separated names loads multiple relations', () => {
+    const row = { ...comment1 };
+    dbModule.loadRelations(row, core.entities.Comment, 'Post,nonexistent');
+    assert.ok(row.Post, 'Post relation should be loaded');
+  });
+
+  it('saveBelongsToMany: saves junction rows and loadRelations retrieves them', () => {
+    dbModule.saveBelongsToMany(core.entities.Player, player.id, { skillIds: [skill1.id, skill2.id] });
+    const row = { ...player };
+    dbModule.loadRelations(row, core.entities.Player, 'Skill');
+    assert.ok(Array.isArray(row.Skill));
+    assert.strictEqual(row.Skill.length, 2);
+  });
+
+  it('saveBelongsToMany: clears and replaces existing junction rows', () => {
+    dbModule.saveBelongsToMany(core.entities.Player, player.id, { skillIds: [skill1.id] });
+    const row = { ...player };
+    dbModule.loadRelations(row, core.entities.Player, 'Skill');
+    assert.strictEqual(row.Skill.length, 1);
+    assert.strictEqual(row.Skill[0].id, skill1.id);
+  });
+
+  it('saveBelongsToMany: skips when no ids key in body', () => {
+    dbModule.saveBelongsToMany(core.entities.Player, player.id, {});
+    const row = { ...player };
+    dbModule.loadRelations(row, core.entities.Player, 'Skill');
+    assert.strictEqual(row.Skill.length, 1);
+  });
+});

package/test/entity-engine.test.js

@@ -0,0 +1,193 @@
+'use strict';
+
+const assert = require('assert');
+const { buildCore, toSnakeCase, toKebabCase } = require('../core/entity-engine');
+
+describe('entity-engine', () => {
+  it('toSnakeCase converts PascalCase', () => assert.strictEqual(toSnakeCase('BlogPost'), 'blog_post'));
+  it('toSnakeCase leaves lowercase', () => assert.strictEqual(toSnakeCase('post'), 'post'));
+  it('toKebabCase converts PascalCase', () => assert.strictEqual(toKebabCase('BlogPost'), 'blog-post'));
+
+  it('buildCore populates entities', () => {
+    const core = buildCore({ name: 'Blog', entities: { Post: { properties: ['title', 'content'] } } });
+    assert.ok(core.entities.Post);
+    assert.strictEqual(core.entities.Post.tableName, 'post');
+    assert.deepStrictEqual(core.entities.Post.properties.map((p) => p.name), ['title', 'content']);
+  });
+
+  it('buildCore normalizes object properties', () => {
+    const core = buildCore({ name: 'App', entities: { Item: { properties: [{ name: 'price', type: 'number' }] } } });
+    assert.strictEqual(core.entities.Item.properties[0].type, 'number');
+  });
+
+  it('buildCore sets default port', () => assert.ok(typeof buildCore({ name: 'App' }).port === 'number'));
+
+  it('buildCore handles authenticable entities', () => {
+    const core = buildCore({ name: 'App', entities: { Admin: { authenticable: true, properties: ['name'] }, Post: { properties: ['t'] } } });
+    assert.ok(core.entities.Admin.authenticable);
+    assert.ok(core.authenticableEntities.Admin);
+    assert.ok(!core.authenticableEntities.Post);
+  });
+
+  it('buildCore handles policies with emoji', () => {
+    const core = buildCore({ name: 'App', entities: { Post: { properties: ['t'], policies: { read: [{ access: '🌐' }], delete: [{ access: '🚫' }] } } } });
+    assert.strictEqual(core.entities.Post.policies.read[0].access, 'public');
+    assert.strictEqual(core.entities.Post.policies.delete[0].access, 'forbidden');
+  });
+
+  it('buildCore normalizes belongsTo', () => {
+    const core = buildCore({ name: 'App', entities: { Comment: { properties: ['text'], belongsTo: ['Post'] }, Post: { properties: ['t'] } } });
+    assert.strictEqual(core.entities.Comment.belongsTo[0].entity, 'Post');
+  });
+
+  it('buildCore handles belongsToMany', () => {
+    const core = buildCore({ name: 'App', entities: { Player: { properties: ['n'], belongsToMany: ['Skill'] }, Skill: { properties: ['n'] } } });
+    assert.strictEqual(core.entities.Player.belongsToMany[0].entity, 'Skill');
+  });
+
+  it('buildCore handles singles, validation, hooks, functions, groups', () => {
+    const core = buildCore({
+      name: 'App',
+      entities: { Home: { single: true, properties: ['t'], validation: { t: { minLength: 3 } }, hooks: { beforeCreate: [{ url: 'https://x.com' }] } } },
+      functions: { hi: { path: '/hi', method: 'GET', function: 'hi.js' } },
+      groups: { G: { properties: [{ name: 'a', type: 'string' }] } },
+    });
+    assert.ok(core.entities.Home.single);
+    assert.strictEqual(core.entities.Home.validation.t.minLength, 3);
+    assert.strictEqual(core.entities.Home.hooks.beforeCreate[0].url, 'https://x.com');
+    assert.ok(core.functions.hi);
+    assert.ok(core.groups.G);
+  });
+
+  it('buildCore passes nameSingular and namePlural', () => {
+    const core = buildCore({
+      name: 'App',
+      entities: { Person: { nameSingular: 'person', namePlural: 'people', properties: ['name'] } },
+    });
+    assert.strictEqual(core.entities.Person.nameSingular, 'person');
+    assert.strictEqual(core.entities.Person.namePlural, 'people');
+  });
+
+  it('inline validation merges and inline prevails on conflict', () => {
+    const base = buildCore({
+      name: 'App',
+      entities: {
+        Dog: {
+          properties: [{ name: 'name', type: 'string', validation: { minLength: 3 } }, { name: 'age', type: 'number' }],
+          validation: { age: { min: 1 } },
+        },
+      },
+    });
+    assert.strictEqual(base.entities.Dog.validation.name.minLength, 3);
+    assert.strictEqual(base.entities.Dog.validation.age.min, 1);
+
+    const conflict = buildCore({
+      name: 'App',
+      entities: {
+        Dog: {
+          properties: [{ name: 'name', type: 'string', validation: { minLength: 5 } }],
+          validation: { name: { minLength: 3, maxLength: 100 } },
+        },
+      },
+    });
+    assert.strictEqual(conflict.entities.Dog.validation.name.minLength, 5, 'inline prevails');
+    assert.strictEqual(conflict.entities.Dog.validation.name.maxLength, 100, 'block-only key preserved');
+  });
+});
+
+describe('entity-engine – branches', () => {
+  it('normalizeRelation: object with only entity key', () => {
+    const core = buildCore({
+      name: 'App',
+      entities: {
+        Post:    { properties: ['t'] },
+        Comment: { properties: ['b'], belongsTo: [{ entity: 'Post' }] },
+      },
+    });
+    assert.strictEqual(core.entities.Comment.belongsTo[0].entity, 'Post');
+    assert.strictEqual(core.entities.Comment.belongsTo[0].name, 'Post');
+  });
+
+  it('normalizeRelation: object with only name key', () => {
+    const core = buildCore({
+      name: 'App',
+      entities: {
+        Post:    { properties: ['t'] },
+        Comment: { properties: ['b'], belongsTo: [{ name: 'Post' }] },
+      },
+    });
+    assert.strictEqual(core.entities.Comment.belongsTo[0].entity, 'Post');
+    assert.strictEqual(core.entities.Comment.belongsTo[0].name, 'Post');
+  });
+
+  it('normalizeProperty: carries hidden, default, options, helpText, validation', () => {
+    const core = buildCore({
+      name: 'App',
+      entities: {
+        Item: {
+          properties: [{
+            name: 'status', type: 'string',
+            hidden: true,
+            default: 'draft',
+            options: ['draft', 'published'],
+            helpText: 'Choose a status',
+            validation: { isIn: ['draft', 'published'] },
+          }],
+        },
+      },
+    });
+    const prop = core.entities.Item.properties[0];
+    assert.strictEqual(prop.hidden, true);
+    assert.strictEqual(prop.default, 'draft');
+    assert.deepStrictEqual(prop.options, ['draft', 'published']);
+    assert.strictEqual(prop.helpText, 'Choose a status');
+    assert.deepStrictEqual(prop.validation, { isIn: ['draft', 'published'] });
+  });
+
+  it('buildCore entity with no properties defaults to empty array', () => {
+    const core = buildCore({ name: 'App', entities: { Tag: {} } });
+    assert.deepStrictEqual(core.entities.Tag.properties, []);
+  });
+});
+
+describe('entity-engine – default Admin entity', () => {
+  it('buildCore includes a default Admin entity when no entities defined', () => {
+    const core = buildCore({ name: 'App' });
+    assert.ok(core.entities.Admin, 'Default Admin entity should be created');
+    assert.ok(core.entities.Admin.authenticable, 'Admin entity should be authenticable');
+    assert.strictEqual(core.entities.Admin.slug, 'admin');
+  });
+
+  it('buildCore merges YAML Admin entity with default (authenticable always true)', () => {
+    const core = buildCore({ name: 'App', entities: { Admin: { properties: ['role'] } } });
+    assert.ok(core.entities.Admin.authenticable, 'Admin should always be authenticable after merge');
+    assert.ok(core.entities.Admin.properties.some(p => (typeof p === 'string' ? p : p.name) === 'role'));
+  });
+
+  it('buildCore does not add Admin entity when admin.enable_entity is false', () => {
+    const core = buildCore({ name: 'App', admin: { enable_entity: false } });
+    assert.strictEqual(core.entities.Admin, undefined);
+  });
+
+  it('buildCore exposes admin config with defaults', () => {
+    const core = buildCore({ name: 'App' });
+    assert.ok(core.admin);
+    assert.strictEqual(core.admin.enable_app, true);
+    assert.strictEqual(core.admin.enable_entity, true);
+    assert.deepStrictEqual(core.admin.policies, [{ access: 'admin' }]);
+  });
+
+  it('buildCore admin config merges with YAML admin settings', () => {
+    const core = buildCore({ name: 'App', admin: { enable_app: false, policies: [{ access: 'public' }] } });
+    assert.strictEqual(core.admin.enable_app, false);
+    assert.deepStrictEqual(core.admin.policies, [{ access: 'public' }]);
+  });
+
+  it('schema accepts admin property', () => {
+    const { validateSchema } = require('../core/schema-validator');
+    assert.strictEqual(validateSchema({
+      name: 'App',
+      admin: { enable_app: true, enable_entity: true, policies: [{ access: 'admin' }] },
+    }), true);
+  });
+});