Add account registration with signup policy acceptance

Implements #16: invite-only student self-registration through a front-end
page, accepting signup-scoped policies at account creation.

Policy domain:
- us_policies.acceptance_scope (signup/booking/both); Policy::appliesTo();
  PolicyRepository::findForScope(); scope threaded through PolicyService,
  the REST create, the admin controller, and the Policies form.
- PolicyAcceptance::REG_ACCOUNT (registration_id = the new user's ID).

Auth:
- Invite value object + InviteRepository; us_invites table.
- RegistrationController + Invites admin page (manage_students): invite an
  email, share the registration link, revoke.
- RegistrationPage ([us_student_register] shortcode): validates the invite
  token, collects name/password, renders signup-scoped published policies
  with required acceptance, creates the us_student user, records account-type
  acceptances, marks the invite accepted, and logs the user in.
- RoleManager: manage_students cap added to STUDIO_ADMIN_CAPS.

Invite-only is implemented; the us_registration_mode self_approval path is a
documented future seam.

Docs: docs/features/account-registration.md; policies.md updated.
Tests: tests/Unit/Auth/ (Invite, InviteRepository) plus Policy scope
updates. composer test (104), cs, and PHPStan level 6 all pass.

Refs #16

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

tests/Unit/Auth/InviteRepositoryTest.php

@@ -0,0 +1,138 @@
+<?php
+declare(strict_types=1);
+
+namespace Unsupervised\Schedular\Tests\Unit\Auth;
+
+use Brain\Monkey\Functions;
+use Mockery;
+use Unsupervised\Schedular\Auth\Invite;
+use Unsupervised\Schedular\Auth\InviteRepository;
+use Unsupervised\Schedular\Tests\Unit\TestCase;
+
+class InviteRepositoryTest extends TestCase
+{
+    private \wpdb $db;
+    private InviteRepository $repo;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->db         = Mockery::mock(\wpdb::class);
+        $this->db->prefix = 'wp_';
+        $this->repo       = new InviteRepository($this->db);
+    }
+
+    public function testInsertReturnsId(): void
+    {
+        Functions\expect('current_time')->with('mysql')->andReturn('2026-06-02 09:00:00');
+
+        $this->db->shouldReceive('insert')
+            ->once()
+            ->with(
+                'wp_us_invites',
+                Mockery::on(static function (array $d): bool {
+                    return $d['email'] === 'a@b.test'
+                        && $d['token'] === 'tok123'
+                        && $d['status'] === Invite::STATUS_PENDING
+                        && $d['invited_by'] === 2;
+                }),
+                ['%s', '%s', '%s', '%s', '%d', '%d', '%s', '%s']
+            );
+        $this->db->insert_id = 5;
+
+        self::assertSame(5, $this->repo->insert(new Invite('a@b.test', 'tok123', invitedBy: 2)));
+    }
+
+    public function testFindByTokenReturnsInvite(): void
+    {
+        $this->db->shouldReceive('prepare')
+            ->once()
+            ->with(Mockery::pattern('/token = %s/'), 'tok123')
+            ->andReturn('SELECT ...');
+
+        $this->db->shouldReceive('get_row')->andReturn($this->row());
+
+        $invite = $this->repo->findByToken('tok123');
+
+        self::assertInstanceOf(Invite::class, $invite);
+        self::assertSame('a@b.test', $invite->email);
+    }
+
+    public function testFindByTokenReturnsNullWhenMissing(): void
+    {
+        $this->db->shouldReceive('prepare')->andReturn('SELECT ...');
+        $this->db->shouldReceive('get_row')->andReturn(null);
+
+        self::assertNull($this->repo->findByToken('nope'));
+    }
+
+    public function testFindPendingByEmailFiltersStatus(): void
+    {
+        $this->db->shouldReceive('prepare')
+            ->once()
+            ->with(Mockery::pattern('/email = %s AND status = %s/'), 'a@b.test', Invite::STATUS_PENDING)
+            ->andReturn('SELECT ...');
+
+        $this->db->shouldReceive('get_row')->andReturn($this->row());
+
+        self::assertInstanceOf(Invite::class, $this->repo->findPendingByEmail('a@b.test'));
+    }
+
+    public function testFindPendingMapsRows(): void
+    {
+        $this->db->shouldReceive('prepare')
+            ->once()
+            ->with(Mockery::pattern('/status = %s/'), Invite::STATUS_PENDING)
+            ->andReturn('SELECT ...');
+
+        $this->db->shouldReceive('get_results')->andReturn([$this->row()]);
+
+        $pending = $this->repo->findPending();
+
+        self::assertCount(1, $pending);
+        self::assertInstanceOf(Invite::class, $pending[0]);
+    }
+
+    public function testMarkAcceptedUpdatesRow(): void
+    {
+        Functions\expect('current_time')->with('mysql')->andReturn('2026-06-02 10:00:00');
+
+        $this->db->shouldReceive('update')
+            ->once()
+            ->with(
+                'wp_us_invites',
+                Mockery::on(static fn (array $d): bool => $d['status'] === Invite::STATUS_ACCEPTED && $d['accepted_user_id'] === 9),
+                ['id' => 5],
+                ['%s', '%d', '%s'],
+                ['%d']
+            )
+            ->andReturn(1);
+
+        self::assertTrue($this->repo->markAccepted(5, 9));
+    }
+
+    public function testRevokeUpdatesStatus(): void
+    {
+        $this->db->shouldReceive('update')
+            ->once()
+            ->with('wp_us_invites', ['status' => Invite::STATUS_REVOKED], ['id' => 5], ['%s'], ['%d'])
+            ->andReturn(1);
+
+        self::assertTrue($this->repo->revoke(5));
+    }
+
+    private function row(): object
+    {
+        return (object) [
+            'id'               => '5',
+            'email'            => 'a@b.test',
+            'token'            => 'tok123',
+            'role'             => 'us_student',
+            'status'           => Invite::STATUS_PENDING,
+            'invited_by'       => '2',
+            'accepted_user_id' => null,
+            'accepted_at'      => null,
+        ];
+    }
+}