@classytic/arc 1.0.5 → 1.0.8

package/dist/{createApp-9q_I1la4.d.ts → createApp-CjN9zZSL.d.ts}

@@ -1,5 +1,5 @@
 import { FastifyInstance } from 'fastify';
-import { C as CreateAppOptions } from './types-EBZBXrg-.js';
+import { C as CreateAppOptions } from './types-zpN48n6B.js';
 
 /**
  * ArcFactory - Production-ready Fastify application factory

package/dist/factory/index.d.ts

@@ -1,11 +1,11 @@
-export { A as ArcFactory, c as createApp } from '../createApp-9q_I1la4.js';
-import { C as CreateAppOptions } from '../types-EBZBXrg-.js';
-export { M as MultipartOptions, R as RawBodyOptions, U as UnderPressureOptions } from '../types-EBZBXrg-.js';
+export { A as ArcFactory, c as createApp } from '../createApp-CjN9zZSL.js';
+import { C as CreateAppOptions } from '../types-zpN48n6B.js';
+export { M as MultipartOptions, R as RawBodyOptions, U as UnderPressureOptions } from '../types-zpN48n6B.js';
 import 'fastify';
 import '@fastify/cors';
 import '@fastify/helmet';
 import '@fastify/rate-limit';
-import '../index-WBEvhmWM.js';
+import '../index-D5QTob1X.js';
 import 'mongoose';
 import '../types-B99TBmFV.js';
 

package/dist/hooks/index.d.ts

@@ -1,4 +1,4 @@
-export { ac as HookContext, ad as HookHandler, aH as HookOperation, aG as HookPhase, aI as HookRegistration, H as HookSystem, aJ as HookSystemOptions, aB as afterCreate, aF as afterDelete, aD as afterUpdate, aA as beforeCreate, aE as beforeDelete, aC as beforeUpdate, az as createHookSystem, ab as hookSystem } from '../index-WBEvhmWM.js';
+export { ac as HookContext, ad as HookHandler, aH as HookOperation, aG as HookPhase, aI as HookRegistration, H as HookSystem, aJ as HookSystemOptions, aB as afterCreate, aF as afterDelete, aD as afterUpdate, aA as beforeCreate, aE as beforeDelete, aC as beforeUpdate, az as createHookSystem, ab as hookSystem } from '../index-D5QTob1X.js';
 import 'mongoose';
 import 'fastify';
 import '../types-B99TBmFV.js';

package/dist/{index-WBEvhmWM.d.ts → index-D5QTob1X.d.ts}

@@ -1319,4 +1319,4 @@ interface ValidationResult {
 }
 type AdapterFactory<TDoc> = (config: unknown) => DataAdapter<TDoc>;
 
-export { type InferDocType as $, type AuthHelpers as A, type CrudController as B, type CrudRouteKey as C, type DataAdapter as D, type FieldRule as E, type FieldMetadata as F, type CrudSchemas as G, HookSystem as H, type IntrospectionPluginOptions as I, type JWTPayload as J, type AdditionalRoute as K, type PresetFunction as L, type MiddlewareConfig as M, type EventDefinition as N, type OwnershipCheck as O, type PresetResult as P, type QueryParserInterface as Q, type RequestWithExtras as R, type ServiceContext as S, type ResourceMetadata as T, type UserOrganization as U, type ValidationResult as V, type RegistryEntry as W, type RegistryStats as X, type IntrospectionData as Y, type OrgScopeOptions as Z, type CrudRouterOptions as _, type AuthPluginOptions as a, type InferResourceDoc as a0, type TypedResourceConfig as a1, type TypedController as a2, type TypedRepository as a3, type ConfigError as a4, type ValidationResult$1 as a5, type ValidateOptions as a6, type HealthCheck as a7, type HealthOptions as a8, type GracefulShutdownOptions as a9, beforeCreate as aA, afterCreate as aB, beforeUpdate as aC, afterUpdate as aD, beforeDelete as aE, afterDelete as aF, type HookPhase as aG, type HookOperation as aH, type HookRegistration as aI, type HookSystemOptions as aJ, type RequestIdOptions as aa, hookSystem as ab, type HookContext as ac, type HookHandler as ad, type ParsedQuery as ae, type OpenApiSchemas as af, type AdapterFactory as ag, type ObjectId as ah, type UserLike as ai, getUserId as aj, type ArcDecorator as ak, type EventsDecorator as al, type ResourcePermissions as am, type ResourceHooks as an, type MiddlewareHandler as ao, type JwtContext as ap, type AuthenticatorContext as aq, type Authenticator as ar, type TokenPair as as, type PresetHook as at, type BaseControllerOptions as au, type PaginationParams as av, type InferDoc as aw, type ControllerHandler as ax, type FastifyHandler as ay, createHookSystem as az, ResourceRegistry as b, type RegisterOptions as c, type AnyRecord as d, type IController as e, type RouteSchemaOptions as f, type IRequestContext as g, type ControllerQueryOptions as h, type RequestContext as i, type IControllerResponse as j, type PaginatedResult as k, type ResourceConfig as l, type SchemaMetadata as m, type RelationMetadata as n, type RepositoryLike as o, defineResource as p, ResourceDefinition as q, resourceRegistry as r, type ApiResponse as s, type ControllerLike as t, type FastifyRequestExtras as u, type FastifyWithAuth as v, type FastifyWithDecorators as w, type QueryOptions as x, type CrudRepository as y, type RouteHandler as z };
+export { type InferDocType as $, type AnyRecord as A, type CrudController as B, type ControllerQueryOptions as C, type DataAdapter as D, type FieldRule as E, type FieldMetadata as F, type CrudSchemas as G, HookSystem as H, type IController as I, type JWTPayload as J, type AdditionalRoute as K, type PresetFunction as L, type MiddlewareConfig as M, type EventDefinition as N, type OwnershipCheck as O, type PaginatedResult as P, type QueryParserInterface as Q, type RouteSchemaOptions as R, type ServiceContext as S, type ResourceMetadata as T, type UserOrganization as U, type ValidationResult as V, type RegistryEntry as W, type RegistryStats as X, type IntrospectionData as Y, type OrgScopeOptions as Z, type CrudRouterOptions as _, type IRequestContext as a, type InferResourceDoc as a0, type TypedResourceConfig as a1, type TypedController as a2, type TypedRepository as a3, type ConfigError as a4, type ValidationResult$1 as a5, type ValidateOptions as a6, type HealthCheck as a7, type HealthOptions as a8, type GracefulShutdownOptions as a9, beforeCreate as aA, afterCreate as aB, beforeUpdate as aC, afterUpdate as aD, beforeDelete as aE, afterDelete as aF, type HookPhase as aG, type HookOperation as aH, type HookRegistration as aI, type HookSystemOptions as aJ, type RequestIdOptions as aa, hookSystem as ab, type HookContext as ac, type HookHandler as ad, type ParsedQuery as ae, type OpenApiSchemas as af, type AdapterFactory as ag, type ObjectId as ah, type UserLike as ai, getUserId as aj, type ArcDecorator as ak, type EventsDecorator as al, type ResourcePermissions as am, type ResourceHooks as an, type MiddlewareHandler as ao, type JwtContext as ap, type AuthenticatorContext as aq, type Authenticator as ar, type TokenPair as as, type PresetHook as at, type BaseControllerOptions as au, type PaginationParams as av, type InferDoc as aw, type ControllerHandler as ax, type FastifyHandler as ay, createHookSystem as az, type RequestContext as b, type IControllerResponse as c, type RequestWithExtras as d, type CrudRouteKey as e, type PresetResult as f, type AuthHelpers as g, type AuthPluginOptions as h, type IntrospectionPluginOptions as i, ResourceRegistry as j, type RegisterOptions as k, type ResourceConfig as l, type SchemaMetadata as m, type RelationMetadata as n, type RepositoryLike as o, defineResource as p, ResourceDefinition as q, resourceRegistry as r, type ApiResponse as s, type ControllerLike as t, type FastifyRequestExtras as u, type FastifyWithAuth as v, type FastifyWithDecorators as w, type QueryOptions as x, type CrudRepository as y, type RouteHandler as z };

package/dist/index.d.ts

@@ -1,249 +1,20 @@
-import { d as AnyRecord, e as IController, f as RouteSchemaOptions, Q as QueryParserInterface, g as IRequestContext, S as ServiceContext, h as ControllerQueryOptions, i as RequestContext, H as HookSystem, j as IControllerResponse, k as PaginatedResult, l as ResourceConfig } from './index-WBEvhmWM.js';
-export { V as AdapterValidationResult, K as AdditionalRoute, s as ApiResponse, a as AuthPluginOptions, a4 as ConfigError, t as ControllerLike, B as CrudController, y as CrudRepository, C as CrudRouteKey, _ as CrudRouterOptions, G as CrudSchemas, D as DataAdapter, N as EventDefinition, u as FastifyRequestExtras, v as FastifyWithAuth, w as FastifyWithDecorators, F as FieldMetadata, E as FieldRule, a9 as GracefulShutdownOptions, a7 as HealthCheck, a8 as HealthOptions, ac as HookContext, ad as HookHandler, $ as InferDocType, a0 as InferResourceDoc, Y as IntrospectionData, I as IntrospectionPluginOptions, J as JWTPayload, M as MiddlewareConfig, Z as OrgScopeOptions, O as OwnershipCheck, L as PresetFunction, P as PresetResult, x as QueryOptions, W as RegistryEntry, X as RegistryStats, n as RelationMetadata, o as RepositoryLike, aa as RequestIdOptions, R as RequestWithExtras, q as ResourceDefinition, T as ResourceMetadata, z as RouteHandler, m as SchemaMetadata, a2 as TypedController, a3 as TypedRepository, a1 as TypedResourceConfig, U as UserOrganization, a6 as ValidateOptions, a5 as ValidationResult, p as defineResource, ab as hookSystem, r as resourceRegistry } from './index-WBEvhmWM.js';
+import { l as ResourceConfig } from './index-D5QTob1X.js';
+export { V as AdapterValidationResult, K as AdditionalRoute, A as AnyRecord, s as ApiResponse, h as AuthPluginOptions, a4 as ConfigError, t as ControllerLike, B as CrudController, y as CrudRepository, e as CrudRouteKey, _ as CrudRouterOptions, G as CrudSchemas, D as DataAdapter, N as EventDefinition, u as FastifyRequestExtras, v as FastifyWithAuth, w as FastifyWithDecorators, F as FieldMetadata, E as FieldRule, a9 as GracefulShutdownOptions, a7 as HealthCheck, a8 as HealthOptions, ac as HookContext, ad as HookHandler, H as HookSystem, I as IController, c as IControllerResponse, a as IRequestContext, $ as InferDocType, a0 as InferResourceDoc, Y as IntrospectionData, i as IntrospectionPluginOptions, J as JWTPayload, M as MiddlewareConfig, Z as OrgScopeOptions, O as OwnershipCheck, P as PaginatedResult, L as PresetFunction, f as PresetResult, x as QueryOptions, W as RegistryEntry, X as RegistryStats, n as RelationMetadata, o as RepositoryLike, b as RequestContext, aa as RequestIdOptions, d as RequestWithExtras, q as ResourceDefinition, T as ResourceMetadata, z as RouteHandler, R as RouteSchemaOptions, m as SchemaMetadata, S as ServiceContext, a2 as TypedController, a3 as TypedRepository, a1 as TypedResourceConfig, U as UserOrganization, a6 as ValidateOptions, a5 as ValidationResult, p as defineResource, ab as hookSystem, r as resourceRegistry } from './index-D5QTob1X.js';
 export { MongooseAdapter, MongooseAdapterOptions, PrismaAdapter, PrismaAdapterOptions, createMongooseAdapter, createPrismaAdapter } from './adapters/index.js';
+export { B as BaseController, a as BaseControllerOptions } from './BaseController-nNRS3vpA.js';
 export { RouteHandlerMethod } from 'fastify';
 export { P as PermissionCheck, a as PermissionContext, b as PermissionResult, U as UserBase } from './types-B99TBmFV.js';
 export { A as ArcError, F as ForbiddenError, N as NotFoundError, U as UnauthorizedError, V as ValidationError } from './errors-8WIxGS_6.js';
-export { e as gracefulShutdownPlugin, a as healthPlugin, _ as requestIdPlugin } from './arcCorePlugin-Cqi7j5-_.js';
+export { e as gracefulShutdownPlugin, a as healthPlugin, _ as requestIdPlugin } from './arcCorePlugin-CAjBQtZB.js';
 export { DomainEvent, EventHandler, eventPlugin } from './events/index.js';
 export { allOf, allowPublic, anyOf, denyAll, requireAuth, requireOwnership, requireRoles, when } from './permissions/index.js';
-export { A as ArcFactory, c as createApp } from './createApp-9q_I1la4.js';
-export { C as CreateAppOptions } from './types-EBZBXrg-.js';
+export { A as ArcFactory, c as createApp } from './createApp-CjN9zZSL.js';
+export { C as CreateAppOptions } from './types-zpN48n6B.js';
 import 'mongoose';
 import '@fastify/cors';
 import '@fastify/helmet';
 import '@fastify/rate-limit';
 
-/**
- * Base Controller - Framework-Agnostic CRUD Operations
- *
- * Implements IController interface for framework portability.
- * Works with Fastify, Express, Next.js, or any framework via adapter pattern.
- *
- * @example
- * import { BaseController } from '@classytic/arc';
- *
- * // Use Arc's default query parser (works out of the box)
- * class ProductController extends BaseController {
- *   constructor(repository: CrudRepository) {
- *     super(repository);
- *   }
- * }
- *
- * // Or use MongoKit's parser for advanced MongoDB features ($lookup, aggregations)
- * import { QueryParser } from '@classytic/mongokit';
- * defineResource({
- *   name: 'product',
- *   queryParser: new QueryParser(),
- *   // ...
- * });
- *
- * // Or use a custom parser for SQL databases
- * defineResource({
- *   name: 'user',
- *   queryParser: new PgQueryParser(),
- *   // ...
- * });
- */
-
-/**
- * Flexible repository interface that accepts any repository shape
- * Core CRUD methods use flexible signatures to work with any implementation
- * Custom methods can be added via the index signature
- *
- * @example
- * // MongoKit repository with custom methods
- * interface MyRepository extends FlexibleRepository {
- *   findByEmail(email: string): Promise<User>;
- *   customMethod(): Promise<void>;
- * }
- */
-interface FlexibleRepository {
-    getAll(...args: any[]): Promise<any>;
-    getById(...args: any[]): Promise<any>;
-    create(...args: any[]): Promise<any>;
-    update(...args: any[]): Promise<any>;
-    delete(...args: any[]): Promise<any>;
-    [key: string]: any;
-}
-interface BaseControllerOptions {
-    /** Schema options for field sanitization */
-    schemaOptions?: RouteSchemaOptions;
-    /**
-     * Query parser instance
-     * Default: Arc built-in query parser (adapter-agnostic).
-     * You can swap in MongoKit QueryParser, pgkit parser, etc.
-     */
-    queryParser?: QueryParserInterface;
-    /** Maximum limit for pagination (default: 100) */
-    maxLimit?: number;
-    /** Default limit for pagination (default: 20) */
-    defaultLimit?: number;
-    /** Default sort field (default: '-createdAt') */
-    defaultSort?: string;
-    /** Resource name for hook execution (e.g., 'product' → 'product.created') */
-    resourceName?: string;
-    /** Disable automatic event emission (default: false) */
-    disableEvents?: boolean;
-}
-/**
- * Framework-agnostic base controller implementing MongoKit's IController
- *
- * @template TDoc - The document type
- * @template TRepository - The repository type (defaults to CrudRepository<TDoc>, preserves custom methods when specified)
- *
- * Use with Fastify adapter for Fastify integration (see createFastifyAdapter in createCrudRouter)
- *
- * @example
- * // Without custom repository type (backward compatible)
- * class SimpleController extends BaseController<Product> {
- *   constructor(repository: CrudRepository<Product>) {
- *     super(repository);
- *   }
- * }
- *
- * @example
- * // With custom repository type (type-safe access to custom methods)
- * class ProductController extends BaseController<Product, ProductRepository> {
- *   constructor(repository: ProductRepository) {
- *     super(repository);
- *   }
- *
- *   async customMethod(context: IRequestContext) {
- *     // TypeScript knows about ProductRepository's custom methods
- *     return await this.repository.findByCategory(...);
- *   }
- * }
- */
-declare class BaseController<TDoc = AnyRecord, TRepository extends FlexibleRepository = FlexibleRepository> implements IController<TDoc> {
-    protected repository: TRepository;
-    protected schemaOptions: RouteSchemaOptions;
-    protected queryParser: QueryParserInterface;
-    protected maxLimit: number;
-    protected defaultLimit: number;
-    protected defaultSort: string;
-    protected resourceName?: string;
-    protected disableEvents: boolean;
-    /** Preset field names for dynamic param reading */
-    protected _presetFields: {
-        slugField?: string;
-        parentField?: string;
-    };
-    constructor(repository: TRepository, options?: BaseControllerOptions);
-    /**
-     * Inject resource options from defineResource
-     */
-    _setResourceOptions(options: {
-        schemaOptions?: RouteSchemaOptions;
-        presetFields?: {
-            slugField?: string;
-            parentField?: string;
-        };
-        resourceName?: string;
-        queryParser?: QueryParserInterface;
-    }): void;
-    /**
-     * Build service context from IRequestContext
-     */
-    protected _buildContext(req: IRequestContext): ServiceContext;
-    /**
-     * Parse query into QueryOptions using queryParser
-     */
-    protected _parseQueryOptions(req: IRequestContext): ControllerQueryOptions;
-    /**
-     * Apply org and policy filters
-     */
-    protected _applyFilters(options: ControllerQueryOptions, req: IRequestContext): ControllerQueryOptions;
-    /**
-     * Build filter for single-item operations (get/update/delete)
-     * Combines ID filter with policy/org filters for proper security enforcement
-     */
-    protected _buildIdFilter(id: string, req: IRequestContext): AnyRecord;
-    /**
-     * Check if a value matches a MongoDB query operator
-     */
-    protected _matchesOperator(itemValue: unknown, operator: string, filterValue: unknown): boolean;
-    /**
-     * Forbidden paths that could lead to prototype pollution
-     */
-    private static readonly FORBIDDEN_PATHS;
-    /**
-     * Get nested value from object using dot notation (e.g., "owner.id")
-     * Security: Validates path against forbidden patterns to prevent prototype pollution
-     */
-    protected _getNestedValue(obj: AnyRecord, path: string): unknown;
-    /**
-     * Check if item matches a single filter condition
-     * Supports nested paths (e.g., "owner.id", "metadata.status")
-     */
-    protected _matchesFilter(item: AnyRecord, key: string, filterValue: unknown): boolean;
-    /**
-     * Check if item matches policy filters (for get/update/delete operations)
-     * Validates that fetched item satisfies all policy constraints
-     * Supports MongoDB query operators: $eq, $ne, $gt, $gte, $lt, $lte, $in, $nin, $exists, $regex, $and, $or
-     */
-    protected _checkPolicyFilters(item: AnyRecord, req: IRequestContext): boolean;
-    /** Parse lean option (default: true for performance) */
-    protected _parseLean(leanValue: unknown): boolean;
-    /** Get blocked fields from schema options */
-    protected _getBlockedFields(schemaOptions: RouteSchemaOptions): string[];
-    /**
-     * Convert parsed select object to string format
-     * Converts { name: 1, email: 1, password: 0 } → 'name email -password'
-     */
-    protected _selectToString(select: string | string[] | Record<string, 0 | 1> | undefined): string | undefined;
-    /** Sanitize select fields */
-    protected _sanitizeSelect(select: string | undefined, schemaOptions: RouteSchemaOptions): string | undefined;
-    /** Sanitize populate fields */
-    protected _sanitizePopulate(populate: unknown, schemaOptions: RouteSchemaOptions): string[] | undefined;
-    /** Check org scope for a document */
-    protected _checkOrgScope(item: AnyRecord | null, arcContext: RequestContext | undefined): boolean;
-    /** Check ownership for update/delete (ownedByUser preset) */
-    protected _checkOwnership(item: AnyRecord | null, req: IRequestContext): boolean;
-    /**
-     * Get hook system from context (instance-scoped) or fall back to global singleton
-     * This allows proper isolation when running multiple app instances (e.g., in tests)
-     */
-    protected _getHooks(req: IRequestContext): HookSystem;
-    /**
-     * List resources with filtering, pagination, sorting
-     * Implements IController.list()
-     */
-    list(req: IRequestContext): Promise<IControllerResponse<PaginatedResult<TDoc>>>;
-    /**
-     * Get single resource by ID
-     * Implements IController.get()
-     */
-    get(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    /**
-     * Create new resource
-     * Implements IController.create()
-     */
-    create(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    /**
-     * Update existing resource
-     * Implements IController.update()
-     */
-    update(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    /**
-     * Delete resource
-     * Implements IController.delete()
-     */
-    delete(req: IRequestContext): Promise<IControllerResponse<{
-        message: string;
-    }>>;
-    /** Get resource by slug (slugLookup preset) */
-    getBySlug(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    /** Get soft-deleted resources (softDelete preset) */
-    getDeleted(req: IRequestContext): Promise<IControllerResponse<PaginatedResult<TDoc>>>;
-    /** Restore soft-deleted resource (softDelete preset) */
-    restore(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
-    /** Get hierarchical tree (tree preset) */
-    getTree(req: IRequestContext): Promise<IControllerResponse<TDoc[]>>;
-    /** Get children of parent (tree preset) */
-    getChildren(req: IRequestContext): Promise<IControllerResponse<TDoc[]>>;
-}
-
 /**
  * Resource Configuration Validator
  *
@@ -361,4 +132,4 @@ declare function assertValidConfig(config: ResourceConfig, options?: ValidateOpt
 
 declare const version = "1.0.0";
 
-export { AnyRecord, BaseController, type BaseControllerOptions, HookSystem, IController, IControllerResponse, IRequestContext, PaginatedResult, RequestContext, ResourceConfig, RouteSchemaOptions, ServiceContext, assertValidConfig, formatValidationErrors, validateResourceConfig, version };
+export { ResourceConfig, assertValidConfig, formatValidationErrors, validateResourceConfig, version };

package/dist/index.js

@@ -3306,15 +3306,16 @@ function allowPublic() {
   return check;
 }
 function requireAuth() {
-  return (ctx) => {
+  const check = (ctx) => {
     if (!ctx.user) {
       return { granted: false, reason: "Authentication required" };
     }
     return true;
   };
+  return check;
 }
 function requireRoles(roles, options) {
-  return (ctx) => {
+  const check = (ctx) => {
     if (!ctx.user) {
       return { granted: false, reason: "Authentication required" };
     }
@@ -3330,6 +3331,8 @@ function requireRoles(roles, options) {
       reason: `Required roles: ${roles.join(", ")}`
     };
   };
+  check._roles = roles;
+  return check;
 }
 function requireOwnership(ownerField = "userId", options) {
   return (ctx) => {

package/dist/org/index.d.ts

@@ -1,5 +1,5 @@
 import { RouteHandlerMethod, FastifyPluginAsync } from 'fastify';
-import { i as RequestContext, Z as OrgScopeOptions, z as RouteHandler } from '../index-WBEvhmWM.js';
+import { b as RequestContext, Z as OrgScopeOptions, z as RouteHandler } from '../index-D5QTob1X.js';
 import { U as UserBase } from '../types-B99TBmFV.js';
 import 'mongoose';
 

package/dist/permissions/index.js

@@ -5,15 +5,16 @@ function allowPublic() {
   return check;
 }
 function requireAuth() {
-  return (ctx) => {
+  const check = (ctx) => {
     if (!ctx.user) {
       return { granted: false, reason: "Authentication required" };
     }
     return true;
   };
+  return check;
 }
 function requireRoles(roles, options) {
-  return (ctx) => {
+  const check = (ctx) => {
     if (!ctx.user) {
       return { granted: false, reason: "Authentication required" };
     }
@@ -29,6 +30,8 @@ function requireRoles(roles, options) {
       reason: `Required roles: ${roles.join(", ")}`
     };
   };
+  check._roles = roles;
+  return check;
 }
 function requireOwnership(ownerField = "userId", options) {
   return (ctx) => {

package/dist/plugins/index.d.ts

@@ -1,6 +1,6 @@
-export { k as ArcCore, A as ArcCorePluginOptions, G as GracefulShutdownOptions, b as HealthCheck, H as HealthOptions, R as RequestIdOptions, T as TracingOptions, f as arcCorePlugin, j as arcCorePluginFn, d as createSpan, e as gracefulShutdownPlugin, g as gracefulShutdownPluginFn, a as healthPlugin, h as healthPluginFn, i as isTracingAvailable, _ as requestIdPlugin, r as requestIdPluginFn, t as traced, c as tracingPlugin } from '../arcCorePlugin-Cqi7j5-_.js';
+export { k as ArcCore, A as ArcCorePluginOptions, G as GracefulShutdownOptions, b as HealthCheck, H as HealthOptions, R as RequestIdOptions, T as TracingOptions, f as arcCorePlugin, j as arcCorePluginFn, d as createSpan, e as gracefulShutdownPlugin, g as gracefulShutdownPluginFn, a as healthPlugin, h as healthPluginFn, i as isTracingAvailable, _ as requestIdPlugin, r as requestIdPluginFn, t as traced, c as tracingPlugin } from '../arcCorePlugin-CAjBQtZB.js';
 import { FastifyInstance, FastifyRequest } from 'fastify';
-import '../index-WBEvhmWM.js';
+import '../index-D5QTob1X.js';
 import 'mongoose';
 import '../types-B99TBmFV.js';
 

package/dist/presets/index.d.ts

@@ -1,6 +1,6 @@
 import { MultiTenantOptions } from './multiTenant.js';
 export { default as multiTenantPreset } from './multiTenant.js';
-import { P as PresetResult, g as IRequestContext, j as IControllerResponse, k as PaginatedResult, d as AnyRecord, l as ResourceConfig } from '../index-WBEvhmWM.js';
+import { f as PresetResult, a as IRequestContext, c as IControllerResponse, P as PaginatedResult, A as AnyRecord, l as ResourceConfig } from '../index-D5QTob1X.js';
 import 'mongoose';
 import 'fastify';
 import '../types-B99TBmFV.js';

package/dist/presets/index.js

@@ -5,7 +5,7 @@ function allowPublic() {
   return check;
 }
 function requireRoles(roles, options) {
-  return (ctx) => {
+  const check = (ctx) => {
     if (!ctx.user) {
       return { granted: false, reason: "Authentication required" };
     }
@@ -18,6 +18,8 @@ function requireRoles(roles, options) {
       reason: `Required roles: ${roles.join(", ")}`
     };
   };
+  check._roles = roles;
+  return check;
 }
 
 // src/presets/softDelete.ts

package/dist/presets/multiTenant.d.ts

@@ -1,4 +1,4 @@
-import { R as RequestWithExtras, C as CrudRouteKey, P as PresetResult } from '../index-WBEvhmWM.js';
+import { d as RequestWithExtras, e as CrudRouteKey, f as PresetResult } from '../index-D5QTob1X.js';
 import 'mongoose';
 import 'fastify';
 import '../types-B99TBmFV.js';

package/dist/registry/index.d.ts

@@ -1,5 +1,5 @@
-import { I as IntrospectionPluginOptions } from '../index-WBEvhmWM.js';
-export { c as RegisterOptions, b as ResourceRegistry, r as resourceRegistry } from '../index-WBEvhmWM.js';
+import { i as IntrospectionPluginOptions } from '../index-D5QTob1X.js';
+export { k as RegisterOptions, j as ResourceRegistry, r as resourceRegistry } from '../index-D5QTob1X.js';
 import { FastifyPluginAsync } from 'fastify';
 import 'mongoose';
 import '../types-B99TBmFV.js';

package/dist/testing/index.d.ts

@@ -1,6 +1,6 @@
-import { q as ResourceDefinition, d as AnyRecord, y as CrudRepository } from '../index-WBEvhmWM.js';
+import { q as ResourceDefinition, A as AnyRecord, y as CrudRepository } from '../index-D5QTob1X.js';
 import Fastify, { FastifyInstance } from 'fastify';
-import { C as CreateAppOptions } from '../types-EBZBXrg-.js';
+import { C as CreateAppOptions } from '../types-zpN48n6B.js';
 import { Mock } from 'vitest';
 import { Connection } from 'mongoose';
 import '../types-B99TBmFV.js';

package/dist/types/index.d.ts

@@ -1,4 +1,4 @@
-export { K as AdditionalRoute, d as AnyRecord, s as ApiResponse, ak as ArcDecorator, A as AuthHelpers, a as AuthPluginOptions, ar as Authenticator, aq as AuthenticatorContext, au as BaseControllerOptions, a4 as ConfigError, ax as ControllerHandler, t as ControllerLike, h as ControllerQueryOptions, B as CrudController, y as CrudRepository, C as CrudRouteKey, _ as CrudRouterOptions, G as CrudSchemas, N as EventDefinition, al as EventsDecorator, ay as FastifyHandler, u as FastifyRequestExtras, v as FastifyWithAuth, w as FastifyWithDecorators, E as FieldRule, a9 as GracefulShutdownOptions, a7 as HealthCheck, a8 as HealthOptions, e as IController, j as IControllerResponse, g as IRequestContext, aw as InferDoc, $ as InferDocType, a0 as InferResourceDoc, Y as IntrospectionData, I as IntrospectionPluginOptions, J as JWTPayload, ap as JwtContext, M as MiddlewareConfig, ao as MiddlewareHandler, ah as ObjectId, af as OpenApiSchemas, Z as OrgScopeOptions, O as OwnershipCheck, k as PaginatedResult, av as PaginationParams, ae as ParsedQuery, L as PresetFunction, at as PresetHook, P as PresetResult, x as QueryOptions, Q as QueryParserInterface, W as RegistryEntry, X as RegistryStats, i as RequestContext, aa as RequestIdOptions, R as RequestWithExtras, l as ResourceConfig, an as ResourceHooks, T as ResourceMetadata, am as ResourcePermissions, z as RouteHandler, f as RouteSchemaOptions, S as ServiceContext, as as TokenPair, a2 as TypedController, a3 as TypedRepository, a1 as TypedResourceConfig, ai as UserLike, U as UserOrganization, a6 as ValidateOptions, a5 as ValidationResult, aj as getUserId } from '../index-WBEvhmWM.js';
+export { K as AdditionalRoute, A as AnyRecord, s as ApiResponse, ak as ArcDecorator, g as AuthHelpers, h as AuthPluginOptions, ar as Authenticator, aq as AuthenticatorContext, au as BaseControllerOptions, a4 as ConfigError, ax as ControllerHandler, t as ControllerLike, C as ControllerQueryOptions, B as CrudController, y as CrudRepository, e as CrudRouteKey, _ as CrudRouterOptions, G as CrudSchemas, N as EventDefinition, al as EventsDecorator, ay as FastifyHandler, u as FastifyRequestExtras, v as FastifyWithAuth, w as FastifyWithDecorators, E as FieldRule, a9 as GracefulShutdownOptions, a7 as HealthCheck, a8 as HealthOptions, I as IController, c as IControllerResponse, a as IRequestContext, aw as InferDoc, $ as InferDocType, a0 as InferResourceDoc, Y as IntrospectionData, i as IntrospectionPluginOptions, J as JWTPayload, ap as JwtContext, M as MiddlewareConfig, ao as MiddlewareHandler, ah as ObjectId, af as OpenApiSchemas, Z as OrgScopeOptions, O as OwnershipCheck, P as PaginatedResult, av as PaginationParams, ae as ParsedQuery, L as PresetFunction, at as PresetHook, f as PresetResult, x as QueryOptions, Q as QueryParserInterface, W as RegistryEntry, X as RegistryStats, b as RequestContext, aa as RequestIdOptions, d as RequestWithExtras, l as ResourceConfig, an as ResourceHooks, T as ResourceMetadata, am as ResourcePermissions, z as RouteHandler, R as RouteSchemaOptions, S as ServiceContext, as as TokenPair, a2 as TypedController, a3 as TypedRepository, a1 as TypedResourceConfig, ai as UserLike, U as UserOrganization, a6 as ValidateOptions, a5 as ValidationResult, aj as getUserId } from '../index-D5QTob1X.js';
 export { RouteHandlerMethod } from 'fastify';
 export { Document, Model } from 'mongoose';
 export { P as PermissionCheck, a as PermissionContext, b as PermissionResult, U as UserBase } from '../types-B99TBmFV.js';

package/dist/{types-EBZBXrg-.d.ts → types-zpN48n6B.d.ts}

@@ -2,7 +2,7 @@ import { FastifyServerOptions } from 'fastify';
 import { FastifyCorsOptions } from '@fastify/cors';
 import { FastifyHelmetOptions } from '@fastify/helmet';
 import { RateLimitOptions } from '@fastify/rate-limit';
-import { a as AuthPluginOptions } from './index-WBEvhmWM.js';
+import { h as AuthPluginOptions } from './index-D5QTob1X.js';
 
 /**
  * Types for createApp factory

package/dist/utils/index.d.ts

@@ -1,5 +1,5 @@
 export { A as ArcError, C as ConflictError, E as ErrorDetails, F as ForbiddenError, N as NotFoundError, a as OrgAccessDeniedError, O as OrgRequiredError, R as RateLimitError, S as ServiceUnavailableError, U as UnauthorizedError, V as ValidationError, c as createError, i as isArcError } from '../errors-8WIxGS_6.js';
-import { d as AnyRecord, Q as QueryParserInterface, ae as ParsedQuery } from '../index-WBEvhmWM.js';
+import { A as AnyRecord, Q as QueryParserInterface, ae as ParsedQuery } from '../index-D5QTob1X.js';
 import 'mongoose';
 import 'fastify';
 import '../types-B99TBmFV.js';
@@ -29,7 +29,10 @@ declare const successResponseSchema: JsonSchema;
  */
 declare const errorResponseSchema: JsonSchema;
 /**
- * Pagination schema
+ * Pagination schema - matches MongoKit/Arc runtime format
+ *
+ * Runtime format (flat fields):
+ * { page, limit, total, pages, hasNext, hasPrev }
  */
 declare const paginationSchema: JsonSchema;
 /**
@@ -37,21 +40,42 @@ declare const paginationSchema: JsonSchema;
  */
 declare function wrapResponse(dataSchema: JsonSchema): JsonSchema;
 /**
- * Create a list response schema with pagination
+ * Create a list response schema with pagination - matches MongoKit/Arc runtime format
+ *
+ * Runtime format:
+ * { success, docs: [...], page, limit, total, pages, hasNext, hasPrev }
+ *
+ * Note: Uses 'docs' array (not 'data') with flat pagination fields
  */
 declare function listResponse(itemSchema: JsonSchema): JsonSchema;
+/**
+ * Alias for listResponse - matches local responseSchemas.js naming
+ */
+declare const paginateWrapper: typeof listResponse;
 /**
  * Create a single item response schema
+ *
+ * Runtime format: { success, data: {...} }
  */
 declare function itemResponse(itemSchema: JsonSchema): JsonSchema;
+/**
+ * Alias for itemResponse - matches local responseSchemas.js naming
+ */
+declare const itemWrapper: typeof itemResponse;
 /**
  * Create a create/update response schema
  */
 declare function mutationResponse(itemSchema: JsonSchema): JsonSchema;
 /**
  * Create a delete response schema
+ *
+ * Runtime format: { success, message }
  */
 declare function deleteResponse(): JsonSchema;
+/**
+ * Alias for deleteResponse - matches local responseSchemas.js naming
+ */
+declare const messageWrapper: typeof deleteResponse;
 declare const responses: {
     200: (schema: JsonSchema) => {
         description: string;
@@ -652,4 +676,4 @@ declare class ArcQueryParser implements QueryParserInterface {
  */
 declare function createQueryParser(options?: ArcQueryParserOptions): ArcQueryParser;
 
-export { ArcQueryParser, type ArcQueryParserOptions, CircuitBreaker, CircuitBreakerError, type CircuitBreakerOptions, CircuitBreakerRegistry, type CircuitBreakerStats, CircuitState, type JsonSchema, type StateMachine, type TransitionConfig, circuitBreakerRegistry, createCircuitBreaker, createQueryParser, createStateMachine, deleteResponse, errorResponseSchema, getListQueryParams, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, wrapResponse };
+export { ArcQueryParser, type ArcQueryParserOptions, CircuitBreaker, CircuitBreakerError, type CircuitBreakerOptions, CircuitBreakerRegistry, type CircuitBreakerStats, CircuitState, type JsonSchema, type StateMachine, type TransitionConfig, circuitBreakerRegistry, createCircuitBreaker, createQueryParser, createStateMachine, deleteResponse, errorResponseSchema, getListQueryParams, itemResponse, itemWrapper, listResponse, messageWrapper, mutationResponse, paginateWrapper, paginationSchema, queryParams, responses, successResponseSchema, wrapResponse };

package/dist/utils/index.js

@@ -180,11 +180,11 @@ var paginationSchema = {
     page: { type: "integer", example: 1 },
     limit: { type: "integer", example: 20 },
     total: { type: "integer", example: 100 },
-    totalPages: { type: "integer", example: 5 },
-    hasNextPage: { type: "boolean", example: true },
-    hasPrevPage: { type: "boolean", example: false }
+    pages: { type: "integer", example: 5 },
+    hasNext: { type: "boolean", example: true },
+    hasPrev: { type: "boolean", example: false }
   },
-  required: ["page", "limit", "total", "totalPages", "hasNextPage", "hasPrevPage"]
+  required: ["page", "limit", "total", "pages", "hasNext", "hasPrev"]
 };
 function wrapResponse(dataSchema) {
   return {
@@ -201,18 +201,26 @@ function listResponse(itemSchema) {
     type: "object",
     properties: {
       success: { type: "boolean", example: true },
-      data: {
+      docs: {
         type: "array",
         items: itemSchema
       },
-      pagination: paginationSchema
+      // Flat pagination fields (not nested)
+      page: { type: "integer", example: 1 },
+      limit: { type: "integer", example: 20 },
+      total: { type: "integer", example: 100 },
+      pages: { type: "integer", example: 5 },
+      hasNext: { type: "boolean", example: false },
+      hasPrev: { type: "boolean", example: false }
     },
-    required: ["success", "data"]
+    required: ["success", "docs"]
   };
 }
+var paginateWrapper = listResponse;
 function itemResponse(itemSchema) {
   return wrapResponse(itemSchema);
 }
+var itemWrapper = itemResponse;
 function mutationResponse(itemSchema) {
   return {
     type: "object",
@@ -234,6 +242,7 @@ function deleteResponse() {
     required: ["success"]
   };
 }
+var messageWrapper = deleteResponse;
 var responses = {
   200: (schema) => ({
     description: "Successful response",
@@ -902,4 +911,4 @@ function createQueryParser(options) {
   return new ArcQueryParser(options);
 }
 
-export { ArcError, ArcQueryParser, CircuitBreaker, CircuitBreakerError, CircuitBreakerRegistry, CircuitState, ConflictError, ForbiddenError, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, UnauthorizedError, ValidationError, circuitBreakerRegistry, createCircuitBreaker, createError, createQueryParser, createStateMachine, deleteResponse, errorResponseSchema, getListQueryParams, isArcError, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, wrapResponse };
+export { ArcError, ArcQueryParser, CircuitBreaker, CircuitBreakerError, CircuitBreakerRegistry, CircuitState, ConflictError, ForbiddenError, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, UnauthorizedError, ValidationError, circuitBreakerRegistry, createCircuitBreaker, createError, createQueryParser, createStateMachine, deleteResponse, errorResponseSchema, getListQueryParams, isArcError, itemResponse, itemWrapper, listResponse, messageWrapper, mutationResponse, paginateWrapper, paginationSchema, queryParams, responses, successResponseSchema, wrapResponse };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@classytic/arc",
-  "version": "1.0.5",
+  "version": "1.0.8",
   "description": "Resource-oriented backend framework for Fastify + MongoDB",
   "type": "module",
   "exports": {