npm - openxiangda - Versions diffs - 1.0.22 → 1.0.25 - Mend

openxiangda 1.0.22 → 1.0.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (94) hide show

package/openxiangda-skills/skills/openxiangda-permission-settings/SKILL.md CHANGED Viewed

@@ -34,6 +34,8 @@ Use role codes in permission group JSON. Bind existing role IDs only inside the
 openxiangda permission role-bind sales --role-id <id> --profile dev
 ```
+For dynamic multi-role apps, do not hardcode role behavior only in page code. Create a role maintenance form, sync it to platform roles with automation / JS_CODE, and add redundant ownership fields to business forms (`collegeId`, `classId`, `ownerDeptId`, `ownerUserId`, `roleCode`). Use page permission groups for entry visibility and form permission groups with condition-based data permissions for real data isolation.
 ## Page Permission Groups
 Page permission groups control menu/page visibility:
@@ -92,5 +94,6 @@ Do not store platform-specific public access IDs locally. The CLI resolves by `a
 ## References
 - Permission model and examples: `../../references/permissions-settings.md`
+- Dynamic role governance and data-isolation pattern: `../../references/best-practices.md`
 - Profile-isolated IDs: `../../references/workspace-state.md`
 - API fields: `../../references/openxiangda-api.md`

package/openxiangda-skills/skills/openxiangda-workflow-automation/SKILL.md CHANGED Viewed

@@ -7,6 +7,12 @@ description: Build, validate, publish, enable, and inspect OpenXiangda workflow
 Use this skill when the user asks for approval workflows, workflow forms, automation rules, scheduled jobs, form-event triggers, or process-triggered automation in OpenXiangda.
+## Architecture Boundary
+Most business lifecycle flows are not workflows. For ordinary status changes such as `pending -> processing -> resolved -> closed`, use a normal form, a `status` field, redundant responsibility fields, an action-log form, a domain state machine, a service method, and optional automation / JS_CODE.
+Create workflow definitions only when the scenario has real approval semantics: approvers, approval tasks, agree/reject actions, approval opinions, node-level permissions, process records, or approval-node side effects.
 ## Required Context
 Before any write:
@@ -101,6 +107,7 @@ Use `automation disable` before risky edits. Published automations create a draf
 ## References
+- Best-practice architecture and status-flow boundary: `../../references/best-practices.md`
 - Workflow v3 JSON: `../../references/workflow-v3.md`
 - Automation v3 JSON and triggers: `../../references/automation-v3.md`
 - Notification resources and runtime calls: `../../references/notifications.md`

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "openxiangda",
-  "version": "1.0.22",
+  "version": "1.0.25",
   "description": "OpenXiangda CLI, workspace build tools, runtime SDK, and form components.",
   "private": false,
   "bin": {

package/packages/sdk/src/build-source/scripts/publish-all.mjs CHANGED Viewed

@@ -17,6 +17,7 @@ import {
   normalizeOnly,
   planIncrementalPublish,
   printPlan,
+  resolveGitChangedWorkspaceTargets,
 } from "./utils/incremental.mjs";
 const require = createRequire(import.meta.url);
@@ -36,11 +37,8 @@ const dryRun = Boolean(args["dry-run"]);
 const targetForm = args.form || "";
 const targetPage = args.page || "";
 const force = Boolean(args.force);
-const only = targetForm
-  ? [`forms/${targetForm}`]
-  : targetPage
-    ? [`pages/${targetPage}`]
-    : normalizeOnly(args.only);
+const changedOnly = Boolean(args.changed || args["changed-only"]);
+const changedSince = args.since || "HEAD";
 if (args.help || args.h) {
   console.log(`
@@ -54,6 +52,8 @@ publish-all - 同步、构建、上传并注册应用工作区产物
   --form <name>    只发布指定表单
   --page <name>    只发布指定代码页
   --only <list>    只发布指定模块，如 forms/customer,pages/dashboard
+  --changed        只发布 git 变更触达的 src/forms/* 和 src/pages/*
+  --since <ref>    配合 --changed 使用，默认 HEAD
   --force          忽略增量缓存，强制发布
   --help, -h       显示帮助信息
 `);
@@ -64,6 +64,45 @@ if (targetForm && targetPage) {
   console.error("❌ --form 和 --page 不能同时使用，请分两次发布");
   process.exit(1);
 }
+if (changedOnly && (targetForm || targetPage || args.only)) {
+  console.error("❌ --changed 不能与 --form、--page 或 --only 同时使用");
+  process.exit(1);
+}
+const changedTargets = changedOnly
+  ? resolveGitChangedWorkspaceTargets({ since: changedSince })
+  : null;
+if (changedTargets && !changedTargets.available) {
+  console.error(`❌ 无法读取 git 变更: ${changedTargets.error}`);
+  process.exit(1);
+}
+if (changedTargets?.globalFiles?.length) {
+  console.warn(
+    `[publish] --changed 检测到 shared/config 变更: ${changedTargets.globalFiles.join(", ")}`,
+  );
+  console.warn(
+    "[publish] 将只发布直接变更的 forms/pages；若 shared 改动影响其他模块，请显式使用 --only 或不传 --changed。",
+  );
+}
+if (changedTargets?.resourceFiles?.length) {
+  console.warn(
+    `[publish] --changed 检测到资源变更: ${changedTargets.resourceFiles.join(", ")}`,
+  );
+  console.warn("[publish] publish-all 只处理 forms/pages；资源请通过 openxiangda resource plan|publish 处理。");
+}
+const only = changedOnly
+  ? changedTargets.only
+  : targetForm
+    ? [`forms/${targetForm}`]
+    : targetPage
+      ? [`pages/${targetPage}`]
+      : normalizeOnly(args.only);
+if (changedOnly && only.length === 0) {
+  console.log("✅ 没有检测到 src/forms 或 src/pages 的 git 变更，跳过发布");
+  process.exit(0);
+}
 const buildId = process.env.APP_BUILD_ID || createBuildId();
 const childEnv = {

package/packages/sdk/src/build-source/scripts/utils/incremental.mjs CHANGED Viewed

@@ -1,4 +1,5 @@
 import crypto from "node:crypto";
+import { spawnSync } from "node:child_process";
 import fs from "node:fs";
 import path from "node:path";
 import { rootDir } from "./load-config.mjs";
@@ -124,6 +125,100 @@ export function normalizeOnly(value) {
     .filter(Boolean);
 }
+function runGit(args) {
+  const result = spawnSync("git", args, {
+    cwd: rootDir,
+    encoding: "utf-8",
+  });
+  if (result.error || result.status !== 0) {
+    return {
+      ok: false,
+      error: result.error?.message || result.stderr || result.stdout || "git command failed",
+      stdout: "",
+    };
+  }
+  return {
+    ok: true,
+    error: "",
+    stdout: result.stdout || "",
+  };
+}
+function uniqueSorted(values) {
+  return [...new Set(values)].sort((left, right) => left.localeCompare(right));
+}
+function parseGitNameOnly(stdout) {
+  return String(stdout || "")
+    .split(/\r?\n/)
+    .map((item) => item.trim().replace(/\\/g, "/"))
+    .filter(Boolean);
+}
+function workspaceTargetForFile(filePath) {
+  const matched = filePath.match(/^src\/(forms|pages)\/([^/]+)\//);
+  if (!matched) return null;
+  return `${matched[1]}/${matched[2]}`;
+}
+function isGlobalWorkspaceFile(filePath) {
+  return (
+    filePath === "package.json" ||
+    filePath === "pnpm-lock.yaml" ||
+    filePath === "package-lock.json" ||
+    filePath === "yarn.lock" ||
+    filePath === "app-workspace.config.ts" ||
+    filePath === "tailwind.config.cjs" ||
+    filePath === "postcss.config.cjs" ||
+    filePath === "vite.config.ts" ||
+    filePath === "tsconfig.json" ||
+    filePath === "src/index.css" ||
+    filePath.startsWith("src/shared/")
+  );
+}
+export function resolveGitChangedWorkspaceTargets(options = {}) {
+  const since = options.since || "HEAD";
+  const insideWorkTree = runGit(["rev-parse", "--is-inside-work-tree"]);
+  if (!insideWorkTree.ok || insideWorkTree.stdout.trim() !== "true") {
+    return {
+      available: false,
+      error: insideWorkTree.error || "not a git worktree",
+      files: [],
+      only: [],
+      resourceFiles: [],
+      globalFiles: [],
+    };
+  }
+  const changed = runGit(["diff", "--name-only", "--relative", since, "--"]);
+  if (!changed.ok) {
+    return {
+      available: false,
+      error: changed.error,
+      files: [],
+      only: [],
+      resourceFiles: [],
+      globalFiles: [],
+    };
+  }
+  const untracked = runGit(["ls-files", "--others", "--exclude-standard"]);
+  const files = uniqueSorted([
+    ...parseGitNameOnly(changed.stdout),
+    ...(untracked.ok ? parseGitNameOnly(untracked.stdout) : []),
+  ]);
+  return {
+    available: true,
+    error: "",
+    files,
+    only: uniqueSorted(files.map(workspaceTargetForFile).filter(Boolean)),
+    resourceFiles: files.filter((item) => item.startsWith("src/resources/")),
+    globalFiles: files.filter(isGlobalWorkspaceFile),
+  };
+}
 function createIncrementalPlan(modules, options = {}, cache = null) {
   const only = normalizeOnly(options.only);
   const selected = only.length

package/packages/sdk/src/build-source/scripts/utils/incremental.test.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
+import { spawnSync } from "node:child_process";
 import { afterEach, describe, expect, it, vi } from "vitest";
@@ -31,6 +32,24 @@ function createWorkspace() {
   return dir;
 }
+function runGit(workspaceRoot: string, args: string[]) {
+  const result = spawnSync("git", args, {
+    cwd: workspaceRoot,
+    encoding: "utf-8",
+  });
+  if (result.status !== 0) {
+    throw new Error(`git ${args.join(" ")} failed: ${result.stderr || result.stdout}`);
+  }
+}
+function commitWorkspace(workspaceRoot: string) {
+  runGit(workspaceRoot, ["init"]);
+  runGit(workspaceRoot, ["config", "user.email", "test@example.com"]);
+  runGit(workspaceRoot, ["config", "user.name", "Test User"]);
+  runGit(workspaceRoot, ["add", "."]);
+  runGit(workspaceRoot, ["commit", "-m", "initial"]);
+}
 async function loadIncremental(rootDir: string) {
   const previousRoot = process.env.LOWCODE_WORKSPACE_ROOT;
   process.env.LOWCODE_WORKSPACE_ROOT = rootDir;
@@ -75,4 +94,47 @@ describe("incremental publish cache", () => {
     expect(incremental.planIncrementalPublish(modules).changed).toHaveLength(0);
   });
+  it("resolves git changed files to workspace publish targets", async () => {
+    const workspaceRoot = createWorkspace();
+    commitWorkspace(workspaceRoot);
+    fs.writeFileSync(
+      path.join(workspaceRoot, "src", "pages", "dashboard", "index.tsx"),
+      "export default function Dashboard() { return 'changed'; }\n",
+      "utf-8",
+    );
+    fs.mkdirSync(path.join(workspaceRoot, "src", "forms", "customer"), {
+      recursive: true,
+    });
+    fs.writeFileSync(
+      path.join(workspaceRoot, "src", "forms", "customer", "schema.ts"),
+      "export default { code: 'customer' };\n",
+      "utf-8",
+    );
+    fs.mkdirSync(path.join(workspaceRoot, "src", "resources"), {
+      recursive: true,
+    });
+    fs.writeFileSync(
+      path.join(workspaceRoot, "src", "resources", "menus.json"),
+      "[]\n",
+      "utf-8",
+    );
+    fs.mkdirSync(path.join(workspaceRoot, "src", "shared"), {
+      recursive: true,
+    });
+    fs.writeFileSync(
+      path.join(workspaceRoot, "src", "shared", "format.ts"),
+      "export const format = String;\n",
+      "utf-8",
+    );
+    const incremental = await loadIncremental(workspaceRoot);
+    const changed = incremental.resolveGitChangedWorkspaceTargets();
+    expect(changed.available).toBe(true);
+    expect(changed.only).toEqual(["forms/customer", "pages/dashboard"]);
+    expect(changed.resourceFiles).toEqual(["src/resources/menus.json"]);
+    expect(changed.globalFiles).toEqual(["src/shared/format.ts"]);
+  });
 });

package/templates/sy-lowcode-app-workspace/examples/best-practices/README.md ADDED Viewed

@@ -0,0 +1,32 @@
+# OpenXiangda Best Practices
+These examples are intentionally placed under `examples/best-practices/`.
+They are copied by `workspace init`, but they are not scanned by
+`lowcode-workspace build` or `openxiangda workspace publish`.
+Copy the pieces you need into `src/`:
+```bash
+cp -R examples/best-practices/src/domain/service-ticket src/domain/
+cp -R examples/best-practices/src/shared/services/service-ticket.ts src/shared/services/
+cp -R examples/best-practices/src/pages/service-ticket-ops src/pages/
+cp -R examples/best-practices/src/forms/service-ticket src/forms/
+```
+Run `pnpm examples:check` after editing examples, and run the normal
+`pnpm check` after copying code into `src/`.
+## Core Rules
+- Keep view code thin. Pages compose components, hooks, and services.
+- Put business rules in `domain/`; keep it free of React, SDK, and UI imports.
+- Put platform calls in `shared/services/`.
+- Put reusable loading, empty, error, status, and confirmation UI in
+  `shared/components/`.
+- Use state fields and operation logs for business lifecycle flows.
+- Use workflow only for real approval tasks.
+- Query with pagination and structured conditions. Avoid large page sizes,
+  client-side filtering, and broad `searchKeyWord` queries.
+Read `decision-guide.md`, `module-structure.md`, and `design-style.md` before
+using any template.

package/templates/sy-lowcode-app-workspace/examples/best-practices/catalog.json ADDED Viewed

@@ -0,0 +1,61 @@
+{
+  "version": 1,
+  "publishedByDefault": false,
+  "copyInto": "src/",
+  "templates": [
+    {
+      "code": "customer-profile",
+      "type": "form",
+      "path": "src/forms/customer-profile",
+      "description": "Standard form schema covering field types, validation, users, departments, attachments, and subforms."
+    },
+    {
+      "code": "service-ticket-lifecycle",
+      "type": "state-flow",
+      "path": "src/domain/service-ticket",
+      "description": "Lifecycle state machine with ticket and action-log forms. Does not use workflow."
+    },
+    {
+      "code": "service-ticket-ops",
+      "type": "page",
+      "path": "src/pages/service-ticket-ops",
+      "description": "DataManagementList-based ops page with modular actions, drawer, timeline, hook, and service."
+    },
+    {
+      "code": "role-governance",
+      "type": "permissions",
+      "path": "src/domain/role-governance",
+      "description": "Dynamic role maintenance, role sync, redundant ownership fields, and permission-group resource examples."
+    },
+    {
+      "code": "pc-portal-shell",
+      "type": "app-shell-page",
+      "path": "src/pages/pc-portal-shell",
+      "description": "PC app-shell entry with routes, modules, shared domain usage, and no hardcoded view URLs."
+    },
+    {
+      "code": "mobile-portal-shell",
+      "type": "app-shell-page",
+      "path": "src/pages/mobile-portal-shell",
+      "description": "Mobile app-shell entry sharing domain/service logic with the PC portal."
+    },
+    {
+      "code": "interactive-workbench",
+      "type": "page",
+      "path": "src/pages/interactive-workbench",
+      "description": "Pure interaction workbench with reducer state, modular panels, and unified query states."
+    },
+    {
+      "code": "expense-approval-workflow",
+      "type": "workflow",
+      "path": "src/resources/workflows/expense-approval-workflow.json",
+      "description": "True approval workflow example. Use only when approval tasks are required."
+    },
+    {
+      "code": "daily-ticket-digest",
+      "type": "automation",
+      "path": "src/resources/automations/daily-ticket-digest",
+      "description": "Scheduled JS_CODE automation that queries paginated data and sends notification resources."
+    }
+  ]
+}

package/templates/sy-lowcode-app-workspace/examples/best-practices/decision-guide.md ADDED Viewed

@@ -0,0 +1,44 @@
+# Decision Guide
+## Page And Data Shape
+Use a form when you need a data table. Each form schema defines fields,
+validation, storage shape, and generated platform data APIs.
+Use a code page when you need a workbench, portal, dashboard, cross-form
+composition, custom list actions, or complex interaction.
+Use `DataManagementList` for list/search/export/batch-management pages. Extend
+it with row actions, custom renderers, and drawers instead of rebuilding
+pagination, export, and filters from scratch.
+## State Flow Is Not Workflow
+Most business "processes" are lifecycle state changes:
+- work tickets: new -> accepted -> processing -> resolved -> closed
+- orders: draft -> submitted -> paid -> fulfilled -> completed
+- assets: available -> reserved -> in_use -> maintenance -> retired
+Use a normal form with a `status` field, ownership fields, and an operation-log
+form. Define allowed transitions in `domain/<feature>/state-machine.ts`, and
+execute changes through a service method that updates state and writes logs.
+Use workflow only when the platform must create approval tasks with approvers,
+approval comments, agree/reject actions, copy nodes, node field permissions, and
+approval history.
+## Automation And JS_CODE
+Use automation or workflow JS_CODE when logic must run on the backend after a
+trigger: scheduled scans, cross-form synchronization, notification fan-out,
+external HTTP calls, or platform role synchronization.
+Frontend code must not be responsible for data isolation or background jobs.
+## Permissions
+For dynamic multi-role apps, create a business role table and synchronize it to
+platform app roles. Add redundant ownership fields to business forms, such as
+`collegeId`, `classId`, `ownerDeptId`, and `ownerUserId`. Use form permission
+groups with condition-style data permissions to enforce data isolation.

package/templates/sy-lowcode-app-workspace/examples/best-practices/design-style.md ADDED Viewed

@@ -0,0 +1,36 @@
+# Design Style
+OpenXiangda business apps should feel like focused operational tools.
+## Interaction Defaults
+- Every async page has loading, refreshing, empty, error, and submit-pending
+  states.
+- List refresh should keep existing rows visible and show a small refresh state.
+- Mutating actions need confirmation, pending feedback, success feedback, and a
+  failure refresh or rollback path.
+- Mobile actions should use a bottom action area, drawer, or action sheet; do
+  not copy a dense PC table toolbar to mobile.
+## Layout Defaults
+- Use dense but readable workbench layouts for admin and ops pages.
+- Put high-value filters near the list, not in hidden configuration pages.
+- Use status tags, responsibility fields, and latest action summaries for
+  lifecycle data.
+- Do not build marketing-style hero pages for business tools.
+## Styling Rules
+- Use platform CSS variables, Tailwind semantic classes, Ant Design, and
+  antd-mobile.
+- Use mature packages for mature interactions: antd controls instead of native
+  inputs, ECharts for charts, GSAP for complex animation timelines, and
+  maintained drag/drop or virtual-list libraries when those behaviors are
+  required.
+- Research package docs and current maintenance before adding a new dependency;
+  write business adapters instead of copying library internals.
+- Keep page styles in `styles.css`; avoid large inline style objects.
+- Keep reusable visual states in shared components: status tags, query states,
+  confirmation triggers, and operation timelines.
+- Do not override private Ant Design class names.

package/templates/sy-lowcode-app-workspace/examples/best-practices/module-structure.md ADDED Viewed

@@ -0,0 +1,48 @@
+# Module Structure
+Use this structure for substantial features:
+```text
+src/
+  domain/<feature>/
+    types.ts
+    state-machine.ts
+    permissions.ts
+    query.ts
+    index.ts
+  shared/
+    services/<feature>.ts
+    hooks/use<Feature>.ts
+    components/
+      QueryState.tsx
+      StatusTag.tsx
+  pages/<feature>/
+    page.config.ts
+    index.tsx
+    App.tsx
+    styles.css
+    components/
+  forms/<feature>/
+    schema.ts
+    page.tsx
+```
+## Dependency Direction
+```text
+pages -> shared/hooks -> shared/services -> domain
+forms -> shared -> domain
+```
+- `domain/` has no React, Ant Design, SDK, or page imports.
+- `shared/` does not import from `pages/`.
+- `pages/` compose modules and call hooks; they do not build complex query
+  payloads inline.
+- PC and mobile views can have different components and styles, but they reuse
+  the same domain and service logic.
+## File Size
+Avoid large single-file pages. If a page grows beyond roughly 250 lines, split
+table actions, drawers, timelines, query builders, hooks, and styles into
+separate files.

package/templates/sy-lowcode-app-workspace/examples/best-practices/src/domain/role-governance/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from "./permissions";
2	+ export * from "./types";

package/templates/sy-lowcode-app-workspace/examples/best-practices/src/domain/role-governance/permissions.test.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import assert from "node:assert/strict";
+import { describe, it } from "node:test";
+import { buildConditionDataPermission, buildRoleCode } from "./permissions";
+describe("role-governance permission helpers", () => {
+  it("normalizes dynamic role codes", () => {
+    assert.equal(buildRoleCode({ roleCode: " College Admin " }), "college_admin");
+    assert.equal(buildRoleCode({ roleCode: "class  advisor" }), "class_advisor");
+  });
+  it("builds condition-based data permissions from redundant fields", () => {
+    const permission = buildConditionDataPermission({
+      collegeId: "college_science",
+      classId: "",
+      ownerDeptId: "dept_lab",
+    });
+    assert.equal(permission.type, "condition");
+    assert.deepEqual(permission.condition.rules, [
+      {
+        field: "collegeId",
+        componentType: "Text",
+        op: "=",
+        value: "college_science",
+      },
+      {
+        field: "ownerDeptId",
+        componentType: "Text",
+        op: "=",
+        value: "dept_lab",
+      },
+    ]);
+  });
+});

package/templates/sy-lowcode-app-workspace/examples/best-practices/src/domain/role-governance/permissions.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import type { AppRoleRecord, DataOwnershipFields } from "./types";
+export function buildRoleCode(role: Pick<AppRoleRecord, "roleCode">) {
+  return role.roleCode.trim().replace(/\s+/g, "_").toLowerCase();
+}
+export function buildConditionDataPermission(scope: DataOwnershipFields) {
+  const rules = Object.entries(scope)
+    .filter(([, value]) => Boolean(value))
+    .map(([field, value]) => ({
+      field,
+      componentType: "Text",
+      op: "=",
+      value,
+    }));
+  return {
+    type: "condition" as const,
+    condition: {
+      logic: "AND" as const,
+      rules,
+    },
+  };
+}

package/templates/sy-lowcode-app-workspace/examples/best-practices/src/domain/role-governance/types.ts ADDED Viewed

@@ -0,0 +1,17 @@
+export interface AppRoleRecord {
+  formInstanceId: string;
+  roleCode: string;
+  roleName: string;
+  members?: Array<{ label: string; value: string }>;
+  collegeId?: string;
+  classId?: string;
+  enabled?: { label: string; value: "enabled" | "disabled" };
+  lastSyncedAt?: string;
+}
+export interface DataOwnershipFields {
+  collegeId?: string;
+  classId?: string;
+  ownerDeptId?: string;
+  ownerUserId?: string;
+}

package/templates/sy-lowcode-app-workspace/examples/best-practices/src/domain/service-ticket/index.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export * from "./permissions";
+export * from "./state-machine";
+export * from "./ticket-query";
+export * from "./types";

package/templates/sy-lowcode-app-workspace/examples/best-practices/src/domain/service-ticket/permissions.test.ts ADDED Viewed

@@ -0,0 +1,42 @@
+import assert from "node:assert/strict";
+import { describe, it } from "node:test";
+import { canViewTicket, getTicketUiPermissions } from "./permissions";
+import type { TicketOperator, TicketRecord } from "./types";
+const ticket: TicketRecord = {
+  formInstanceId: "ticket_001",
+  title: "实验室报修",
+  status: "accepted",
+  ownerUserId: "owner_001",
+  ownerDeptId: "dept_lab",
+  collegeId: "college_science",
+};
+describe("service-ticket permission helpers", () => {
+  it("allows admins and redundant ownership matches", () => {
+    assert.equal(canViewTicket(ticket, user({ roleCodes: ["app_admin"] })), true);
+    assert.equal(canViewTicket(ticket, user({ userId: "owner_001" })), true);
+    assert.equal(canViewTicket(ticket, user({ collegeIds: ["college_science"] })), true);
+    assert.equal(canViewTicket(ticket, user({ departmentIds: ["dept_lab"] })), true);
+  });
+  it("keeps action visibility tied to operation permission", () => {
+    const allowed = getTicketUiPermissions(ticket, user({ departmentIds: ["dept_lab"] }));
+    assert.equal(allowed.canView, true);
+    assert.deepEqual(allowed.actions, ["start", "cancel"]);
+    const denied = getTicketUiPermissions(ticket, user({ userId: "other" }));
+    assert.equal(denied.canView, false);
+    assert.deepEqual(denied.actions, []);
+  });
+});
+function user(input: Partial<TicketOperator>): TicketOperator {
+  return {
+    userId: "u_001",
+    roleCodes: [],
+    departmentIds: [],
+    ...input,
+  };
+}