@arcote.tech/arc 0.5.1 → 0.5.2

package/dist/context-element/aggregate/aggregate-data.d.ts

@@ -6,6 +6,7 @@
  */
 import type { ArcIdAny } from "../../elements/id";
 import type { ArcObjectAny } from "../../elements/object";
+import type { ArcContextElement } from "../context-element";
 import type { Simplify } from "../../utils";
 import type { ArcEventAny } from "../event/event";
 import type { ArcEventInstance } from "../event/instance";
@@ -34,6 +35,8 @@ export interface AggregateMutateMethodEntry {
     readonly handler: Function | false | null;
     readonly result?: any;
     readonly cronExpression?: string;
+    readonly queryElements?: ArcContextElement<any>[];
+    readonly mutationElements?: ArcContextElement<any>[];
 }
 /**
  * Cron method entry extracted at build time.

package/dist/context-element/aggregate/aggregate-element.d.ts

@@ -111,7 +111,7 @@ export declare class ArcAggregateElement<Name extends string = string, Id extend
         data: any[];
         version: number;
     });
-    protectBy<T extends ArcTokenAny>(token: T, protectionFn: ViewProtectionFn<any>): ArcAggregateElement<Name, Id, Schema, Events, MutateMethods, QueryMethods>;
+    protectBy<T extends ArcTokenAny>(token: T, protectionFn: ViewProtectionFn<T>): ArcAggregateElement<Name, Id, Schema, Events, MutateMethods, QueryMethods>;
     event<const EventName extends string, PayloadShape extends ArcRawShape>(eventName: EventName, payload: PayloadShape, handler: (ctx: ArcViewHandlerContext<Id, Schema>, event: ArcEventInstance<InlineArcEvent<EventName, PayloadShape>>) => Promise<void>): ArcAggregateElement<Name, Id, Schema, [
         ...Events,
         AggregateEventEntry<InlineArcEvent<EventName, PayloadShape>, Id, Schema, false>
@@ -196,8 +196,9 @@ export declare class ArcAggregateElement<Name extends string = string, Id extend
     get cronMethods(): AggregateCronMethodEntry[];
     queryContext(adapters: ModelAdapters): AggregateQueryContext<QueryMethods>;
     private buildPrivateQuery;
-    private buildUnrestrictedQuery;
+    private isScopeDenied;
     private getAuth;
+    private getScopeRestrictions;
     mutateContext(adapters: ModelAdapters): AggregateMutateMethodContext<MutateMethods>;
     databaseStoreSchema(): DatabaseStoreSchema;
     getSeeds(): {

package/dist/context-element/function/arc-function-data.d.ts

@@ -1,18 +1,29 @@
 import type { ArcObjectAny } from "../../elements/object";
 import type { ArcToken, ArcTokenAny } from "../../token/token";
-import type { TokenInstanceAny } from "../../token/token-instance";
+import type { TokenInstance, TokenInstanceAny } from "../../token/token-instance";
 import type { $type } from "../../utils/types/get-type";
 import type { ArcContextElement } from "../context-element";
 import type { ElementContext } from "../element-context";
+/**
+ * Extract typed TokenInstance from a token definition.
+ *
+ * Given `ArcToken<"workspace", { workspaceId: ArcId, role: ArcString }, ...>`,
+ * returns `TokenInstance<{ workspaceId: string, role: string }, RuleNames>`.
+ */
+export type TypedTokenInstance<T extends ArcTokenAny> = T extends ArcToken<any, infer ParamsShape, any, infer Rules> ? TokenInstance<$type<import("../../elements/object").ArcObject<ParamsShape>>, Rules extends Record<string, any> ? Extract<keyof Rules, string> : string> : TokenInstanceAny;
 /**
  * Unified protection check function.
  *
+ * Callback receives a **typed** TokenInstance — `token.params.workspaceId`
+ * has full autocomplete and type safety.
+ *
  * Return value determines behavior:
  * - `false`  → access denied
  * - `true`   → access allowed, no data filter
  * - `Record` → access allowed + merged into WHERE clause (query context)
+ *              + validated on writes (scope enforcement)
  */
-export type FnProtectionCheck<T extends ArcTokenAny> = (tokenInstance: TokenInstanceAny) => boolean | Record<string, unknown> | Promise<boolean | Record<string, unknown>>;
+export type FnProtectionCheck<T extends ArcTokenAny> = (tokenInstance: TypedTokenInstance<T>) => boolean | Record<string, unknown> | Promise<boolean | Record<string, unknown>>;
 /**
  * Protection configuration for an ArcFunction.
  */

package/dist/context-element/listener/listener.d.ts

@@ -76,6 +76,14 @@ export declare class ArcListener<const Data extends ArcListenerData> extends Arc
     get isAsync(): boolean;
     init(environment: ArcEnvironment, adapters: ModelAdapters): Promise<void>;
     private handleEvent;
+    /**
+     * Build scoped adapters from event payload.
+     *
+     * Looks at declared query/mutate elements — if any have protections,
+     * extracts the token name and creates an AuthAdapter with event payload
+     * as decoded params. This allows aggregate restrictions to apply.
+     */
+    private buildScopedAdapters;
     destroy(): void;
 }
 export declare function listener<const Name extends string>(name: Name): ArcListener<{

package/dist/context-element/view/view-data.d.ts

@@ -1,6 +1,6 @@
 import type { WhereCondition } from "../../data-storage/find-options";
 import type { ArcObjectAny } from "../../elements/object";
-import type { ArcTokenAny } from "../../token/token";
+import type { ArcToken, ArcTokenAny } from "../../token/token";
 import type { ArcContextElement } from "../context-element";
 /**
  * Protection config for views
@@ -9,11 +9,11 @@ import type { ArcContextElement } from "../context-element";
  */
 export type ViewProtectionConfig = WhereCondition | false;
 /**
- * Protection function for views
- * Receives token params and returns read conditions (where clause)
- * Return false to deny access entirely
+ * Protection function for views/aggregates.
+ * Receives typed token params and returns read/write conditions (where clause).
+ * Return false to deny access entirely.
  */
-export type ViewProtectionFn<TokenParams> = (params: TokenParams) => ViewProtectionConfig;
+export type ViewProtectionFn<T extends ArcTokenAny = ArcTokenAny> = (params: T extends ArcToken<any, infer P, any, any> ? import("../../utils/types/get-type").$type<import("../../elements/object").ArcObject<P>> : Record<string, any>) => ViewProtectionConfig;
 /**
  * View protection configuration
  */

package/dist/context-element/view/view.d.ts

@@ -5,7 +5,7 @@ import type { ArcTokenAny } from "../../token/token";
 import type { TokenInstanceAny } from "../../token/token-instance";
 import type { Merge } from "../../utils";
 import type { ArcViewHandlerContext, ArcViewItem, ArcViewQueryContext } from "./view-context";
-import type { ArcViewData, ViewProtectionFn } from "./view-data";
+import type { ArcViewData, ViewProtection, ViewProtectionFn } from "./view-data";
 /**
  * Arc View - Read-optimized projection of events
  *
@@ -104,6 +104,7 @@ export declare class ArcView<const Data extends ArcViewData> extends ArcContextE
      * @returns Context object with find/findOne methods
      */
     queryContext(adapters: any): ArcViewQueryContext<Data["id"], Data["schema"]>;
+    private resolveProtection;
     /**
      * Get event handlers for this view
      * Used by the framework to set up event listeners
@@ -144,7 +145,7 @@ export declare class ArcView<const Data extends ArcViewData> extends ArcContextE
     /**
      * Get all protection configurations
      */
-    get protections(): import("./view-data").ViewProtection[];
+    get protections(): ViewProtection[];
     /**
      * Get protection config for a specific token instance
      *

package/dist/data-storage/index.d.ts

@@ -9,5 +9,6 @@ export * from "./query-result-resolver";
 export * from "./schema-extraction";
 export * from "./store-state-fork";
 export * from "./store-state-master";
+export * from "./scoped-data-storage";
 export * from "./store-state.abstract";
 //# sourceMappingURL=index.d.ts.map

package/dist/data-storage/scoped-data-storage.d.ts

@@ -0,0 +1,35 @@
+import { DataStorage, type QueryListenerCallback, type StoreStateChange } from "./data-storage.abstract";
+import type { StoreState } from "./store-state.abstract";
+import type { FindOptions } from "./find-options";
+import type { ForkedDataStorage } from "./data-storage-forked";
+import type { ReadTransaction, ReadWriteTransaction } from "./database-adapter";
+export type ScopeRestrictions = Record<string, unknown>;
+export type StorePermission = "read" | "read-write";
+export declare class ScopedStore<Item extends {
+    _id: string;
+}> {
+    #private;
+    constructor(inner: StoreState<Item>, restrictions: ScopeRestrictions, canWrite: boolean);
+    get storeName(): string;
+    find(options?: FindOptions<Item>, listener?: QueryListenerCallback<Item>): Promise<Item[]>;
+    set(item: Item): Promise<void>;
+    remove(id: string): Promise<void>;
+    modify(id: string, data: Partial<Item>): Promise<{
+        from: Item | null;
+        to: Item | null;
+    }>;
+    applyChanges(changes: StoreStateChange<Item>[]): Promise<void>;
+    unsubscribe(listener: QueryListenerCallback<Item>): void;
+}
+export declare class ScopedDataStorage extends DataStorage {
+    #private;
+    constructor(inner: DataStorage, allowedStores: Map<string, StorePermission>, restrictions: ScopeRestrictions);
+    getStore<Item extends {
+        _id: string;
+    }>(storeName: string): StoreState<Item>;
+    fork(): ForkedDataStorage;
+    getReadTransaction(): Promise<ReadTransaction>;
+    getReadWriteTransaction(): Promise<ReadWriteTransaction>;
+}
+export declare function createScopedDataStorage(inner: DataStorage, queryElementNames: string[], mutateElementNames: string[], restrictions: ScopeRestrictions): ScopedDataStorage;
+//# sourceMappingURL=scoped-data-storage.d.ts.map

package/dist/index.js

@@ -1270,6 +1270,122 @@ function object(element) {
   return new ArcObject(element);
 }
 
+// src/data-storage/data-storage.abstract.ts
+class DataStorage {
+  async commitChanges(changes) {
+    await Promise.all(changes.map(({ store, changes: changes2 }) => this.getStore(store).applyChanges(changes2)));
+  }
+}
+
+// src/data-storage/scoped-data-storage.ts
+class ScopedStore {
+  #inner;
+  #restrictions;
+  #canWrite;
+  #storeName;
+  constructor(inner, restrictions, canWrite) {
+    this.#inner = inner;
+    this.#restrictions = restrictions;
+    this.#canWrite = canWrite;
+    this.#storeName = inner.storeName;
+  }
+  get storeName() {
+    return this.#storeName;
+  }
+  async find(options, listener) {
+    const restricted = this.#applyReadRestrictions(options);
+    return this.#inner.find(restricted, listener);
+  }
+  async set(item) {
+    this.#assertWriteAccess();
+    this.#validateScopeFields(item);
+    return this.#inner.set(item);
+  }
+  async remove(id) {
+    this.#assertWriteAccess();
+    return this.#inner.remove(id);
+  }
+  async modify(id, data) {
+    this.#assertWriteAccess();
+    this.#validateScopeFields(data);
+    return this.#inner.modify(id, data);
+  }
+  async applyChanges(changes) {
+    this.#assertWriteAccess();
+    for (const change of changes) {
+      if (change.type === "set") {
+        this.#validateScopeFields(change.data);
+      } else if (change.type === "modify") {
+        this.#validateScopeFields(change.data);
+      }
+    }
+    return this.#inner.applyChanges(changes);
+  }
+  unsubscribe(listener) {
+    this.#inner.unsubscribe(listener);
+  }
+  #applyReadRestrictions(options) {
+    if (Object.keys(this.#restrictions).length === 0) {
+      return options ?? {};
+    }
+    return {
+      ...options,
+      where: { ...options?.where ?? {}, ...this.#restrictions }
+    };
+  }
+  #assertWriteAccess() {
+    if (!this.#canWrite) {
+      throw new Error(`Scope violation: write access denied to store "${this.#storeName}" (read-only)`);
+    }
+  }
+  #validateScopeFields(data) {
+    for (const [key, value] of Object.entries(this.#restrictions)) {
+      if (key in data && data[key] !== value) {
+        throw new Error(`Scope violation: field "${key}" must be "${value}", got "${data[key]}" in store "${this.#storeName}"`);
+      }
+    }
+  }
+}
+
+class ScopedDataStorage extends DataStorage {
+  #inner;
+  #allowedStores;
+  #restrictions;
+  constructor(inner, allowedStores, restrictions) {
+    super();
+    this.#inner = inner;
+    this.#allowedStores = allowedStores;
+    this.#restrictions = restrictions;
+  }
+  getStore(storeName) {
+    const permission = this.#allowedStores.get(storeName);
+    if (!permission) {
+      throw new Error(`Scope violation: access denied to store "${storeName}" (not declared in query/mutate)`);
+    }
+    const inner = this.#inner.getStore(storeName);
+    return new ScopedStore(inner, this.#restrictions, permission === "read-write");
+  }
+  fork() {
+    return this.#inner.fork();
+  }
+  getReadTransaction() {
+    return this.#inner.getReadTransaction();
+  }
+  getReadWriteTransaction() {
+    return this.#inner.getReadWriteTransaction();
+  }
+}
+function createScopedDataStorage(inner, queryElementNames, mutateElementNames, restrictions) {
+  const allowedStores = new Map;
+  for (const name of queryElementNames) {
+    allowedStores.set(name, "read");
+  }
+  for (const name of mutateElementNames) {
+    allowedStores.set(name, "read-write");
+  }
+  return new ScopedDataStorage(inner, allowedStores, restrictions);
+}
+
 // src/elements/abstract-primitive.ts
 class ArcPrimitive extends ArcAbstract {
   serialize(value) {
@@ -1460,6 +1576,56 @@ class ArcContextElement extends ArcFragmentBase {
   }
 }
 
+// src/context-element/element-context.ts
+function buildElementContext(queryElements, mutationElements, adapters) {
+  const queryMap = new Map;
+  const mutateMap = new Map;
+  const queryProps = {};
+  for (const element of queryElements) {
+    if (element.queryContext) {
+      const ctx = element.queryContext(adapters);
+      queryProps[element.name] = ctx;
+      queryMap.set(element, ctx);
+    }
+  }
+  const mutateProps = {};
+  for (const element of mutationElements) {
+    if (element.mutateContext) {
+      const ctx = element.mutateContext(adapters);
+      mutateProps[element.name] = ctx;
+      mutateMap.set(element, ctx);
+    }
+  }
+  const queryFn = (element) => {
+    const cached = queryMap.get(element);
+    if (cached)
+      return cached;
+    if (element.queryContext) {
+      const ctx = element.queryContext(adapters);
+      queryMap.set(element, ctx);
+      return ctx;
+    }
+    throw new Error(`Element "${element.name}" has no queryContext`);
+  };
+  Object.assign(queryFn, queryProps);
+  const mutateFn = (element) => {
+    const cached = mutateMap.get(element);
+    if (cached)
+      return cached;
+    if (element.mutateContext) {
+      const ctx = element.mutateContext(adapters);
+      mutateMap.set(element, ctx);
+      return ctx;
+    }
+    throw new Error(`Element "${element.name}" has no mutateContext`);
+  };
+  Object.assign(mutateFn, mutateProps);
+  return {
+    query: queryFn,
+    mutate: mutateFn
+  };
+}
+
 // src/elements/boolean.ts
 class ArcBoolean extends ArcPrimitive {
   hasToBeTrue() {
@@ -1697,56 +1863,6 @@ function event(name, payload) {
   });
 }
 
-// src/context-element/element-context.ts
-function buildElementContext(queryElements, mutationElements, adapters) {
-  const queryMap = new Map;
-  const mutateMap = new Map;
-  const queryProps = {};
-  for (const element of queryElements) {
-    if (element.queryContext) {
-      const ctx = element.queryContext(adapters);
-      queryProps[element.name] = ctx;
-      queryMap.set(element, ctx);
-    }
-  }
-  const mutateProps = {};
-  for (const element of mutationElements) {
-    if (element.mutateContext) {
-      const ctx = element.mutateContext(adapters);
-      mutateProps[element.name] = ctx;
-      mutateMap.set(element, ctx);
-    }
-  }
-  const queryFn = (element) => {
-    const cached = queryMap.get(element);
-    if (cached)
-      return cached;
-    if (element.queryContext) {
-      const ctx = element.queryContext(adapters);
-      queryMap.set(element, ctx);
-      return ctx;
-    }
-    throw new Error(`Element "${element.name}" has no queryContext`);
-  };
-  Object.assign(queryFn, queryProps);
-  const mutateFn = (element) => {
-    const cached = mutateMap.get(element);
-    if (cached)
-      return cached;
-    if (element.mutateContext) {
-      const ctx = element.mutateContext(adapters);
-      mutateMap.set(element, ctx);
-      return ctx;
-    }
-    throw new Error(`Element "${element.name}" has no mutateContext`);
-  };
-  Object.assign(mutateFn, mutateProps);
-  return {
-    query: queryFn,
-    mutate: mutateFn
-  };
-}
-
 // src/context-element/function/arc-function.ts
 class ArcFunction {
   data;
@@ -1962,7 +2078,9 @@ class ArcAggregateElement extends ArcContextElement {
     const entry = {
       name: methodName,
       params: configuredFn.data.params,
-      handler: configuredFn.data.handler
+      handler: configuredFn.data.handler,
+      queryElements: configuredFn.data.queryElements?.length ? configuredFn.data.queryElements : undefined,
+      mutationElements: configuredFn.data.mutationElements?.length ? configuredFn.data.mutationElements : undefined
     };
     return new ArcAggregateElement(this.name, this._id_factory, this.schema, this._events, this._protections, [...this._mutateMethods, entry], this._queryMethods, this._seeds);
   }
@@ -2089,38 +2207,16 @@ class ArcAggregateElement extends ArcContextElement {
   }
   buildPrivateQuery(adapters) {
     const viewName = this.name;
-    const protections = this._protections;
-    const getReadRestrictions = () => {
-      if (protections.length === 0)
-        return null;
-      if (!adapters.authAdapter)
-        return false;
-      const decoded = adapters.authAdapter.getDecoded();
-      if (!decoded)
-        return false;
-      for (const protection of protections) {
-        if (protection.token.name === decoded.tokenName) {
-          const restrictions = protection.protectionFn(decoded.params);
-          if (restrictions === false)
-            return false;
-          return restrictions ?? {};
-        }
-      }
-      return false;
-    };
-    const applyRestrictions = (options) => {
-      const restrictions = getReadRestrictions();
-      if (restrictions === false)
-        return false;
-      if (!restrictions || Object.keys(restrictions).length === 0) {
-        return options || {};
-      }
-      const where = { ...options?.where || {}, ...restrictions };
-      return { ...options, where };
-    };
+    const restrictions = this.getScopeRestrictions(adapters);
+    const isDenied = this.isScopeDenied(adapters);
     const findRows = async (options) => {
-      if (adapters.dataStorage)
+      if (adapters.dataStorage) {
+        if (restrictions) {
+          const scopedStore = new ScopedStore(adapters.dataStorage.getStore(viewName), restrictions, false);
+          return scopedStore.find(options);
+        }
         return adapters.dataStorage.getStore(viewName).find(options);
+      }
       if (adapters.streamingCache)
         return adapters.streamingCache.getStore(viewName).find(options);
       if (adapters.queryWire)
@@ -2134,18 +2230,15 @@ class ArcAggregateElement extends ArcContextElement {
     };
     return {
       find: async (options, mapper) => {
-        const restricted = applyRestrictions(options);
-        if (restricted === false)
+        if (isDenied)
           return [];
-        const rows = await findRows(restricted);
+        const rows = await findRows(options || {});
         return mapper ? rows.map((row) => new mapper(row, adapters)) : rows.map(deserializeRow);
       },
       findOne: async (where, mapper) => {
-        const restrictions = getReadRestrictions();
-        if (restrictions === false)
+        if (isDenied)
           return;
-        const mergedWhere = restrictions && Object.keys(restrictions).length > 0 ? { ...where, ...restrictions } : where;
-        const rows = await findRows({ where: mergedWhere });
+        const rows = await findRows({ where: where || {} });
         const row = rows[0];
         if (!row)
           return;
@@ -2153,35 +2246,22 @@ class ArcAggregateElement extends ArcContextElement {
       }
     };
   }
-  buildUnrestrictedQuery(adapters) {
-    const viewName = this.name;
-    const schema = this.schema;
-    const deserializeRow = (row) => {
-      const { _id, ...rest } = row;
-      return { _id, ...schema.deserialize(rest) };
-    };
-    const findRows = async (options) => {
-      if (adapters.dataStorage)
-        return adapters.dataStorage.getStore(viewName).find(options);
-      if (adapters.streamingCache)
-        return adapters.streamingCache.getStore(viewName).find(options);
-      if (adapters.queryWire)
-        return adapters.queryWire.query(viewName, options);
-      return [];
-    };
-    return {
-      find: async (options, mapper) => {
-        const rows = await findRows(options || {});
-        return mapper ? rows.map((row) => new mapper(row, adapters)) : rows.map(deserializeRow);
-      },
-      findOne: async (where, mapper) => {
-        const rows = await findRows({ where });
-        const row = rows[0];
-        if (!row)
-          return;
-        return mapper ? new mapper(row, adapters) : deserializeRow(row);
+  isScopeDenied(adapters) {
+    const protections = this._protections;
+    if (protections.length === 0)
+      return false;
+    if (!adapters.authAdapter)
+      return true;
+    const decoded = adapters.authAdapter.getDecoded();
+    if (!decoded)
+      return true;
+    for (const protection of protections) {
+      if (protection.token.name === decoded.tokenName) {
+        const result = protection.protectionFn(decoded.params);
+        return result === false;
       }
-    };
+    }
+    return true;
   }
   getAuth(adapters) {
     if (adapters.authAdapter) {
@@ -2190,12 +2270,33 @@ class ArcAggregateElement extends ArcContextElement {
     }
     return { params: {}, tokenName: "" };
   }
+  getScopeRestrictions(adapters) {
+    const protections = this._protections;
+    if (protections.length === 0)
+      return null;
+    if (!adapters.authAdapter)
+      return null;
+    const decoded = adapters.authAdapter.getDecoded();
+    if (!decoded)
+      return null;
+    for (const protection of protections) {
+      if (protection.token.name === decoded.tokenName) {
+        const result = protection.protectionFn(decoded.params);
+        if (result === false)
+          return null;
+        return result ?? null;
+      }
+    }
+    console.log(`[Scope:${this.name}] no matching protection`);
+    return null;
+  }
   mutateContext(adapters) {
     const events = this._events;
-    const privateQuery = this.buildUnrestrictedQuery(adapters);
+    const privateQuery = this.buildPrivateQuery(adapters);
     const auth = this.getAuth(adapters);
     const aggregateName = this.name;
-    const buildMutateMethodCtx = () => {
+    const scopeRestrictions = this.getScopeRestrictions(adapters);
+    const buildMutateMethodCtx = (method) => {
       const ctx = {};
       for (const entry of events) {
         const arcEvent = entry.event;
@@ -2206,6 +2307,13 @@ class ArcAggregateElement extends ArcContextElement {
             if (!adapters.eventPublisher) {
               throw new Error(`Cannot emit event "${arcEvent.name}": no eventPublisher adapter available`);
             }
+            if (scopeRestrictions) {
+              for (const [key, value] of Object.entries(scopeRestrictions)) {
+                if (key in payload && payload[key] !== value) {
+                  throw new Error(`Scope violation: event "${arcEvent.name}" field "${key}" must be "${value}", got "${payload[key]}"`);
+                }
+              }
+            }
             const eventInstance = {
               type: `${aggregateName}.${arcEvent.name}`,
               payload,
@@ -2218,6 +2326,11 @@ class ArcAggregateElement extends ArcContextElement {
       }
       ctx.$auth = auth;
       ctx.$query = privateQuery;
+      if (method.queryElements?.length || method.mutationElements?.length) {
+        const elementCtx = buildElementContext(method.queryElements ?? [], method.mutationElements ?? [], adapters);
+        ctx.query = elementCtx.query;
+        ctx.mutate = elementCtx.mutate;
+      }
       return ctx;
     };
     const result = {};
@@ -2233,7 +2346,7 @@ class ArcAggregateElement extends ArcContextElement {
           } : undefined;
           return adapters.commandWire.executeCommand(`${aggregateName}.${method.name}`, params, wireAuth);
         }
-        const ctx = buildMutateMethodCtx();
+        const ctx = buildMutateMethodCtx(method);
         return method.handler(ctx, params);
       };
     }
@@ -2461,9 +2574,10 @@ class ArcListener extends ArcContextElement {
   async handleEvent(event2, adapters) {
     if (!this.data.handler)
       return;
-    const context2 = this.#fn.buildContext(adapters);
-    if (adapters.authAdapter) {
-      const decoded = adapters.authAdapter.getDecoded();
+    const scopedAdapters = this.buildScopedAdapters(event2, adapters);
+    const context2 = this.#fn.buildContext(scopedAdapters);
+    if (scopedAdapters.authAdapter) {
+      const decoded = scopedAdapters.authAdapter.getDecoded();
       if (decoded) {
         context2.$auth = {
           params: decoded.params,
@@ -2479,6 +2593,37 @@ class ArcListener extends ArcContextElement {
       await this.data.handler(context2, event2);
     }
   }
+  buildScopedAdapters(event2, adapters) {
+    if (adapters.authAdapter?.isAuthenticated()) {
+      return adapters;
+    }
+    const allElements = [
+      ...this.data.queryElements,
+      ...this.data.mutationElements
+    ];
+    let tokenName = null;
+    for (const element of allElements) {
+      const protections = element.__aggregateProtections ?? element.data?.protections;
+      if (protections?.length > 0) {
+        tokenName = protections[0].token.name;
+        break;
+      }
+    }
+    if (!tokenName || !event2.payload) {
+      return adapters;
+    }
+    const scopedAuth = new AuthAdapter;
+    scopedAuth.scopes = new Map([
+      ["default", {
+        raw: "",
+        decoded: {
+          tokenName,
+          params: event2.payload
+        }
+      }]
+    ]);
+    return { ...adapters, authAdapter: scopedAuth };
+  }
   destroy() {
     for (const unsubscribe of this.unsubscribers) {
       unsubscribe();
@@ -2739,74 +2884,63 @@ class ArcView extends ArcContextElement {
   queryContext(adapters) {
     const viewName = this.data.name;
     const protections = this.data.protections || [];
-    const getReadRestrictions = () => {
-      if (protections.length === 0)
-        return null;
-      if (!adapters.authAdapter) {
-        return false;
-      }
-      const decoded = adapters.authAdapter.getDecoded();
-      if (!decoded) {
-        return false;
-      }
-      for (const protection of protections) {
-        if (protection.token.name === decoded.tokenName) {
-          const restrictions = protection.protectionFn(decoded.params);
-          if (restrictions === false)
-            return false;
-          return restrictions ?? {};
-        }
-      }
-      return false;
-    };
-    const applyRestrictions = (options) => {
-      const restrictions = getReadRestrictions();
-      if (restrictions === false)
-        return false;
-      if (!restrictions || Object.keys(restrictions).length === 0) {
-        return options || {};
-      }
-      const where = { ...options?.where || {}, ...restrictions };
-      return { ...options, where };
-    };
+    const { restrictions, denied } = this.resolveProtection(protections, adapters);
     return {
       find: async (options) => {
-        const restrictedOptions = applyRestrictions(options);
-        if (restrictedOptions === false) {
+        if (denied)
           return [];
-        }
         if (adapters.dataStorage) {
-          const store = adapters.dataStorage.getStore(viewName);
-          return store.find(restrictedOptions);
+          if (restrictions) {
+            const scopedStore = new ScopedStore(adapters.dataStorage.getStore(viewName), restrictions, false);
+            return scopedStore.find(options);
+          }
+          return adapters.dataStorage.getStore(viewName).find(options);
         }
         if (adapters.queryWire) {
-          return adapters.queryWire.query(viewName, restrictedOptions);
+          const where = restrictions ? { ...options?.where || {}, ...restrictions } : options?.where;
+          return adapters.queryWire.query(viewName, { ...options, where });
         }
-        console.warn(`View "${viewName}" query: no dataStorage or queryWire available`);
         return [];
       },
       findOne: async (where) => {
-        const restrictions = getReadRestrictions();
-        if (restrictions === false) {
+        if (denied)
           return;
-        }
-        const mergedWhere = restrictions && Object.keys(restrictions).length > 0 ? { ...where, ...restrictions } : where;
         if (adapters.dataStorage) {
-          const store = adapters.dataStorage.getStore(viewName);
-          const results = await store.find({ where: mergedWhere });
+          if (restrictions) {
+            const scopedStore = new ScopedStore(adapters.dataStorage.getStore(viewName), restrictions, false);
+            const results2 = await scopedStore.find({ where: where || {} });
+            return results2[0];
+          }
+          const results = await adapters.dataStorage.getStore(viewName).find({ where });
           return results[0];
         }
         if (adapters.queryWire) {
-          const results = await adapters.queryWire.query(viewName, {
-            where: mergedWhere
-          });
+          const mergedWhere = restrictions ? { ...where, ...restrictions } : where;
+          const results = await adapters.queryWire.query(viewName, { where: mergedWhere });
           return results[0];
         }
-        console.warn(`View "${viewName}" query: no dataStorage or queryWire available`);
         return;
       }
     };
   }
+  resolveProtection(protections, adapters) {
+    if (protections.length === 0)
+      return { restrictions: null, denied: false };
+    if (!adapters.authAdapter)
+      return { restrictions: null, denied: true };
+    const decoded = adapters.authAdapter.getDecoded();
+    if (!decoded)
+      return { restrictions: null, denied: true };
+    for (const protection of protections) {
+      if (protection.token.name === decoded.tokenName) {
+        const result = protection.protectionFn(decoded.params);
+        if (result === false)
+          return { restrictions: null, denied: true };
+        return { restrictions: result ?? null, denied: false };
+      }
+    }
+    return { restrictions: null, denied: true };
+  }
   getHandlers() {
     return this.data.handler;
   }
@@ -2943,13 +3077,6 @@ function view(name, id2, schema) {
     protections: []
   });
 }
-// src/data-storage/data-storage.abstract.ts
-class DataStorage {
-  async commitChanges(changes) {
-    await Promise.all(changes.map(({ store, changes: changes2 }) => this.getStore(store).applyChanges(changes2)));
-  }
-}
-
 // src/data-storage/store-state-fork.ts
 import { apply } from "mutative";
 
@@ -5091,6 +5218,7 @@ export {
   deepMerge,
   date,
   customId,
+  createScopedDataStorage,
   contextMerge,
   context,
   command,
@@ -5113,7 +5241,9 @@ export {
   StoreState,
   SecuredStoreState,
   SecuredDataStorage,
+  ScopedStore,
   ScopedModel,
+  ScopedDataStorage,
   QueryWire,
   ObservableDataStorage,
   Model,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@arcote.tech/arc",
   "type": "module",
-  "version": "0.5.1",
+  "version": "0.5.2",
   "private": false,
   "author": "Przemysław Krasiński [arcote.tech]",
   "description": "Arc framework core rewrite with improved event emission and type safety",