create-mercato-app 0.6.5-develop.4734.1.dd8285dd2e → 0.6.5-develop.4772.1.d517a085d1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-mercato-app",
-  "version": "0.6.5-develop.4734.1.dd8285dd2e",
+  "version": "0.6.5-develop.4772.1.d517a085d1",
   "type": "module",
   "description": "Create a new Open Mercato application",
   "main": "./dist/index.js",

package/template/package.json.template

@@ -80,7 +80,7 @@
     "@uiw/react-markdown-preview": "^5.2.0",
     "@uiw/react-md-editor": "^4.1.0",
     "@xyflow/react": "^12.6.0",
-    "ai": "^6.0.191",
+    "ai": "^6.0.194",
     "awilix": "^12.0.5",
     "bcryptjs": "^3.0.3",
     "class-variance-authority": "^0.7.1",
@@ -91,7 +91,7 @@
     "lucide-react": "^1.8.0",
     "mammoth": "^1.9.0",
     "newrelic": "^13.19.1",
-    "next": "16.2.6",
+    "next": "16.2.7",
     "pg": "8.21.0",
     "pdfjs-dist": "^5.4.149",
     "react": "19.2.5",
@@ -106,8 +106,8 @@
     "svix": "^1.92.2",
     "tailwind-merge": "^3.5.0",
     "zod": "4.3.6",
-    "@stripe/react-stripe-js": "^6.4.0",
-    "@stripe/stripe-js": "^9.6.0",
+    "@stripe/react-stripe-js": "^6.5.0",
+    "@stripe/stripe-js": "^9.7.0",
     "@open-mercato/gateway-stripe": "{{PACKAGE_VERSION}}",
     "@open-mercato/sync-akeneo": "{{PACKAGE_VERSION}}"
   },

package/template/src/modules/example/__integration__/todo-priority-validation.spec.ts

@@ -91,7 +91,8 @@ test.describe('Todo priority validation', () => {
       const severityField = page.locator('[data-crud-field-id="cf_severity"]').first()
       const form = page.locator('[data-crud-field-id="title"]').first().locator('xpath=ancestor::form').first()
 
-      await expect(severityField.locator('select')).toBeVisible()
+      const severitySelect = severityField.getByRole('combobox').first()
+      await expect(severitySelect).toBeVisible()
       await expect(titleInput).toBeVisible()
       await titleInput.fill(title)
       await expect(priorityInput).toBeVisible()
@@ -103,7 +104,8 @@ test.describe('Todo priority validation', () => {
       await expect(priorityField.getByText('Priority must be <= 5')).toBeVisible()
 
       await priorityInput.fill('5')
-      await severityField.locator('select').selectOption('medium')
+      await severitySelect.click()
+      await page.getByRole('option', { name: 'Medium' }).click()
       await form.locator('button[type="submit"]').first().click()
 
       await expect(page).toHaveURL(/\/backend\/todos(?:\?.*)?$/)
@@ -142,4 +144,38 @@ test.describe('Todo priority validation', () => {
       }
     }
   })
+
+  test('prefills the saved severity option label on edit', async ({ page, request }) => {
+    test.slow()
+    const { login } = await import('@open-mercato/core/helpers/integration/auth')
+    const title = `QA severity prefill ${Date.now()}`
+    let todoId: string | null = null
+
+    try {
+      const response = await apiRequest(request, 'POST', '/api/example/todos', {
+        token: adminToken,
+        data: {
+          title,
+          cf_priority: 3,
+          cf_severity: 'medium',
+        },
+      })
+      expect(response.ok(), `Failed to create todo fixture: ${response.status()}`).toBeTruthy()
+      const body = await response.json() as { id?: string }
+      todoId = body.id ?? null
+      expect(todoId).toBeTruthy()
+
+      await login(page, 'admin')
+      await page.goto(`/backend/todos/${encodeURIComponent(todoId!)}/edit`, { waitUntil: 'commit' })
+
+      await expect(page.locator('main').getByText('Edit Todo').first()).toBeVisible()
+      await expect(page.locator('[data-crud-field-id="title"] input').first()).toHaveValue(title)
+      const severityField = page.locator('[data-crud-field-id="cf_severity"]').first()
+      const severitySelect = severityField.getByRole('combobox').first()
+      await expect(severitySelect).toBeVisible()
+      await expect(severitySelect).toContainText(/medium/i)
+    } finally {
+      await deleteEntityIfExists(request, adminToken, '/api/example/todos', todoId)
+    }
+  })
 })

package/template/src/modules/example/__tests__/acl-dependencies.test.ts

@@ -0,0 +1,71 @@
+import {
+  resolveAclDependencyDiagnostics,
+  type FeatureDescriptor,
+} from '@open-mercato/shared/security/aclDependencies'
+import { features as exampleFeatures } from '../acl'
+import { features as syncFeatures } from '../../example_customers_sync/acl'
+import { features as customersFeatures } from '@open-mercato/core/modules/customers/acl'
+
+const exampleDescriptors: FeatureDescriptor[] = exampleFeatures
+const syncDescriptors: FeatureDescriptor[] = syncFeatures
+
+// The example template modules exercise the dependency convention end-to-end so
+// create-app templates ship with declared deps. `example_customers_sync` references
+// the cross-module `customers.people.view`, so the resolved catalog must include the
+// customers features for that reference to resolve to a registered id.
+const resolvedCatalog: FeatureDescriptor[] = [
+  ...exampleDescriptors,
+  ...syncDescriptors,
+  ...customersFeatures,
+]
+
+const exampleOwnIds = exampleDescriptors.map((feature) => feature.id)
+const syncOwnIds = syncDescriptors.map((feature) => feature.id)
+
+describe('example template acl dependency declarations', () => {
+  it('declares dependsOn only against features registered in the resolved catalog', () => {
+    const granted = resolvedCatalog.map((feature) => feature.id)
+    const diagnostics = resolveAclDependencyDiagnostics(granted, resolvedCatalog)
+    const ownUnknown = diagnostics.unknownReferences.filter(
+      (ref) => ref.feature.startsWith('example.') || ref.feature.startsWith('example_customers_sync.'),
+    )
+    expect(ownUnknown).toEqual([])
+  })
+
+  it('resolves cleanly with no missing deps when every feature and its deps are granted', () => {
+    const granted = resolvedCatalog.map((feature) => feature.id)
+    const diagnostics = resolveAclDependencyDiagnostics(granted, resolvedCatalog)
+    const ownMissing = diagnostics.missingDependencies.filter(
+      (dep) => dep.feature.startsWith('example.') || dep.feature.startsWith('example_customers_sync.'),
+    )
+    expect(ownMissing).toEqual([])
+  })
+
+  it('flags missing example deps (not unknown) when a dependent is granted without its owner', () => {
+    const diagnostics = resolveAclDependencyDiagnostics(['example.todos.manage'], resolvedCatalog)
+    expect(diagnostics.unknownReferences).toEqual([])
+    const manage = diagnostics.missingDependencies.find(
+      (dep) => dep.feature === 'example.todos.manage',
+    )
+    expect(manage?.missing).toEqual(['example.todos.view'])
+  })
+
+  it('flags the cross-module sync dep as missing (not unknown) when only sync features are granted', () => {
+    const diagnostics = resolveAclDependencyDiagnostics(syncOwnIds, resolvedCatalog)
+    expect(diagnostics.unknownReferences).toEqual([])
+    const view = diagnostics.missingDependencies.find(
+      (dep) => dep.feature === 'example_customers_sync.view',
+    )
+    expect(view?.missing).toEqual(['customers.people.view'])
+  })
+
+  it('keeps every internal example dependency target within the example feature set', () => {
+    const exampleIds = new Set(exampleOwnIds)
+    const internalDeps = exampleDescriptors.flatMap((feature) =>
+      (feature.dependsOn ?? []).filter((dep) => dep.startsWith('example.')),
+    )
+    for (const dep of internalDeps) {
+      expect(exampleIds.has(dep)).toBe(true)
+    }
+  })
+})

package/template/src/modules/example/api/todos/route.ts

@@ -32,6 +32,7 @@ const querySchema = z
     id: z.string().uuid().optional(),
     page: z.coerce.number().min(1).default(1),
     pageSize: z.coerce.number().min(1).max(100).default(50),
+    ids: z.string().optional(),
     sortField: z.string().optional().default('id'),
     sortDir: z.enum(['asc', 'desc']).optional().default('asc'),
     title: z.string().optional(),
@@ -96,6 +97,13 @@ export const { metadata, GET, POST, PUT, DELETE } = makeCrudRoute({
       const filters: Where<BaseFields> = {}
       const F = filters as Record<string, WhereValue>
       // Base fields
+      if (q.ids) {
+        const ids = q.ids
+          .split(',')
+          .map((value) => value.trim())
+          .filter((value) => value.length > 0)
+        if (ids.length > 0) F.id = { $in: ids }
+      }
       if (q.id) F.id = q.id
       if (q.title) F.title = { $ilike: `%${q.title}%` }
       if (q.isDone !== undefined) F.is_done = q.isDone as any

package/template/src/modules/example/backend/todos/[id]/edit/page.tsx

@@ -80,7 +80,7 @@ export default function EditTodoPage({ params }: { params?: { id?: string } }) {
       setErr(null)
       setIsNotFound(false)
       try {
-        const data = await fetchCrudList<TodoItem>('example/todos', { id: String(id), pageSize: 1 })
+        const data = await fetchCrudList<TodoItem>('example/todos', { ids: String(id), pageSize: 1 })
         const item = data?.items?.[0]
         if (!item) {
           if (!cancelled) setIsNotFound(true)
@@ -94,6 +94,12 @@ export default function EditTodoPage({ params }: { params?: { id?: string } }) {
           title: item.title,
           is_done: Boolean(item.is_done),
           ...(cfInit as TodoCustomFieldValues),
+          cf_priority: extended.cf_priority ?? cfInit.cf_priority,
+          cf_severity: extended.cf_severity ?? cfInit.cf_severity,
+          cf_blocked: extended.cf_blocked ?? cfInit.cf_blocked,
+          cf_labels: extended.cf_labels ?? cfInit.cf_labels,
+          cf_assignee: extended.cf_assignee ?? cfInit.cf_assignee,
+          cf_description: extended.cf_description ?? cfInit.cf_description,
         }
         if (!cancelled) setInitial(init)
       } catch (error: unknown) {

package/template/src/modules/example/ce.ts

@@ -28,7 +28,11 @@ const todoFields = [
     key: 'severity',
     kind: 'select',
     label: 'Severity',
-    options: ['low', 'medium', 'high'],
+    options: [
+      { value: 'low', label: 'Low' },
+      { value: 'medium', label: 'Medium' },
+      { value: 'high', label: 'High' },
+    ],
     defaultValue: 'medium',
     filterable: true,
     formEditable: true,