@classytic/arc 1.0.0 → 1.0.8

package/dist/{createApp-pzUAkzbz.d.ts → createApp-CjN9zZSL.d.ts}

@@ -1,5 +1,5 @@
 import { FastifyInstance } from 'fastify';
-import { C as CreateAppOptions } from './types-0IPhH_NR.js';
+import { C as CreateAppOptions } from './types-zpN48n6B.js';
 
 /**
  * ArcFactory - Production-ready Fastify application factory

package/dist/docs/index.js

@@ -538,11 +538,16 @@ function generateSchemas(resources) {
   };
   for (const resource of resources) {
     const storedSchemas = resource.openApiSchemas;
-    if (storedSchemas?.createBody) {
+    if (storedSchemas?.response) {
+      schemas[resource.name] = {
+        type: "object",
+        description: resource.displayName,
+        ...storedSchemas.response
+      };
+    } else if (storedSchemas?.createBody) {
       schemas[resource.name] = {
         type: "object",
         description: resource.displayName,
-        ...storedSchemas.createBody,
         properties: {
           _id: { type: "string", description: "Unique identifier" },
           ...storedSchemas.createBody.properties ?? {},
@@ -550,6 +555,18 @@ function generateSchemas(resources) {
           updatedAt: { type: "string", format: "date-time", description: "Last update timestamp" }
         }
       };
+    } else {
+      schemas[resource.name] = {
+        type: "object",
+        description: resource.displayName,
+        properties: {
+          _id: { type: "string", description: "Unique identifier" },
+          createdAt: { type: "string", format: "date-time", description: "Creation timestamp" },
+          updatedAt: { type: "string", format: "date-time", description: "Last update timestamp" }
+        }
+      };
+    }
+    if (storedSchemas?.createBody) {
       schemas[`${resource.name}Input`] = {
         type: "object",
         description: `${resource.displayName} create input`,
@@ -563,15 +580,6 @@ function generateSchemas(resources) {
         };
       }
     } else {
-      schemas[resource.name] = {
-        type: "object",
-        description: resource.displayName,
-        properties: {
-          _id: { type: "string", description: "Unique identifier" },
-          createdAt: { type: "string", format: "date-time", description: "Creation timestamp" },
-          updatedAt: { type: "string", format: "date-time", description: "Last update timestamp" }
-        }
-      };
       schemas[`${resource.name}Input`] = {
         type: "object",
         description: `${resource.displayName} input`

package/dist/factory/index.d.ts

@@ -1,11 +1,11 @@
-export { A as ArcFactory, c as createApp } from '../createApp-pzUAkzbz.js';
-import { C as CreateAppOptions } from '../types-0IPhH_NR.js';
-export { M as MultipartOptions, R as RawBodyOptions, U as UnderPressureOptions } from '../types-0IPhH_NR.js';
+export { A as ArcFactory, c as createApp } from '../createApp-CjN9zZSL.js';
+import { C as CreateAppOptions } from '../types-zpN48n6B.js';
+export { M as MultipartOptions, R as RawBodyOptions, U as UnderPressureOptions } from '../types-zpN48n6B.js';
 import 'fastify';
 import '@fastify/cors';
 import '@fastify/helmet';
 import '@fastify/rate-limit';
-import '../index-DkAW8BXh.js';
+import '../index-D5QTob1X.js';
 import 'mongoose';
 import '../types-B99TBmFV.js';
 

package/dist/factory/index.js

@@ -1478,9 +1478,7 @@ async function loadPlugin(name, logger) {
     const err = error;
     const isModuleNotFound = err.message.includes("Cannot find module") || err.message.includes("Cannot find package") || err.message.includes("MODULE_NOT_FOUND") || err.message.includes("Could not resolve");
     if (isModuleNotFound && OPTIONAL_PLUGINS.has(name)) {
-      logger?.warn(
-        `ℹ️  Optional plugin '${name}' skipped (${packageName} not installed)`
-      );
+      logger?.warn(`ℹ️  Optional plugin '${name}' skipped (${packageName} not installed)`);
       return null;
     }
     if (isModuleNotFound) {
@@ -1519,10 +1517,7 @@ async function createApp(options) {
   });
   if (config.helmet !== false) {
     const helmet = await loadPlugin("helmet");
-    await fastify.register(
-      helmet,
-      config.helmet ?? {}
-    );
+    await fastify.register(helmet, config.helmet ?? {});
     fastify.log.info("✅ Helmet (security headers) enabled");
   } else {
     fastify.log.warn("⚠️  Helmet disabled - security headers not applied");
@@ -1542,20 +1537,14 @@ async function createApp(options) {
   }
   if (config.rateLimit !== false) {
     const rateLimit = await loadPlugin("rateLimit");
-    await fastify.register(
-      rateLimit,
-      config.rateLimit ?? { max: 100, timeWindow: "1 minute" }
-    );
+    await fastify.register(rateLimit, config.rateLimit ?? { max: 100, timeWindow: "1 minute" });
     fastify.log.info("✅ Rate limiting enabled");
   } else {
     fastify.log.warn("⚠️  Rate limiting disabled");
   }
   if (config.underPressure !== false) {
     const underPressure = await loadPlugin("underPressure");
-    await fastify.register(
-      underPressure,
-      config.underPressure ?? { exposeStatusRoute: true }
-    );
+    await fastify.register(underPressure, config.underPressure ?? { exposeStatusRoute: true });
     fastify.log.info("✅ Health monitoring (under-pressure) enabled");
   } else {
     fastify.log.info("ℹ️  Health monitoring disabled");
@@ -1575,10 +1564,7 @@ async function createApp(options) {
           files: 10
         }
       };
-      await fastify.register(multipart, {
-        ...multipartDefaults,
-        ...config.multipart
-      });
+      await fastify.register(multipart, { ...multipartDefaults, ...config.multipart });
       fastify.log.info("✅ Multipart (file uploads) enabled");
     }
   }
@@ -1591,10 +1577,7 @@ async function createApp(options) {
         encoding: "utf8",
         runFirst: true
       };
-      await fastify.register(rawBody, {
-        ...rawBodyDefaults,
-        ...config.rawBody
-      });
+      await fastify.register(rawBody, { ...rawBodyDefaults, ...config.rawBody });
       fastify.log.info("✅ Raw body parsing enabled");
     }
   }

package/dist/hooks/index.d.ts

@@ -1,4 +1,4 @@
-export { ac as HookContext, ad as HookHandler, aH as HookOperation, aG as HookPhase, aI as HookRegistration, H as HookSystem, aJ as HookSystemOptions, aB as afterCreate, aF as afterDelete, aD as afterUpdate, aA as beforeCreate, aE as beforeDelete, aC as beforeUpdate, az as createHookSystem, ab as hookSystem } from '../index-DkAW8BXh.js';
+export { ac as HookContext, ad as HookHandler, aH as HookOperation, aG as HookPhase, aI as HookRegistration, H as HookSystem, aJ as HookSystemOptions, aB as afterCreate, aF as afterDelete, aD as afterUpdate, aA as beforeCreate, aE as beforeDelete, aC as beforeUpdate, az as createHookSystem, ab as hookSystem } from '../index-D5QTob1X.js';
 import 'mongoose';
 import 'fastify';
 import '../types-B99TBmFV.js';

package/dist/{index-DkAW8BXh.d.ts → index-D5QTob1X.d.ts}

@@ -405,8 +405,8 @@ interface IRequestContext {
     headers: Record<string, string | undefined>;
     /** Organization ID (for multi-tenant apps) */
     organizationId?: string;
-    /** Additional context data */
-    context?: Record<string, unknown>;
+    /** Additional metadata and custom fields */
+    metadata?: Record<string, unknown>;
 }
 /**
  * Standard response from controller handlers
@@ -428,13 +428,13 @@ interface IControllerResponse<T = unknown> {
 /**
  * Controller handler - Arc's standard pattern
  *
- * Receives a context object, returns IControllerResponse.
+ * Receives a request context object, returns IControllerResponse.
  * Use with `wrapHandler: true` in additionalRoutes.
  *
  * @example
  * ```typescript
- * const createProduct: ControllerHandler<Product> = async (ctx) => {
- *   const product = await productRepo.create(ctx.body);
+ * const createProduct: ControllerHandler<Product> = async (req) => {
+ *   const product = await productRepo.create(req.body);
  *   return { success: true, data: product, status: 201 };
  * };
  *
@@ -447,7 +447,7 @@ interface IControllerResponse<T = unknown> {
  * }]
  * ```
  */
-type ControllerHandler<T = unknown> = (context: IRequestContext) => Promise<IControllerResponse<T>>;
+type ControllerHandler<T = unknown> = (req: IRequestContext) => Promise<IControllerResponse<T>>;
 /**
  * Fastify native handler
  *
@@ -480,14 +480,14 @@ type RouteHandler = ControllerHandler | FastifyHandler;
  * Controller interface for CRUD operations (strict)
  */
 interface IController<TDoc = unknown> {
-    list(context: IRequestContext): Promise<IControllerResponse<{
+    list(req: IRequestContext): Promise<IControllerResponse<{
         docs: TDoc[];
         total: number;
     }>>;
-    get(context: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    create(context: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    update(context: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    delete(context: IRequestContext): Promise<IControllerResponse<{
+    get(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
+    create(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
+    update(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
+    delete(req: IRequestContext): Promise<IControllerResponse<{
         message: string;
     }>>;
 }
@@ -832,6 +832,26 @@ interface OpenApiSchemas {
     updateBody?: unknown;
     params?: unknown;
     listQuery?: unknown;
+    /**
+     * Explicit response schema for OpenAPI documentation.
+     * If provided, this will be used as-is for the response schema.
+     * If not provided, response schema is auto-generated from createBody.
+     *
+     * Note: This is for OpenAPI docs only - does NOT affect Fastify serialization.
+     *
+     * @example
+     * response: {
+     *   type: 'object',
+     *   properties: {
+     *     _id: { type: 'string' },
+     *     name: { type: 'string' },
+     *     email: { type: 'string' },
+     *     // Exclude password, include virtuals
+     *     fullName: { type: 'string' },
+     *   }
+     * }
+     */
+    response?: unknown;
     [key: string]: unknown;
 }
 /** Handler for middleware functions */
@@ -1299,4 +1319,4 @@ interface ValidationResult {
 }
 type AdapterFactory<TDoc> = (config: unknown) => DataAdapter<TDoc>;
 
-export { type InferDocType as $, type AuthHelpers as A, type CrudController as B, type CrudRouteKey as C, type DataAdapter as D, type FieldRule as E, type FieldMetadata as F, type CrudSchemas as G, HookSystem as H, type IntrospectionPluginOptions as I, type JWTPayload as J, type AdditionalRoute as K, type PresetFunction as L, type MiddlewareConfig as M, type EventDefinition as N, type OwnershipCheck as O, type PresetResult as P, type QueryOptions as Q, type RequestWithExtras as R, type ServiceContext as S, type ResourceMetadata as T, type UserOrganization as U, type ValidationResult as V, type RegistryEntry as W, type RegistryStats as X, type IntrospectionData as Y, type OrgScopeOptions as Z, type CrudRouterOptions as _, type AuthPluginOptions as a, type InferResourceDoc as a0, type TypedResourceConfig as a1, type TypedController as a2, type TypedRepository as a3, type ConfigError as a4, type ValidationResult$1 as a5, type ValidateOptions as a6, type HealthCheck as a7, type HealthOptions as a8, type GracefulShutdownOptions as a9, beforeCreate as aA, afterCreate as aB, beforeUpdate as aC, afterUpdate as aD, beforeDelete as aE, afterDelete as aF, type HookPhase as aG, type HookOperation as aH, type HookRegistration as aI, type HookSystemOptions as aJ, type RequestIdOptions as aa, hookSystem as ab, type HookContext as ac, type HookHandler as ad, type ParsedQuery as ae, type OpenApiSchemas as af, type AdapterFactory as ag, type ObjectId as ah, type UserLike as ai, getUserId as aj, type ArcDecorator as ak, type EventsDecorator as al, type ResourcePermissions as am, type ResourceHooks as an, type MiddlewareHandler as ao, type JwtContext as ap, type AuthenticatorContext as aq, type Authenticator as ar, type TokenPair as as, type PresetHook as at, type BaseControllerOptions as au, type PaginationParams as av, type InferDoc as aw, type ControllerHandler as ax, type FastifyHandler as ay, createHookSystem as az, ResourceRegistry as b, type RegisterOptions as c, type AnyRecord as d, type IController as e, type CrudRepository as f, type RouteSchemaOptions as g, type QueryParserInterface as h, type RepositoryLike as i, type IRequestContext as j, type ControllerQueryOptions as k, type RequestContext as l, type IControllerResponse as m, type PaginatedResult as n, type ResourceConfig as o, type SchemaMetadata as p, type RelationMetadata as q, resourceRegistry as r, defineResource as s, ResourceDefinition as t, type ApiResponse as u, type ControllerLike as v, type FastifyRequestExtras as w, type FastifyWithAuth as x, type FastifyWithDecorators as y, type RouteHandler as z };
+export { type InferDocType as $, type AnyRecord as A, type CrudController as B, type ControllerQueryOptions as C, type DataAdapter as D, type FieldRule as E, type FieldMetadata as F, type CrudSchemas as G, HookSystem as H, type IController as I, type JWTPayload as J, type AdditionalRoute as K, type PresetFunction as L, type MiddlewareConfig as M, type EventDefinition as N, type OwnershipCheck as O, type PaginatedResult as P, type QueryParserInterface as Q, type RouteSchemaOptions as R, type ServiceContext as S, type ResourceMetadata as T, type UserOrganization as U, type ValidationResult as V, type RegistryEntry as W, type RegistryStats as X, type IntrospectionData as Y, type OrgScopeOptions as Z, type CrudRouterOptions as _, type IRequestContext as a, type InferResourceDoc as a0, type TypedResourceConfig as a1, type TypedController as a2, type TypedRepository as a3, type ConfigError as a4, type ValidationResult$1 as a5, type ValidateOptions as a6, type HealthCheck as a7, type HealthOptions as a8, type GracefulShutdownOptions as a9, beforeCreate as aA, afterCreate as aB, beforeUpdate as aC, afterUpdate as aD, beforeDelete as aE, afterDelete as aF, type HookPhase as aG, type HookOperation as aH, type HookRegistration as aI, type HookSystemOptions as aJ, type RequestIdOptions as aa, hookSystem as ab, type HookContext as ac, type HookHandler as ad, type ParsedQuery as ae, type OpenApiSchemas as af, type AdapterFactory as ag, type ObjectId as ah, type UserLike as ai, getUserId as aj, type ArcDecorator as ak, type EventsDecorator as al, type ResourcePermissions as am, type ResourceHooks as an, type MiddlewareHandler as ao, type JwtContext as ap, type AuthenticatorContext as aq, type Authenticator as ar, type TokenPair as as, type PresetHook as at, type BaseControllerOptions as au, type PaginationParams as av, type InferDoc as aw, type ControllerHandler as ax, type FastifyHandler as ay, createHookSystem as az, type RequestContext as b, type IControllerResponse as c, type RequestWithExtras as d, type CrudRouteKey as e, type PresetResult as f, type AuthHelpers as g, type AuthPluginOptions as h, type IntrospectionPluginOptions as i, ResourceRegistry as j, type RegisterOptions as k, type ResourceConfig as l, type SchemaMetadata as m, type RelationMetadata as n, type RepositoryLike as o, defineResource as p, ResourceDefinition as q, resourceRegistry as r, type ApiResponse as s, type ControllerLike as t, type FastifyRequestExtras as u, type FastifyWithAuth as v, type FastifyWithDecorators as w, type QueryOptions as x, type CrudRepository as y, type RouteHandler as z };

package/dist/index.d.ts

@@ -1,216 +1,20 @@
-import { d as AnyRecord, e as IController, f as CrudRepository, Q as QueryOptions, g as RouteSchemaOptions, h as QueryParserInterface, i as RepositoryLike, j as IRequestContext, S as ServiceContext, k as ControllerQueryOptions, l as RequestContext, H as HookSystem, m as IControllerResponse, n as PaginatedResult, o as ResourceConfig } from './index-DkAW8BXh.js';
-export { V as AdapterValidationResult, K as AdditionalRoute, u as ApiResponse, a as AuthPluginOptions, a4 as ConfigError, v as ControllerLike, B as CrudController, C as CrudRouteKey, _ as CrudRouterOptions, G as CrudSchemas, D as DataAdapter, N as EventDefinition, w as FastifyRequestExtras, x as FastifyWithAuth, y as FastifyWithDecorators, F as FieldMetadata, E as FieldRule, a9 as GracefulShutdownOptions, a7 as HealthCheck, a8 as HealthOptions, ac as HookContext, ad as HookHandler, $ as InferDocType, a0 as InferResourceDoc, Y as IntrospectionData, I as IntrospectionPluginOptions, J as JWTPayload, M as MiddlewareConfig, Z as OrgScopeOptions, O as OwnershipCheck, L as PresetFunction, P as PresetResult, W as RegistryEntry, X as RegistryStats, q as RelationMetadata, aa as RequestIdOptions, R as RequestWithExtras, t as ResourceDefinition, T as ResourceMetadata, z as RouteHandler, p as SchemaMetadata, a2 as TypedController, a3 as TypedRepository, a1 as TypedResourceConfig, U as UserOrganization, a6 as ValidateOptions, a5 as ValidationResult, s as defineResource, ab as hookSystem, r as resourceRegistry } from './index-DkAW8BXh.js';
+import { l as ResourceConfig } from './index-D5QTob1X.js';
+export { V as AdapterValidationResult, K as AdditionalRoute, A as AnyRecord, s as ApiResponse, h as AuthPluginOptions, a4 as ConfigError, t as ControllerLike, B as CrudController, y as CrudRepository, e as CrudRouteKey, _ as CrudRouterOptions, G as CrudSchemas, D as DataAdapter, N as EventDefinition, u as FastifyRequestExtras, v as FastifyWithAuth, w as FastifyWithDecorators, F as FieldMetadata, E as FieldRule, a9 as GracefulShutdownOptions, a7 as HealthCheck, a8 as HealthOptions, ac as HookContext, ad as HookHandler, H as HookSystem, I as IController, c as IControllerResponse, a as IRequestContext, $ as InferDocType, a0 as InferResourceDoc, Y as IntrospectionData, i as IntrospectionPluginOptions, J as JWTPayload, M as MiddlewareConfig, Z as OrgScopeOptions, O as OwnershipCheck, P as PaginatedResult, L as PresetFunction, f as PresetResult, x as QueryOptions, W as RegistryEntry, X as RegistryStats, n as RelationMetadata, o as RepositoryLike, b as RequestContext, aa as RequestIdOptions, d as RequestWithExtras, q as ResourceDefinition, T as ResourceMetadata, z as RouteHandler, R as RouteSchemaOptions, m as SchemaMetadata, S as ServiceContext, a2 as TypedController, a3 as TypedRepository, a1 as TypedResourceConfig, U as UserOrganization, a6 as ValidateOptions, a5 as ValidationResult, p as defineResource, ab as hookSystem, r as resourceRegistry } from './index-D5QTob1X.js';
 export { MongooseAdapter, MongooseAdapterOptions, PrismaAdapter, PrismaAdapterOptions, createMongooseAdapter, createPrismaAdapter } from './adapters/index.js';
+export { B as BaseController, a as BaseControllerOptions } from './BaseController-nNRS3vpA.js';
 export { RouteHandlerMethod } from 'fastify';
 export { P as PermissionCheck, a as PermissionContext, b as PermissionResult, U as UserBase } from './types-B99TBmFV.js';
 export { A as ArcError, F as ForbiddenError, N as NotFoundError, U as UnauthorizedError, V as ValidationError } from './errors-8WIxGS_6.js';
-export { e as gracefulShutdownPlugin, a as healthPlugin, _ as requestIdPlugin } from './arcCorePlugin-DTPWXcZN.js';
+export { e as gracefulShutdownPlugin, a as healthPlugin, _ as requestIdPlugin } from './arcCorePlugin-CAjBQtZB.js';
 export { DomainEvent, EventHandler, eventPlugin } from './events/index.js';
 export { allOf, allowPublic, anyOf, denyAll, requireAuth, requireOwnership, requireRoles, when } from './permissions/index.js';
-export { A as ArcFactory, c as createApp } from './createApp-pzUAkzbz.js';
-export { C as CreateAppOptions } from './types-0IPhH_NR.js';
+export { A as ArcFactory, c as createApp } from './createApp-CjN9zZSL.js';
+export { C as CreateAppOptions } from './types-zpN48n6B.js';
 import 'mongoose';
 import '@fastify/cors';
 import '@fastify/helmet';
 import '@fastify/rate-limit';
 
-/**
- * Base Controller - Framework-Agnostic CRUD Operations
- *
- * Implements IController interface for framework portability.
- * Works with Fastify, Express, Next.js, or any framework via adapter pattern.
- *
- * @example
- * import { BaseController } from '@classytic/arc';
- *
- * // Use Arc's default query parser (works out of the box)
- * class ProductController extends BaseController {
- *   constructor(repository: CrudRepository) {
- *     super(repository);
- *   }
- * }
- *
- * // Or use MongoKit's parser for advanced MongoDB features ($lookup, aggregations)
- * import { QueryParser } from '@classytic/mongokit';
- * defineResource({
- *   name: 'product',
- *   queryParser: new QueryParser(),
- *   // ...
- * });
- *
- * // Or use a custom parser for SQL databases
- * defineResource({
- *   name: 'user',
- *   queryParser: new PgQueryParser(),
- *   // ...
- * });
- */
-
-/**
- * Extended repository type that includes optional preset methods
- * Used internally for type-safe access to preset-added methods
- */
-interface ExtendedRepository<TDoc> extends CrudRepository<TDoc> {
-    getBySlug?(slug: string, options?: QueryOptions): Promise<TDoc | null>;
-    getDeleted?(options?: QueryOptions): Promise<TDoc[]>;
-    restore?(id: string, options?: QueryOptions): Promise<TDoc | null>;
-    getTree?(options?: QueryOptions): Promise<TDoc[]>;
-    getChildren?(parentId: string, options?: QueryOptions): Promise<TDoc[]>;
-}
-interface BaseControllerOptions {
-    /** Schema options for field sanitization */
-    schemaOptions?: RouteSchemaOptions;
-    /**
-     * Query parser instance
-     * Default: Arc built-in query parser (adapter-agnostic).
-     * You can swap in MongoKit QueryParser, pgkit parser, etc.
-     */
-    queryParser?: QueryParserInterface;
-    /** Maximum limit for pagination (default: 100) */
-    maxLimit?: number;
-    /** Default limit for pagination (default: 20) */
-    defaultLimit?: number;
-    /** Default sort field (default: '-createdAt') */
-    defaultSort?: string;
-    /** Resource name for hook execution (e.g., 'product' → 'product.created') */
-    resourceName?: string;
-    /** Disable automatic event emission (default: false) */
-    disableEvents?: boolean;
-}
-/**
- * Framework-agnostic base controller implementing MongoKit's IController
- *
- * Use with Fastify adapter for Fastify integration (see createFastifyAdapter in createCrudRouter)
- */
-declare class BaseController<TDoc = AnyRecord> implements IController<TDoc> {
-    protected repository: ExtendedRepository<TDoc>;
-    protected schemaOptions: RouteSchemaOptions;
-    protected queryParser: QueryParserInterface;
-    protected maxLimit: number;
-    protected defaultLimit: number;
-    protected defaultSort: string;
-    protected resourceName?: string;
-    protected disableEvents: boolean;
-    /** Preset field names for dynamic param reading */
-    protected _presetFields: {
-        slugField?: string;
-        parentField?: string;
-    };
-    constructor(repository: CrudRepository<TDoc> | RepositoryLike, options?: BaseControllerOptions);
-    /**
-     * Inject resource options from defineResource
-     */
-    _setResourceOptions(options: {
-        schemaOptions?: RouteSchemaOptions;
-        presetFields?: {
-            slugField?: string;
-            parentField?: string;
-        };
-        resourceName?: string;
-        queryParser?: QueryParserInterface;
-    }): void;
-    /**
-     * Build service context from IRequestContext
-     */
-    protected _buildContext(context: IRequestContext): ServiceContext;
-    /**
-     * Parse query into QueryOptions using queryParser
-     */
-    protected _parseQueryOptions(context: IRequestContext): ControllerQueryOptions;
-    /**
-     * Apply org and policy filters
-     */
-    protected _applyFilters(options: ControllerQueryOptions, context: IRequestContext): ControllerQueryOptions;
-    /**
-     * Build filter for single-item operations (get/update/delete)
-     * Combines ID filter with policy/org filters for proper security enforcement
-     */
-    protected _buildIdFilter(id: string, context: IRequestContext): AnyRecord;
-    /**
-     * Check if a value matches a MongoDB query operator
-     */
-    protected _matchesOperator(itemValue: unknown, operator: string, filterValue: unknown): boolean;
-    /**
-     * Forbidden paths that could lead to prototype pollution
-     */
-    private static readonly FORBIDDEN_PATHS;
-    /**
-     * Get nested value from object using dot notation (e.g., "owner.id")
-     * Security: Validates path against forbidden patterns to prevent prototype pollution
-     */
-    protected _getNestedValue(obj: AnyRecord, path: string): unknown;
-    /**
-     * Check if item matches a single filter condition
-     * Supports nested paths (e.g., "owner.id", "metadata.status")
-     */
-    protected _matchesFilter(item: AnyRecord, key: string, filterValue: unknown): boolean;
-    /**
-     * Check if item matches policy filters (for get/update/delete operations)
-     * Validates that fetched item satisfies all policy constraints
-     * Supports MongoDB query operators: $eq, $ne, $gt, $gte, $lt, $lte, $in, $nin, $exists, $regex, $and, $or
-     */
-    protected _checkPolicyFilters(item: AnyRecord, context: IRequestContext): boolean;
-    /** Parse lean option (default: true for performance) */
-    protected _parseLean(leanValue: unknown): boolean;
-    /** Get blocked fields from schema options */
-    protected _getBlockedFields(schemaOptions: RouteSchemaOptions): string[];
-    /**
-     * Convert parsed select object to string format
-     * Converts { name: 1, email: 1, password: 0 } → 'name email -password'
-     */
-    protected _selectToString(select: string | string[] | Record<string, 0 | 1> | undefined): string | undefined;
-    /** Sanitize select fields */
-    protected _sanitizeSelect(select: string | undefined, schemaOptions: RouteSchemaOptions): string | undefined;
-    /** Sanitize populate fields */
-    protected _sanitizePopulate(populate: unknown, schemaOptions: RouteSchemaOptions): string[] | undefined;
-    /** Check org scope for a document */
-    protected _checkOrgScope(item: AnyRecord | null, arcContext: RequestContext | undefined): boolean;
-    /** Check ownership for update/delete (ownedByUser preset) */
-    protected _checkOwnership(item: AnyRecord | null, context: IRequestContext): boolean;
-    /**
-     * Get hook system from context (instance-scoped) or fall back to global singleton
-     * This allows proper isolation when running multiple app instances (e.g., in tests)
-     */
-    protected _getHooks(context: IRequestContext): HookSystem;
-    /**
-     * List resources with filtering, pagination, sorting
-     * Implements IController.list()
-     */
-    list(context: IRequestContext): Promise<IControllerResponse<PaginatedResult<TDoc>>>;
-    /**
-     * Get single resource by ID
-     * Implements IController.get()
-     */
-    get(context: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    /**
-     * Create new resource
-     * Implements IController.create()
-     */
-    create(context: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    /**
-     * Update existing resource
-     * Implements IController.update()
-     */
-    update(context: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    /**
-     * Delete resource
-     * Implements IController.delete()
-     */
-    delete(context: IRequestContext): Promise<IControllerResponse<{
-        message: string;
-    }>>;
-    /** Get resource by slug (slugLookup preset) */
-    getBySlug(context: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    /** Get soft-deleted resources (softDelete preset) */
-    getDeleted(context: IRequestContext): Promise<IControllerResponse<PaginatedResult<TDoc>>>;
-    /** Restore soft-deleted resource (softDelete preset) */
-    restore(context: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    /** Get hierarchical tree (tree preset) */
-    getTree(context: IRequestContext): Promise<IControllerResponse<TDoc[]>>;
-    /** Get children of parent (tree preset) */
-    getChildren(context: IRequestContext): Promise<IControllerResponse<TDoc[]>>;
-}
-
 /**
  * Resource Configuration Validator
  *
@@ -328,4 +132,4 @@ declare function assertValidConfig(config: ResourceConfig, options?: ValidateOpt
 
 declare const version = "1.0.0";
 
-export { AnyRecord, BaseController, type BaseControllerOptions, CrudRepository, HookSystem, IController, IControllerResponse, IRequestContext, PaginatedResult, QueryOptions, RepositoryLike, RequestContext, ResourceConfig, RouteSchemaOptions, ServiceContext, assertValidConfig, formatValidationErrors, validateResourceConfig, version };
+export { ResourceConfig, assertValidConfig, formatValidationErrors, validateResourceConfig, version };