chore(deps-dev): bump sphinx from 7.4.7 to 8.1.3

Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 7.4.7 to 8.1.3. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/v8.1.3/CHANGES.rst) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v7.4.7...v8.1.3) --- updated-dependencies: - dependency-name: sphinx dependency-version: 8.1.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
chore: release 1.8.2
2026-05-23 14:45:55 +00:00 · 2026-05-22 17:46:14 -07:00 · 2026-05-22 17:29:32 -07:00 · 2026-05-23 00:26:25 +00:00 · 2026-05-23 00:26:13 +00:00 · 2026-05-22 17:23:41 -07:00
26 changed files with 2382 additions and 1003 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,15 +1,38 @@
 version: 2
 updates:
- package-ecosystem: pip
-  directory: "/"
-  schedule:
-    interval: daily
-    time: "02:00"
-  open-pull-requests-limit: 10
+  - package-ecosystem: pip
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "02:00"
+    cooldown:
+      default-days: 7
+    open-pull-requests-limit: 10
+    groups:
+      test-dependencies:
+        patterns:
+          - "pytest*"
+          - "mypy"
+          - "ruff"
+          - "hypothesis"
+          - "safety"
+          - "doc8"
+    commit-message:
+      prefix: "chore"
+      include: "scope"

- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: daily
-    time: "02:00"
-  open-pull-requests-limit: 10
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "02:00"
+    cooldown:
+      default-days: 7
+    open-pull-requests-limit: 10
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@ -0,0 +1,25 @@
+name: Dependabot auto-merge
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  auto-merge:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Fetch Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v3
+
+      - name: Auto-merge patch and minor updates
+        if: |
+          steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
+          steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -11,12 +11,12 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
        with:
          fetch-depth: 0

      - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
        with:
          python-version: 3.8

@ -32,7 +32,7 @@ jobs:

      - name: Upload packages to Jazzband
        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
-        uses: pypa/gh-action-pypi-publish@master
+        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          user: jazzband
          password: ${{ secrets.JAZZBAND_RELEASE_KEY }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -1,43 +1,45 @@
 # https://docs.djangoproject.com/en/stable/faq/install/#what-python-version-can-i-use-with-django
 name: test

-"on": [push, pull_request, workflow_dispatch]
+"on":
+  push:
+    branches:
+      - master
+  pull_request:
+  workflow_dispatch:

 jobs:
-  build:
+  test-matrix:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
-        django-version: ["4.2", "5.0", "5.1"]
+        python-version: ['3.10', '3.11', '3.12', '3.13']
+        django-version: ['5.2', '6.0']
        exclude:
-          # Exclude Python 3.8 and 3.9 with Django 5.0
-          - python-version: '3.8'
-            django-version: '5.0'
-          - python-version: '3.9'
-            django-version: '5.0'
-          # Exclude Python 3.8 and 3.9 with Django 5.1
-          - python-version: '3.8'
-            django-version: '5.1'
-          - python-version: '3.9'
-            django-version: '5.1'
+          # Django 6.0 requires Python 3.12+
+          - python-version: '3.10'
+            django-version: '6.0'
+          - python-version: '3.11'
+            django-version: '6.0'
+
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6

      - name: Set up python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
        with:
          python-version: ${{ matrix.python-version }}

      - name: Install Poetry
        uses: snok/install-poetry@v1
        with:
+          version: 1.8.4
          virtualenvs-create: true
          virtualenvs-in-project: true
          installer-parallel: true

      - name: Set up cache
-        uses: actions/cache@v4
+        uses: actions/cache@v5
        with:
          path: .venv
          key: venv-${{ matrix.python-version }}-${{ hashFiles('poetry.lock') }}
@ -55,6 +57,6 @@ jobs:
          poetry run pip check

      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v6
        with:
-          file: ./coverage.xml
+          files: ./coverage.xml
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,7 +1,7 @@
 # See https://pre-commit.com for more information
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.6.0
+  rev: v6.0.0
  hooks:
  - id: trailing-whitespace
  - id: end-of-file-fixer
@ -11,7 +11,7 @@ repos:

 - repo: https://github.com/astral-sh/ruff-pre-commit
  # Ruff version.
-  rev: v0.6.3
+  rev: v0.15.13
  hooks:
    # Run the linter.
    - id: ruff
@ -24,4 +24,4 @@ repos:
  hooks:
    - id: check-migrations-created
      args: [--manage-path=manage.py]
-      additional_dependencies: [django==4.1]
+      additional_dependencies: [django==5.2]
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,12 +2,47 @@

 We follow [Semantic Versions](https://semver.org/) starting at the `0.14.0` release.

-## v1.7.0 (2024-09-01)
+## 1.8.2 (2026-05-22)
+
+## What's Changed
+
+### Bug Fixes
+
+- Fixed `TypeError: 'Q' object is not subscriptable` when combining EAV filters with negated Q objects by @Dresdn in https://github.com/jazzband/django-eav2/pull/846
+
+### Compatibility
+
+- Added Django 6.0 support
+- Dropped support for EOL Django versions — minimum is now Django 5.2
+- Dropped support for EOL Python versions — minimum is now Python 3.10
+
+## 1.8.1 (2025-06-02)
+
+## What's Changed
+
+- Added support for Django 5.2
+- Updated dependencies to their latest versions
+
+## 1.8.0 (2025-02-24)
+
+## What's Changed
+
+- Add database constraints to Value model for data integrity by @Dresdn in https://github.com/jazzband/django-eav2/pull/706
+- Fix for issue #648: Ensure choices are valid (value, label) tuples by @altimore in https://github.com/jazzband/django-eav2/pull/707
+
+## 1.7.1 (2024-09-01)
+
+## What's Changed
+* Restore backward compatibility for Attribute creation with invalid slugs by @Dresdn in https://github.com/jazzband/django-eav2/pull/639
+
+## 1.7.0 (2024-09-01)

 ### What's Changed

 - Enhance slug validation for Python identifier compliance
 - Migrate to ruff
+- Drop support for Django 3.2
+- Add support for Django 5.1

 ## 1.6.1 (2024-06-23)

--- a/eav/init.py
+++ b/eav/init.py
@ -1,10 +1,10 @@
 def register(model_cls, config_cls=None):
-    from eav.registry import Registry
+    from eav.registry import Registry  # noqa: PLC0415

    Registry.register(model_cls, config_cls)


 def unregister(model_cls):
-    from eav.registry import Registry
+    from eav.registry import Registry  # noqa: PLC0415

    Registry.unregister(model_cls)
--- a/eav/admin.py
+++ b/eav/admin.py
@ -2,7 +2,7 @@

 from __future__ import annotations

-from typing import Any, ClassVar, Dict, List, Sequence, Union
+from typing import TYPE_CHECKING, Any, ClassVar, Dict, List, Union

 from django.contrib import admin
 from django.contrib.admin.options import InlineModelAdmin, ModelAdmin
@ -11,6 +11,9 @@ from django.utils.safestring import mark_safe

 from eav.models import Attribute, EnumGroup, EnumValue, Value

+if TYPE_CHECKING:
+    from collections.abc import Sequence
+
 _FIELDSET_TYPE = List[Union[str, Dict[str, Any]]]  # type: ignore[misc]

 some_attribute = ClassVar[Dict[str, str]]
--- a/eav/decorators.py
+++ b/eav/decorators.py
@ -3,6 +3,10 @@ This module contains pure wrapper functions used as decorators.
 Functions in this module should be simple and not involve complex logic.
 """

+from django.db.models import Model
+
+from eav import register
+

 def register_eav(**kwargs):
    """
@ -13,9 +17,6 @@ def register_eav(**kwargs):
        class Author(models.Model):
            pass
    """
-    from django.db.models import Model
-
-    from eav import register

    def _model_eav_wrapper(model_class):
        if not issubclass(model_class, Model):
--- a/eav/forms.py
+++ b/eav/forms.py
@ -107,7 +107,7 @@ class BaseDynamicEntityForm(ModelForm):

            if datatype == attribute.TYPE_ENUM:
                values = attribute.get_choices().values_list("id", "value")
-                choices = ["", "-----", *list(values)]
+                choices = [("", ""), ("-----", "-----"), *list(values)]
                defaults.update({"choices": choices})

                if value:
--- a/eav/logic/managers.py
+++ b/eav/logic/managers.py
@ -86,7 +86,7 @@ class ValueManager(models.Manager):
        Returns:
            Value: The instance matching the provided keys.
        """
-        from eav.models import Attribute
+        from eav.models import Attribute  # noqa: PLC0415

        attribute = Attribute.objects.get(name=attribute[0], slug=attribute[1])

--- a/eav/migrations/0012_add_value_uniqueness_checks.py
+++ b/eav/migrations/0012_add_value_uniqueness_checks.py
@ -0,0 +1,54 @@
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    """
+    Add uniqueness and integrity constraints to the Value model.
+
+    This migration adds database-level constraints to ensure:
+    1. Each entity (identified by UUID) can have only one value per attribute
+    2. Each entity (identified by integer ID) can have only one value per attribute
+    3. Each value must use either entity_id OR entity_uuid, never both or neither
+
+    These constraints ensure data integrity by preventing duplicate attribute values
+    for the same entity and enforcing the XOR relationship between the two types of
+    entity identification (integer ID vs UUID).
+    """
+
+    dependencies = [
+        ("eav", "0011_update_defaults_and_meta"),
+    ]
+
+    operations = [
+        migrations.AddConstraint(
+            model_name="value",
+            constraint=models.UniqueConstraint(
+                fields=("entity_ct", "attribute", "entity_uuid"),
+                name="unique_entity_uuid_per_attribute",
+            ),
+        ),
+        migrations.AddConstraint(
+            model_name="value",
+            constraint=models.UniqueConstraint(
+                fields=("entity_ct", "attribute", "entity_id"),
+                name="unique_entity_id_per_attribute",
+            ),
+        ),
+        migrations.AddConstraint(
+            model_name="value",
+            constraint=models.CheckConstraint(
+                condition=models.Q(
+                    models.Q(
+                        ("entity_id__isnull", False),
+                        ("entity_uuid__isnull", True),
+                    ),
+                    models.Q(
+                        ("entity_id__isnull", True),
+                        ("entity_uuid__isnull", False),
+                    ),
+                    _connector="OR",
+                ),
+                name="ensure_entity_id_xor_entity_uuid",
+            ),
+        ),
+    ]
--- a/eav/models/init.py
+++ b/eav/models/init.py
@ -17,9 +17,9 @@ from .value import Value

 __all__ = [
    "Attribute",
+    "EAVModelMeta",
+    "Entity",
    "EnumGroup",
    "EnumValue",
    "Value",
-    "Entity",
-    "EAVModelMeta",
 ]
--- a/eav/models/attribute.py
+++ b/eav/models/attribute.py
@ -1,8 +1,7 @@
-# ruff: noqa: UP007
-
 from __future__ import annotations

-from typing import TYPE_CHECKING, Optional
+import warnings
+from typing import TYPE_CHECKING

 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import ValidationError
@ -164,7 +163,7 @@ class Attribute(models.Model):
    :meth:`~eav.registry.EavConfig.get_attributes` method of that entity's config.
    """

-    enum_group: ForeignKey[Optional[EnumGroup]] = ForeignKey(
+    enum_group: ForeignKey[EnumGroup | None] = ForeignKey(
        "eav.EnumGroup",
        on_delete=models.PROTECT,
        blank=True,
@ -311,13 +310,10 @@ class Attribute(models.Model):
        super().clean_fields(exclude=exclude)

        if not self.slug.isidentifier():
-            raise ValidationError(
-                {
-                    "slug": _(
-                        "Slug must be a valid Python identifier (no spaces, "
-                        + "special characters, or leading digits).",
-                    ),
-                },
+            warnings.warn(
+                f"Slug '{self.slug}' is not a valid Python identifier. "
+                + "Consider updating it.",
+                stacklevel=3,
            )

    def get_choices(self):
--- a/eav/models/value.py
+++ b/eav/models/value.py
@ -1,7 +1,6 @@
-# ruff: noqa: UP007
 from __future__ import annotations

-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, ClassVar

 from django.contrib.contenttypes import fields as generic
 from django.contrib.contenttypes.models import ContentType
@ -137,7 +136,7 @@ class Value(models.Model):
        verbose_name=_("Value JSON"),
    )

-    value_enum: ForeignKey[Optional[EnumValue]] = ForeignKey(
+    value_enum: ForeignKey[EnumValue | None] = ForeignKey(
        "eav.EnumValue",
        blank=True,
        null=True,
@ -173,21 +172,39 @@ class Value(models.Model):
        verbose_name = _("Value")
        verbose_name_plural = _("Values")

+        constraints: ClassVar[list[models.Constraint]] = [
+            models.UniqueConstraint(
+                fields=["entity_ct", "attribute", "entity_uuid"],
+                name="unique_entity_uuid_per_attribute",
+            ),
+            models.UniqueConstraint(
+                fields=["entity_ct", "attribute", "entity_id"],
+                name="unique_entity_id_per_attribute",
+            ),
+            models.CheckConstraint(
+                condition=(
+                    models.Q(entity_id__isnull=False, entity_uuid__isnull=True)
+                    | models.Q(entity_id__isnull=True, entity_uuid__isnull=False)
+                ),
+                name="ensure_entity_id_xor_entity_uuid",
+            ),
+        ]
+
    def __str__(self) -> str:
        """String representation of a Value."""
        entity = self.entity_pk_uuid if self.entity_uuid else self.entity_pk_int
        return f'{self.attribute.name}: "{self.value}" ({entity})'

+    def __repr__(self) -> str:
+        """Representation of Value object."""
+        entity = self.entity_pk_uuid if self.entity_uuid else self.entity_pk_int
+        return f'{self.attribute.name}: "{self.value}" ({entity})'
+
    def save(self, *args, **kwargs):
        """Validate and save this value."""
        self.full_clean()
        super().save(*args, **kwargs)

-    def __repr__(self) -> str:
-        """Representation of Value object."""
-        entity = self.entity_pk_uuid if self.entity_uuid else self.entity_pk_int
-        return f'{self.attribute.name}: "{self.value}" ({entity})'
-
    def natural_key(self) -> tuple[tuple[str, str], int, str]:
        """
        Retrieve the natural key for the Value instance.
--- a/eav/queryset.py
+++ b/eav/queryset.py
@ -12,11 +12,27 @@ Q-expressions need to be rewritten for two reasons:

       city_values = Value.objects.filter(value__text__startswith='New')
       Supplier.objects.filter(eav_values__in=city_values)
-
   For details see: :func:`eav_filter`.

 2. To ensure that Q-expression tree is compiled to valid SQL.
   For details see: :func:`rewrite_q_expr`.
+
+.. note:: EAV negation limitation
+
+   Because EAV values are stored as individual rows in a shared table,
+   using ``~Q(eav__attr=value)`` inside ``.filter()`` negates at the
+   **row** level rather than the **entity** level.  This can produce
+   unexpected results: an entity that has *other* EAV rows not matching
+   the negation will still appear in the result set.
+
+   The correct way to express "entities where attr A = x AND attr B ≠ y"
+   is to chain ``.exclude()`` instead::
+
+       # Wrong - row-level negation, may return unexpected results
+       MyModel.objects.filter(Q(eav__a=x) & ~Q(eav__b=y))
+
+       # Correct - entity-level negation
+       MyModel.objects.filter(eav__a=x).exclude(eav__b=y)
 """

 from functools import wraps
@ -44,6 +60,7 @@ def is_eav_and_leaf(expr, gr_name):
    return (
        getattr(expr, "connector", None) == "AND"
        and len(expr.children) == 1
+        and isinstance(expr.children[0], tuple)
        and expr.children[0][0] in ["pk__in", f"{gr_name}__in"]
    )

--- a/eav/validators.py
+++ b/eav/validators.py
@ -83,7 +83,7 @@ def validate_enum(value):
    Raises ``ValidationError`` unless *value* is a saved
    :class:`~eav.models.EnumValue` model instance.
    """
-    from eav.models import EnumValue
+    from eav.models import EnumValue  # noqa: PLC0415

    if isinstance(value, EnumValue) and not value.pk:
        raise ValidationError(_("EnumValue has not been saved yet"))
--- a/manage.py
+++ b/manage.py
@ -3,6 +3,15 @@
 import os
 import sys

+try:
+    from django.core import management
+except ImportError as err:
+    raise ImportError(
+        "Couldn't import Django. Are you sure it's installed and "
+        + "available on your PYTHONPATH environment variable? Did you "
+        + "forget to activate a virtual environment?",
+    ) from err
+

 def main() -> None:
    """
@ -14,16 +23,6 @@ def main() -> None:
    3. Executes any given command
    """
    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "test_project.settings")
-
-    try:
-        from django.core import management
-    except ImportError as err:
-        raise ImportError(
-            "Couldn't import Django. Are you sure it's installed and "
-            + "available on your PYTHONPATH environment variable? Did you "
-            + "forget to activate a virtual environment?",
-        ) from err
-
    management.execute_from_command_line(sys.argv)


--- a/poetry.lock
+++ b/poetry.lock
--- a/pyproject.toml
+++ b/pyproject.toml
@ -1,12 +1,12 @@
 [build-system]
-requires = ["poetry-core"]
+requires = ["poetry-core>=1.9"]
 build-backend = "poetry.core.masonry.api"


 [tool.poetry]
 name = "django-eav2"
 description = "Entity-Attribute-Value storage for Django"
-version = "1.7.0"
+version = "1.8.2"
 license = "GNU Lesser General Public License (LGPL), Version 3"
 packages = [
  { include = "eav" }
@ -37,17 +37,15 @@ classifiers = [
  "License :: OSI Approved :: GNU Library or Lesser General Public License (LGPL)",
  "Programming Language :: Python",
  "Programming Language :: Python :: 3",
-  "Programming Language :: Python :: 3.8",
-  "Programming Language :: Python :: 3.9",
  "Programming Language :: Python :: 3.10",
  "Programming Language :: Python :: 3.11",
  "Programming Language :: Python :: 3.12",
+  "Programming Language :: Python :: 3.13",
  "Topic :: Database",
  "Topic :: Software Development :: Libraries :: Python Modules",
  "Framework :: Django",
-  "Framework :: Django :: 4.2",
-  "Framework :: Django :: 5.0",
-  "Framework :: Django :: 5.1",
+  "Framework :: Django :: 5.2",
+  "Framework :: Django :: 6.0",
 ]

 [tool.semantic_release]
@ -60,36 +58,37 @@ upload_to_release = false
 build_command = "pip install poetry && poetry build"

 [tool.poetry.dependencies]
-python = "^3.8"
-django = ">=4.2,<5.2"
+python = "^3.10"
+django = ">=5.2"

 [tool.poetry.group.test.dependencies]
-mypy = "^1.6"
-ruff = "^0.6.3"
+mypy = ">=1.6,<3.0"
+ruff = ">=0.6.3,<0.16.0"

 safety = ">=2.3,<4.0"

-pytest = ">=7.4.3,<9.0.0"
-pytest-cov = ">=4.1,<6.0"
-pytest-randomly = "^3.15"
+pytest = ">=7.4.3,<10.0.0"
+pytest-cov = ">=4.1,<8.0"
+pytest-randomly = ">=3.15,<5.0"
 pytest-django = "^4.5.2"
 hypothesis = "^6.87.1"

-doc8 = ">=0.11.2,<1.2.0"
+doc8 = ">=0.11.2,<2.1.0"

 [tool.poetry.group.docs]
 optional = true

 [tool.poetry.group.docs.dependencies]
-sphinx = ">=5.0,<8.0"
-sphinx-rtd-theme = ">=1.3,<3.0"
+sphinx = ">=5.0,<9.0"
+sphinx-rtd-theme = ">=1.3,<4.0"
 sphinx-autodoc-typehints = ">=1.19.5,<3.0.0"
 m2r2 = "^0.3"
-tomlkit = ">=0.13.0,<0.14"
+tomlkit = ">=0.13.0,<0.16"


 [tool.ruff]
 line-length = 88
+target-version = "py38"

 [tool.ruff.lint]
 select = ["ALL"]
@ -122,8 +121,10 @@ allow-multiline = false
 "tests/*" = [
  "INP001",   # "Add an __init__.py"
  "PLR2004",  # "Magic value used in comparison"
+  "PLW0108",  # "Lambda may be unnecessary" - used with assertRaises
  "PT009",    # "Use a regular assert instead of unittest-style"
  "PT027",    # "Use pytest.raises instead of unittest-style"
+  "PT030",    # "pytest.warns match parameter" - broad warnings intentional in tests
  "S101",     # "Use of assert detected"
  "SLF001"    # "Private member accessed"
  ]
--- a/test_project/models.py
+++ b/test_project/models.py
@ -101,7 +101,7 @@ class Encounter(TestBase):
    patient = models.ForeignKey(Patient, on_delete=models.PROTECT)

    def __str__(self):
-        return "%s: encounter num %d" % (self.patient, self.num)
+        return f"{self.patient}: encounter num {self.num}"

    def __repr__(self):
        return self.name
--- a/tests/test_attributes.py
+++ b/tests/test_attributes.py
@ -167,8 +167,15 @@ class TestAttributeModel(django.TestCase):


@pytest.mark.django_db
-def test_attribute_create_with_invalid_slug():
-    with pytest.raises(ValidationError):
+def test_attribute_create_with_invalid_slug() -> None:
+    """
+    Test that creating an Attribute with an invalid slug raises a UserWarning.
+
+    This test ensures that when an Attribute is created with a slug that is not
+    a valid Python identifier, a UserWarning is raised. The warning should
+    indicate that the slug is invalid and suggest updating it.
+    """
+    with pytest.warns(UserWarning):
        Attribute.objects.create(
            name="Test Attribute",
            slug="123-invalid",
--- a/tests/test_forms.py
+++ b/tests/test_forms.py
@ -211,3 +211,41 @@ def test_entity_admin_form_no_attributes(patient):

    # 3 for 'name', 'email', 'example'
    assert total_fields == expected_fields
+
+
+@pytest.mark.django_db
+def test_dynamic_form_renders_enum_choices():
+    """
+    Test that enum choices render correctly in BaseDynamicEntityForm.
+
+    This test verifies the fix for issue #648 where enum choices weren't
+    rendering correctly in Django 4.2.17 due to QuerySet unpacking issues.
+    """
+    # Setup
+    eav.register(Patient)
+
+    # Create enum values and group
+    female = EnumValue.objects.create(value="Female")
+    male = EnumValue.objects.create(value="Male")
+    gender_group = EnumGroup.objects.create(name="Gender")
+    gender_group.values.add(female, male)
+
+    Attribute.objects.create(
+        name="gender",
+        datatype=Attribute.TYPE_ENUM,
+        enum_group=gender_group,
+    )
+
+    # Create a patient
+    patient = Patient.objects.create(name="Test Patient")
+
+    # Initialize the dynamic form
+    form = PatientDynamicForm(instance=patient)
+
+    # Test rendering - should not raise any exceptions
+    rendered_form = form.as_p()
+
+    # Verify the form rendered and contains the enum choices
+    assert 'name="gender"' in rendered_form
+    assert f'value="{female.pk}">{female.value}' in rendered_form
+    assert f'value="{male.pk}">{male.value}' in rendered_form
--- a/tests/test_logic.py
+++ b/tests/test_logic.py
@ -32,9 +32,9 @@ def test_generate_slug_uniqueness() -> None:
    generated_slugs: dict[str, str] = {}
    for input_str in inputs:
        slug = generate_slug(input_str)
-        assert (
-            slug not in generated_slugs.values()
-        ), f"Duplicate slug '{slug}' generated for input '{input_str}'"
+        assert slug not in generated_slugs.values(), (
+            f"Duplicate slug '{slug}' generated for input '{input_str}'"
+        )
        generated_slugs[input_str] = slug

    assert len(generated_slugs) == len(
--- a/tests/test_queries.py
+++ b/tests/test_queries.py
@ -407,3 +407,148 @@ class Queries(TestCase):
        # Assert that the expected patient is returned
        self.assertEqual(len(patients), 1)
        self.assertEqual(patients[0].name, "Anne")
+
+    def test_filter_eav_and_negated_non_eav_field(self) -> None:
+        """
+        Regression test for #634: EAV Q combined with a negated non-EAV Q.
+
+        Q(eav__attr=val) & ~Q(non_eav_field=val) raised:
+            TypeError: 'Q' object is not subscriptable
+        """
+        self.init_data()
+        # fever=yes → Cyrill, Eugene; name≠"Bob" excludes nobody here
+        p = Patient.objects.filter(Q(eav__fever=self.yes) & ~Q(name="Bob"))
+        assert p.count() == 2
+        assert set(p.values_list("name", flat=True)) == {"Cyrill", "Eugene"}
+
+    def test_filter_negated_non_eav_field_and_eav(self) -> None:
+        """
+        Regression test for #634: negated non-EAV Q combined with an EAV Q
+        (operand order reversed from the previous test).
+
+        ~Q(non_eav_field=val) & Q(eav__attr=val) raised:
+            TypeError: 'Q' object is not subscriptable
+        """
+        self.init_data()
+        # Same expectation as above; order of operands should not matter.
+        p = Patient.objects.filter(~Q(name="Bob") & Q(eav__fever=self.yes))
+        assert p.count() == 2
+        assert set(p.values_list("name", flat=True)) == {"Cyrill", "Eugene"}
+
+    def test_filter_eav_and_negated_eav_field(self) -> None:
+        """
+        Regression test for #634: EAV Q combined with a negated EAV Q.
+
+        Q(eav__attr1=val) & ~Q(eav__attr2=val) raised:
+            TypeError: 'Q' object is not subscriptable
+
+        Note: negating an EAV filter inside filter() has known SQL JOIN
+        semantics limitations. Because each EAV attribute is stored as a
+        separate row in the values table, the negation operates on individual
+        rows rather than on entities. This means a patient with both a
+        fever=no value AND a city='Nice' value will still be included because
+        their fever=no row passes the NOT city='Nice' row-level check.
+        The primary purpose of this test is to verify no TypeError is raised.
+        """
+        self.init_data()
+        # fever=no → Anne, Bob, Daniel
+        # ~city='Nice' does NOT reliably exclude Daniel due to EAV row semantics
+        p = Patient.objects.filter(Q(eav__fever=self.no) & ~Q(eav__city="Nice"))
+        # At minimum, the EAV-only patients (no city='Nice') must be present
+        names = set(p.values_list("name", flat=True))
+        assert {"Anne", "Bob"}.issubset(names)
+        # Result is bounded by the fever=no set
+        assert names.issubset({"Anne", "Bob", "Daniel"})
+
+    def test_filter_solo_negated_eav_field(self) -> None:
+        """
+        ~Q(eav__attr=val) as the sole argument should work correctly.
+
+        This produces entity-level exclusion because there are no other EAV
+        JOIN conditions to interfere: entities with no matching value row are
+        simply absent from the JOIN, so NOT eav_values__in correctly excludes
+        entities that DO have that value row.
+        """
+        self.init_data()
+        # age != 3 → Bob (15), Cyrill (15), Eugene (2)
+        p = Patient.objects.filter(~Q(eav__age=3))
+        assert p.count() == 3
+        assert set(p.values_list("name", flat=True)) == {"Bob", "Cyrill", "Eugene"}
+
+    def test_filter_or_eav_and_non_eav_no_duplicates(self) -> None:
+        """
+        OR between an EAV Q and a non-EAV Q must not return duplicate rows.
+
+        When an EAV condition is used in OR with a non-EAV condition, the EAV
+        side remains as a JOIN condition (it cannot be merged via rewrite_q_expr
+        because there is only one EAV leaf). This JOIN can produce multiple rows
+        per entity. Results should be distinct.
+
+        This is a known limitation: callers should use .distinct() when mixing
+        EAV and non-EAV conditions in OR.
+        """
+        self.init_data()
+        # fever=yes → Cyrill, Eugene; name='Bob' → Bob
+        p = Patient.objects.filter(Q(eav__fever=self.yes) | Q(name="Bob"))
+        # Correct distinct count is 3; without distinct() duplicates may appear
+        assert p.distinct().count() == 3
+        assert set(p.distinct().values_list("name", flat=True)) == {
+            "Bob",
+            "Cyrill",
+            "Eugene",
+        }
+
+    def test_q_object_not_mutated_by_filter(self) -> None:
+        """
+        Q objects passed to filter() must not be mutated.
+
+        expand_q_filters() rewrites Q children in-place. If the original Q
+        object is mutated, reusing it in a second query will operate on the
+        already-expanded (internal) form and may produce incorrect results or
+        errors.
+
+        This test documents the current behaviour (mutation occurs) so that
+        any future fix is captured as a regression guard.
+        """
+        self.init_data()
+        q = Q(eav__fever=self.yes)
+        original_children = list(q.children)  # [('eav__fever', <EnumValue>)]
+
+        Patient.objects.filter(q)
+
+        # Document current (broken) behaviour: children are mutated.
+        # When this is fixed, change the assertion to assertEqual.
+        assert q.children != original_children, (
+            "Q mutation is fixed - update this test to assert no mutation"
+        )
+
+    def test_negated_eav_field_workaround_chained_exclude(self) -> None:
+        """
+        Documents the correct way to express "EAV attr A = x AND EAV attr B != y".
+
+        Because EAV values are stored one-per-row, using ~Q() inside filter()
+        negates at the *row* level, not the *entity* level.  The correct
+        approach is to chain .exclude() which operates at the entity level::
+
+            # WRONG - may return entities that should be excluded
+            Patient.objects.filter(Q(eav__fever=no) & ~Q(eav__city="Nice"))
+
+            # CORRECT - exclude() works at entity level
+            Patient.objects.filter(eav__fever=no).exclude(eav__city="Nice")
+            # or equivalently:
+            Patient.objects.filter(Q(eav__fever=no)).exclude(Q(eav__city="Nice"))
+        """
+        self.init_data()
+        # fever=no → Anne, Bob, Daniel; chained exclude removes Daniel
+        p_chained = Patient.objects.filter(eav__fever=self.no).exclude(
+            eav__city="Nice",
+        )
+        assert p_chained.count() == 2
+        assert set(p_chained.values_list("name", flat=True)) == {"Anne", "Bob"}
+
+        # Q-based form of the same thing
+        p_q = Patient.objects.filter(Q(eav__fever=self.no)).exclude(
+            Q(eav__city="Nice"),
+        )
+        assert p_q.count() == 2
+        assert set(p_q.values_list("name", flat=True)) == {"Anne", "Bob"}
--- a/tests/test_value.py
+++ b/tests/test_value.py
@ -0,0 +1,319 @@
+import pytest
+from django.contrib.contenttypes.models import ContentType
+from django.core.exceptions import ValidationError
+from django.db import IntegrityError
+
+from eav.models import Attribute, Value
+from test_project.models import Doctor, Patient
+
+
+@pytest.fixture
+def patient_ct() -> ContentType:
+    """Return the content type for the Patient model."""
+    return ContentType.objects.get_for_model(Patient)
+
+
+@pytest.fixture
+def doctor_ct() -> ContentType:
+    """Return the content type for the Doctor model."""
+    # We use Doctor model for UUID tests since it already uses UUID as primary key
+    return ContentType.objects.get_for_model(Doctor)
+
+
+@pytest.fixture
+def attribute() -> Attribute:
+    """Create and return a test attribute."""
+    return Attribute.objects.create(
+        name="test_attribute",
+        datatype="text",
+    )
+
+
+@pytest.fixture
+def patient() -> Patient:
+    """Create and return a patient with integer PK."""
+    # Patient model uses auto-incrementing integer primary keys
+    return Patient.objects.create(name="Patient with Int PK")
+
+
+@pytest.fixture
+def doctor() -> Doctor:
+    """Create and return a doctor with UUID PK."""
+    # Doctor model uses UUID primary keys, ideal for testing entity_uuid constraints
+    return Doctor.objects.create(name="Doctor with UUID PK")
+
+
+class TestValueModelValidation:
+    """Test Value model Python-level validation (via full_clean in save)."""
+
+    @pytest.mark.django_db
+    def test_unique_entity_id_validation(
+        self,
+        patient_ct: ContentType,
+        attribute: Attribute,
+        patient: Patient,
+    ) -> None:
+        """
+        Test that model validation prevents duplicate entity_id values.
+
+        The model's save() method calls full_clean() which should detect the
+        duplicate before it hits the database constraint.
+        """
+        # Create first value - this should succeed
+        Value.objects.create(
+            entity_ct=patient_ct,
+            entity_id=patient.id,
+            attribute=attribute,
+            value_text="First value",
+        )
+
+        # Try to create a second value with the same entity_ct, attribute, and entity_id
+        # This should fail with ValidationError from full_clean()
+        with pytest.raises(ValidationError) as excinfo:
+            Value.objects.create(
+                entity_ct=patient_ct,
+                entity_id=patient.id,
+                attribute=attribute,
+                value_text="Second value",
+            )
+
+        # Verify the error message indicates uniqueness violation
+        assert "already exists" in str(excinfo.value)
+
+    @pytest.mark.django_db
+    def test_unique_entity_uuid_validation(
+        self,
+        doctor_ct: ContentType,
+        attribute: Attribute,
+        doctor: Doctor,
+    ) -> None:
+        """
+        Test that model validation prevents duplicate entity_uuid values.
+
+        The model's full_clean() should detect the duplicate before it hits
+        the database constraint.
+        """
+        # Create first value with UUID - this should succeed
+        Value.objects.create(
+            entity_ct=doctor_ct,
+            entity_uuid=doctor.id,
+            attribute=attribute,
+            value_text="First UUID value",
+        )
+
+        # Try to create a second value with the same entity_ct,
+        # attribute, and entity_uuid
+        with pytest.raises(ValidationError) as excinfo:
+            Value.objects.create(
+                entity_ct=doctor_ct,
+                entity_uuid=doctor.id,
+                attribute=attribute,
+                value_text="Second UUID value",
+            )
+
+        # Verify the error message indicates uniqueness violation
+        assert "already exists" in str(excinfo.value)
+
+    @pytest.mark.django_db
+    def test_entity_id_xor_entity_uuid_validation(
+        self,
+        patient_ct: ContentType,
+        attribute: Attribute,
+        patient: Patient,
+        doctor: Doctor,
+    ) -> None:
+        """
+        Test that model validation enforces XOR between entity_id and entity_uuid.
+
+        The model's full_clean() should detect if both or neither field is provided.
+        """
+        # Try to create with both ID types
+        with pytest.raises(ValidationError):
+            Value.objects.create(
+                entity_ct=patient_ct,
+                entity_id=patient.id,
+                entity_uuid=doctor.id,
+                attribute=attribute,
+                value_text="Both IDs provided",
+            )
+
+        # Try to create with neither ID type
+        with pytest.raises(ValidationError):
+            Value.objects.create(
+                entity_ct=patient_ct,
+                entity_id=None,
+                entity_uuid=None,
+                attribute=attribute,
+                value_text="No IDs provided",
+            )
+
+
+class TestValueDatabaseConstraints:
+    """
+    Test Value model database constraints when bypassing model validation.
+
+    These tests use bulk_create() which bypasses the save() method and its
+    full_clean() validation, allowing us to test the database constraints directly.
+    """
+
+    @pytest.mark.django_db
+    def test_unique_entity_id_constraint(
+        self,
+        patient_ct: ContentType,
+        attribute: Attribute,
+        patient: Patient,
+    ) -> None:
+        """
+        Test that database constraints prevent duplicate entity_id values.
+
+        Even when bypassing model validation with bulk_create, the database
+        constraint should still prevent duplicates.
+        """
+        # Create first value - this should succeed
+        Value.objects.create(
+            entity_ct=patient_ct,
+            entity_id=patient.id,
+            attribute=attribute,
+            value_text="First value",
+        )
+
+        # Try to bulk create a duplicate value, bypassing model validation
+        with pytest.raises(IntegrityError):
+            Value.objects.bulk_create(
+                [
+                    Value(
+                        entity_ct=patient_ct,
+                        entity_id=patient.id,
+                        attribute=attribute,
+                        value_text="Second value",
+                    ),
+                ],
+            )
+
+    @pytest.mark.django_db
+    def test_unique_entity_uuid_constraint(
+        self,
+        doctor_ct: ContentType,
+        attribute: Attribute,
+        doctor: Doctor,
+    ) -> None:
+        """
+        Test that database constraints prevent duplicate entity_uuid values.
+
+        Even when bypassing model validation, the database constraint should
+        still prevent duplicates.
+        """
+        # Create first value with UUID - this should succeed
+        Value.objects.create(
+            entity_ct=doctor_ct,
+            entity_uuid=doctor.id,
+            attribute=attribute,
+            value_text="First UUID value",
+        )
+
+        # Try to bulk create a duplicate value, bypassing model validation
+        with pytest.raises(IntegrityError):
+            Value.objects.bulk_create(
+                [
+                    Value(
+                        entity_ct=doctor_ct,
+                        entity_uuid=doctor.id,
+                        attribute=attribute,
+                        value_text="Second UUID value",
+                    ),
+                ],
+            )
+
+    @pytest.mark.django_db
+    def test_entity_id_and_entity_uuid_constraint(
+        self,
+        patient_ct: ContentType,
+        attribute: Attribute,
+        patient: Patient,
+        doctor: Doctor,
+    ) -> None:
+        """
+        Test that database constraints prevent having both entity_id and entity_uuid.
+
+        Even when bypassing model validation, the database constraint should
+        prevent having both fields set.
+        """
+        # Try to bulk create with both ID types
+        with pytest.raises(IntegrityError):
+            Value.objects.bulk_create(
+                [
+                    Value(
+                        entity_ct=patient_ct,
+                        entity_id=patient.id,
+                        entity_uuid=doctor.id,
+                        attribute=attribute,
+                        value_text="Both IDs provided",
+                    ),
+                ],
+            )
+
+    @pytest.mark.django_db
+    def test_neither_entity_id_nor_entity_uuid_constraint(
+        self,
+        patient_ct: ContentType,
+        attribute: Attribute,
+    ) -> None:
+        """
+        Test that database constraints prevent having neither entity_id nor entity_uuid.
+
+        Even when bypassing model validation, the database constraint should
+        prevent having neither field set.
+        """
+        # Try to bulk create with neither ID type
+        with pytest.raises(IntegrityError):
+            Value.objects.bulk_create(
+                [
+                    Value(
+                        entity_ct=patient_ct,
+                        entity_id=None,
+                        entity_uuid=None,
+                        attribute=attribute,
+                        value_text="No IDs provided",
+                    ),
+                ],
+            )
+
+    @pytest.mark.django_db
+    def test_happy_path_constraints(
+        self,
+        patient_ct: ContentType,
+        doctor_ct: ContentType,
+        attribute: Attribute,
+        patient: Patient,
+        doctor: Doctor,
+    ) -> None:
+        """
+        Test that valid values pass both database constraints.
+
+        Values with either entity_id or entity_uuid (but not both) should be accepted.
+        """
+        # Test with entity_id using bulk_create
+        values = Value.objects.bulk_create(
+            [
+                Value(
+                    entity_ct=patient_ct,
+                    entity_id=patient.id,
+                    attribute=attribute,
+                    value_text="Integer ID bulk created",
+                ),
+            ],
+        )
+        assert len(values) == 1
+
+        # Test with entity_uuid using bulk_create
+        values = Value.objects.bulk_create(
+            [
+                Value(
+                    entity_ct=doctor_ct,
+                    entity_uuid=doctor.id,
+                    attribute=attribute,
+                    value_text="UUID bulk created",
+                ),
+            ],
+        )
+        assert len(values) == 1