fix: allow testing claim mapping rules before saving and keep rows editable after test

The test endpoint now accepts inline rules from the client instead of reading
from the database, so unsaved rules can be tested. Matched rows show the
checkmark alongside action buttons instead of replacing them.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ClaimMappingAdminController.java

@@ -10,6 +10,7 @@ import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.net.URI;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
@@ -80,21 +81,36 @@ public class ClaimMappingAdminController {
         return ResponseEntity.noContent().build();
     }
 
-    record MatchedRuleResponse(UUID ruleId, int priority, String claim, String matchType,
+    record MatchedRuleResponse(String ruleId, int priority, String claim, String matchType,
                                String matchValue, String action, String target) {}
 
     record TestResponse(List<MatchedRuleResponse> matchedRules, List<String> effectiveRoles,
                         List<String> effectiveGroups, boolean fallback) {}
 
+    record TestRuleRequest(String id, String claim, String matchType, String matchValue,
+                           String action, String target, int priority) {}
+
+    record TestRequest(List<TestRuleRequest> rules, Map<String, Object> claims) {}
+
     @PostMapping("/test")
-    @Operation(summary = "Test claim mapping rules against a set of claims")
-    public TestResponse test(@RequestBody Map<String, Object> claims) {
-        List<ClaimMappingRule> rules = repository.findAll();
-        List<ClaimMappingService.MappingResult> results = claimMappingService.evaluate(rules, claims);
+    @Operation(summary = "Test claim mapping rules against a set of claims (accepts unsaved rules)")
+    public TestResponse test(@RequestBody TestRequest request) {
+        // Build a lookup from synthetic UUID → original string ID (supports temp- prefixed IDs)
+        Map<UUID, String> idLookup = new HashMap<>();
+        List<ClaimMappingRule> rules = request.rules().stream()
+                .map(r -> {
+                    UUID uuid = UUID.randomUUID();
+                    idLookup.put(uuid, r.id());
+                    return new ClaimMappingRule(uuid, r.claim(), r.matchType(), r.matchValue(),
+                            r.action(), r.target(), r.priority(), null);
+                })
+                .toList();
+
+        List<ClaimMappingService.MappingResult> results = claimMappingService.evaluate(rules, request.claims());
 
         List<MatchedRuleResponse> matched = results.stream()
                 .map(r -> new MatchedRuleResponse(
-                        r.rule().id(), r.rule().priority(), r.rule().claim(),
+                        idLookup.get(r.rule().id()), r.rule().priority(), r.rule().claim(),
                         r.rule().matchType(), r.rule().matchValue(),
                         r.rule().action(), r.rule().target()))
                 .toList();