@arcote.tech/arc-host 0.3.4 → 0.4.1

package/dist/index.js

@@ -3673,20 +3673,18 @@ var require_jsonwebtoken = __commonJS((exports, module) => {
   };
 });
 
-// src/arc-host.ts
+// src/create-server.ts
 var import_jsonwebtoken = __toESM(require_jsonwebtoken(), 1);
-import { liveQuery } from "@arcote.tech/arc";
 
 // src/connection-manager.ts
 class ConnectionManager {
   clients = new Map;
   clientIdCounter = 0;
-  addClient(ws, token, rawToken) {
+  addClient(ws) {
     const clientId = `client_${++this.clientIdCounter}_${Date.now()}`;
     const client = {
       id: clientId,
-      token,
-      rawToken,
+      scopeTokens: new Map,
       lastHostEventId: null,
       ws
     };
@@ -3706,6 +3704,22 @@ class ConnectionManager {
       return;
     return this.clients.get(clientId);
   }
+  setScopeToken(clientId, scope, decoded, raw) {
+    const client = this.clients.get(clientId);
+    if (client) {
+      client.scopeTokens.set(scope, { decoded, raw });
+    }
+  }
+  getScopeToken(clientId, scope) {
+    const client = this.clients.get(clientId);
+    return client?.scopeTokens.get(scope);
+  }
+  getAllScopeTokens(clientId) {
+    const client = this.clients.get(clientId);
+    if (!client)
+      return [];
+    return Array.from(client.scopeTokens.values()).map((v) => v.decoded);
+  }
   updateLastSyncedEventId(clientId, hostEventId) {
     const client = this.clients.get(clientId);
     if (client) {
@@ -3741,10 +3755,10 @@ class ConnectionManager {
 
 // src/context-handler.ts
 import {
-  AuthAdapter,
   LocalEventPublisher,
   MasterDataStorage,
   Model,
+  ScopedModel,
   mutationExecutor
 } from "@arcote.tech/arc";
 
@@ -3812,6 +3826,17 @@ function filterEventsForToken(token, events, eventDefinitions) {
     return canTokenReceiveEvent(token, eventDef, eventInstance);
   });
 }
+function filterEventsForTokens(tokens, events, eventDefinitions) {
+  if (tokens.length === 0) {
+    return filterEventsForToken(null, events, eventDefinitions);
+  }
+  return events.filter((eventInstance) => {
+    const eventDef = eventDefinitions.get(eventInstance.type);
+    if (!eventDef)
+      return false;
+    return tokens.some((token) => canTokenReceiveEvent(token, eventDef, eventInstance));
+  });
+}
 
 // src/context-handler.ts
 class ContextHandler {
@@ -3819,7 +3844,6 @@ class ContextHandler {
   model;
   dataStorage;
   eventPublisher;
-  authAdapter;
   eventDefinitions = new Map;
   hostEventIdCounter = 0;
   initialized = false;
@@ -3827,12 +3851,10 @@ class ContextHandler {
     this.context = context;
     this.dataStorage = new MasterDataStorage(dbAdapter);
     this.eventPublisher = new LocalEventPublisher(this.dataStorage);
-    this.authAdapter = new AuthAdapter;
     this.model = new Model(context, {
       adapters: {
         dataStorage: this.dataStorage,
-        eventPublisher: this.eventPublisher,
-        authAdapter: this.authAdapter
+        eventPublisher: this.eventPublisher
       },
       environment: "server"
     });
@@ -3849,21 +3871,26 @@ class ContextHandler {
     this.initialized = true;
   }
   async executeCommand(commandName, params, rawToken) {
-    const mutations = mutationExecutor(this.model);
-    const command = mutations[commandName];
+    const scoped = new ScopedModel(this.model, "request");
+    if (rawToken)
+      scoped.setToken(rawToken);
+    const mutations = mutationExecutor(scoped);
+    let command;
+    if (commandName.includes(".")) {
+      const [elementName, methodName] = commandName.split(".");
+      const element = mutations[elementName];
+      command = element?.[methodName];
+    } else {
+      command = mutations[commandName];
+    }
     if (!command) {
       throw new Error(`Command '${commandName}' not found`);
     }
-    this.authAdapter.setToken(rawToken);
     try {
-      return await command(params);
+      const result = await command(params);
+      return result;
     } catch (error) {
-      console.error(`[ARC] Command '${commandName}' failed:`);
-      console.error(`[ARC] Params:`, JSON.stringify(params, null, 2));
-      console.error(`[ARC] Error:`, error);
-      if (error instanceof Error) {
-        console.error(`[ARC] Stack:`, error.stack);
-      }
+      console.error(`[ARC] Command '${commandName}' failed:`, error);
       throw error;
     }
   }
@@ -3939,315 +3966,618 @@ class ContextHandler {
   getEventDefinitions() {
     return this.eventDefinitions;
   }
-  setAuthToken(rawToken) {
-    this.authAdapter.setToken(rawToken);
+  getEventPublisher() {
+    return this.eventPublisher;
   }
 }
 
-// src/arc-host.ts
-class ArcHost {
-  config;
-  server;
-  connectionManager = new ConnectionManager;
-  contextHandler;
-  streamConnections = new Map;
-  jwtSecret;
-  port;
-  streamIdCounter = 0;
-  constructor(config) {
-    this.config = config;
-    this.jwtSecret = config.jwtSecret || process.env.JWT_SECRET || "arc-host-secret-change-in-production";
-    this.port = config.port || 5005;
-  }
-  async start() {
-    const dbAdapter = this.config.dbAdapterFactory(this.config.context);
-    this.contextHandler = new ContextHandler(this.config.context, dbAdapter);
-    await this.contextHandler.init();
-    this.setupServer();
-  }
-  verifyToken(token) {
-    try {
-      const decoded = import_jsonwebtoken.default.verify(token, this.jwtSecret);
-      if (decoded.tokenName && !decoded.tokenType) {
-        return {
-          tokenType: decoded.tokenName,
-          params: decoded.params || {},
-          iat: decoded.iat,
-          exp: decoded.exp
-        };
-      }
-      return decoded;
-    } catch {
-      try {
-        const parts = token.split(".");
-        if (parts.length !== 3)
-          return null;
-        const payload = JSON.parse(atob(parts[1]));
-        return {
-          tokenType: payload.tokenName,
-          params: payload.params || {},
-          iat: payload.iat,
-          exp: payload.exp
-        };
-      } catch {
-        return null;
-      }
-    }
+// ../../node_modules/croner/dist/croner.js
+function h(n, t, e, r, s, i, a, l) {
+  return h.fromTZ(h.tp(n, t, e, r, s, i, a), l);
+}
+h.fromTZISO = (n, t, e) => h.fromTZ(k(n, t), e);
+h.fromTZ = function(n, t) {
+  let e = new Date(Date.UTC(n.y, n.m - 1, n.d, n.h, n.i, n.s)), r = D(n.tz, e), s = new Date(e.getTime() - r), i = D(n.tz, s);
+  if (i - r === 0)
+    return s;
+  {
+    let a = new Date(e.getTime() - i), l = D(n.tz, a);
+    if (l - i === 0)
+      return a;
+    if (!t && l - i > 0)
+      return a;
+    if (t)
+      throw new Error("Invalid date passed to fromTZ()");
+    return s;
   }
-  async handleMessage(ws, message) {
-    const client = this.connectionManager.getClientByWs(ws);
-    if (!client) {
-      this.sendError(ws, "Client not found");
+};
+h.toTZ = function(n, t) {
+  let e = n.toLocaleString("en-US", { timeZone: t }).replace(/[\u202f]/, " "), r = new Date(e);
+  return { y: r.getFullYear(), m: r.getMonth() + 1, d: r.getDate(), h: r.getHours(), i: r.getMinutes(), s: r.getSeconds(), tz: t };
+};
+h.tp = (n, t, e, r, s, i, a) => ({ y: n, m: t, d: e, h: r, i: s, s: i, tz: a });
+function D(n, t = new Date) {
+  let e = t.toLocaleString("en-US", { timeZone: n, timeZoneName: "shortOffset" }).split(" ").slice(-1)[0], r = t.toLocaleString("en-US").replace(/[\u202f]/, " ");
+  return Date.parse(`${r} GMT`) - Date.parse(`${r} ${e}`);
+}
+function k(n, t) {
+  let e = new Date(Date.parse(n));
+  if (isNaN(e))
+    throw new Error("minitz: Invalid ISO8601 passed to parser.");
+  let r = n.substring(9);
+  return n.includes("Z") || r.includes("-") || r.includes("+") ? h.tp(e.getUTCFullYear(), e.getUTCMonth() + 1, e.getUTCDate(), e.getUTCHours(), e.getUTCMinutes(), e.getUTCSeconds(), "Etc/UTC") : h.tp(e.getFullYear(), e.getMonth() + 1, e.getDate(), e.getHours(), e.getMinutes(), e.getSeconds(), t);
+}
+h.minitz = h;
+var b = 32;
+var p = 31 | b;
+var v = [1, 2, 4, 8, 16];
+var d = class {
+  pattern;
+  timezone;
+  second;
+  minute;
+  hour;
+  day;
+  month;
+  dayOfWeek;
+  lastDayOfMonth;
+  starDOM;
+  starDOW;
+  constructor(t, e) {
+    this.pattern = t, this.timezone = e, this.second = Array(60).fill(0), this.minute = Array(60).fill(0), this.hour = Array(24).fill(0), this.day = Array(31).fill(0), this.month = Array(12).fill(0), this.dayOfWeek = Array(7).fill(0), this.lastDayOfMonth = false, this.starDOM = false, this.starDOW = false, this.parse();
+  }
+  parse() {
+    if (!(typeof this.pattern == "string" || this.pattern instanceof String))
+      throw new TypeError("CronPattern: Pattern has to be of type string.");
+    this.pattern.indexOf("@") >= 0 && (this.pattern = this.handleNicknames(this.pattern).trim());
+    let t = this.pattern.replace(/\s+/g, " ").split(" ");
+    if (t.length < 5 || t.length > 6)
+      throw new TypeError("CronPattern: invalid configuration format ('" + this.pattern + "'), exactly five or six space separated parts are required.");
+    if (t.length === 5 && t.unshift("0"), t[3].indexOf("L") >= 0 && (t[3] = t[3].replace("L", ""), this.lastDayOfMonth = true), t[3] == "*" && (this.starDOM = true), t[4].length >= 3 && (t[4] = this.replaceAlphaMonths(t[4])), t[5].length >= 3 && (t[5] = this.replaceAlphaDays(t[5])), t[5] == "*" && (this.starDOW = true), this.pattern.indexOf("?") >= 0) {
+      let e = new f(new Date, this.timezone).getDate(true);
+      t[0] = t[0].replace("?", e.getSeconds().toString()), t[1] = t[1].replace("?", e.getMinutes().toString()), t[2] = t[2].replace("?", e.getHours().toString()), this.starDOM || (t[3] = t[3].replace("?", e.getDate().toString())), t[4] = t[4].replace("?", (e.getMonth() + 1).toString()), this.starDOW || (t[5] = t[5].replace("?", e.getDay().toString()));
+    }
+    this.throwAtIllegalCharacters(t), this.partToArray("second", t[0], 0, 1), this.partToArray("minute", t[1], 0, 1), this.partToArray("hour", t[2], 0, 1), this.partToArray("day", t[3], -1, 1), this.partToArray("month", t[4], -1, 1), this.partToArray("dayOfWeek", t[5], 0, p), this.dayOfWeek[7] && (this.dayOfWeek[0] = this.dayOfWeek[7]);
+  }
+  partToArray(t, e, r, s) {
+    let i = this[t], a = t === "day" && this.lastDayOfMonth;
+    if (e === "" && !a)
+      throw new TypeError("CronPattern: configuration entry " + t + " (" + e + ") is empty, check for trailing spaces.");
+    if (e === "*")
+      return i.fill(s);
+    let l = e.split(",");
+    if (l.length > 1)
+      for (let o = 0;o < l.length; o++)
+        this.partToArray(t, l[o], r, s);
+    else
+      e.indexOf("-") !== -1 && e.indexOf("/") !== -1 ? this.handleRangeWithStepping(e, t, r, s) : e.indexOf("-") !== -1 ? this.handleRange(e, t, r, s) : e.indexOf("/") !== -1 ? this.handleStepping(e, t, r, s) : e !== "" && this.handleNumber(e, t, r, s);
+  }
+  throwAtIllegalCharacters(t) {
+    for (let e = 0;e < t.length; e++)
+      if ((e === 5 ? /[^/*0-9,\-#L]+/ : /[^/*0-9,-]+/).test(t[e]))
+        throw new TypeError("CronPattern: configuration entry " + e + " (" + t[e] + ") contains illegal characters.");
+  }
+  handleNumber(t, e, r, s) {
+    let i = this.extractNth(t, e), a = parseInt(i[0], 10) + r;
+    if (isNaN(a))
+      throw new TypeError("CronPattern: " + e + " is not a number: '" + t + "'");
+    this.setPart(e, a, i[1] || s);
+  }
+  setPart(t, e, r) {
+    if (!Object.prototype.hasOwnProperty.call(this, t))
+      throw new TypeError("CronPattern: Invalid part specified: " + t);
+    if (t === "dayOfWeek") {
+      if (e === 7 && (e = 0), e < 0 || e > 6)
+        throw new RangeError("CronPattern: Invalid value for dayOfWeek: " + e);
+      this.setNthWeekdayOfMonth(e, r);
       return;
     }
-    switch (message.type) {
-      case "sync-events":
-        await this.handleSyncEvents(client.id, message, client.token);
-        break;
-      case "request-sync":
-        await this.handleRequestSync(client.id, message, client.token);
-        break;
-      case "execute-command":
-        await this.handleExecuteCommand(client.id, message, client.rawToken);
-        break;
-      default:
-        this.sendError(ws, `Unknown message type: ${message.type}`);
-    }
+    if (t === "second" || t === "minute") {
+      if (e < 0 || e >= 60)
+        throw new RangeError("CronPattern: Invalid value for " + t + ": " + e);
+    } else if (t === "hour") {
+      if (e < 0 || e >= 24)
+        throw new RangeError("CronPattern: Invalid value for " + t + ": " + e);
+    } else if (t === "day") {
+      if (e < 0 || e >= 31)
+        throw new RangeError("CronPattern: Invalid value for " + t + ": " + e);
+    } else if (t === "month" && (e < 0 || e >= 12))
+      throw new RangeError("CronPattern: Invalid value for " + t + ": " + e);
+    this[t][e] = r;
+  }
+  handleRangeWithStepping(t, e, r, s) {
+    let i = this.extractNth(t, e), a = i[0].match(/^(\d+)-(\d+)\/(\d+)$/);
+    if (a === null)
+      throw new TypeError("CronPattern: Syntax error, illegal range with stepping: '" + t + "'");
+    let [, l, o, u] = a, c = parseInt(l, 10) + r, w = parseInt(o, 10) + r, C = parseInt(u, 10);
+    if (isNaN(c))
+      throw new TypeError("CronPattern: Syntax error, illegal lower range (NaN)");
+    if (isNaN(w))
+      throw new TypeError("CronPattern: Syntax error, illegal upper range (NaN)");
+    if (isNaN(C))
+      throw new TypeError("CronPattern: Syntax error, illegal stepping: (NaN)");
+    if (C === 0)
+      throw new TypeError("CronPattern: Syntax error, illegal stepping: 0");
+    if (C > this[e].length)
+      throw new TypeError("CronPattern: Syntax error, steps cannot be greater than maximum value of part (" + this[e].length + ")");
+    if (c > w)
+      throw new TypeError("CronPattern: From value is larger than to value: '" + t + "'");
+    for (let T = c;T <= w; T += C)
+      this.setPart(e, T, i[1] || s);
+  }
+  extractNth(t, e) {
+    let r = t, s;
+    if (r.includes("#")) {
+      if (e !== "dayOfWeek")
+        throw new Error("CronPattern: nth (#) only allowed in day-of-week field");
+      s = r.split("#")[1], r = r.split("#")[0];
+    }
+    return [r, s];
+  }
+  handleRange(t, e, r, s) {
+    let i = this.extractNth(t, e), a = i[0].split("-");
+    if (a.length !== 2)
+      throw new TypeError("CronPattern: Syntax error, illegal range: '" + t + "'");
+    let l = parseInt(a[0], 10) + r, o = parseInt(a[1], 10) + r;
+    if (isNaN(l))
+      throw new TypeError("CronPattern: Syntax error, illegal lower range (NaN)");
+    if (isNaN(o))
+      throw new TypeError("CronPattern: Syntax error, illegal upper range (NaN)");
+    if (l > o)
+      throw new TypeError("CronPattern: From value is larger than to value: '" + t + "'");
+    for (let u = l;u <= o; u++)
+      this.setPart(e, u, i[1] || s);
+  }
+  handleStepping(t, e, r, s) {
+    let i = this.extractNth(t, e), a = i[0].split("/");
+    if (a.length !== 2)
+      throw new TypeError("CronPattern: Syntax error, illegal stepping: '" + t + "'");
+    a[0] === "" && (a[0] = "*");
+    let l = 0;
+    a[0] !== "*" && (l = parseInt(a[0], 10) + r);
+    let o = parseInt(a[1], 10);
+    if (isNaN(o))
+      throw new TypeError("CronPattern: Syntax error, illegal stepping: (NaN)");
+    if (o === 0)
+      throw new TypeError("CronPattern: Syntax error, illegal stepping: 0");
+    if (o > this[e].length)
+      throw new TypeError("CronPattern: Syntax error, max steps for part is (" + this[e].length + ")");
+    for (let u = l;u < this[e].length; u += o)
+      this.setPart(e, u, i[1] || s);
+  }
+  replaceAlphaDays(t) {
+    return t.replace(/-sun/gi, "-7").replace(/sun/gi, "0").replace(/mon/gi, "1").replace(/tue/gi, "2").replace(/wed/gi, "3").replace(/thu/gi, "4").replace(/fri/gi, "5").replace(/sat/gi, "6");
+  }
+  replaceAlphaMonths(t) {
+    return t.replace(/jan/gi, "1").replace(/feb/gi, "2").replace(/mar/gi, "3").replace(/apr/gi, "4").replace(/may/gi, "5").replace(/jun/gi, "6").replace(/jul/gi, "7").replace(/aug/gi, "8").replace(/sep/gi, "9").replace(/oct/gi, "10").replace(/nov/gi, "11").replace(/dec/gi, "12");
+  }
+  handleNicknames(t) {
+    let e = t.trim().toLowerCase();
+    return e === "@yearly" || e === "@annually" ? "0 0 1 1 *" : e === "@monthly" ? "0 0 1 * *" : e === "@weekly" ? "0 0 * * 0" : e === "@daily" ? "0 0 * * *" : e === "@hourly" ? "0 * * * *" : t;
+  }
+  setNthWeekdayOfMonth(t, e) {
+    if (typeof e != "number" && e === "L")
+      this.dayOfWeek[t] = this.dayOfWeek[t] | b;
+    else if (e === p)
+      this.dayOfWeek[t] = p;
+    else if (e < 6 && e > 0)
+      this.dayOfWeek[t] = this.dayOfWeek[t] | v[e - 1];
+    else
+      throw new TypeError(`CronPattern: nth weekday out of range, should be 1-5 or L. Value: ${e}, Type: ${typeof e}`);
   }
-  async handleSyncEvents(clientId, message, token) {
-    const persistedEvents = await this.contextHandler.persistEvents(message.events, clientId, token);
-    if (persistedEvents.length === 0) {
-      return;
+};
+var O = [31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31];
+var m = [["month", "year", 0], ["day", "month", -1], ["hour", "day", 0], ["minute", "hour", 0], ["second", "minute", 0]];
+var f = class n {
+  tz;
+  ms;
+  second;
+  minute;
+  hour;
+  day;
+  month;
+  year;
+  constructor(t, e) {
+    if (this.tz = e, t && t instanceof Date)
+      if (!isNaN(t))
+        this.fromDate(t);
+      else
+        throw new TypeError("CronDate: Invalid date passed to CronDate constructor");
+    else if (t === undefined)
+      this.fromDate(new Date);
+    else if (t && typeof t == "string")
+      this.fromString(t);
+    else if (t instanceof n)
+      this.fromCronDate(t);
+    else
+      throw new TypeError("CronDate: Invalid type (" + typeof t + ") passed to CronDate constructor");
+  }
+  isNthWeekdayOfMonth(t, e, r, s) {
+    let a = new Date(Date.UTC(t, e, r)).getUTCDay(), l = 0;
+    for (let o = 1;o <= r; o++)
+      new Date(Date.UTC(t, e, o)).getUTCDay() === a && l++;
+    if (s & p && v[l - 1] & s)
+      return true;
+    if (s & b) {
+      let o = new Date(Date.UTC(t, e + 1, 0)).getUTCDate();
+      for (let u = r + 1;u <= o; u++)
+        if (new Date(Date.UTC(t, e, u)).getUTCDay() === a)
+          return false;
+      return true;
     }
-    const clients = this.connectionManager.getAllClients();
-    for (const client of clients) {
-      if (client.id === clientId)
-        continue;
-      const authorizedEvents = filterEventsForToken(client.token, persistedEvents, this.contextHandler.getEventDefinitions());
-      if (authorizedEvents.length > 0) {
-        this.connectionManager.sendToClient(client.id, {
-          type: "events",
-          events: authorizedEvents
-        });
+    return false;
+  }
+  fromDate(t) {
+    if (this.tz !== undefined)
+      if (typeof this.tz == "number")
+        this.ms = t.getUTCMilliseconds(), this.second = t.getUTCSeconds(), this.minute = t.getUTCMinutes() + this.tz, this.hour = t.getUTCHours(), this.day = t.getUTCDate(), this.month = t.getUTCMonth(), this.year = t.getUTCFullYear(), this.apply();
+      else {
+        let e = h.toTZ(t, this.tz);
+        this.ms = t.getMilliseconds(), this.second = e.s, this.minute = e.i, this.hour = e.h, this.day = e.d, this.month = e.m - 1, this.year = e.y;
+      }
+    else
+      this.ms = t.getMilliseconds(), this.second = t.getSeconds(), this.minute = t.getMinutes(), this.hour = t.getHours(), this.day = t.getDate(), this.month = t.getMonth(), this.year = t.getFullYear();
+  }
+  fromCronDate(t) {
+    this.tz = t.tz, this.year = t.year, this.month = t.month, this.day = t.day, this.hour = t.hour, this.minute = t.minute, this.second = t.second, this.ms = t.ms;
+  }
+  apply() {
+    if (this.month > 11 || this.day > O[this.month] || this.hour > 59 || this.minute > 59 || this.second > 59 || this.hour < 0 || this.minute < 0 || this.second < 0) {
+      let t = new Date(Date.UTC(this.year, this.month, this.day, this.hour, this.minute, this.second, this.ms));
+      return this.ms = t.getUTCMilliseconds(), this.second = t.getUTCSeconds(), this.minute = t.getUTCMinutes(), this.hour = t.getUTCHours(), this.day = t.getUTCDate(), this.month = t.getUTCMonth(), this.year = t.getUTCFullYear(), true;
+    } else
+      return false;
+  }
+  fromString(t) {
+    if (typeof this.tz == "number") {
+      let e = h.fromTZISO(t);
+      this.ms = e.getUTCMilliseconds(), this.second = e.getUTCSeconds(), this.minute = e.getUTCMinutes(), this.hour = e.getUTCHours(), this.day = e.getUTCDate(), this.month = e.getUTCMonth(), this.year = e.getUTCFullYear(), this.apply();
+    } else
+      return this.fromDate(h.fromTZISO(t, this.tz));
+  }
+  findNext(t, e, r, s) {
+    let i = this[e], a;
+    r.lastDayOfMonth && (this.month !== 1 ? a = O[this.month] : a = new Date(Date.UTC(this.year, this.month + 1, 0, 0, 0, 0, 0)).getUTCDate());
+    let l = !r.starDOW && e == "day" ? new Date(Date.UTC(this.year, this.month, 1, 0, 0, 0, 0)).getUTCDay() : undefined;
+    for (let o = this[e] + s;o < r[e].length; o++) {
+      let u = r[e][o];
+      if (e === "day" && r.lastDayOfMonth && o - s == a && (u = 1), e === "day" && !r.starDOW) {
+        let c = r.dayOfWeek[(l + (o - s - 1)) % 7];
+        if (c && c & p)
+          c = this.isNthWeekdayOfMonth(this.year, this.month, o - s, c) ? 1 : 0;
+        else if (c)
+          throw new Error(`CronDate: Invalid value for dayOfWeek encountered. ${c}`);
+        t.legacyMode && !r.starDOM ? u = u || c : u = u && c;
+      }
+      if (u)
+        return this[e] = o - s, i !== this[e] ? 2 : 1;
+    }
+    return 3;
+  }
+  recurse(t, e, r) {
+    let s = this.findNext(e, m[r][0], t, m[r][2]);
+    if (s > 1) {
+      let i = r + 1;
+      for (;i < m.length; )
+        this[m[i][0]] = -m[i][2], i++;
+      if (s === 3)
+        return this[m[r][1]]++, this[m[r][0]] = -m[r][2], this.apply(), this.recurse(t, e, 0);
+      if (this.apply())
+        return this.recurse(t, e, r - 1);
+    }
+    return r += 1, r >= m.length ? this : this.year >= 3000 ? null : this.recurse(t, e, r);
+  }
+  increment(t, e, r) {
+    return this.second += e.interval !== undefined && e.interval > 1 && r ? e.interval : 1, this.ms = 0, this.apply(), this.recurse(t, e, 0);
+  }
+  getDate(t) {
+    return t || this.tz === undefined ? new Date(this.year, this.month, this.day, this.hour, this.minute, this.second, this.ms) : typeof this.tz == "number" ? new Date(Date.UTC(this.year, this.month, this.day, this.hour, this.minute - this.tz, this.second, this.ms)) : h.fromTZ(h.tp(this.year, this.month + 1, this.day, this.hour, this.minute, this.second, this.tz), false);
+  }
+  getTime() {
+    return this.getDate(false).getTime();
+  }
+};
+function N(n2) {
+  if (n2 === undefined && (n2 = {}), delete n2.name, n2.legacyMode = n2.legacyMode === undefined ? true : n2.legacyMode, n2.paused = n2.paused === undefined ? false : n2.paused, n2.maxRuns = n2.maxRuns === undefined ? 1 / 0 : n2.maxRuns, n2.catch = n2.catch === undefined ? false : n2.catch, n2.interval = n2.interval === undefined ? 0 : parseInt(n2.interval.toString(), 10), n2.utcOffset = n2.utcOffset === undefined ? undefined : parseInt(n2.utcOffset.toString(), 10), n2.unref = n2.unref === undefined ? false : n2.unref, n2.startAt && (n2.startAt = new f(n2.startAt, n2.timezone)), n2.stopAt && (n2.stopAt = new f(n2.stopAt, n2.timezone)), n2.interval !== null) {
+    if (isNaN(n2.interval))
+      throw new Error("CronOptions: Supplied value for interval is not a number");
+    if (n2.interval < 0)
+      throw new Error("CronOptions: Supplied value for interval can not be negative");
+  }
+  if (n2.utcOffset !== undefined) {
+    if (isNaN(n2.utcOffset))
+      throw new Error("CronOptions: Invalid value passed for utcOffset, should be number representing minutes offset from UTC.");
+    if (n2.utcOffset < -870 || n2.utcOffset > 870)
+      throw new Error("CronOptions: utcOffset out of bounds.");
+    if (n2.utcOffset !== undefined && n2.timezone)
+      throw new Error("CronOptions: Combining 'utcOffset' with 'timezone' is not allowed.");
+  }
+  if (n2.unref !== true && n2.unref !== false)
+    throw new Error("CronOptions: Unref should be either true, false or undefined(false).");
+  return n2;
+}
+function g(n2) {
+  return Object.prototype.toString.call(n2) === "[object Function]" || typeof n2 == "function" || n2 instanceof Function;
+}
+function S(n2) {
+  return g(n2);
+}
+function P(n2) {
+  typeof Deno < "u" && typeof Deno.unrefTimer < "u" ? Deno.unrefTimer(n2) : n2 && typeof n2.unref < "u" && n2.unref();
+}
+var _ = 30 * 1000;
+var y = [];
+var R = class {
+  name;
+  options;
+  _states;
+  fn;
+  constructor(t, e, r) {
+    let s, i;
+    if (g(e))
+      i = e;
+    else if (typeof e == "object")
+      s = e;
+    else if (e !== undefined)
+      throw new Error("Cron: Invalid argument passed for optionsIn. Should be one of function, or object (options).");
+    if (g(r))
+      i = r;
+    else if (typeof r == "object")
+      s = r;
+    else if (r !== undefined)
+      throw new Error("Cron: Invalid argument passed for funcIn. Should be one of function, or object (options).");
+    if (this.name = s?.name, this.options = N(s), this._states = { kill: false, blocking: false, previousRun: undefined, currentRun: undefined, once: undefined, currentTimeout: undefined, maxRuns: s ? s.maxRuns : undefined, paused: s ? s.paused : false, pattern: new d("* * * * *") }, t && (t instanceof Date || typeof t == "string" && t.indexOf(":") > 0) ? this._states.once = new f(t, this.options.timezone || this.options.utcOffset) : this._states.pattern = new d(t, this.options.timezone), this.name) {
+      if (y.find((l) => l.name === this.name))
+        throw new Error("Cron: Tried to initialize new named job '" + this.name + "', but name already taken.");
+      y.push(this);
+    }
+    return i !== undefined && S(i) && (this.fn = i, this.schedule()), this;
+  }
+  nextRun(t) {
+    let e = this._next(t);
+    return e ? e.getDate(false) : null;
+  }
+  nextRuns(t, e) {
+    this._states.maxRuns !== undefined && t > this._states.maxRuns && (t = this._states.maxRuns);
+    let r = [], s = e || this._states.currentRun || undefined;
+    for (;t-- && (s = this.nextRun(s)); )
+      r.push(s);
+    return r;
+  }
+  getPattern() {
+    return this._states.pattern ? this._states.pattern.pattern : undefined;
+  }
+  isRunning() {
+    let t = this.nextRun(this._states.currentRun), e = !this._states.paused, r = this.fn !== undefined, s = !this._states.kill;
+    return e && r && s && t !== null;
+  }
+  isStopped() {
+    return this._states.kill;
+  }
+  isBusy() {
+    return this._states.blocking;
+  }
+  currentRun() {
+    return this._states.currentRun ? this._states.currentRun.getDate() : null;
+  }
+  previousRun() {
+    return this._states.previousRun ? this._states.previousRun.getDate() : null;
+  }
+  msToNext(t) {
+    let e = this._next(t);
+    return e ? t instanceof f || t instanceof Date ? e.getTime() - t.getTime() : e.getTime() - new f(t).getTime() : null;
+  }
+  stop() {
+    this._states.kill = true, this._states.currentTimeout && clearTimeout(this._states.currentTimeout);
+    let t = y.indexOf(this);
+    t >= 0 && y.splice(t, 1);
+  }
+  pause() {
+    return this._states.paused = true, !this._states.kill;
+  }
+  resume() {
+    return this._states.paused = false, !this._states.kill;
+  }
+  schedule(t) {
+    if (t && this.fn)
+      throw new Error("Cron: It is not allowed to schedule two functions using the same Croner instance.");
+    t && (this.fn = t);
+    let e = this.msToNext(), r = this.nextRun(this._states.currentRun);
+    return e == null || isNaN(e) || r === null ? this : (e > _ && (e = _), this._states.currentTimeout = setTimeout(() => this._checkTrigger(r), e), this._states.currentTimeout && this.options.unref && P(this._states.currentTimeout), this);
+  }
+  async _trigger(t) {
+    if (this._states.blocking = true, this._states.currentRun = new f(undefined, this.options.timezone || this.options.utcOffset), this.options.catch)
+      try {
+        this.fn !== undefined && await this.fn(this, this.options.context);
+      } catch (e) {
+        g(this.options.catch) && this.options.catch(e, this);
       }
+    else
+      this.fn !== undefined && await this.fn(this, this.options.context);
+    this._states.previousRun = new f(t, this.options.timezone || this.options.utcOffset), this._states.blocking = false;
+  }
+  async trigger() {
+    await this._trigger();
+  }
+  runsLeft() {
+    return this._states.maxRuns;
+  }
+  _checkTrigger(t) {
+    let e = new Date, r = !this._states.paused && e.getTime() >= t.getTime(), s = this._states.blocking && this.options.protect;
+    r && !s ? (this._states.maxRuns !== undefined && this._states.maxRuns--, this._trigger()) : r && s && g(this.options.protect) && setTimeout(() => this.options.protect(this), 0), this.schedule();
+  }
+  _next(t) {
+    let e = !!(t || this._states.currentRun), r = false;
+    !t && this.options.startAt && this.options.interval && ([t, e] = this._calculatePreviousRun(t, e), r = !t), t = new f(t, this.options.timezone || this.options.utcOffset), this.options.startAt && t && t.getTime() < this.options.startAt.getTime() && (t = this.options.startAt);
+    let s = this._states.once || new f(t, this.options.timezone || this.options.utcOffset);
+    return !r && s !== this._states.once && (s = s.increment(this._states.pattern, this.options, e)), this._states.once && this._states.once.getTime() <= t.getTime() || s === null || this._states.maxRuns !== undefined && this._states.maxRuns <= 0 || this._states.kill || this.options.stopAt && s.getTime() >= this.options.stopAt.getTime() ? null : s;
+  }
+  _calculatePreviousRun(t, e) {
+    let r = new f(undefined, this.options.timezone || this.options.utcOffset), s = t;
+    if (this.options.startAt.getTime() <= r.getTime()) {
+      s = this.options.startAt;
+      let i = s.getTime() + this.options.interval * 1000;
+      for (;i <= r.getTime(); )
+        s = new f(s, this.options.timezone || this.options.utcOffset).increment(this._states.pattern, this.options, true), i = s.getTime() + this.options.interval * 1000;
+      e = true;
     }
-    const lastEvent = persistedEvents[persistedEvents.length - 1];
-    this.connectionManager.updateLastSyncedEventId(clientId, lastEvent.hostId);
-    this.connectionManager.sendToClient(clientId, {
-      type: "sync-complete",
-      lastHostEventId: lastEvent.hostId
-    });
+    return s === null && (s = undefined), [s, e];
   }
-  async handleRequestSync(clientId, message, token) {
-    const events = await this.contextHandler.getEventsSince(message.lastHostEventId, token);
-    this.connectionManager.sendToClient(clientId, {
-      type: "events",
-      events
-    });
-    if (events.length > 0) {
-      const lastEvent = events[events.length - 1];
-      this.connectionManager.updateLastSyncedEventId(clientId, lastEvent.hostId);
-      this.connectionManager.sendToClient(clientId, {
-        type: "sync-complete",
-        lastHostEventId: lastEvent.hostId
-      });
-    } else {
-      this.connectionManager.sendToClient(clientId, {
-        type: "sync-complete",
-        lastHostEventId: message.lastHostEventId || ""
+};
+
+// src/cron-scheduler.ts
+class CronScheduler {
+  jobs = [];
+  contextHandler;
+  constructor(contextHandler) {
+    this.contextHandler = contextHandler;
+  }
+  start() {
+    const context = this.contextHandler.context;
+    const cronEntries = this.discoverCronMethods(context);
+    if (cronEntries.length === 0)
+      return;
+    console.log(`[ARC:Cron] Discovered ${cronEntries.length} cron method(s):`);
+    for (const entry of cronEntries) {
+      console.log(`[ARC:Cron]   ${entry.aggregateName}.${entry.methodName} \u2192 "${entry.cronExpression}"`);
+      const task = new R(entry.cronExpression, async () => {
+        await this.executeCronMethod(entry);
       });
+      this.jobs.push({ entry, task });
+    }
+  }
+  stop() {
+    for (const job of this.jobs) {
+      job.task.stop();
+    }
+    this.jobs = [];
+    console.log("[ARC:Cron] All cron jobs stopped.");
+  }
+  discoverCronMethods(context) {
+    const entries = [];
+    for (const element of context.elements) {
+      const ctor = element.ctor;
+      if (ctor?.__aggregateCronMethods) {
+        entries.push(...ctor.__aggregateCronMethods);
+      }
     }
+    return entries;
   }
-  async handleExecuteCommand(clientId, message, rawToken) {
+  async executeCronMethod(entry) {
+    const commandName = `${entry.aggregateName}.${entry.methodName}`;
     try {
-      const result = await this.contextHandler.executeCommand(message.commandName, message.params, rawToken);
-      this.connectionManager.sendToClient(clientId, {
-        type: "command-result",
-        requestId: message.requestId,
-        result
-      });
+      const dataStorage = this.contextHandler.getDataStorage();
+      const store = dataStorage.getStore(entry.aggregateName);
+      const instances = await store.find({});
+      if (instances.length === 0) {
+        console.log(`[ARC:Cron] ${commandName}: no instances found, skipping.`);
+        return;
+      }
+      console.log(`[ARC:Cron] ${commandName}: executing for ${instances.length} instance(s)...`);
+      for (const instance of instances) {
+        try {
+          await this.contextHandler.executeCommand(commandName, { _id: instance._id }, null);
+        } catch (error) {
+          console.error(`[ARC:Cron] ${commandName} failed for instance ${instance._id}:`, error);
+        }
+      }
     } catch (error) {
-      this.connectionManager.sendToClient(clientId, {
-        type: "command-result",
-        requestId: message.requestId,
-        error: error.message
-      });
+      console.error(`[ARC:Cron] ${commandName} failed:`, error);
     }
   }
-  sendError(ws, message) {
-    ws.send(JSON.stringify({ type: "error", message }));
-  }
-  setupServer() {
-    const self = this;
-    this.server = Bun.serve({
-      port: this.port,
-      idleTimeout: 255,
-      fetch(req, server) {
-        const url = new URL(req.url);
-        const corsHeaders = {
-          "Access-Control-Allow-Origin": "*",
-          "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
-          "Access-Control-Allow-Headers": "Content-Type, Authorization"
-        };
-        if (req.method === "OPTIONS") {
-          return new Response(null, { headers: corsHeaders });
-        }
-        const authHeader = req.headers.get("Authorization");
-        const token = authHeader?.replace("Bearer ", "") || url.searchParams.get("token");
-        let tokenPayload = null;
-        if (token) {
-          tokenPayload = self.verifyToken(token);
-        }
-        if (url.pathname === "/ws" && req.headers.get("Upgrade") === "websocket") {
-          if (server.upgrade(req, {
-            data: {
-              clientId: "",
-              token: tokenPayload,
-              rawToken: token
-            }
-          })) {
-            return;
-          }
-          return new Response("WebSocket upgrade failed", {
-            status: 500,
-            headers: corsHeaders
-          });
-        }
-        if (url.pathname === "/health") {
-          return new Response(JSON.stringify({
-            status: "ok",
-            clients: self.connectionManager.clientCount
-          }), {
-            headers: { ...corsHeaders, "Content-Type": "application/json" }
-          });
-        }
-        if (url.pathname.startsWith("/command/") && req.method === "POST") {
-          return self.handleHttpCommand(req, url, corsHeaders, token);
-        }
-        if (url.pathname.startsWith("/query/") && req.method === "POST") {
-          return self.handleHttpQuery(req, url, tokenPayload, corsHeaders, token);
-        }
-        if (url.pathname.startsWith("/stream/") && req.method === "GET") {
-          return self.handleHttpStream(req, url, tokenPayload, corsHeaders, token);
-        }
-        if (url.pathname === "/sync/events" && req.method === "POST") {
-          return self.handleHttpEventSync(req, tokenPayload, corsHeaders);
-        }
-        if (url.pathname.startsWith("/route/")) {
-          return self.handleHttpRoute(req, url, tokenPayload, corsHeaders, token);
-        }
-        return new Response("Not Found", { status: 404, headers: corsHeaders });
-      },
-      websocket: {
-        open(ws) {
-          const tokenPayload = ws.data?.token || null;
-          const rawToken = ws.data?.rawToken || null;
-          const client = self.connectionManager.addClient(ws, tokenPayload, rawToken);
-          console.log(`Client connected: ${client.id}`);
-        },
-        message(ws, messageStr) {
-          try {
-            const message = JSON.parse(messageStr);
-            self.handleMessage(ws, message);
-          } catch (error) {
-            console.error("Failed to parse message:", error);
-            self.sendError(ws, "Invalid message format");
-          }
-        },
-        close(ws) {
-          const client = self.connectionManager.getClientByWs(ws);
-          if (client) {
-            console.log(`Client disconnected: ${client.id}`);
-            self.connectionManager.removeClient(client.id);
-          }
+}
+
+// src/middleware/http.ts
+import { ScopedModel as ScopedModel2 } from "@arcote.tech/arc";
+async function parseCommandParams(req) {
+  const contentType = req.headers.get("Content-Type") || "";
+  if (contentType.includes("multipart/form-data")) {
+    const formData = await req.formData();
+    const params = {};
+    for (const [key, value] of formData.entries()) {
+      if (typeof value === "object" && value !== null && "name" in value && "size" in value) {
+        params[key] = value;
+      } else {
+        try {
+          params[key] = JSON.parse(value);
+        } catch {
+          params[key] = value;
         }
       }
-    });
-    console.log(`\u2705 Arc Host running on http://localhost:${this.port}`);
+    }
+    return params;
   }
-  async handleHttpCommand(req, url, corsHeaders, rawToken) {
+  return await req.json();
+}
+function healthHandler(cm) {
+  return (_req, url, ctx) => {
+    if (url.pathname !== "/health")
+      return null;
+    return Response.json({ status: "ok", clients: cm.clientCount }, { headers: ctx.corsHeaders });
+  };
+}
+function commandHandler(ch) {
+  return async (req, url, ctx) => {
+    if (!url.pathname.startsWith("/command/") || req.method !== "POST")
+      return null;
     const commandName = url.pathname.split("/command/")[1];
     if (!commandName) {
       return new Response("Invalid command path", {
         status: 400,
-        headers: corsHeaders
+        headers: ctx.corsHeaders
       });
     }
     try {
-      const params = await this.parseCommandParams(req);
-      const result = await this.contextHandler.executeCommand(commandName, params, rawToken);
-      return new Response(JSON.stringify(result ?? { success: true }), {
-        headers: { ...corsHeaders, "Content-Type": "application/json" }
+      const params = await parseCommandParams(req);
+      const result = await ch.executeCommand(commandName, params, ctx.rawToken);
+      return Response.json(result ?? { success: true }, {
+        headers: ctx.corsHeaders
       });
     } catch (error) {
-      console.error(`[ARC HTTP] Command '${commandName}' error:`, error);
-      if (error instanceof Error && error.stack) {
-        console.error(`[ARC HTTP] Stack trace:`, error.stack);
-      }
-      return new Response(JSON.stringify({ error: error.message }), {
-        status: 500,
-        headers: { ...corsHeaders, "Content-Type": "application/json" }
-      });
+      console.error(`[ARC] Command '${commandName}' error:`, error);
+      return Response.json({ error: error.message }, { status: 500, headers: ctx.corsHeaders });
     }
-  }
-  async parseCommandParams(req) {
-    const contentType = req.headers.get("Content-Type") || "";
-    if (contentType.includes("multipart/form-data")) {
-      const formData = await req.formData();
-      const params = {};
-      for (const [key, value] of formData.entries()) {
-        if (typeof value === "object" && value !== null && "name" in value && "size" in value) {
-          params[key] = value;
-        } else {
-          try {
-            params[key] = JSON.parse(value);
-          } catch {
-            params[key] = value;
-          }
-        }
-      }
-      return params;
-    }
-    return await req.json();
-  }
-  async handleHttpQuery(req, url, _token, corsHeaders, rawToken) {
+  };
+}
+function queryHandler(ch) {
+  return async (req, url, ctx) => {
+    if (!url.pathname.startsWith("/query/") || req.method !== "POST")
+      return null;
     const viewName = url.pathname.split("/query/")[1];
     if (!viewName) {
       return new Response("Invalid query path", {
         status: 400,
-        headers: corsHeaders
+        headers: ctx.corsHeaders
       });
     }
     try {
       const params = await req.json();
-      const viewElement = this.contextHandler.getModel().context.get(viewName);
-      if (!viewElement || !viewElement.queryContext) {
-        return new Response(JSON.stringify({ error: "View not found" }), {
-          status: 404,
-          headers: { ...corsHeaders, "Content-Type": "application/json" }
-        });
-      }
-      this.contextHandler.setAuthToken(rawToken);
-      const model = this.contextHandler.getModel();
-      const adapters = model.getAdapters();
-      const queryCtx = viewElement.queryContext(adapters);
+      const viewElement = ch.getModel().context.get(viewName);
+      if (!viewElement?.queryContext) {
+        return Response.json({ error: "View not found" }, { status: 404, headers: ctx.corsHeaders });
+      }
+      const scoped = new ScopedModel2(ch.getModel(), "request");
+      if (ctx.rawToken)
+        scoped.setToken(ctx.rawToken);
+      const queryCtx = viewElement.queryContext(scoped.getAdapters());
       const result = await queryCtx.find(params);
-      return new Response(JSON.stringify(result), {
-        headers: { ...corsHeaders, "Content-Type": "application/json" }
-      });
+      return Response.json(result, { headers: ctx.corsHeaders });
     } catch (error) {
-      return new Response(JSON.stringify({ error: error.message }), {
-        status: 500,
-        headers: { ...corsHeaders, "Content-Type": "application/json" }
-      });
+      return Response.json({ error: error.message }, { status: 500, headers: ctx.corsHeaders });
     }
-  }
-  handleHttpStream(_req, url, token, corsHeaders, rawToken) {
+  };
+}
+var streamIdCounter = 0;
+var streamConnections = new Map;
+function streamHandler(ch) {
+  return (_req, url, ctx) => {
+    if (!url.pathname.startsWith("/stream/") || _req.method !== "GET")
+      return null;
     const viewName = url.pathname.split("/stream/")[1];
     if (!viewName) {
       return new Response("Invalid stream path", {
         status: 400,
-        headers: corsHeaders
+        headers: ctx.corsHeaders
       });
     }
     const findOptions = {};
@@ -4258,7 +4588,7 @@ class ArcHost {
       } catch {
         return new Response("Invalid 'where' parameter", {
           status: 400,
-          headers: corsHeaders
+          headers: ctx.corsHeaders
         });
       }
     }
@@ -4269,92 +4599,81 @@ class ArcHost {
       } catch {
         return new Response("Invalid 'orderBy' parameter", {
           status: 400,
-          headers: corsHeaders
+          headers: ctx.corsHeaders
         });
       }
     }
     const limitParam = url.searchParams.get("limit");
-    if (limitParam) {
+    if (limitParam)
       findOptions.limit = parseInt(limitParam, 10);
-    }
-    const streamId = `stream_${++this.streamIdCounter}_${Date.now()}`;
-    const self = this;
+    const streamId = `stream_${++streamIdCounter}_${Date.now()}`;
+    const rawToken = ctx.rawToken;
     const stream = new ReadableStream({
       start(controller) {
-        const model = self.contextHandler.getModel();
-        self.contextHandler.setAuthToken(rawToken);
-        const { unsubscribe } = liveQuery(model, async (q) => {
-          const view = q[viewName];
-          if (!view) {
-            throw new Error(`View '${viewName}' not found`);
-          }
-          return view.find(findOptions);
-        }, (data) => {
-          const event = `data: ${JSON.stringify({ type: "data", data })}
-
-`;
+        const scoped = new ScopedModel2(ch.getModel(), "stream");
+        if (rawToken)
+          scoped.setToken(rawToken);
+        const descriptor = { element: viewName, method: "find", args: [findOptions] };
+        const sendData = async () => {
           try {
-            controller.enqueue(new TextEncoder().encode(event));
+            const data = await scoped.callQuery(descriptor);
+            controller.enqueue(new TextEncoder().encode(`data: ${JSON.stringify({ type: "data", data })}
+
+`));
           } catch {
             unsubscribe();
           }
-        });
-        self.streamConnections.set(streamId, {
-          id: streamId,
-          controller,
-          unsubscribe
-        });
-        const connectEvent = `data: ${JSON.stringify({ type: "connected", streamId })}
+        };
+        sendData();
+        const unsubscribe = ch.getEventPublisher().subscribe("*", () => sendData());
+        streamConnections.set(streamId, { id: streamId, controller, unsubscribe });
+        controller.enqueue(new TextEncoder().encode(`data: ${JSON.stringify({ type: "connected", streamId })}
 
-`;
-        controller.enqueue(new TextEncoder().encode(connectEvent));
+`));
       },
       cancel() {
-        const conn = self.streamConnections.get(streamId);
+        const conn = streamConnections.get(streamId);
         if (conn) {
           conn.unsubscribe();
-          self.streamConnections.delete(streamId);
+          streamConnections.delete(streamId);
         }
       }
     });
     return new Response(stream, {
       headers: {
-        ...corsHeaders,
+        ...ctx.corsHeaders,
         "Content-Type": "text/event-stream",
         "Cache-Control": "no-cache",
         Connection: "keep-alive"
       }
     });
-  }
-  async handleHttpEventSync(req, token, corsHeaders) {
+  };
+}
+function eventSyncHandler(ch) {
+  return async (req, url, ctx) => {
+    if (url.pathname !== "/sync/events" || req.method !== "POST")
+      return null;
     try {
       const body = await req.json();
       const events = body.events || [];
-      const persistedEvents = await this.contextHandler.persistEvents(events.map((e) => ({
+      const persisted = await ch.persistEvents(events.map((e) => ({
         localId: e.localId,
         type: e.type,
         payload: e.payload,
         createdAt: e.createdAt
-      })), "http-sync", token);
-      return new Response(JSON.stringify({
-        success: true,
-        syncedIds: persistedEvents.map((e) => e.localId)
-      }), {
-        headers: { ...corsHeaders, "Content-Type": "application/json" }
-      });
+      })), "http-sync", ctx.tokenPayload);
+      return Response.json({ success: true, syncedIds: persisted.map((e) => e.localId) }, { headers: ctx.corsHeaders });
     } catch (error) {
-      return new Response(JSON.stringify({
-        success: false,
-        error: error.message
-      }), {
-        status: 500,
-        headers: { ...corsHeaders, "Content-Type": "application/json" }
-      });
+      return Response.json({ success: false, error: error.message }, { status: 500, headers: ctx.corsHeaders });
     }
-  }
-  async handleHttpRoute(req, url, tokenPayload, corsHeaders, rawToken) {
+  };
+}
+function routeHandler(ch) {
+  return async (req, url, ctx) => {
+    if (!url.pathname.startsWith("/route/"))
+      return null;
     const method = req.method;
-    const context = this.contextHandler.getModel().context;
+    const context = ch.getModel().context;
     let matchedRoute = null;
     let routeParams = {};
     for (const element of context.elements) {
@@ -4369,31 +4688,21 @@ class ArcHost {
       }
     }
     if (!matchedRoute) {
-      return new Response(JSON.stringify({ error: "Route not found" }), {
-        status: 404,
-        headers: { ...corsHeaders, "Content-Type": "application/json" }
-      });
+      return Response.json({ error: "Route not found" }, { status: 404, headers: ctx.corsHeaders });
     }
     const handler = matchedRoute.getHandler(method);
     if (!handler) {
-      return new Response(JSON.stringify({ error: `Method ${method} not allowed` }), {
-        status: 405,
-        headers: { ...corsHeaders, "Content-Type": "application/json" }
-      });
+      return Response.json({ error: `Method ${method} not allowed` }, { status: 405, headers: ctx.corsHeaders });
     }
     if (!matchedRoute.isPublic && matchedRoute.hasProtections) {
-      if (!tokenPayload) {
-        return new Response(JSON.stringify({ error: "Unauthorized" }), {
-          status: 401,
-          headers: { ...corsHeaders, "Content-Type": "application/json" }
-        });
+      if (!ctx.tokenPayload) {
+        return Response.json({ error: "Unauthorized" }, { status: 401, headers: ctx.corsHeaders });
       }
-      this.contextHandler.setAuthToken(rawToken);
       let isAuthorized = false;
       for (const protection of matchedRoute.protections) {
-        if (protection.token.name === tokenPayload.tokenType) {
+        if (protection.token.name === ctx.tokenPayload.tokenType) {
           const mockTokenInstance = {
-            params: tokenPayload.params,
+            params: ctx.tokenPayload.params,
             getTokenDefinition: () => protection.token
           };
           const allowed = await protection.check(mockTokenInstance);
@@ -4404,68 +4713,399 @@ class ArcHost {
         }
       }
       if (!isAuthorized) {
-        return new Response(JSON.stringify({ error: "Forbidden" }), {
-          status: 403,
-          headers: { ...corsHeaders, "Content-Type": "application/json" }
-        });
+        return Response.json({ error: "Forbidden" }, { status: 403, headers: ctx.corsHeaders });
       }
     } else if (!matchedRoute.isPublic && !matchedRoute.hasProtections) {
-      if (!tokenPayload) {
-        return new Response(JSON.stringify({ error: "Unauthorized" }), {
-          status: 401,
-          headers: { ...corsHeaders, "Content-Type": "application/json" }
-        });
-      }
-    }
-    this.contextHandler.setAuthToken(rawToken);
-    const model = this.contextHandler.getModel();
-    const adapters = model.getAdapters();
-    const authParams = tokenPayload ? { params: tokenPayload.params, tokenName: tokenPayload.tokenType } : undefined;
-    const routeContext = matchedRoute.buildContext(adapters, authParams);
+      if (!ctx.tokenPayload) {
+        return Response.json({ error: "Unauthorized" }, { status: 401, headers: ctx.corsHeaders });
+      }
+    }
+    const scoped = new ScopedModel2(ch.getModel(), "request");
+    if (ctx.rawToken)
+      scoped.setToken(ctx.rawToken);
+    const authParams = ctx.tokenPayload ? {
+      params: ctx.tokenPayload.params,
+      tokenName: ctx.tokenPayload.tokenType
+    } : undefined;
+    const routeContext = matchedRoute.buildContext(scoped.getAdapters(), authParams);
     try {
       const response = await handler(routeContext, req, routeParams, url);
       const newHeaders = new Headers(response.headers);
-      for (const [key, value] of Object.entries(corsHeaders)) {
+      for (const [key, value] of Object.entries(ctx.corsHeaders))
         newHeaders.set(key, value);
-      }
-      return new Response(response.body, {
+      const body = response.status >= 300 && response.status < 400 ? null : response.body;
+      return new Response(body, {
         status: response.status,
         statusText: response.statusText,
         headers: newHeaders
       });
     } catch (error) {
-      return new Response(JSON.stringify({ error: error.message }), {
-        status: 500,
-        headers: { ...corsHeaders, "Content-Type": "application/json" }
-      });
+      return Response.json({ error: error.message }, { status: 500, headers: ctx.corsHeaders });
     }
+  };
+}
+function arcHttpHandlers(ch, cm) {
+  return [
+    healthHandler(cm),
+    commandHandler(ch),
+    queryHandler(ch),
+    streamHandler(ch),
+    eventSyncHandler(ch),
+    routeHandler(ch)
+  ];
+}
+function cleanupStreams() {
+  for (const conn of streamConnections.values())
+    conn.unsubscribe();
+  streamConnections.clear();
+}
+// src/middleware/ws.ts
+import { ScopedModel as ScopedModel3 } from "@arcote.tech/arc";
+var clientViewSubs = new Map;
+function cleanupClientSubs(clientId) {
+  const subs = clientViewSubs.get(clientId);
+  if (subs) {
+    for (const unsub of subs.values())
+      unsub();
+    clientViewSubs.delete(clientId);
   }
-  stop() {
-    for (const conn of this.streamConnections.values()) {
-      conn.unsubscribe();
+}
+function scopeAuthHandler() {
+  return async (client, message, ctx) => {
+    if (message.type !== "scope:auth")
+      return false;
+    const decoded = ctx.verifyToken(message.token);
+    if (decoded) {
+      ctx.connectionManager.setScopeToken(client.id, message.scope, decoded, message.token);
+    }
+    return true;
+  };
+}
+function syncEventsHandler() {
+  return async (client, message, ctx) => {
+    if (message.type !== "sync-events")
+      return false;
+    const allTokens = ctx.connectionManager.getAllScopeTokens(client.id);
+    const token = allTokens.length > 0 ? allTokens[0] : null;
+    const persisted = await ctx.contextHandler.persistEvents(message.events, client.id, token);
+    if (persisted.length === 0)
+      return true;
+    for (const c of ctx.connectionManager.getAllClients()) {
+      if (c.id === client.id)
+        continue;
+      const clientTokens = ctx.connectionManager.getAllScopeTokens(c.id);
+      const authorized = filterEventsForTokens(clientTokens, persisted, ctx.contextHandler.getEventDefinitions());
+      if (authorized.length > 0) {
+        ctx.connectionManager.sendToClient(c.id, {
+          type: "events",
+          events: authorized
+        });
+      }
+    }
+    const last = persisted[persisted.length - 1];
+    ctx.connectionManager.updateLastSyncedEventId(client.id, last.hostId);
+    ctx.connectionManager.sendToClient(client.id, {
+      type: "sync-complete",
+      lastHostEventId: last.hostId
+    });
+    return true;
+  };
+}
+function requestSyncHandler() {
+  return async (client, message, ctx) => {
+    if (message.type !== "request-sync")
+      return false;
+    const allTokens = ctx.connectionManager.getAllScopeTokens(client.id);
+    const token = allTokens.length > 0 ? allTokens[0] : null;
+    const events = await ctx.contextHandler.getEventsSince(message.lastHostEventId, token);
+    ctx.connectionManager.sendToClient(client.id, {
+      type: "events",
+      events
+    });
+    if (events.length > 0) {
+      const last = events[events.length - 1];
+      ctx.connectionManager.updateLastSyncedEventId(client.id, last.hostId);
+      ctx.connectionManager.sendToClient(client.id, {
+        type: "sync-complete",
+        lastHostEventId: last.hostId
+      });
+    } else {
+      ctx.connectionManager.sendToClient(client.id, {
+        type: "sync-complete",
+        lastHostEventId: message.lastHostEventId || ""
+      });
+    }
+    return true;
+  };
+}
+function executeCommandHandler() {
+  return async (client, message, ctx) => {
+    if (message.type !== "execute-command")
+      return false;
+    let rawToken = null;
+    if (client.scopeTokens.size > 0) {
+      rawToken = client.scopeTokens.values().next().value.raw;
+    }
+    try {
+      const result = await ctx.contextHandler.executeCommand(message.commandName, message.params, rawToken);
+      ctx.connectionManager.sendToClient(client.id, {
+        type: "command-result",
+        requestId: message.requestId,
+        result
+      });
+    } catch (error) {
+      ctx.connectionManager.sendToClient(client.id, {
+        type: "command-result",
+        requestId: message.requestId,
+        error: error.message
+      });
+    }
+    return true;
+  };
+}
+function querySubscriptionHandler() {
+  return async (client, message, ctx) => {
+    if (message.type === "subscribe-query") {
+      const { subscriptionId, descriptor, scope } = message;
+      const scopeToken = scope ? client.scopeTokens.get(scope) : null;
+      let rawToken = scopeToken?.raw ?? null;
+      if (!rawToken && client.scopeTokens.size > 0) {
+        rawToken = client.scopeTokens.values().next().value.raw;
+      }
+      const scoped = new ScopedModel3(ctx.contextHandler.getModel(), scope ?? "default");
+      if (rawToken)
+        scoped.setToken(rawToken);
+      let lastResultJson = "";
+      const sendData = async () => {
+        try {
+          const data = await scoped.callQuery(descriptor);
+          const json = JSON.stringify(data ?? null);
+          if (json === lastResultJson)
+            return;
+          lastResultJson = json;
+          ctx.connectionManager.sendToClient(client.id, {
+            type: "query-data",
+            subscriptionId,
+            data: data ?? null
+          });
+        } catch (err) {
+          console.error(`[Arc] Query subscription error:`, err);
+        }
+      };
+      sendData();
+      const element = ctx.contextHandler.getModel().context.get(descriptor.element);
+      const eventTypes = element?.getElements?.()?.map((e) => e.name) ?? [];
+      let debounceTimer;
+      const debouncedSend = () => {
+        if (debounceTimer)
+          clearTimeout(debounceTimer);
+        debounceTimer = setTimeout(() => sendData(), 50);
+      };
+      const unsubscribes = [];
+      if (eventTypes.length > 0) {
+        for (const eventType of eventTypes) {
+          unsubscribes.push(ctx.contextHandler.getEventPublisher().subscribe(eventType, debouncedSend));
+        }
+      } else {
+        unsubscribes.push(ctx.contextHandler.getEventPublisher().subscribe("*", debouncedSend));
+      }
+      const cleanup = () => {
+        if (debounceTimer)
+          clearTimeout(debounceTimer);
+        for (const unsub of unsubscribes)
+          unsub();
+      };
+      if (!clientViewSubs.has(client.id)) {
+        clientViewSubs.set(client.id, new Map);
+      }
+      clientViewSubs.get(client.id).set(subscriptionId, cleanup);
+      return true;
+    }
+    if (message.type === "unsubscribe-query") {
+      const subs = clientViewSubs.get(client.id);
+      if (subs) {
+        const unsub = subs.get(message.subscriptionId);
+        if (unsub) {
+          unsub();
+          subs.delete(message.subscriptionId);
+        }
+      }
+      return true;
+    }
+    return false;
+  };
+}
+function arcWsHandlers() {
+  return [
+    scopeAuthHandler(),
+    syncEventsHandler(),
+    requestSyncHandler(),
+    executeCommandHandler(),
+    querySubscriptionHandler()
+  ];
+}
+// src/create-server.ts
+async function createArcServer(config) {
+  const jwtSecret = config.jwtSecret || process.env.JWT_SECRET || "arc-host-secret-change-in-production";
+  const port = config.port || 5005;
+  const dbAdapter = config.dbAdapterFactory(config.context);
+  const contextHandler = new ContextHandler(config.context, dbAdapter);
+  await contextHandler.init();
+  const cronScheduler = new CronScheduler(contextHandler);
+  cronScheduler.start();
+  const connectionManager = new ConnectionManager;
+  const corsHeaders = {
+    "Access-Control-Allow-Origin": "*",
+    "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, PATCH, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type, Authorization, X-Arc-Scope"
+  };
+  function verifyToken(token) {
+    try {
+      const decoded = import_jsonwebtoken.default.verify(token, jwtSecret);
+      if (decoded.tokenName && !decoded.tokenType) {
+        return {
+          tokenType: decoded.tokenName,
+          params: decoded.params || {},
+          iat: decoded.iat,
+          exp: decoded.exp
+        };
+      }
+      return decoded;
+    } catch {
+      try {
+        const parts = token.split(".");
+        if (parts.length !== 3)
+          return null;
+        const payload = JSON.parse(atob(parts[1]));
+        return {
+          tokenType: payload.tokenName,
+          params: payload.params || {},
+          iat: payload.iat,
+          exp: payload.exp
+        };
+      } catch {
+        return null;
+      }
     }
-    this.streamConnections.clear();
-    this.server?.stop();
   }
+  const defaultHttp = arcHttpHandlers(contextHandler, connectionManager);
+  const defaultWs = arcWsHandlers();
+  const httpHandlers = config.httpHandlers ? [...defaultHttp, ...config.httpHandlers] : defaultHttp;
+  const wsHandlers = config.wsHandlers ? [...defaultWs, ...config.wsHandlers] : defaultWs;
+  const wsCtx = {
+    contextHandler,
+    connectionManager,
+    verifyToken
+  };
+  const server = Bun.serve({
+    port,
+    idleTimeout: 255,
+    async fetch(req, server2) {
+      const url = new URL(req.url);
+      if (req.method === "OPTIONS") {
+        return new Response(null, { headers: corsHeaders });
+      }
+      const authHeader = req.headers.get("Authorization");
+      const rawToken = authHeader?.replace("Bearer ", "") || url.searchParams.get("token");
+      const tokenPayload = rawToken ? verifyToken(rawToken) : null;
+      if (url.pathname === "/ws" && req.headers.get("Upgrade") === "websocket") {
+        if (server2.upgrade(req, { data: { clientId: "" } }))
+          return;
+        return new Response("WebSocket upgrade failed", {
+          status: 500,
+          headers: corsHeaders
+        });
+      }
+      const reqCtx = {
+        rawToken,
+        tokenPayload,
+        corsHeaders
+      };
+      for (const handler of httpHandlers) {
+        const response = await handler(req, url, reqCtx);
+        if (response)
+          return response;
+      }
+      return new Response("Not Found", {
+        status: 404,
+        headers: corsHeaders
+      });
+    },
+    websocket: {
+      open(ws) {
+        connectionManager.addClient(ws);
+      },
+      async message(ws, messageStr) {
+        const client = connectionManager.getClientByWs(ws);
+        if (!client)
+          return;
+        try {
+          const message = JSON.parse(messageStr);
+          for (const handler of wsHandlers) {
+            const handled = await handler(client, message, wsCtx);
+            if (handled)
+              break;
+          }
+        } catch (error) {
+          console.error("Failed to parse WS message:", error);
+        }
+      },
+      close(ws) {
+        const client = connectionManager.getClientByWs(ws);
+        if (client) {
+          cleanupClientSubs(client.id);
+          config.onWsClose?.(client.id);
+          connectionManager.removeClient(client.id);
+        }
+      }
+    }
+  });
+  console.log(`Arc Server running on http://localhost:${port}`);
+  return {
+    server,
+    contextHandler,
+    connectionManager,
+    cronScheduler,
+    stop: () => {
+      cronScheduler.stop();
+      cleanupStreams();
+      server.stop();
+    }
+  };
 }
 // index.ts
 function hostLiveModel(context, dbAdapterFactory) {
-  const host = new ArcHost({
+  return createArcServer({
     context,
     dbAdapterFactory
   });
-  host.start();
-  return host;
 }
 export {
+  syncEventsHandler,
+  streamHandler,
+  scopeAuthHandler,
+  routeHandler,
+  requestSyncHandler,
+  querySubscriptionHandler,
+  queryHandler,
   hostLiveModel,
+  healthHandler,
+  filterEventsForTokens,
   filterEventsForToken,
+  executeCommandHandler,
+  eventSyncHandler,
+  createArcServer,
+  commandHandler,
+  cleanupStreams,
+  cleanupClientSubs,
   canTokenReceiveEvent,
   canTokenEmitEvent,
+  arcWsHandlers,
+  arcHttpHandlers,
+  CronScheduler,
   ContextHandler,
-  ConnectionManager,
-  ArcHost
+  ConnectionManager
 };
 
-//# debugId=3D741A6ED14793D164756E2164756E21
+//# debugId=8DE239ADA7ED79E164756E2164756E21
 //# sourceMappingURL=index.js.map