@classytic/arc 1.0.5 → 1.1.0

package/dist/BaseController-DVAiHxEQ.d.ts

@@ -0,0 +1,233 @@
+import { A as AnyRecord, I as IController, R as RouteSchemaOptions, Q as QueryParserInterface, a as IRequestContext, S as ServiceContext, C as ControllerQueryOptions, b as RequestContext, H as HookSystem, c as IControllerResponse, P as PaginatedResult } from './index-B4t03KQ0.js';
+
+/**
+ * Base Controller - Framework-Agnostic CRUD Operations
+ *
+ * Implements IController interface for framework portability.
+ * Works with Fastify, Express, Next.js, or any framework via adapter pattern.
+ *
+ * @example
+ * import { BaseController } from '@classytic/arc';
+ *
+ * // Use Arc's default query parser (works out of the box)
+ * class ProductController extends BaseController {
+ *   constructor(repository: CrudRepository) {
+ *     super(repository);
+ *   }
+ * }
+ *
+ * // Or use MongoKit's parser for advanced MongoDB features ($lookup, aggregations)
+ * import { QueryParser } from '@classytic/mongokit';
+ * defineResource({
+ *   name: 'product',
+ *   queryParser: new QueryParser(),
+ *   // ...
+ * });
+ *
+ * // Or use a custom parser for SQL databases
+ * defineResource({
+ *   name: 'user',
+ *   queryParser: new PgQueryParser(),
+ *   // ...
+ * });
+ */
+
+/**
+ * Flexible repository interface that accepts any repository shape
+ * Core CRUD methods use flexible signatures to work with any implementation
+ * Custom methods can be added via the index signature
+ *
+ * @example
+ * // MongoKit repository with custom methods
+ * interface MyRepository extends FlexibleRepository {
+ *   findByEmail(email: string): Promise<User>;
+ *   customMethod(): Promise<void>;
+ * }
+ */
+interface FlexibleRepository {
+    getAll(...args: any[]): Promise<any>;
+    getById(...args: any[]): Promise<any>;
+    create(...args: any[]): Promise<any>;
+    update(...args: any[]): Promise<any>;
+    delete(...args: any[]): Promise<any>;
+    [key: string]: any;
+}
+interface BaseControllerOptions {
+    /** Schema options for field sanitization */
+    schemaOptions?: RouteSchemaOptions;
+    /**
+     * Query parser instance
+     * Default: Arc built-in query parser (adapter-agnostic).
+     * You can swap in MongoKit QueryParser, pgkit parser, etc.
+     */
+    queryParser?: QueryParserInterface;
+    /** Maximum limit for pagination (default: 100) */
+    maxLimit?: number;
+    /** Default limit for pagination (default: 20) */
+    defaultLimit?: number;
+    /** Default sort field (default: '-createdAt') */
+    defaultSort?: string;
+    /** Resource name for hook execution (e.g., 'product' → 'product.created') */
+    resourceName?: string;
+    /** Disable automatic event emission (default: false) */
+    disableEvents?: boolean;
+}
+/**
+ * Framework-agnostic base controller implementing MongoKit's IController
+ *
+ * @template TDoc - The document type
+ * @template TRepository - The repository type (defaults to CrudRepository<TDoc>, preserves custom methods when specified)
+ *
+ * Use with Fastify adapter for Fastify integration (see createFastifyAdapter in createCrudRouter)
+ *
+ * @example
+ * // Without custom repository type (backward compatible)
+ * class SimpleController extends BaseController<Product> {
+ *   constructor(repository: CrudRepository<Product>) {
+ *     super(repository);
+ *   }
+ * }
+ *
+ * @example
+ * // With custom repository type (type-safe access to custom methods)
+ * class ProductController extends BaseController<Product, ProductRepository> {
+ *   constructor(repository: ProductRepository) {
+ *     super(repository);
+ *   }
+ *
+ *   async customMethod(context: IRequestContext) {
+ *     // TypeScript knows about ProductRepository's custom methods
+ *     return await this.repository.findByCategory(...);
+ *   }
+ * }
+ */
+declare class BaseController<TDoc = AnyRecord, TRepository extends FlexibleRepository = FlexibleRepository> implements IController<TDoc> {
+    protected repository: TRepository;
+    protected schemaOptions: RouteSchemaOptions;
+    protected queryParser: QueryParserInterface;
+    protected maxLimit: number;
+    protected defaultLimit: number;
+    protected defaultSort: string;
+    protected resourceName?: string;
+    protected disableEvents: boolean;
+    /** Preset field names for dynamic param reading */
+    protected _presetFields: {
+        slugField?: string;
+        parentField?: string;
+    };
+    constructor(repository: TRepository, options?: BaseControllerOptions);
+    /**
+     * Inject resource options from defineResource
+     */
+    _setResourceOptions(options: {
+        schemaOptions?: RouteSchemaOptions;
+        presetFields?: {
+            slugField?: string;
+            parentField?: string;
+        };
+        resourceName?: string;
+        queryParser?: QueryParserInterface;
+    }): void;
+    /**
+     * Build service context from IRequestContext
+     */
+    protected _buildContext(req: IRequestContext): ServiceContext;
+    /**
+     * Parse query into QueryOptions using queryParser
+     */
+    protected _parseQueryOptions(req: IRequestContext): ControllerQueryOptions;
+    /**
+     * Apply org and policy filters
+     */
+    protected _applyFilters(options: ControllerQueryOptions, req: IRequestContext): ControllerQueryOptions;
+    /**
+     * Build filter for single-item operations (get/update/delete)
+     * Combines ID filter with policy/org filters for proper security enforcement
+     */
+    protected _buildIdFilter(id: string, req: IRequestContext): AnyRecord;
+    /**
+     * Check if a value matches a MongoDB query operator
+     */
+    protected _matchesOperator(itemValue: unknown, operator: string, filterValue: unknown): boolean;
+    /**
+     * Forbidden paths that could lead to prototype pollution
+     */
+    private static readonly FORBIDDEN_PATHS;
+    /**
+     * Get nested value from object using dot notation (e.g., "owner.id")
+     * Security: Validates path against forbidden patterns to prevent prototype pollution
+     */
+    protected _getNestedValue(obj: AnyRecord, path: string): unknown;
+    /**
+     * Check if item matches a single filter condition
+     * Supports nested paths (e.g., "owner.id", "metadata.status")
+     */
+    protected _matchesFilter(item: AnyRecord, key: string, filterValue: unknown): boolean;
+    /**
+     * Check if item matches policy filters (for get/update/delete operations)
+     * Validates that fetched item satisfies all policy constraints
+     * Supports MongoDB query operators: $eq, $ne, $gt, $gte, $lt, $lte, $in, $nin, $exists, $regex, $and, $or
+     */
+    protected _checkPolicyFilters(item: AnyRecord, req: IRequestContext): boolean;
+    /** Parse lean option (default: true for performance) */
+    protected _parseLean(leanValue: unknown): boolean;
+    /** Get blocked fields from schema options */
+    protected _getBlockedFields(schemaOptions: RouteSchemaOptions): string[];
+    /**
+     * Convert parsed select object to string format
+     * Converts { name: 1, email: 1, password: 0 } → 'name email -password'
+     */
+    protected _selectToString(select: string | string[] | Record<string, 0 | 1> | undefined): string | undefined;
+    /** Sanitize select fields */
+    protected _sanitizeSelect(select: string | undefined, schemaOptions: RouteSchemaOptions): string | undefined;
+    /** Sanitize populate fields */
+    protected _sanitizePopulate(populate: unknown, schemaOptions: RouteSchemaOptions): string[] | undefined;
+    /** Check org scope for a document */
+    protected _checkOrgScope(item: AnyRecord | null, arcContext: RequestContext | undefined): boolean;
+    /** Check ownership for update/delete (ownedByUser preset) */
+    protected _checkOwnership(item: AnyRecord | null, req: IRequestContext): boolean;
+    /**
+     * Get hook system from context (instance-scoped) or fall back to global singleton
+     * This allows proper isolation when running multiple app instances (e.g., in tests)
+     */
+    protected _getHooks(req: IRequestContext): HookSystem;
+    /**
+     * List resources with filtering, pagination, sorting
+     * Implements IController.list()
+     */
+    list(req: IRequestContext): Promise<IControllerResponse<PaginatedResult<TDoc>>>;
+    /**
+     * Get single resource by ID
+     * Implements IController.get()
+     */
+    get(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
+    /**
+     * Create new resource
+     * Implements IController.create()
+     */
+    create(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
+    /**
+     * Update existing resource
+     * Implements IController.update()
+     */
+    update(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
+    /**
+     * Delete resource
+     * Implements IController.delete()
+     */
+    delete(req: IRequestContext): Promise<IControllerResponse<{
+        message: string;
+    }>>;
+    /** Get resource by slug (slugLookup preset) */
+    getBySlug(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
+    /** Get soft-deleted resources (softDelete preset) */
+    getDeleted(req: IRequestContext): Promise<IControllerResponse<PaginatedResult<TDoc>>>;
+    /** Restore soft-deleted resource (softDelete preset) */
+    restore(req: IRequestContext): Promise<IControllerResponse<TDoc>>;
+    /** Get hierarchical tree (tree preset) */
+    getTree(req: IRequestContext): Promise<IControllerResponse<TDoc[]>>;
+    /** Get children of parent (tree preset) */
+    getChildren(req: IRequestContext): Promise<IControllerResponse<TDoc[]>>;
+}
+
+export { BaseController as B, type BaseControllerOptions as a };

package/dist/adapters/index.d.ts

@@ -1,5 +1,5 @@
-import { D as DataAdapter, y as CrudRepository, o as RepositoryLike, m as SchemaMetadata, f as RouteSchemaOptions, af as OpenApiSchemas, Q as QueryParserInterface, ae as ParsedQuery, V as ValidationResult } from '../index-WBEvhmWM.js';
-export { ag as AdapterFactory, F as FieldMetadata, n as RelationMetadata } from '../index-WBEvhmWM.js';
+import { D as DataAdapter, y as CrudRepository, o as RepositoryLike, m as SchemaMetadata, R as RouteSchemaOptions, af as OpenApiSchemas, Q as QueryParserInterface, ae as ParsedQuery, V as ValidationResult } from '../index-B4t03KQ0.js';
+export { ag as AdapterFactory, F as FieldMetadata, n as RelationMetadata } from '../index-B4t03KQ0.js';
 import { Model } from 'mongoose';
 import 'fastify';
 import '../types-B99TBmFV.js';

package/dist/{arcCorePlugin-Cqi7j5-_.d.ts → arcCorePlugin-CsShQdyP.d.ts}

@@ -1,5 +1,5 @@
 import { FastifyPluginAsync, FastifyInstance, FastifyRequest } from 'fastify';
-import { H as HookSystem, b as ResourceRegistry } from './index-WBEvhmWM.js';
+import { H as HookSystem, j as ResourceRegistry } from './index-B4t03KQ0.js';
 
 /**
  * Request ID Plugin

package/dist/auth/index.d.ts

@@ -1,5 +1,5 @@
 import { FastifyPluginAsync } from 'fastify';
-import { A as AuthHelpers, a as AuthPluginOptions } from '../index-WBEvhmWM.js';
+import { g as AuthHelpers, h as AuthPluginOptions } from '../index-B4t03KQ0.js';
 import 'mongoose';
 import '../types-B99TBmFV.js';
 

package/dist/cli/commands/init.js

@@ -97,7 +97,6 @@ async function installDependencies(projectPath, config, pm) {
     devDeps.push(
       "typescript@latest",
       "@types/node@latest",
-      "@types/bcryptjs@latest",
       "@types/jsonwebtoken@latest",
       "tsx@latest"
     );
@@ -601,6 +600,9 @@ export async function createAppInstance()${ts ? ": Promise<FastifyInstance>" : "
     },
     cors: {
       origin: config.cors.origins,
+      methods: config.cors.methods,
+      allowedHeaders: config.cors.allowedHeaders,
+      credentials: config.cors.credentials,
     },
   });
 
@@ -675,7 +677,10 @@ HOST=0.0.0.0
 JWT_SECRET=dev-secret-change-in-production-min-32-chars
 JWT_EXPIRES_IN=7d
 
-# CORS
+# CORS - Allowed origins
+# Options:
+#   * = allow all origins (not recommended for production)
+#   Comma-separated list = specific origins only
 CORS_ORIGINS=http://localhost:3000,http://localhost:5173
 `;
   if (config.adapter === "mongokit") {
@@ -1319,7 +1324,10 @@ export interface AppConfig {
     expiresIn: string;
   };
   cors: {
-    origins: string[];
+    origins: string[] | boolean;  // true = allow all ('*')
+    methods: string[];
+    allowedHeaders: string[];
+    credentials: boolean;
   };${config.adapter === "mongokit" ? `
   database: {
     uri: string;
@@ -1351,7 +1359,14 @@ const config${ts ? ": AppConfig" : ""} = {
   },
 
   cors: {
-    origins: (process.env.CORS_ORIGINS || 'http://localhost:3000').split(','),
+    // '*' = allow all origins (true), otherwise comma-separated list
+    origins:
+      process.env.CORS_ORIGINS === '*'
+        ? true
+        : (process.env.CORS_ORIGINS || 'http://localhost:3000').split(','),
+    methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'x-organization-id', 'x-request-id'],
+    credentials: true,
   },
 ${config.adapter === "mongokit" ? `
   database: {
@@ -1405,7 +1420,7 @@ export default Example;
 }
 function exampleRepositoryTemplate(config) {
   const ts = config.typescript;
-  const typeImport = ts ? "import type { ExampleDocument } from './model.js';\n" : "";
+  const typeImport = ts ? "import type { ExampleDocument } from './example.model.js';\n" : "";
   const generic = ts ? "<ExampleDocument>" : "";
   return `/**
  * Example Repository
@@ -1798,7 +1813,7 @@ export default User;
 }
 function userRepositoryTemplate(config) {
   const ts = config.typescript;
-  const typeImport = ts ? "import type { UserDocument } from './model.js';\nimport type { ClientSession, Types } from 'mongoose';\n" : "";
+  const typeImport = ts ? "import type { UserDocument } from './user.model.js';\nimport type { ClientSession, Types } from 'mongoose';\n" : "";
   return `/**
  * User Repository
  * Generated by Arc CLI

package/dist/cli/index.js

@@ -712,7 +712,6 @@ async function installDependencies(projectPath, config, pm) {
     devDeps.push(
       "typescript@latest",
       "@types/node@latest",
-      "@types/bcryptjs@latest",
       "@types/jsonwebtoken@latest",
       "tsx@latest"
     );
@@ -1216,6 +1215,9 @@ export async function createAppInstance()${ts ? ": Promise<FastifyInstance>" : "
     },
     cors: {
       origin: config.cors.origins,
+      methods: config.cors.methods,
+      allowedHeaders: config.cors.allowedHeaders,
+      credentials: config.cors.credentials,
     },
   });
 
@@ -1290,7 +1292,10 @@ HOST=0.0.0.0
 JWT_SECRET=dev-secret-change-in-production-min-32-chars
 JWT_EXPIRES_IN=7d
 
-# CORS
+# CORS - Allowed origins
+# Options:
+#   * = allow all origins (not recommended for production)
+#   Comma-separated list = specific origins only
 CORS_ORIGINS=http://localhost:3000,http://localhost:5173
 `;
   if (config.adapter === "mongokit") {
@@ -1934,7 +1939,10 @@ export interface AppConfig {
     expiresIn: string;
   };
   cors: {
-    origins: string[];
+    origins: string[] | boolean;  // true = allow all ('*')
+    methods: string[];
+    allowedHeaders: string[];
+    credentials: boolean;
   };${config.adapter === "mongokit" ? `
   database: {
     uri: string;
@@ -1966,7 +1974,14 @@ const config${ts ? ": AppConfig" : ""} = {
   },
 
   cors: {
-    origins: (process.env.CORS_ORIGINS || 'http://localhost:3000').split(','),
+    // '*' = allow all origins (true), otherwise comma-separated list
+    origins:
+      process.env.CORS_ORIGINS === '*'
+        ? true
+        : (process.env.CORS_ORIGINS || 'http://localhost:3000').split(','),
+    methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'x-organization-id', 'x-request-id'],
+    credentials: true,
   },
 ${config.adapter === "mongokit" ? `
   database: {
@@ -2020,7 +2035,7 @@ export default Example;
 }
 function exampleRepositoryTemplate(config) {
   const ts = config.typescript;
-  const typeImport = ts ? "import type { ExampleDocument } from './model.js';\n" : "";
+  const typeImport = ts ? "import type { ExampleDocument } from './example.model.js';\n" : "";
   const generic = ts ? "<ExampleDocument>" : "";
   return `/**
  * Example Repository
@@ -2413,7 +2428,7 @@ export default User;
 }
 function userRepositoryTemplate(config) {
   const ts = config.typescript;
-  const typeImport = ts ? "import type { UserDocument } from './model.js';\nimport type { ClientSession, Types } from 'mongoose';\n" : "";
+  const typeImport = ts ? "import type { UserDocument } from './user.model.js';\nimport type { ClientSession, Types } from 'mongoose';\n" : "";
   return `/**
  * User Repository
  * Generated by Arc CLI

package/dist/core/index.d.ts

@@ -0,0 +1,220 @@
+export { B as BaseController, a as BaseControllerOptions } from '../BaseController-DVAiHxEQ.js';
+import { RouteHandlerMethod, FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+import { w as FastifyWithDecorators, B as CrudController, _ as CrudRouterOptions, d as RequestWithExtras, a as IRequestContext, c as IControllerResponse, I as IController } from '../index-B4t03KQ0.js';
+export { q as ResourceDefinition, p as defineResource } from '../index-B4t03KQ0.js';
+import { P as PermissionCheck } from '../types-B99TBmFV.js';
+import 'mongoose';
+
+/**
+ * CRUD Router Factory
+ *
+ * Creates standard REST routes with permission-based access control.
+ * Full TypeScript support with proper Fastify types.
+ *
+ * Features:
+ * - Permission-based access control via PermissionCheck functions
+ * - Organization scoping for multi-tenant routes
+ * - Consistent route patterns
+ * - Framework-agnostic controllers via adapter pattern
+ */
+
+/**
+ * Create CRUD routes for a controller
+ *
+ * @param fastify - Fastify instance with Arc decorators
+ * @param controller - CRUD controller with handler methods
+ * @param options - Router configuration
+ */
+declare function createCrudRouter<TDoc = unknown>(fastify: FastifyWithDecorators, controller: CrudController<TDoc> | undefined, options?: CrudRouterOptions): void;
+/**
+ * Helper to create org scoped middleware
+ */
+declare function createOrgScopedMiddleware(instance: FastifyWithDecorators): RouteHandlerMethod[];
+/**
+ * Create permission middleware from PermissionCheck
+ * Useful for custom route registration
+ */
+declare function createPermissionMiddleware(permission: PermissionCheck, resourceName: string, action: string): RouteHandlerMethod | null;
+
+/**
+ * Action Router Factory (Stripe Pattern)
+ *
+ * Consolidates multiple state-transition endpoints into a single unified action endpoint.
+ * Instead of separate endpoints for each action (approve, dispatch, receive, cancel),
+ * this creates one endpoint: POST /:id/action
+ *
+ * Benefits:
+ * - 40% fewer endpoints
+ * - Consistent permission checking
+ * - Self-documenting via action enum
+ * - Type-safe action validation
+ * - Single audit point for all state transitions
+ *
+ * @example
+ * import { createActionRouter } from '@classytic/arc';
+ * import { requireRoles } from '@classytic/arc/permissions';
+ *
+ * createActionRouter(fastify, {
+ *   tag: 'Inventory - Transfers',
+ *   actions: {
+ *     approve: async (id, data, req) => transferService.approve(id, req.user),
+ *     dispatch: async (id, data, req) => transferService.dispatch(id, data.transport, req.user),
+ *     receive: async (id, data, req) => transferService.receive(id, data, req.user),
+ *     cancel: async (id, data, req) => transferService.cancel(id, data.reason, req.user),
+ *   },
+ *   actionPermissions: {
+ *     approve: requireRoles(['admin', 'warehouse-manager']),
+ *     dispatch: requireRoles(['admin', 'warehouse-staff']),
+ *     receive: requireRoles(['admin', 'store-manager']),
+ *     cancel: requireRoles(['admin']),
+ *   },
+ *   actionSchemas: {
+ *     dispatch: {
+ *       transport: { type: 'object', properties: { driver: { type: 'string' } } }
+ *     },
+ *     cancel: {
+ *       reason: { type: 'string', minLength: 10 }
+ *     },
+ *   }
+ * });
+ */
+
+/**
+ * Action handler function
+ * @param id - Resource ID
+ * @param data - Action-specific data from request body
+ * @param req - Full Fastify request object
+ * @returns Action result (will be wrapped in success response)
+ */
+type ActionHandler<TData = any, TResult = any> = (id: string, data: TData, req: RequestWithExtras) => Promise<TResult>;
+/**
+ * Action router configuration
+ */
+interface ActionRouterConfig {
+    /**
+     * OpenAPI tag for grouping routes
+     */
+    tag?: string;
+    /**
+     * Action handlers map
+     * @example { approve: (id, data, req) => service.approve(id), ... }
+     */
+    actions: Record<string, ActionHandler>;
+    /**
+     * Per-action permission checks (PermissionCheck functions)
+     * @example { approve: requireRoles(['admin', 'manager']), cancel: requireRoles(['admin']) }
+     */
+    actionPermissions?: Record<string, PermissionCheck>;
+    /**
+     * Per-action JSON schema for body validation
+     * @example { dispatch: { transport: { type: 'object' } } }
+     */
+    actionSchemas?: Record<string, Record<string, any>>;
+    /**
+     * Global permission check applied to all actions (if action-specific not defined)
+     */
+    globalAuth?: PermissionCheck;
+    /**
+     * Optional idempotency service
+     * If provided, will handle idempotency-key header
+     */
+    idempotencyService?: IdempotencyService;
+    /**
+     * Custom error handler for action execution failures
+     * @param error - The error thrown by action handler
+     * @param action - The action that failed
+     * @param id - The resource ID
+     * @returns Status code and error response
+     */
+    onError?: (error: Error, action: string, id: string) => {
+        statusCode: number;
+        error: string;
+        code?: string;
+    };
+}
+/**
+ * Idempotency service interface
+ * Apps can provide their own implementation
+ */
+interface IdempotencyService {
+    check(key: string, payload: any): Promise<{
+        isNew: boolean;
+        existingResult?: any;
+    }>;
+    complete(key: string | undefined, result: any): Promise<void>;
+    fail(key: string | undefined, error: Error): Promise<void>;
+}
+/**
+ * Create action-based state transition endpoint
+ *
+ * Registers: POST /:id/action
+ * Body: { action: string, ...actionData }
+ *
+ * @param fastify - Fastify instance
+ * @param config - Action router configuration
+ */
+declare function createActionRouter(fastify: FastifyInstance, config: ActionRouterConfig): void;
+
+/**
+ * Fastify Adapter for IController
+ *
+ * Converts between Fastify's request/reply and framework-agnostic IRequestContext/IControllerResponse.
+ * This allows controllers implementing IController to work seamlessly with Fastify.
+ */
+
+/**
+ * Create IRequestContext from Fastify request
+ *
+ * Extracts framework-agnostic context from Fastify-specific request object
+ */
+declare function createRequestContext(req: FastifyRequest): IRequestContext;
+/**
+ * Send IControllerResponse via Fastify reply
+ *
+ * Converts framework-agnostic response to Fastify response
+ * Applies field masking if specified in request
+ */
+declare function sendControllerResponse<T>(reply: FastifyReply, response: IControllerResponse<T>, request?: FastifyRequest): void;
+/**
+ * Create Fastify route handler from IController method
+ *
+ * Wraps framework-agnostic controller method in Fastify-specific handler
+ *
+ * @example
+ * ```typescript
+ * const controller = new BaseController(repository);
+ *
+ * // Create Fastify handler
+ * const listHandler = createFastifyHandler(controller.list.bind(controller));
+ *
+ * // Register route
+ * fastify.get('/products', listHandler);
+ * ```
+ */
+declare function createFastifyHandler<T>(controllerMethod: (req: IRequestContext) => Promise<IControllerResponse<T>>): (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
+/**
+ * Create Fastify adapters for all CRUD methods of an IController
+ *
+ * Returns Fastify-compatible handlers for each CRUD operation
+ *
+ * @example
+ * ```typescript
+ * const controller = new BaseController(repository);
+ * const handlers = createCrudHandlers(controller);
+ *
+ * fastify.get('/', handlers.list);
+ * fastify.get('/:id', handlers.get);
+ * fastify.post('/', handlers.create);
+ * fastify.patch('/:id', handlers.update);
+ * fastify.delete('/:id', handlers.delete);
+ * ```
+ */
+declare function createCrudHandlers<TDoc>(controller: IController<TDoc>): {
+    list: (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
+    get: (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
+    create: (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
+    update: (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
+    delete: (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
+};
+
+export { type ActionHandler, type ActionRouterConfig, type IdempotencyService, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createOrgScopedMiddleware, createPermissionMiddleware, createRequestContext, sendControllerResponse };