Implement Mode: When Your Scaffold Writes Real Code

· SysMARA Team

When SysMARA first introduced the scaffold generator, it produced starter files with TODO comments. A capability handler looked like this: 

// The old way — TODO stubs
export async function handleCreateUser(ctx: HandlerContext) {
  const input = ctx.body as CreateUserInput;
  // TODO: Enforce policy: admin_policy
  // TODO: Load entity: user
  // TODO: Implement business logic
  // TODO: Validate invariant: email_unique
  void input;
  throw new Error('Not implemented: create_user');
}

Helpful as a starting point, but still requiring the developer (or AI agent) to write all the actual logic. Starting with v0.6.1, the scaffold generator produces working implementations by default.

What Changes

The same create_user capability now generates: 

// The new way — working implementation
import { SysmaraORM } from '@sysmara/core';
import { enforceAdminPolicy } from '../policies/admin_policy.js';
import { validateEmailUnique } from '../invariants/email_unique.js';

export async function handleCreateUser(ctx: HandlerContext) {
  const input = ctx.body as CreateUserInput;

  // Policy enforcement — real check, not a TODO
  if (!enforceAdminPolicy(ctx.actor)) {
    throw new Error('Policy violation: admin_policy');
  }

  // ORM-based create
  const repo = orm.repository<User>('user', 'create_user');
  const result = await repo.create(input as Partial<User>);

  // Invariant validation — real check
  const violation = validateEmailUnique(result as User);
  if (violation) {
    throw new Error(`Invariant violation: ${violation.message}`);
  }

  return result as CreateUserOutput;
}

The generator infers the operation type from the capability name: create_user → INSERT, get_user → SELECT by ID, list_users → findMany, update_user → UPDATE, delete_user → DELETE.

Every Layer Gets Real Logic

Policy enforcers

Instead of void actor; return false;, policy enforcers now generate real condition checks derived from the YAML spec: 

// Generated from: conditions: [{ field: actor.role, operator: in, value: [admin] }]
export function enforceAdminPolicy(actor: ActorContext): boolean {
  if (!actor.roles.some(r => ["admin"].includes(r))) return false;
  return true;
}

Invariant validators

Invariant validators infer check logic from the invariant name and rule description:

  • Uniqueness invariants (name contains "unique") — return null with a comment that the DB constraint handles it
  • Not-empty invariants (name contains "not_empty" or rule says "must not be empty") — generate actual empty-string/null checks
  • Range invariants (rule says "positive" or "greater than") — generate numeric comparison

Service classes

Service classes now accept a SysmaraORM instance via constructor injection and use real repository calls: 

export class AuthService {
  private orm: SysmaraORM;

  constructor(orm: SysmaraORM) {
    this.orm = orm;
  }

  async createUser(input: unknown) {
    const repo = this.orm.repository('user', 'create_user');
    return repo.create(input as Partial<Record<string, unknown>>);
  }

  async getUser(input: unknown) {
    const repo = this.orm.repository('user', 'get_user');
    return repo.findById((input as Record<string, string>).id);
  }
}

Entity validators

Entity validation functions now include type checks (typeof guards) and constraint enforcement (enum value checks, min/max length, patterns) instead of just checking for undefined.

The --no-implement Flag

If you prefer the old TODO-stub behavior — for example, when you want to write everything from scratch or when the inferred logic doesn't match your needs — pass --no-implement: 

npx sysmara build --no-implement

This generates the same files as before v0.6.1: TODO comments, void statements, and throw new Error('Not implemented').

Also New: package.json and README

The sysmara init command now also generates:

package.json with npm scripts

Every SysMARA command is available as an npm script: 

# Development (starts DB, builds, watches for changes)
npm run dev

# Production
npm start

# SysMARA commands
npm run build          # sysmara build
npm run validate       # sysmara validate
npm run db:start       # docker compose up -d
npm run db:stop        # docker compose down

Project-specific README.md

The generated README includes setup instructions, the full commands table, project structure documentation, and configuration details — all specific to your chosen database provider and ORM adapter.

Try It

mkdir my-api && cd my-api
npx sysmara init --db postgresql
npm install
docker compose up -d
npm run build

Check the generated files in app/capabilities/, app/policies/, and app/services/ — they contain real, working code that uses your SysMARA ORM repositories, enforces your declared policies, and validates your invariants.