feat: enhance agent settlement features and improve data access controls

- Added new section in AGENTS.md detailing learned workspace facts for better understanding of settlement processes.
- Updated AgentNodeDestroyController to remove unnecessary checks for admin users.
- Enhanced AgentSettlement controllers to assert permissions for finance adjustments and bill operations.
- Improved query scopes in AgentSettlement services to ensure proper data access based on admin roles.
- Refactored methods in SettlementPartyEnrichment for better bill row enrichment and data handling.
- Introduced new methods in AdminAgentSettlementScope for managing agent node visibility and finance adjustments.

tests/Feature/AdminAgentProfileCapabilityPermissionTest.php

@@ -69,6 +69,8 @@ test('agent profile switches strip create player and child manage from effective
 
     expect($fresh->hasPermissionCode('agent.node.manage'))->toBeFalse();
     expect($fresh->hasPermissionCode('service.players.manage'))->toBeFalse();
+    expect($fresh->hasPermissionCode('settlement.agent.manage'))->toBeTrue();
+    expect($fresh->adminPermissionSlugs())->toContain('prd.settlement.agent.manage');
     expect($profile['agent']['can_create_child_agent'])->toBeFalse();
     expect($profile['agent']['can_create_player'])->toBeFalse();
 });
@@ -123,5 +125,96 @@ test('agent profile switches on grant create capabilities even when platform age
     expect($fresh->hasPermissionCode('agent.node.manage'))->toBeTrue();
     expect($fresh->hasPermissionCode('service.players.manage'))->toBeTrue();
     expect($fresh->adminPermissionSlugs())->toContain('prd.agent.manage')
-        ->and($fresh->adminPermissionSlugs())->toContain('prd.users.manage');
+        ->and($fresh->adminPermissionSlugs())->toContain('prd.users.manage')
+        ->and($fresh->adminPermissionSlugs())->toContain('prd.settlement.agent.manage');
+    expect($fresh->hasPermissionCode('settlement.agent.manage'))->toBeTrue();
+});
+
+test('line root bound agent receives settlement manage at login', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+
+    $admin = AdminUser::query()->create([
+        'username' => 'settle_root_agent',
+        'name' => 'Settle Root Agent',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+
+    DB::table('admin_user_agents')->insert([
+        'admin_user_id' => $admin->id,
+        'agent_node_id' => $rootId,
+        'is_primary' => true,
+        'granted_at' => now(),
+    ]);
+    $admin->syncPrimaryPlatformAgentRole($rootId);
+
+    $fresh = $admin->fresh();
+
+    expect($fresh->hasPermissionCode('settlement.agent.manage'))->toBeTrue();
+    expect($fresh->adminPermissionSlugs())->toContain('prd.settlement.agent.manage');
+});
+
+test('agent with downline children receives settlement manage at login', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+
+    $parent = AgentNode::query()->create([
+        'admin_site_id' => $siteId,
+        'parent_id' => $rootId,
+        'path' => '/',
+        'depth' => 1,
+        'code' => 'settle-parent',
+        'name' => 'Settle Parent',
+        'status' => 1,
+    ]);
+    $parent->path = "/{$rootId}/{$parent->id}/";
+    $parent->save();
+
+    $child = AgentNode::query()->create([
+        'admin_site_id' => $siteId,
+        'parent_id' => $parent->id,
+        'path' => "/{$rootId}/{$parent->id}/",
+        'depth' => 2,
+        'code' => 'settle-child',
+        'name' => 'Settle Child',
+        'status' => 1,
+    ]);
+    $child->path = "/{$rootId}/{$parent->id}/{$child->id}/";
+    $child->save();
+
+    AgentProfile::query()->create([
+        'agent_node_id' => $parent->id,
+        'total_share_rate' => 20,
+        'credit_limit' => 0,
+        'allocated_credit' => 0,
+        'used_credit' => 0,
+        'rebate_limit' => 0,
+        'default_player_rebate' => 0,
+        'can_grant_extra_rebate' => false,
+        'can_create_child_agent' => false,
+        'can_create_player' => false,
+    ]);
+
+    $admin = AdminUser::query()->create([
+        'username' => 'settle_parent_agent',
+        'name' => 'Settle Parent Agent',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+
+    DB::table('admin_user_agents')->insert([
+        'admin_user_id' => $admin->id,
+        'agent_node_id' => $parent->id,
+        'is_primary' => true,
+        'granted_at' => now(),
+    ]);
+    $admin->syncPrimaryPlatformAgentRole($parent->id);
+
+    $fresh = $admin->fresh();
+
+    expect($fresh->hasPermissionCode('settlement.agent.manage'))->toBeTrue();
+    expect($fresh->adminPermissionSlugs())->toContain('prd.settlement.agent.manage');
 });