npm - @classytic/arc - Versions diffs - 1.1.0 → 2.1.2 - Mend

@classytic/arc 1.1.0 → 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (322) hide show

package/README.md +247 -794
package/bin/arc.js +91 -52
package/dist/EventTransport-BD2U0BTc.d.mts +100 -0
package/dist/EventTransport-BD2U0BTc.d.mts.map +1 -0
package/dist/HookSystem-BsGV-j2l.mjs +405 -0
package/dist/HookSystem-BsGV-j2l.mjs.map +1 -0
package/dist/ResourceRegistry-DsN4KJjV.mjs +250 -0
package/dist/ResourceRegistry-DsN4KJjV.mjs.map +1 -0
package/dist/adapters/index.d.mts +5 -0
package/dist/adapters/index.mjs +3 -0
package/dist/audit/index.d.mts +82 -0
package/dist/audit/index.d.mts.map +1 -0
package/dist/audit/index.mjs +276 -0
package/dist/audit/index.mjs.map +1 -0
package/dist/audit/mongodb.d.mts +5 -0
package/dist/audit/mongodb.mjs +3 -0
package/dist/audited-C3T5DTUx.mjs +141 -0
package/dist/audited-C3T5DTUx.mjs.map +1 -0
package/dist/auth/index.d.mts +189 -0
package/dist/auth/index.d.mts.map +1 -0
package/dist/auth/index.mjs +1102 -0
package/dist/auth/index.mjs.map +1 -0
package/dist/auth/redis-session.d.mts +44 -0
package/dist/auth/redis-session.d.mts.map +1 -0
package/dist/auth/redis-session.mjs +76 -0
package/dist/auth/redis-session.mjs.map +1 -0
package/dist/betterAuthOpenApi-BrHKeSAx.mjs +250 -0
package/dist/betterAuthOpenApi-BrHKeSAx.mjs.map +1 -0
package/dist/cache/index.d.mts +146 -0
package/dist/cache/index.d.mts.map +1 -0
package/dist/cache/index.mjs +92 -0
package/dist/cache/index.mjs.map +1 -0
package/dist/caching-Bl28lYsR.mjs +94 -0
package/dist/caching-Bl28lYsR.mjs.map +1 -0
package/dist/chunk-C7Uep-_p.mjs +20 -0
package/dist/circuitBreaker-DeY4FCjs.mjs +1097 -0
package/dist/circuitBreaker-DeY4FCjs.mjs.map +1 -0
package/dist/cli/commands/describe.d.mts +19 -0
package/dist/cli/commands/describe.d.mts.map +1 -0
package/dist/cli/commands/describe.mjs +239 -0
package/dist/cli/commands/describe.mjs.map +1 -0
package/dist/cli/commands/docs.d.mts +14 -0
package/dist/cli/commands/docs.d.mts.map +1 -0
package/dist/cli/commands/docs.mjs +53 -0
package/dist/cli/commands/docs.mjs.map +1 -0
package/dist/cli/commands/{generate.d.ts → generate.d.mts} +3 -1
package/dist/cli/commands/generate.d.mts.map +1 -0
package/dist/cli/commands/generate.mjs +358 -0
package/dist/cli/commands/generate.mjs.map +1 -0
package/dist/cli/commands/{init.d.ts → init.d.mts} +12 -8
package/dist/cli/commands/init.d.mts.map +1 -0
package/dist/cli/commands/{init.js → init.mjs} +807 -616
package/dist/cli/commands/init.mjs.map +1 -0
package/dist/cli/commands/introspect.d.mts +11 -0
package/dist/cli/commands/introspect.d.mts.map +1 -0
package/dist/cli/commands/introspect.mjs +76 -0
package/dist/cli/commands/introspect.mjs.map +1 -0
package/dist/cli/index.d.mts +17 -0
package/dist/cli/index.d.mts.map +1 -0
package/dist/cli/index.mjs +157 -0
package/dist/cli/index.mjs.map +1 -0
package/dist/constants-DdXFXQtN.mjs +85 -0
package/dist/constants-DdXFXQtN.mjs.map +1 -0
package/dist/core/index.d.mts +5 -0
package/dist/core/index.mjs +4 -0
package/dist/createApp-CUgNqegw.mjs +560 -0
package/dist/createApp-CUgNqegw.mjs.map +1 -0
package/dist/defineResource-k0_BDn8v.mjs +2197 -0
package/dist/defineResource-k0_BDn8v.mjs.map +1 -0
package/dist/discovery/index.d.mts +47 -0
package/dist/discovery/index.d.mts.map +1 -0
package/dist/discovery/index.mjs +110 -0
package/dist/discovery/index.mjs.map +1 -0
package/dist/docs/index.d.mts +163 -0
package/dist/docs/index.d.mts.map +1 -0
package/dist/docs/index.mjs +73 -0
package/dist/docs/index.mjs.map +1 -0
package/dist/elevation-BRy3yFWT.mjs +113 -0
package/dist/elevation-BRy3yFWT.mjs.map +1 -0
package/dist/elevation-B_2dRLVP.d.mts +88 -0
package/dist/elevation-B_2dRLVP.d.mts.map +1 -0
package/dist/errorHandler-BbcgBmIH.d.mts +73 -0
package/dist/errorHandler-BbcgBmIH.d.mts.map +1 -0
package/dist/errorHandler-C1okiriz.mjs +109 -0
package/dist/errorHandler-C1okiriz.mjs.map +1 -0
package/dist/errors-B9bZok84.mjs +212 -0
package/dist/errors-B9bZok84.mjs.map +1 -0
package/dist/errors-ChKiFz62.d.mts +125 -0
package/dist/errors-ChKiFz62.d.mts.map +1 -0
package/dist/eventPlugin-CTrLH3mt.d.mts +125 -0
package/dist/eventPlugin-CTrLH3mt.d.mts.map +1 -0
package/dist/eventPlugin-DGR_B2on.mjs +230 -0
package/dist/eventPlugin-DGR_B2on.mjs.map +1 -0
package/dist/events/index.d.mts +54 -0
package/dist/events/index.d.mts.map +1 -0
package/dist/events/index.mjs +52 -0
package/dist/events/index.mjs.map +1 -0
package/dist/events/transports/redis-stream-entry.d.mts +2 -0
package/dist/events/transports/redis-stream-entry.mjs +178 -0
package/dist/events/transports/redis-stream-entry.mjs.map +1 -0
package/dist/events/transports/redis.d.mts +77 -0
package/dist/events/transports/redis.d.mts.map +1 -0
package/dist/events/transports/redis.mjs +125 -0
package/dist/events/transports/redis.mjs.map +1 -0
package/dist/externalPaths-DlINfKbP.d.mts +51 -0
package/dist/externalPaths-DlINfKbP.d.mts.map +1 -0
package/dist/factory/index.d.mts +64 -0
package/dist/factory/index.d.mts.map +1 -0
package/dist/factory/index.mjs +3 -0
package/dist/fastifyAdapter-BkrGrlFi.d.mts +217 -0
package/dist/fastifyAdapter-BkrGrlFi.d.mts.map +1 -0
package/dist/fields-DyaDVX4J.d.mts +110 -0
package/dist/fields-DyaDVX4J.d.mts.map +1 -0
package/dist/fields-iagOozy0.mjs +115 -0
package/dist/fields-iagOozy0.mjs.map +1 -0
package/dist/hooks/index.d.mts +4 -0
package/dist/hooks/index.mjs +3 -0
package/dist/idempotency/index.d.mts +97 -0
package/dist/idempotency/index.d.mts.map +1 -0
package/dist/idempotency/index.mjs +320 -0
package/dist/idempotency/index.mjs.map +1 -0
package/dist/idempotency/mongodb.d.mts +2 -0
package/dist/idempotency/mongodb.mjs +115 -0
package/dist/idempotency/mongodb.mjs.map +1 -0
package/dist/idempotency/redis.d.mts +2 -0
package/dist/idempotency/redis.mjs +104 -0
package/dist/idempotency/redis.mjs.map +1 -0
package/dist/index.d.mts +261 -0
package/dist/index.d.mts.map +1 -0
package/dist/index.mjs +105 -0
package/dist/index.mjs.map +1 -0
package/dist/integrations/event-gateway.d.mts +47 -0
package/dist/integrations/event-gateway.d.mts.map +1 -0
package/dist/integrations/event-gateway.mjs +44 -0
package/dist/integrations/event-gateway.mjs.map +1 -0
package/dist/integrations/index.d.mts +5 -0
package/dist/integrations/index.mjs +1 -0
package/dist/integrations/jobs.d.mts +104 -0
package/dist/integrations/jobs.d.mts.map +1 -0
package/dist/integrations/jobs.mjs +124 -0
package/dist/integrations/jobs.mjs.map +1 -0
package/dist/integrations/streamline.d.mts +61 -0
package/dist/integrations/streamline.d.mts.map +1 -0
package/dist/integrations/streamline.mjs +126 -0
package/dist/integrations/streamline.mjs.map +1 -0
package/dist/integrations/websocket.d.mts +83 -0
package/dist/integrations/websocket.d.mts.map +1 -0
package/dist/integrations/websocket.mjs +289 -0
package/dist/integrations/websocket.mjs.map +1 -0
package/dist/interface-B01JvPVc.d.mts +78 -0
package/dist/interface-B01JvPVc.d.mts.map +1 -0
package/dist/interface-CZe8IkMf.d.mts +55 -0
package/dist/interface-CZe8IkMf.d.mts.map +1 -0
package/dist/interface-Ch8HU9uM.d.mts +1098 -0
package/dist/interface-Ch8HU9uM.d.mts.map +1 -0
package/dist/introspectionPlugin-rFdO8ZUa.mjs +54 -0
package/dist/introspectionPlugin-rFdO8ZUa.mjs.map +1 -0
package/dist/keys-BqNejWup.mjs +43 -0
package/dist/keys-BqNejWup.mjs.map +1 -0
package/dist/logger-Df2O2WsW.mjs +79 -0
package/dist/logger-Df2O2WsW.mjs.map +1 -0
package/dist/memory-cQgelFOj.mjs +144 -0
package/dist/memory-cQgelFOj.mjs.map +1 -0
package/dist/migrations/index.d.mts +157 -0
package/dist/migrations/index.d.mts.map +1 -0
package/dist/migrations/index.mjs +261 -0
package/dist/migrations/index.mjs.map +1 -0
package/dist/mongodb-BfJVlUJH.mjs +94 -0
package/dist/mongodb-BfJVlUJH.mjs.map +1 -0
package/dist/mongodb-CGzRbfAK.d.mts +119 -0
package/dist/mongodb-CGzRbfAK.d.mts.map +1 -0
package/dist/mongodb-JN-9JA7K.d.mts +72 -0
package/dist/mongodb-JN-9JA7K.d.mts.map +1 -0
package/dist/openapi-G3Cw7XuM.mjs +524 -0
package/dist/openapi-G3Cw7XuM.mjs.map +1 -0
package/dist/org/index.d.mts +69 -0
package/dist/org/index.d.mts.map +1 -0
package/dist/org/index.mjs +514 -0
package/dist/org/index.mjs.map +1 -0
package/dist/org/types.d.mts +83 -0
package/dist/org/types.d.mts.map +1 -0
package/dist/org/types.mjs +1 -0
package/dist/permissions/index.d.mts +279 -0
package/dist/permissions/index.d.mts.map +1 -0
package/dist/permissions/index.mjs +579 -0
package/dist/permissions/index.mjs.map +1 -0
package/dist/plugins/index.d.mts +173 -0
package/dist/plugins/index.d.mts.map +1 -0
package/dist/plugins/index.mjs +523 -0
package/dist/plugins/index.mjs.map +1 -0
package/dist/plugins/response-cache.d.mts +88 -0
package/dist/plugins/response-cache.d.mts.map +1 -0
package/dist/plugins/response-cache.mjs +284 -0
package/dist/plugins/response-cache.mjs.map +1 -0
package/dist/plugins/tracing-entry.d.mts +2 -0
package/dist/plugins/tracing-entry.mjs +186 -0
package/dist/plugins/tracing-entry.mjs.map +1 -0
package/dist/pluralize-CEweyOEm.mjs +87 -0
package/dist/pluralize-CEweyOEm.mjs.map +1 -0
package/dist/policies/{index.d.ts → index.d.mts} +204 -169
package/dist/policies/index.d.mts.map +1 -0
package/dist/policies/index.mjs +322 -0
package/dist/policies/index.mjs.map +1 -0
package/dist/presets/{index.d.ts → index.d.mts} +63 -131
package/dist/presets/index.d.mts.map +1 -0
package/dist/presets/index.mjs +144 -0
package/dist/presets/index.mjs.map +1 -0
package/dist/presets/multiTenant.d.mts +25 -0
package/dist/presets/multiTenant.d.mts.map +1 -0
package/dist/presets/multiTenant.mjs +114 -0
package/dist/presets/multiTenant.mjs.map +1 -0
package/dist/presets-BITljm96.mjs +120 -0
package/dist/presets-BITljm96.mjs.map +1 -0
package/dist/presets-DzSMwlKj.d.mts +58 -0
package/dist/presets-DzSMwlKj.d.mts.map +1 -0
package/dist/prisma-DJbMt3yf.mjs +628 -0
package/dist/prisma-DJbMt3yf.mjs.map +1 -0
package/dist/prisma-Dg9GoVdj.d.mts +275 -0
package/dist/prisma-Dg9GoVdj.d.mts.map +1 -0
package/dist/queryCachePlugin-7THaI5mt.d.mts +72 -0
package/dist/queryCachePlugin-7THaI5mt.d.mts.map +1 -0
package/dist/queryCachePlugin-DMBnp2Q0.mjs +139 -0
package/dist/queryCachePlugin-DMBnp2Q0.mjs.map +1 -0
package/dist/redis-D-JAeLtm.d.mts +50 -0
package/dist/redis-D-JAeLtm.d.mts.map +1 -0
package/dist/redis-stream-Bdh_vUU8.d.mts +104 -0
package/dist/redis-stream-Bdh_vUU8.d.mts.map +1 -0
package/dist/registry/index.d.mts +12 -0
package/dist/registry/index.d.mts.map +1 -0
package/dist/registry/index.mjs +4 -0
package/dist/requestContext-QQD6ROJc.mjs +56 -0
package/dist/requestContext-QQD6ROJc.mjs.map +1 -0
package/dist/schemaConverter-BwrmWroW.mjs +99 -0
package/dist/schemaConverter-BwrmWroW.mjs.map +1 -0
package/dist/schemas/index.d.mts +64 -0
package/dist/schemas/index.d.mts.map +1 -0
package/dist/schemas/index.mjs +83 -0
package/dist/schemas/index.mjs.map +1 -0
package/dist/scope/index.d.mts +22 -0
package/dist/scope/index.d.mts.map +1 -0
package/dist/scope/index.mjs +66 -0
package/dist/scope/index.mjs.map +1 -0
package/dist/sessionManager-jPKLbHE0.d.mts +187 -0
package/dist/sessionManager-jPKLbHE0.d.mts.map +1 -0
package/dist/sse-B3c3_yZp.mjs +124 -0
package/dist/sse-B3c3_yZp.mjs.map +1 -0
package/dist/testing/index.d.mts +908 -0
package/dist/testing/index.d.mts.map +1 -0
package/dist/testing/index.mjs +1977 -0
package/dist/testing/index.mjs.map +1 -0
package/dist/tracing-Cc7vVQPp.d.mts +71 -0
package/dist/tracing-Cc7vVQPp.d.mts.map +1 -0
package/dist/typeGuards-DhMNLuvU.mjs +10 -0
package/dist/typeGuards-DhMNLuvU.mjs.map +1 -0
package/dist/types/index.d.mts +947 -0
package/dist/types/index.d.mts.map +1 -0
package/dist/types/index.mjs +15 -0
package/dist/types/index.mjs.map +1 -0
package/dist/types-Beqn1Un7.mjs +39 -0
package/dist/types-Beqn1Un7.mjs.map +1 -0
package/dist/types-CIgB7UUl.d.mts +446 -0
package/dist/types-CIgB7UUl.d.mts.map +1 -0
package/dist/types-aYB4V7uN.d.mts +87 -0
package/dist/types-aYB4V7uN.d.mts.map +1 -0
package/dist/utils/index.d.mts +748 -0
package/dist/utils/index.d.mts.map +1 -0
package/dist/utils/index.mjs +6 -0
package/package.json +194 -68
package/dist/BaseController-DVAiHxEQ.d.ts +0 -233
package/dist/adapters/index.d.ts +0 -237
package/dist/adapters/index.js +0 -668
package/dist/arcCorePlugin-CsShQdyP.d.ts +0 -273
package/dist/audit/index.d.ts +0 -195
package/dist/audit/index.js +0 -319
package/dist/auth/index.d.ts +0 -47
package/dist/auth/index.js +0 -174
package/dist/cli/commands/docs.d.ts +0 -11
package/dist/cli/commands/docs.js +0 -474
package/dist/cli/commands/generate.js +0 -334
package/dist/cli/commands/introspect.d.ts +0 -8
package/dist/cli/commands/introspect.js +0 -338
package/dist/cli/index.d.ts +0 -4
package/dist/cli/index.js +0 -3269
package/dist/core/index.d.ts +0 -220
package/dist/core/index.js +0 -2786
package/dist/createApp-Ce9wl8W9.d.ts +0 -77
package/dist/docs/index.d.ts +0 -166
package/dist/docs/index.js +0 -658
package/dist/errors-8WIxGS_6.d.ts +0 -122
package/dist/events/index.d.ts +0 -117
package/dist/events/index.js +0 -89
package/dist/factory/index.d.ts +0 -38
package/dist/factory/index.js +0 -1652
package/dist/hooks/index.d.ts +0 -4
package/dist/hooks/index.js +0 -199
package/dist/idempotency/index.d.ts +0 -323
package/dist/idempotency/index.js +0 -500
package/dist/index-B4t03KQ0.d.ts +0 -1366
package/dist/index.d.ts +0 -135
package/dist/index.js +0 -4756
package/dist/migrations/index.d.ts +0 -185
package/dist/migrations/index.js +0 -274
package/dist/org/index.d.ts +0 -129
package/dist/org/index.js +0 -220
package/dist/permissions/index.d.ts +0 -144
package/dist/permissions/index.js +0 -103
package/dist/plugins/index.d.ts +0 -46
package/dist/plugins/index.js +0 -1069
package/dist/policies/index.js +0 -196
package/dist/presets/index.js +0 -384
package/dist/presets/multiTenant.d.ts +0 -39
package/dist/presets/multiTenant.js +0 -112
package/dist/registry/index.d.ts +0 -16
package/dist/registry/index.js +0 -253
package/dist/testing/index.d.ts +0 -618
package/dist/testing/index.js +0 -48020
package/dist/types/index.d.ts +0 -4
package/dist/types/index.js +0 -8
package/dist/types-B99TBmFV.d.ts +0 -76
package/dist/types-BvckRbs2.d.ts +0 -143
package/dist/utils/index.d.ts +0 -679
package/dist/utils/index.js +0 -931

package/dist/cli/commands/{init.js → init.mjs} RENAMED Viewed

@@ -1,325 +1,317 @@
-import * as fs from 'fs/promises';
-import * as path from 'path';
-import * as readline from 'readline';
-import { execSync, spawn } from 'child_process';
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
+import { accessSync } from "node:fs";
+import * as path from "node:path";
+import * as fs from "node:fs/promises";
+import * as readline from "node:readline";
+import { execSync, spawn } from "node:child_process";
+//#region src/cli/commands/init.ts
+/**
+* Arc CLI - Init Command
+*
+* Scaffolds a new Arc project with clean architecture:
+* - MongoKit or Custom adapter
+* - Multi-tenant or Single-tenant
+* - TypeScript or JavaScript
+*
+* Automatically installs dependencies using detected package manager.
+*/
+/**
+* Initialize a new Arc project
+*/
 async function init(options = {}) {
-  console.log(`
+	console.log(`
 ╔═══════════════════════════════════════════════════════════════╗
-║                    🔥 Arc Project Setup                       ║
+║                    Arc Project Setup                           ║
 ║         Resource-Oriented Backend Framework                   ║
 ╚═══════════════════════════════════════════════════════════════╝
 `);
-  const config = await gatherConfig(options);
-  console.log(`
-📦 Creating project: ${config.name}`);
-  console.log(`   Adapter: ${config.adapter === "mongokit" ? "MongoKit (MongoDB)" : "Custom"}`);
-  console.log(`   Tenant: ${config.tenant === "multi" ? "Multi-tenant" : "Single-tenant"}`);
-  console.log(`   Language: ${config.typescript ? "TypeScript" : "JavaScript"}
-`);
-  const projectPath = path.join(process.cwd(), config.name);
-  try {
-    await fs.access(projectPath);
-    if (!options.force) {
-      console.error(`❌ Directory "${config.name}" already exists. Use --force to overwrite.`);
-      process.exit(1);
-    }
-  } catch {
-  }
-  const packageManager = detectPackageManager();
-  console.log(`📦 Using package manager: ${packageManager}
-`);
-  await createProjectStructure(projectPath, config);
-  if (!options.skipInstall) {
-    console.log("\n📥 Installing dependencies...\n");
-    await installDependencies(projectPath, config, packageManager);
-  }
-  printSuccessMessage(config, options.skipInstall);
+	const config = await gatherConfig(options);
+	console.log(`\nCreating project: ${config.name}`);
+	console.log(`   Adapter: ${config.adapter === "mongokit" ? "MongoKit (MongoDB)" : "Custom"}`);
+	console.log(`   Auth: ${config.auth === "better-auth" ? "Better Auth (recommended)" : "Arc JWT"}`);
+	console.log(`   Tenant: ${config.tenant === "multi" ? "Multi-tenant" : "Single-tenant"}`);
+	console.log(`   Language: ${config.typescript ? "TypeScript" : "JavaScript"}`);
+	console.log(`   Target: ${config.edge ? "Edge/Serverless" : "Node.js Server"}\n`);
+	const projectPath = path.join(process.cwd(), config.name);
+	try {
+		await fs.access(projectPath);
+		if (!options.force) throw new Error(`Directory "${config.name}" already exists. Use --force to overwrite.`);
+	} catch (err) {
+		if (!(err && typeof err === "object" && "code" in err && err.code === "ENOENT")) throw err;
+	}
+	const packageManager = detectPackageManager();
+	console.log(`Using package manager: ${packageManager}\n`);
+	await createProjectStructure(projectPath, config);
+	if (!options.skipInstall) {
+		console.log("\n📥 Installing dependencies...\n");
+		await installDependencies(projectPath, config, packageManager);
+	}
+	printSuccessMessage(config, options.skipInstall);
 }
+/**
+* Detect which package manager to use
+* Priority: pnpm > yarn > bun > npm (based on lockfile or global availability)
+*/
 function detectPackageManager() {
-  try {
-    const cwd = process.cwd();
-    if (existsSync(path.join(cwd, "pnpm-lock.yaml"))) return "pnpm";
-    if (existsSync(path.join(cwd, "yarn.lock"))) return "yarn";
-    if (existsSync(path.join(cwd, "bun.lockb"))) return "bun";
-    if (existsSync(path.join(cwd, "package-lock.json"))) return "npm";
-  } catch {
-  }
-  if (isCommandAvailable("pnpm")) return "pnpm";
-  if (isCommandAvailable("yarn")) return "yarn";
-  if (isCommandAvailable("bun")) return "bun";
-  return "npm";
+	try {
+		const cwd = process.cwd();
+		if (existsSync$1(path.join(cwd, "pnpm-lock.yaml"))) return "pnpm";
+		if (existsSync$1(path.join(cwd, "yarn.lock"))) return "yarn";
+		if (existsSync$1(path.join(cwd, "bun.lockb"))) return "bun";
+		if (existsSync$1(path.join(cwd, "package-lock.json"))) return "npm";
+	} catch {}
+	if (isCommandAvailable("pnpm")) return "pnpm";
+	if (isCommandAvailable("yarn")) return "yarn";
+	if (isCommandAvailable("bun")) return "bun";
+	return "npm";
 }
+/**
+* Check if a command is available in PATH
+*/
 function isCommandAvailable(command) {
-  try {
-    execSync(`${command} --version`, { stdio: "ignore" });
-    return true;
-  } catch {
-    return false;
-  }
+	try {
+		execSync(`${command} --version`, { stdio: "ignore" });
+		return true;
+	} catch {
+		return false;
+	}
 }
-function existsSync(filePath) {
-  try {
-    __require("fs").accessSync(filePath);
-    return true;
-  } catch {
-    return false;
-  }
+/**
+* Sync check if file exists (ESM-compatible — no require())
+*/
+function existsSync$1(filePath) {
+	try {
+		accessSync(filePath);
+		return true;
+	} catch {
+		return false;
+	}
 }
+/**
+* Install dependencies using the detected package manager
+*/
 async function installDependencies(projectPath, config, pm) {
-  const deps = [
-    "@classytic/arc@latest",
-    "fastify@latest",
-    "@fastify/cors@latest",
-    "@fastify/helmet@latest",
-    "@fastify/jwt@latest",
-    "@fastify/rate-limit@latest",
-    "@fastify/sensible@latest",
-    "@fastify/under-pressure@latest",
-    "bcryptjs@latest",
-    "dotenv@latest",
-    "jsonwebtoken@latest"
-  ];
-  if (config.adapter === "mongokit") {
-    deps.push("@classytic/mongokit@latest", "mongoose@latest");
-  }
-  const devDeps = [
-    "vitest@latest",
-    "pino-pretty@latest"
-  ];
-  if (config.typescript) {
-    devDeps.push(
-      "typescript@latest",
-      "@types/node@latest",
-      "@types/jsonwebtoken@latest",
-      "tsx@latest"
-    );
-  }
-  const installCmd = getInstallCommand(pm, deps, false);
-  const installDevCmd = getInstallCommand(pm, devDeps, true);
-  console.log(`  Installing dependencies...`);
-  await runCommand(installCmd, projectPath);
-  console.log(`  Installing dev dependencies...`);
-  await runCommand(installDevCmd, projectPath);
-  console.log(`
-✅ Dependencies installed successfully!`);
+	const deps = [
+		"@classytic/arc@latest",
+		"fastify@latest",
+		"@fastify/cors@latest",
+		"@fastify/helmet@latest",
+		"@fastify/rate-limit@latest",
+		"@fastify/sensible@latest",
+		"@fastify/under-pressure@latest",
+		"dotenv@latest"
+	];
+	if (config.auth === "better-auth") deps.push("better-auth@latest", "mongodb@latest");
+	else deps.push("@fastify/jwt@latest", "bcryptjs@latest");
+	if (config.adapter === "mongokit") deps.push("@classytic/mongokit@latest", "mongoose@latest");
+	const devDeps = ["vitest@latest", "pino-pretty@latest"];
+	if (config.typescript) devDeps.push("typescript@latest", "@types/node@latest", "tsx@latest");
+	const installCmd = getInstallCommand(pm, deps, false);
+	const installDevCmd = getInstallCommand(pm, devDeps, true);
+	console.log(`  Installing dependencies...`);
+	await runCommand(installCmd, projectPath);
+	console.log(`  Installing dev dependencies...`);
+	await runCommand(installDevCmd, projectPath);
+	console.log(`\nDependencies installed successfully.`);
 }
+/**
+* Get the install command for a package manager
+*/
 function getInstallCommand(pm, packages, isDev) {
-  const pkgList = packages.join(" ");
-  switch (pm) {
-    case "pnpm":
-      return `pnpm add ${isDev ? "-D" : ""} ${pkgList}`;
-    case "yarn":
-      return `yarn add ${isDev ? "-D" : ""} ${pkgList}`;
-    case "bun":
-      return `bun add ${isDev ? "-d" : ""} ${pkgList}`;
-    case "npm":
-    default:
-      return `npm install ${isDev ? "--save-dev" : ""} ${pkgList}`;
-  }
+	const pkgList = packages.join(" ");
+	switch (pm) {
+		case "pnpm": return `pnpm add ${isDev ? "-D" : ""} ${pkgList}`;
+		case "yarn": return `yarn add ${isDev ? "-D" : ""} ${pkgList}`;
+		case "bun": return `bun add ${isDev ? "-d" : ""} ${pkgList}`;
+		default: return `npm install ${isDev ? "--save-dev" : ""} ${pkgList}`;
+	}
 }
+/**
+* Run a shell command in a directory
+*/
 function runCommand(command, cwd) {
-  return new Promise((resolve, reject) => {
-    const isWindows = process.platform === "win32";
-    const shell = isWindows ? "cmd" : "/bin/sh";
-    const shellFlag = isWindows ? "/c" : "-c";
-    const child = spawn(shell, [shellFlag, command], {
-      cwd,
-      stdio: "inherit",
-      env: { ...process.env, FORCE_COLOR: "1" }
-    });
-    child.on("close", (code) => {
-      if (code === 0) {
-        resolve();
-      } else {
-        reject(new Error(`Command failed with exit code ${code}`));
-      }
-    });
-    child.on("error", reject);
-  });
+	return new Promise((resolve, reject) => {
+		const isWindows = process.platform === "win32";
+		const child = spawn(isWindows ? "cmd" : "/bin/sh", [isWindows ? "/c" : "-c", command], {
+			cwd,
+			stdio: "inherit",
+			env: {
+				...process.env,
+				FORCE_COLOR: "1"
+			}
+		});
+		child.on("close", (code) => {
+			if (code === 0) resolve();
+			else reject(/* @__PURE__ */ new Error(`Command failed with exit code ${code}`));
+		});
+		child.on("error", reject);
+	});
 }
 async function gatherConfig(options) {
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
-  const question = (prompt) => new Promise((resolve) => rl.question(prompt, resolve));
-  try {
-    const name = options.name || await question("📁 Project name: ") || "my-arc-app";
-    let adapter = options.adapter || "mongokit";
-    if (!options.adapter) {
-      const adapterChoice = await question("🗄️  Database adapter [1=MongoKit (recommended), 2=Custom]: ");
-      adapter = adapterChoice === "2" ? "custom" : "mongokit";
-    }
-    let tenant = options.tenant || "single";
-    if (!options.tenant) {
-      const tenantChoice = await question("🏢 Tenant mode [1=Single-tenant, 2=Multi-tenant]: ");
-      tenant = tenantChoice === "2" ? "multi" : "single";
-    }
-    let typescript = options.typescript ?? true;
-    if (options.typescript === void 0) {
-      const tsChoice = await question("�� Language [1=TypeScript (recommended), 2=JavaScript]: ");
-      typescript = tsChoice !== "2";
-    }
-    return { name, adapter, tenant, typescript };
-  } finally {
-    rl.close();
-  }
+	const rl = readline.createInterface({
+		input: process.stdin,
+		output: process.stdout
+	});
+	const question = (prompt) => new Promise((resolve) => rl.question(prompt, resolve));
+	const nonInteractive = !!options.name;
+	try {
+		const name = options.name || await question("Project name: ") || "my-arc-app";
+		let adapter = options.adapter || "mongokit";
+		if (!options.adapter && !nonInteractive) adapter = await question("Database adapter [1=MongoKit (recommended), 2=Custom]: ") === "2" ? "custom" : "mongokit";
+		let auth = options.auth || "better-auth";
+		if (!options.auth && !nonInteractive) auth = await question("Auth strategy [1=Better Auth (recommended), 2=Arc JWT]: ") === "2" ? "jwt" : "better-auth";
+		let tenant = options.tenant || "single";
+		if (!options.tenant && !nonInteractive) tenant = await question("Tenant mode [1=Single-tenant, 2=Multi-tenant]: ") === "2" ? "multi" : "single";
+		let typescript = options.typescript ?? true;
+		if (options.typescript === void 0 && !nonInteractive) typescript = await question("Language [1=TypeScript (recommended), 2=JavaScript]: ") !== "2";
+		let edge = options.edge ?? false;
+		if (options.edge === void 0 && !nonInteractive) edge = await question("Deployment target [1=Node.js Server (default), 2=Edge/Serverless]: ") === "2";
+		return {
+			name,
+			adapter,
+			auth,
+			tenant,
+			typescript,
+			edge
+		};
+	} finally {
+		rl.close();
+	}
 }
 async function createProjectStructure(projectPath, config) {
-  const ext = config.typescript ? "ts" : "js";
-  const dirs = [
-    "",
-    "src",
-    "src/config",
-    // Config & env loading (import first!)
-    "src/shared",
-    // Shared utilities (adapters, presets, permissions)
-    "src/shared/presets",
-    // Preset definitions
-    "src/plugins",
-    // App-specific plugins
-    "src/resources",
-    // Resource definitions
-    "src/resources/user",
-    // User resource (user.model, user.repository, etc.)
-    "src/resources/auth",
-    // Auth resource (auth.resource, auth.handlers, etc.)
-    "src/resources/example",
-    // Example resource
-    "tests"
-  ];
-  for (const dir of dirs) {
-    await fs.mkdir(path.join(projectPath, dir), { recursive: true });
-    console.log(`  📁 Created: ${dir || "/"}`);
-  }
-  const files = {
-    "package.json": packageJsonTemplate(config),
-    ".gitignore": gitignoreTemplate(),
-    ".env.example": envExampleTemplate(config),
-    ".env.dev": envDevTemplate(config),
-    "README.md": readmeTemplate(config)
-  };
-  if (config.typescript) {
-    files["tsconfig.json"] = tsconfigTemplate();
-  }
-  files["vitest.config.ts"] = vitestConfigTemplate(config);
-  files[`src/config/env.${ext}`] = envLoaderTemplate(config);
-  files[`src/config/index.${ext}`] = configTemplate(config);
-  files[`src/app.${ext}`] = appTemplate(config);
-  files[`src/index.${ext}`] = indexTemplate(config);
-  files[`src/shared/index.${ext}`] = sharedIndexTemplate(config);
-  files[`src/shared/adapter.${ext}`] = config.adapter === "mongokit" ? createAdapterTemplate(config) : customAdapterTemplate(config);
-  files[`src/shared/permissions.${ext}`] = permissionsTemplate(config);
-  if (config.tenant === "multi") {
-    files[`src/shared/presets/index.${ext}`] = presetsMultiTenantTemplate(config);
-    files[`src/shared/presets/flexible-multi-tenant.${ext}`] = flexibleMultiTenantPresetTemplate(config);
-  } else {
-    files[`src/shared/presets/index.${ext}`] = presetsSingleTenantTemplate(config);
-  }
-  files[`src/plugins/index.${ext}`] = pluginsIndexTemplate(config);
-  files[`src/resources/index.${ext}`] = resourcesIndexTemplate(config);
-  files[`src/resources/user/user.model.${ext}`] = userModelTemplate(config);
-  files[`src/resources/user/user.repository.${ext}`] = userRepositoryTemplate(config);
-  files[`src/resources/user/user.controller.${ext}`] = userControllerTemplate(config);
-  files[`src/resources/auth/auth.resource.${ext}`] = authResourceTemplate(config);
-  files[`src/resources/auth/auth.handlers.${ext}`] = authHandlersTemplate(config);
-  files[`src/resources/auth/auth.schemas.${ext}`] = authSchemasTemplate();
-  files[`src/resources/example/example.model.${ext}`] = exampleModelTemplate(config);
-  files[`src/resources/example/example.repository.${ext}`] = exampleRepositoryTemplate(config);
-  files[`src/resources/example/example.resource.${ext}`] = exampleResourceTemplate(config);
-  files[`src/resources/example/example.controller.${ext}`] = exampleControllerTemplate(config);
-  files[`src/resources/example/example.schemas.${ext}`] = exampleSchemasTemplate(config);
-  files[`tests/example.test.${ext}`] = exampleTestTemplate(config);
-  files[`tests/auth.test.${ext}`] = authTestTemplate(config);
-  for (const [filePath, content] of Object.entries(files)) {
-    const fullPath = path.join(projectPath, filePath);
-    await fs.mkdir(path.dirname(fullPath), { recursive: true });
-    await fs.writeFile(fullPath, content);
-    console.log(`  ✅ Created: ${filePath}`);
-  }
+	const ext = config.typescript ? "ts" : "js";
+	const dirs = [
+		"",
+		"src",
+		"src/config",
+		"src/shared",
+		"src/shared/presets",
+		"src/plugins",
+		"src/resources",
+		...config.auth === "jwt" ? ["src/resources/user", "src/resources/auth"] : [],
+		"src/resources/example",
+		"tests"
+	];
+	for (const dir of dirs) {
+		await fs.mkdir(path.join(projectPath, dir), { recursive: true });
+		console.log(`  + Created: ${dir || "/"}`);
+	}
+	const files = {
+		"package.json": packageJsonTemplate(config),
+		".gitignore": gitignoreTemplate(),
+		".env.example": envExampleTemplate(config),
+		".env.dev": envDevTemplate(config),
+		"README.md": readmeTemplate(config)
+	};
+	if (config.typescript) files["tsconfig.json"] = tsconfigTemplate();
+	files["vitest.config.ts"] = vitestConfigTemplate(config);
+	files[`src/config/env.${ext}`] = envLoaderTemplate(config);
+	files[`src/config/index.${ext}`] = configTemplate(config);
+	files[`src/app.${ext}`] = appTemplate(config);
+	files[`src/index.${ext}`] = indexTemplate(config);
+	files[`src/shared/index.${ext}`] = sharedIndexTemplate(config);
+	files[`src/shared/adapter.${ext}`] = config.adapter === "mongokit" ? createAdapterTemplate(config) : customAdapterTemplate(config);
+	files[`src/shared/permissions.${ext}`] = permissionsTemplate(config);
+	if (config.tenant === "multi") {
+		files[`src/shared/presets/index.${ext}`] = presetsMultiTenantTemplate(config);
+		files[`src/shared/presets/flexible-multi-tenant.${ext}`] = flexibleMultiTenantPresetTemplate(config);
+	} else files[`src/shared/presets/index.${ext}`] = presetsSingleTenantTemplate(config);
+	files[`src/plugins/index.${ext}`] = pluginsIndexTemplate(config);
+	files[`src/resources/index.${ext}`] = resourcesIndexTemplate(config);
+	if (config.auth === "better-auth") files[`src/auth.${ext}`] = betterAuthSetupTemplate(config);
+	else {
+		files[`src/resources/user/user.model.${ext}`] = userModelTemplate(config);
+		files[`src/resources/user/user.repository.${ext}`] = userRepositoryTemplate(config);
+		files[`src/resources/user/user.controller.${ext}`] = userControllerTemplate(config);
+		files[`src/resources/auth/auth.resource.${ext}`] = authResourceTemplate(config);
+		files[`src/resources/auth/auth.handlers.${ext}`] = authHandlersTemplate(config);
+		files[`src/resources/auth/auth.schemas.${ext}`] = authSchemasTemplate(config);
+	}
+	files[`src/resources/example/example.model.${ext}`] = exampleModelTemplate(config);
+	files[`src/resources/example/example.repository.${ext}`] = exampleRepositoryTemplate(config);
+	files[`src/resources/example/example.resource.${ext}`] = exampleResourceTemplate(config);
+	files[`src/resources/example/example.controller.${ext}`] = exampleControllerTemplate(config);
+	files[`src/resources/example/example.schemas.${ext}`] = exampleSchemasTemplate(config);
+	files[`tests/example.test.${ext}`] = exampleTestTemplate(config);
+	if (config.auth === "jwt") files[`tests/auth.test.${ext}`] = authTestTemplate(config);
+	files[".arcrc"] = JSON.stringify({
+		adapter: config.adapter,
+		auth: config.auth,
+		tenant: config.tenant,
+		typescript: config.typescript
+	}, null, 2) + "\n";
+	for (const [filePath, content] of Object.entries(files)) {
+		const fullPath = path.join(projectPath, filePath);
+		await fs.mkdir(path.dirname(fullPath), { recursive: true });
+		await fs.writeFile(fullPath, content);
+		console.log(`  + Created: ${filePath}`);
+	}
 }
 function packageJsonTemplate(config) {
-  const scripts = config.typescript ? {
-    dev: "tsx watch src/index.ts",
-    build: "tsc",
-    start: "node dist/index.js",
-    test: "vitest run",
-    "test:watch": "vitest"
-  } : {
-    dev: "node --watch src/index.js",
-    start: "node src/index.js",
-    test: "vitest run",
-    "test:watch": "vitest"
-  };
-  const imports = config.typescript ? {
-    "#config/*": "./dist/config/*",
-    "#shared/*": "./dist/shared/*",
-    "#resources/*": "./dist/resources/*",
-    "#plugins/*": "./dist/plugins/*"
-  } : {
-    "#config/*": "./src/config/*",
-    "#shared/*": "./src/shared/*",
-    "#resources/*": "./src/resources/*",
-    "#plugins/*": "./src/plugins/*"
-  };
-  return JSON.stringify(
-    {
-      name: config.name,
-      version: "1.0.0",
-      type: "module",
-      main: config.typescript ? "dist/index.js" : "src/index.js",
-      imports,
-      scripts,
-      engines: {
-        node: ">=20"
-      }
-    },
-    null,
-    2
-  );
+	const scripts = config.typescript ? {
+		dev: "tsx watch src/index.ts",
+		build: "tsc",
+		start: "node dist/index.js",
+		test: "vitest run",
+		"test:watch": "vitest"
+	} : {
+		dev: "node --watch src/index.js",
+		start: "node src/index.js",
+		test: "vitest run",
+		"test:watch": "vitest"
+	};
+	const imports = config.typescript ? {
+		"#config/*": "./dist/config/*",
+		"#shared/*": "./dist/shared/*",
+		"#resources/*": "./dist/resources/*",
+		"#plugins/*": "./dist/plugins/*"
+	} : {
+		"#config/*": "./src/config/*",
+		"#shared/*": "./src/shared/*",
+		"#resources/*": "./src/resources/*",
+		"#plugins/*": "./src/plugins/*"
+	};
+	return JSON.stringify({
+		name: config.name,
+		version: "1.0.0",
+		type: "module",
+		main: config.typescript ? "dist/index.js" : "src/index.js",
+		imports,
+		scripts,
+		engines: { node: ">=20" }
+	}, null, 2);
 }
 function tsconfigTemplate() {
-  return JSON.stringify(
-    {
-      compilerOptions: {
-        target: "ES2022",
-        module: "NodeNext",
-        moduleResolution: "NodeNext",
-        lib: ["ES2022"],
-        outDir: "./dist",
-        rootDir: "./src",
-        strict: true,
-        esModuleInterop: true,
-        skipLibCheck: true,
-        forceConsistentCasingInFileNames: true,
-        declaration: true,
-        declarationMap: true,
-        sourceMap: true,
-        resolveJsonModule: true,
-        paths: {
-          "#shared/*": ["./src/shared/*"],
-          "#resources/*": ["./src/resources/*"],
-          "#config/*": ["./src/config/*"],
-          "#plugins/*": ["./src/plugins/*"]
-        }
-      },
-      include: ["src/**/*"],
-      exclude: ["node_modules", "dist"]
-    },
-    null,
-    2
-  );
+	return JSON.stringify({
+		compilerOptions: {
+			target: "ES2022",
+			module: "NodeNext",
+			moduleResolution: "NodeNext",
+			lib: ["ES2022"],
+			outDir: "./dist",
+			rootDir: "./src",
+			strict: true,
+			esModuleInterop: true,
+			skipLibCheck: true,
+			forceConsistentCasingInFileNames: true,
+			declaration: true,
+			declarationMap: true,
+			sourceMap: true,
+			resolveJsonModule: true,
+			paths: {
+				"#shared/*": ["./src/shared/*"],
+				"#resources/*": ["./src/resources/*"],
+				"#config/*": ["./src/config/*"],
+				"#plugins/*": ["./src/plugins/*"]
+			}
+		},
+		include: ["src/**/*"],
+		exclude: ["node_modules", "dist"]
+	}, null, 2);
 }
 function vitestConfigTemplate(config) {
-  const srcDir = config.typescript ? "./src" : "./src";
-  return `import { defineConfig } from 'vitest/config';
+	const srcDir = config.typescript ? "./src" : "./src";
+	return `import { defineConfig } from 'vitest/config';
 import { resolve } from 'path';
 export default defineConfig({
@@ -339,7 +331,7 @@ export default defineConfig({
 `;
 }
 function gitignoreTemplate() {
-  return `# Dependencies
+	return `# Dependencies
 node_modules/
 # Build
@@ -370,31 +362,45 @@ coverage/
 `;
 }
 function envExampleTemplate(config) {
-  let content = `# Server
+	let content = `# Server
 PORT=8040
 HOST=0.0.0.0
 NODE_ENV=development
+`;
+	if (config.auth === "better-auth") content += `
+# Better Auth
+BETTER_AUTH_SECRET=your-32-character-minimum-secret-here
+FRONTEND_URL=http://localhost:3000
+# Google OAuth (optional)
+# GOOGLE_CLIENT_ID=
+# GOOGLE_CLIENT_SECRET=
+`;
+	else content += `
 # JWT
 JWT_SECRET=your-32-character-minimum-secret-here
+JWT_EXPIRES_IN=7d
 `;
-  if (config.adapter === "mongokit") {
-    content += `
+	content += `
+# CORS - Allowed origins
+# Options:
+#   * = allow all origins (not recommended for production)
+#   Comma-separated list = specific origins only
+CORS_ORIGINS=http://localhost:3000,http://localhost:5173
+`;
+	if (config.adapter === "mongokit") content += `
 # MongoDB
 MONGODB_URI=mongodb://localhost:27017/${config.name}
 `;
-  }
-  if (config.tenant === "multi") {
-    content += `
+	if (config.tenant === "multi") content += `
 # Multi-tenant
-DEFAULT_ORG_ID=
+ORG_HEADER=x-organization-id
 `;
-  }
-  return content;
+	return content;
 }
 function readmeTemplate(config) {
-  const ext = config.typescript ? "ts" : "js";
-  return `# ${config.name}
+	const ext = config.typescript ? "ts" : "js";
+	return `# ${config.name}
 Built with [Arc](https://github.com/classytic/arc) - Resource-Oriented Backend Framework
@@ -500,9 +506,9 @@ arc docs
 ## Environment Files
-- \`.env.dev\` - Development (default)
-- \`.env.test\` - Testing
-- \`.env.prod\` - Production
+- \`.env.development\` / \`.env.dev\` - Development (default)
+- \`.env.test\` / \`.env.qa\` - Testing / QA
+- \`.env.production\` / \`.env.prod\` - Production
 - \`.env\` - Fallback
 ## API Documentation
@@ -526,8 +532,8 @@ API documentation is available via Scalar UI:
 `;
 }
 function indexTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+	const ts = config.typescript;
+	return `/**
  * ${config.name} - Server Entry Point
  * Generated by Arc CLI
  *
@@ -543,30 +549,37 @@ ${config.adapter === "mongokit" ? "import mongoose from 'mongoose';" : ""}
 import { createAppInstance } from './app.js';
 async function main()${ts ? ": Promise<void>" : ""} {
-  console.log(\`🔧 Environment: \${config.env}\`);
+  console.log(\`Environment: \${config.env}\`);
 ${config.adapter === "mongokit" ? `
   // Connect to MongoDB
   await mongoose.connect(config.database.uri);
-  console.log('📦 Connected to MongoDB');
+  console.log('Connected to MongoDB');
 ` : ""}
   // Create and configure app
   const app = await createAppInstance();
   // Start server
   await app.listen({ port: config.server.port, host: config.server.host });
-  console.log(\`🚀 Server running at http://\${config.server.host}:\${config.server.port}\`);
+  console.log(\`Server running at http://\${config.server.host}:\${config.server.port}\`);
 }
 main().catch((err) => {
-  console.error('❌ Failed to start server:', err);
+  console.error('Failed to start server:', err);
   process.exit(1);
 });
 `;
 }
 function appTemplate(config) {
-  const ts = config.typescript;
-  const typeImport = ts ? "import type { FastifyInstance } from 'fastify';\n" : "";
-  return `/**
+	const ts = config.typescript;
+	const typeImport = ts ? "import type { FastifyInstance } from 'fastify';\n" : "";
+	const betterAuthImport = config.auth === "better-auth" ? `import { createBetterAuthAdapter } from '@classytic/arc/auth';
+import { getAuth } from './auth.js';
+` : "";
+	const authConfig = config.auth === "better-auth" ? config.tenant === "multi" ? `auth: { type: 'betterAuth', betterAuth: createBetterAuthAdapter({ auth: getAuth(), orgContext: true }) },` : `auth: { type: 'betterAuth', betterAuth: createBetterAuthAdapter({ auth: getAuth() }) },` : `auth: {
+      type: 'jwt',
+      jwt: { secret: config.jwt.secret },
+    },`;
+	return `/**
  * ${config.name} - App Factory
  * Generated by Arc CLI
  *
@@ -579,7 +592,7 @@ function appTemplate(config) {
 ${typeImport}import config from '#config/index.js';
 import { createApp } from '@classytic/arc/factory';
+${betterAuthImport}
 // App-specific plugins
 import { registerPlugins } from '#plugins/index.js';
@@ -594,16 +607,15 @@ import { registerResources } from '#resources/index.js';
 export async function createAppInstance()${ts ? ": Promise<FastifyInstance>" : ""} {
   // Create Arc app with base configuration
   const app = await createApp({
-    preset: config.env === 'production' ? 'production' : 'development',
-    auth: {
-      jwt: { secret: config.jwt.secret },
-    },
+    preset: config.env === 'production' ? (${config.edge ? "'edge'" : "'production'"}) : 'development',
+    ${authConfig}
     cors: {
       origin: config.cors.origins,
       methods: config.cors.methods,
       allowedHeaders: config.cors.allowedHeaders,
       credentials: config.cors.credentials,
     },
+    trustProxy: true,
   });
   // Register app-specific plugins (explicit dependency injection)
@@ -619,8 +631,8 @@ export default createAppInstance;
 `;
 }
 function envLoaderTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+	const ts = config.typescript;
+	return `/**
  * Environment Loader
  *
  * MUST be imported FIRST before any other imports.
@@ -653,12 +665,12 @@ const defaultEnvFile = resolve(process.cwd(), '.env');
 if (existsSync(envFile)) {
   dotenv.config({ path: envFile });
-  console.log(\`📄 Loaded: .env.\${env}\`);
+  console.log(\`Loaded: .env.\${env}\`);
 } else if (existsSync(defaultEnvFile)) {
   dotenv.config({ path: defaultEnvFile });
-  console.log('📄 Loaded: .env');
+  console.log('Loaded: .env');
 } else {
-  console.warn('⚠️  No .env file found');
+  console.warn('Warning: No .env file found');
 }
 // Export for reference
@@ -666,43 +678,50 @@ export const ENV = env;
 `;
 }
 function envDevTemplate(config) {
-  let content = `# Development Environment
+	let content = `# Development Environment
 NODE_ENV=development
 # Server
 PORT=8040
 HOST=0.0.0.0
+`;
+	if (config.auth === "better-auth") content += `
+# Better Auth
+BETTER_AUTH_SECRET=dev-secret-change-in-production-min-32-chars
+FRONTEND_URL=http://localhost:3000
+# Google OAuth (optional — leave empty to disable)
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+`;
+	else content += `
 # JWT
 JWT_SECRET=dev-secret-change-in-production-min-32-chars
 JWT_EXPIRES_IN=7d
+`;
+	content += `
 # CORS - Allowed origins
 # Options:
 #   * = allow all origins (not recommended for production)
 #   Comma-separated list = specific origins only
 CORS_ORIGINS=http://localhost:3000,http://localhost:5173
 `;
-  if (config.adapter === "mongokit") {
-    content += `
+	if (config.adapter === "mongokit") content += `
 # MongoDB
 MONGODB_URI=mongodb://localhost:27017/${config.name}
 `;
-  }
-  if (config.tenant === "multi") {
-    content += `
+	if (config.tenant === "multi") content += `
 # Multi-tenant
 ORG_HEADER=x-organization-id
 `;
-  }
-  return content;
+	return content;
 }
 function pluginsIndexTemplate(config) {
-  const ts = config.typescript;
-  const typeImport = ts ? "import type { FastifyInstance } from 'fastify';\n" : "";
-  const configType = ts ? ": { config: AppConfig }" : "";
-  const appType = ts ? ": FastifyInstance" : "";
-  let content = `/**
+	const ts = config.typescript;
+	const typeImport = ts ? "import type { FastifyInstance } from 'fastify';\n" : "";
+	const configType = ts ? ": { config: AppConfig }" : "";
+	const appType = ts ? ": FastifyInstance" : "";
+	let content = `/**
  * App Plugins Registry
  *
  * Register your app-specific plugins here.
@@ -710,12 +729,9 @@ function pluginsIndexTemplate(config) {
  */
 ${typeImport}${ts ? "import type { AppConfig } from '../config/index.js';\n" : ""}import { openApiPlugin, scalarPlugin } from '@classytic/arc/docs';
+import { errorHandlerPlugin } from '@classytic/arc/plugins';
 `;
-  if (config.tenant === "multi") {
-    content += `import { orgScopePlugin } from '@classytic/arc/org';
-`;
-  }
-  content += `
+	content += `
 /**
  * Register all app-specific plugins
  *
@@ -728,6 +744,11 @@ export async function registerPlugins(
 )${ts ? ": Promise<void>" : ""} {
   const { config } = deps;
+  // Error handling (CastError → 400, validation → 422, duplicate → 409)
+  await app.register(errorHandlerPlugin, {
+    includeStack: config.isDev,
+  });
   // API Documentation (Scalar UI)
   // OpenAPI spec: /_docs/openapi.json
   // Scalar UI: /docs
@@ -735,43 +756,37 @@ export async function registerPlugins(
     title: '${config.name} API',
     version: '1.0.0',
     description: 'API documentation for ${config.name}',
+    apiPrefix: '/api',
   });
   await app.register(scalarPlugin, {
     routePrefix: '/docs',
     theme: 'default',
   });
-`;
-  if (config.tenant === "multi") {
-    content += `
-  // Multi-tenant org scope
-  await app.register(orgScopePlugin, {
-    header: config.org?.header || 'x-organization-id',
-    bypassRoles: ['superadmin', 'admin'],
-  });
-`;
-  }
-  content += `
   // Add your custom plugins here:
   // await app.register(myCustomPlugin, { ...options });
 }
 `;
-  return content;
+	return content;
 }
 function resourcesIndexTemplate(config) {
-  const ts = config.typescript;
-  const typeImport = ts ? "import type { FastifyInstance } from 'fastify';\n" : "";
-  const appType = ts ? ": FastifyInstance" : "";
-  return `/**
+	const ts = config.typescript;
+	const typeImport = ts ? "import type { FastifyInstance } from 'fastify';\n" : "";
+	const appType = ts ? ": FastifyInstance" : "";
+	return `/**
  * Resources Registry
  *
  * Central registry for all API resources.
- * Flat structure - no barrels, direct imports.
+ * All resources are mounted under /api prefix via Fastify scoping.
  */
-${typeImport}
+${typeImport}${config.auth === "jwt" ? `
 // Auth resources (register, login, /users/me)
 import { authResource, userProfileResource } from './auth/auth.resource.js';
+` : `
+// Auth is handled by Better Auth — routes at /api/auth/*
+// No manual auth resource needed.
+`}
 // App resources
 import exampleResource from './example/example.resource.js';
@@ -782,24 +797,27 @@ import exampleResource from './example/example.resource.js';
  * All registered resources
  */
 export const resources = [
-  authResource,
+${config.auth === "jwt" ? `  authResource,
   userProfileResource,
-  exampleResource,
+  ` : `  `}exampleResource,
 ]${ts ? " as const" : ""};
 /**
- * Register all resources with the app
- */
-export async function registerResources(app${appType})${ts ? ": Promise<void>" : ""} {
-  for (const resource of resources) {
-    await app.register(resource.toPlugin());
-  }
+ * Register all resources with the app under a common prefix.
+ * Fastify scoping ensures all routes are mounted at /api/*.
+ * The apiPrefix option in openApiPlugin keeps OpenAPI docs in sync.
+ */
+export async function registerResources(app${appType}, prefix = '/api')${ts ? ": Promise<void>" : ""} {
+  await app.register(async (scope) => {
+    for (const resource of resources) {
+      await scope.register(resource.toPlugin());
+    }
+  }, { prefix });
 }
 `;
 }
-function sharedIndexTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+function sharedIndexTemplate(_config) {
+	return `/**
  * Shared Utilities
  *
  * Central exports for resource definitions.
@@ -812,19 +830,7 @@ export { createAdapter } from './adapter.js';
 // Core Arc exports
 export { createMongooseAdapter, defineResource } from '@classytic/arc';
-// Permission helpers
-export {
-  allowPublic,
-  requireAuth,
-  requireRoles,
-  requireOwnership,
-  allOf,
-  anyOf,
-  denyAll,
-  when,${ts ? "\n  type PermissionCheck," : ""}
-} from '@classytic/arc/permissions';
-// Application permissions
+// Permission helpers (core + application-level)
 export * from './permissions.js';
 // Presets
@@ -832,8 +838,8 @@ export * from './presets/index.js';
 `;
 }
 function createAdapterTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+	const ts = config.typescript;
+	return `/**
  * MongoKit Adapter Factory
  *
  * Creates Arc adapters using MongoKit repositories.
@@ -849,10 +855,10 @@ ${ts ? "import type { Model } from 'mongoose';\nimport type { Repository } from
  * Note: Query parsing is handled by MongoKit's Repository class.
  * Just pass the model and repository - Arc handles the rest.
  */
-export function createAdapter${ts ? "<TDoc, TRepo extends Repository<TDoc>>" : ""}(
+export function createAdapter${ts ? "<TDoc = any>" : ""}(
   model${ts ? ": Model<TDoc>" : ""},
-  repository${ts ? ": TRepo" : ""}
-)${ts ? ": ReturnType<typeof createMongooseAdapter>" : ""} {
+  repository${ts ? ": Repository<TDoc>" : ""}
+) {
   return createMongooseAdapter({
     model,
     repository,
@@ -861,8 +867,8 @@ export function createAdapter${ts ? "<TDoc, TRepo extends Repository<TDoc>>" : "
 `;
 }
 function customAdapterTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+	const ts = config.typescript;
+	return `/**
  * Custom Adapter Factory
  *
  * Implement your own database adapter here.
@@ -883,7 +889,7 @@ export function createAdapter${ts ? "<TDoc>" : ""}(
   model${ts ? ": Model<TDoc>" : ""},
   repository${ts ? ": any" : ""}
 )${ts ? ": ReturnType<typeof createMongooseAdapter>" : ""} {
-  // TODO: Implement your custom adapter
+  // SCAFFOLD: Replace with your custom adapter implementation
   return createMongooseAdapter({
     model,
     repository,
@@ -892,8 +898,7 @@ export function createAdapter${ts ? "<TDoc>" : ""}(
 `;
 }
 function presetsMultiTenantTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+	return `/**
  * Arc Presets - Multi-Tenant Configuration
  *
  * Pre-configured presets for multi-tenant applications.
@@ -917,7 +922,6 @@ export { flexibleMultiTenantPreset } from './flexible-multi-tenant.js';
  */
 export const orgScoped = multiTenantPreset({
   tenantField: 'organizationId',
-  bypassRoles: ['superadmin', 'admin'],
 });
 /**
@@ -955,14 +959,13 @@ export const presets = {
   ownedByUser,
   softDelete,
   slugLookup,
-}${ts ? " as const" : ""};
+}${config.typescript ? " as const" : ""};
 export default presets;
 `;
 }
 function presetsSingleTenantTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+	return `/**
  * Arc Presets - Single-Tenant Configuration
  *
  * Pre-configured presets for single-tenant applications.
@@ -1008,18 +1011,31 @@ export const presets = {
   ownedByUser,
   softDelete,
   slugLookup,
-}${ts ? " as const" : ""};
+}${config.typescript ? " as const" : ""};
 export default presets;
 `;
 }
 function flexibleMultiTenantPresetTemplate(config) {
-  const ts = config.typescript;
-  const typeAnnotations = ts ? `
+	const ts = config.typescript;
+	return `/**
+ * Flexible Multi-Tenant Preset
+ *
+ * Smarter tenant filtering that works with public + authenticated routes.
+ *
+ * Philosophy:
+ * - No org scope → No filtering (public data, all orgs)
+ * - Org scope present → Filter by org
+ * - Elevated scope → No filter (platform admin sees all)
+ *
+ * Uses request.scope (RequestScope) from Arc's scope system.
+ */
+${ts ? `
+import { getOrgId, isElevated, isMember } from '@classytic/arc/scope';
+import type { RequestScope } from '@classytic/arc/scope';
 interface FlexibleMultiTenantOptions {
   tenantField?: string;
-  bypassRoles?: string[];
-  extractOrganizationId?: (request: any) => string | null;
 }
 interface PresetMiddlewares {
@@ -1035,101 +1051,47 @@ interface Preset {
   name: string;
   middlewares: PresetMiddlewares;
 }
-` : "";
-  return `/**
- * Flexible Multi-Tenant Preset
- *
- * Smarter tenant filtering that works with public + authenticated routes.
- *
- * Philosophy:
- * - No org header → No filtering (public data, all orgs)
- * - Org header present → Require auth, filter by org
- *
- * This differs from Arc's strict multiTenant which always requires auth.
- */
-${typeAnnotations}
+` : `
+const { getOrgId, isElevated, isMember } = require('@classytic/arc/scope');
+`}
 /**
- * Default organization ID extractor
- * Tries multiple sources in order of priority
+ * Create flexible tenant filter middleware.
+ * Only filters when org context is present.
  */
-function defaultExtractOrganizationId(request${ts ? ": any" : ""})${ts ? ": string | null" : ""} {
-  // Priority 1: Explicit context (set by org-scope plugin)
-  if (request.context?.organizationId) {
-    return String(request.context.organizationId);
-  }
-  // Priority 2: User's organizationId field
-  if (request.user?.organizationId) {
-    return String(request.user.organizationId);
-  }
-  // Priority 3: User's organization object (nested)
-  if (request.user?.organization) {
-    const org = request.user.organization;
-    return String(org._id || org.id || org);
-  }
-  return null;
-}
-/**
- * Create flexible tenant filter middleware
- * Only filters when org context is present
- */
-function createFlexibleTenantFilter(
-  tenantField${ts ? ": string" : ""},
-  bypassRoles${ts ? ": string[]" : ""},
-  extractOrganizationId${ts ? ": (request: any) => string | null" : ""}
-) {
+function createFlexibleTenantFilter(tenantField${ts ? ": string" : ""}) {
   return async (request${ts ? ": any" : ""}, reply${ts ? ": any" : ""}) => {
-    const user = request.user;
-    const orgId = extractOrganizationId(request);
+    const scope${ts ? ": RequestScope" : ""} = request.scope ?? { kind: 'public' };
-    // No org context - allow through (public data, no filtering)
-    if (!orgId) {
-      request.log?.debug?.({ msg: 'No org context - showing all data' });
+    // Elevated scope — platform admin sees all, no filter
+    if (isElevated(scope)) {
+      request.log?.debug?.({ msg: 'Elevated scope — no tenant filter' });
       return;
     }
-    // Org context present - auth should already be handled by org-scope plugin
-    // But double-check for safety
-    if (!user) {
-      request.log?.warn?.({ msg: 'Org context present but no user - should not happen' });
-      return reply.code(401).send({
-        success: false,
-        error: 'Unauthorized',
-        message: 'Authentication required for organization-scoped data',
-      });
-    }
-    // Bypass roles skip filter (superadmin sees all)
-    const userRoles = Array.isArray(user.roles) ? user.roles : [];
-    if (bypassRoles.some((r${ts ? ": string" : ""}) => userRoles.includes(r))) {
-      request.log?.debug?.({ msg: 'Bypass role - no tenant filter' });
+    // Member scope — filter by org
+    if (isMember(scope)) {
+      request.query = request.query ?? {};
+      request.query._policyFilters = {
+        ...(request.query._policyFilters ?? {}),
+        [tenantField]: scope.organizationId,
+      };
+      request.log?.debug?.({ msg: 'Tenant filter applied', orgId: scope.organizationId, tenantField });
       return;
     }
-    // Apply tenant filter to query
-    request.query = request.query ?? {};
-    request.query._policyFilters = {
-      ...(request.query._policyFilters ?? {}),
-      [tenantField]: orgId,
-    };
-    request.log?.debug?.({ msg: 'Tenant filter applied', orgId, tenantField });
+    // Public / authenticated — no org context, show all data (public routes)
+    request.log?.debug?.({ msg: 'No org context — showing all data' });
   };
 }
 /**
- * Create tenant injection middleware
- * Injects tenant ID into request body on create
+ * Create tenant injection middleware.
+ * Injects tenant ID into request body on create.
  */
-function createTenantInjection(
-  tenantField${ts ? ": string" : ""},
-  extractOrganizationId${ts ? ": (request: any) => string | null" : ""}
-) {
+function createTenantInjection(tenantField${ts ? ": string" : ""}) {
   return async (request${ts ? ": any" : ""}, reply${ts ? ": any" : ""}) => {
-    const orgId = extractOrganizationId(request);
+    const scope${ts ? ": RequestScope" : ""} = request.scope ?? { kind: 'public' };
+    const orgId = getOrgId(scope);
     // Fail-closed: Require orgId for create operations
     if (!orgId) {
@@ -1150,18 +1112,12 @@ function createTenantInjection(
  * Flexible Multi-Tenant Preset
  *
  * @param options.tenantField - Field name in database (default: 'organizationId')
- * @param options.bypassRoles - Roles that bypass tenant isolation (default: ['superadmin'])
- * @param options.extractOrganizationId - Custom org ID extractor function
  */
 export function flexibleMultiTenantPreset(options${ts ? ": FlexibleMultiTenantOptions = {}" : " = {}"})${ts ? ": Preset" : ""} {
-  const {
-    tenantField = 'organizationId',
-    bypassRoles = ['superadmin'],
-    extractOrganizationId = defaultExtractOrganizationId,
-  } = options;
+  const { tenantField = 'organizationId' } = options;
-  const tenantFilter = createFlexibleTenantFilter(tenantField, bypassRoles, extractOrganizationId);
-  const tenantInjection = createTenantInjection(tenantField, extractOrganizationId);
+  const tenantFilter = createFlexibleTenantFilter(tenantField);
+  const tenantInjection = createTenantInjection(tenantField);
   return {
     name: 'flexibleMultiTenant',
@@ -1179,10 +1135,10 @@ export default flexibleMultiTenantPreset;
 `;
 }
 function permissionsTemplate(config) {
-  const ts = config.typescript;
-  const typeImport = ts ? ",\n  type PermissionCheck," : "";
-  const returnType = ts ? ": PermissionCheck" : "";
-  let content = `/**
+	const ts = config.typescript;
+	const typeImport = ts ? ",\n  type PermissionCheck," : "";
+	const returnType = ts ? ": PermissionCheck" : "";
+	let content = `/**
  * Permission Helpers
  *
  * Clean, type-safe permission definitions for resources.
@@ -1233,28 +1189,73 @@ export const requireAdmin = ()${returnType} =>
 export const requireSuperadmin = ()${returnType} =>
   requireRoles(['superadmin']);
 `;
-  if (config.tenant === "multi") {
-    content += `
+	if (config.tenant === "multi") if (config.auth === "better-auth") content += `
+// ============================================================================
+// Better Auth Organization & Team Permission Helpers
+// ============================================================================
+/**
+ * Organization-level guards (per-org member.role):
+ *
+ * - requireOrgRole(['admin','owner'])  — checks member.role in active org
+ * - requireOrgMembership()             — just checks if user is in the org (any role)
+ * - requireTeamMembership()            — checks if user is in the active team
+ *
+ * These are DIFFERENT from platform-level helpers above (requireRoles checks user.roles).
+ * Platform superadmin automatically bypasses all org role checks.
+ *
+ * IMPORTANT: When using Better Auth's Access Control (ac) with custom roles,
+ * you MUST define ALL roles (owner, admin, member, + any custom) using the
+ * same AC instance. BA's built-in defaults won't cover custom statements.
+ * Omitting any role causes BA's hasPermission to fail silently for that role.
+ *
+ * @see multi-org-betterauth boilerplate (src/shared/access-control.ts) for the recommended pattern.
+ */
+import {
+  requireOrgMembership,
+  requireOrgRole,
+  requireTeamMembership,
+} from '@classytic/arc/permissions';
+export { requireOrgMembership, requireOrgRole, requireTeamMembership };
+/**
+ * Require organization owner (checks member.role, not user.roles)
+ */
+export const requireOrgOwner = ()${returnType} =>
+  requireOrgRole(['owner']);
+/**
+ * Require organization manager or higher (checks member.role, not user.roles)
+ */
+export const requireOrgManager = ()${returnType} =>
+  requireOrgRole(['manager', 'admin', 'owner']);
+/**
+ * Require any organization member (any role)
+ */
+export const requireOrgStaff = ()${returnType} =>
+  requireOrgMembership();
+`;
+	else content += `
 /**
- * Require organization owner
+ * Require organization owner (elevated scope auto-bypasses)
  */
 export const requireOrgOwner = ()${returnType} =>
-  requireRoles(['owner'], { bypassRoles: ['admin', 'superadmin'] });
+  requireRoles(['owner', 'admin', 'superadmin']);
 /**
  * Require organization manager or higher
  */
 export const requireOrgManager = ()${returnType} =>
-  requireRoles(['owner', 'manager'], { bypassRoles: ['admin', 'superadmin'] });
+  requireRoles(['owner', 'manager', 'admin', 'superadmin']);
 /**
  * Require organization staff (any org member)
  */
 export const requireOrgStaff = ()${returnType} =>
-  requireRoles(['owner', 'manager', 'staff'], { bypassRoles: ['admin', 'superadmin'] });
+  requireRoles(['owner', 'manager', 'staff', 'admin', 'superadmin']);
 `;
-  }
-  content += `
+	content += `
 // ============================================================================
 // Standard Permission Sets
 // ============================================================================
@@ -1292,8 +1293,8 @@ export const adminPermissions = {
   delete: requireSuperadmin(),
 };
 `;
-  if (config.tenant === "multi") {
-    content += `
+	if (config.tenant === "multi") {
+		content += `
 /**
  * Organization staff permissions
  */
@@ -1305,24 +1306,45 @@ export const orgStaffPermissions = {
   delete: requireOrgOwner(),
 };
 `;
-  }
-  return content;
+		if (config.auth === "better-auth") content += `
+/**
+ * Team-scoped permissions (requires active team)
+ * Uses Better Auth's team membership — flat groups, no team-level roles.
+ */
+export const teamScopedPermissions = {
+  list: requireTeamMembership(),
+  get: requireTeamMembership(),
+  create: requireTeamMembership(),
+  update: requireTeamMembership(),
+  delete: requireOrgOwner(),
+};
+`;
+	}
+	return content;
 }
 function configTemplate(config) {
-  const ts = config.typescript;
-  let typeDefinition = "";
-  if (ts) {
-    typeDefinition = `
+	const ts = config.typescript;
+	const authTypeBlock = config.auth === "better-auth" ? `
+  betterAuth: {
+    secret: string;
+  };
+  frontend: {
+    url: string;
+  };` : `
+  jwt: {
+    secret: string;
+    expiresIn: string;
+  };`;
+	let typeDefinition = "";
+	if (ts) typeDefinition = `
 export interface AppConfig {
   env: string;
+  isDev: boolean;
+  isProd: boolean;
   server: {
     port: number;
     host: string;
-  };
-  jwt: {
-    secret: string;
-    expiresIn: string;
-  };
+  };${authTypeBlock}
   cors: {
     origins: string[] | boolean;  // true = allow all ('*')
     methods: string[];
@@ -1332,13 +1354,24 @@ export interface AppConfig {
   database: {
     uri: string;
   };` : ""}${config.tenant === "multi" ? `
-  org?: {
+  org: {
     header: string;
   };` : ""}
 }
 `;
-  }
-  return `/**
+	const authConfigBlock = config.auth === "better-auth" ? `
+  betterAuth: {
+    secret: process.env.BETTER_AUTH_SECRET || 'dev-secret-change-in-production-min-32-chars',
+  },
+  frontend: {
+    url: process.env.FRONTEND_URL || 'http://localhost:3000',
+  },` : `
+  jwt: {
+    secret: process.env.JWT_SECRET || 'dev-secret-change-in-production-min-32',
+    expiresIn: process.env.JWT_EXPIRES_IN || '7d',
+  },`;
+	return `/**
  * Application Configuration
  *
  * All config is loaded from environment variables.
@@ -1347,16 +1380,14 @@ export interface AppConfig {
 ${typeDefinition}
 const config${ts ? ": AppConfig" : ""} = {
   env: process.env.NODE_ENV || 'development',
+  isDev: (process.env.NODE_ENV || 'development') !== 'production',
+  isProd: process.env.NODE_ENV === 'production',
   server: {
     port: parseInt(process.env.PORT || '8040', 10),
     host: process.env.HOST || '0.0.0.0',
   },
-  jwt: {
-    secret: process.env.JWT_SECRET || 'dev-secret-change-in-production-min-32',
-    expiresIn: process.env.JWT_EXPIRES_IN || '7d',
-  },
+${authConfigBlock}
   cors: {
     // '*' = allow all origins (true), otherwise comma-separated list
@@ -1382,12 +1413,12 @@ export default config;
 `;
 }
 function exampleModelTemplate(config) {
-  const ts = config.typescript;
-  const typeExport = ts ? `
+	const ts = config.typescript;
+	const typeExport = ts ? `
 export type ExampleDocument = mongoose.InferSchemaType<typeof exampleSchema>;
 export type ExampleModel = mongoose.Model<ExampleDocument>;
 ` : "";
-  return `/**
+	return `/**
  * Example Model
  * Generated by Arc CLI
  */
@@ -1419,10 +1450,8 @@ export default Example;
 `;
 }
 function exampleRepositoryTemplate(config) {
-  const ts = config.typescript;
-  const typeImport = ts ? "import type { ExampleDocument } from './example.model.js';\n" : "";
-  const generic = ts ? "<ExampleDocument>" : "";
-  return `/**
+	const ts = config.typescript;
+	return `/**
  * Example Repository
  * Generated by Arc CLI
  *
@@ -1436,9 +1465,9 @@ import {
   softDeletePlugin,
   methodRegistryPlugin,
 } from '@classytic/mongokit';
-${typeImport}import Example from './example.model.js';
+${ts ? "import type { ExampleDocument } from './example.model.js';\n" : ""}import Example from './example.model.js';
-class ExampleRepository extends Repository${generic} {
+class ExampleRepository extends Repository${ts ? "<ExampleDocument>" : ""} {
   constructor() {
     super(Example, [
       methodRegistryPlugin(),  // Required for plugin method registration
@@ -1474,9 +1503,8 @@ export { ExampleRepository };
 `;
 }
 function exampleResourceTemplate(config) {
-  config.typescript;
-  config.tenant === "multi" ? "['softDelete', 'flexibleMultiTenant']" : "['softDelete']";
-  return `/**
+	const ts = config.typescript;
+	return `/**
  * Example Resource
  * Generated by Arc CLI
  *
@@ -1489,12 +1517,12 @@ function exampleResourceTemplate(config) {
 import { defineResource } from '@classytic/arc';
 import { createAdapter } from '#shared/adapter.js';
-import { publicReadPermissions } from '#shared/permissions.js';
-${config.tenant === "multi" ? "import { flexibleMultiTenantPreset } from '#shared/presets/flexible-multi-tenant.js';\n" : ""}import Example from './example.model.js';
+import { ${config.tenant === "multi" ? "orgStaffPermissions" : "publicReadPermissions"} } from '#shared/permissions.js';
+${config.tenant === "multi" ? "import { flexibleMultiTenantPreset } from '#shared/presets/flexible-multi-tenant.js';\n" : ""}import Example${ts ? ", { type ExampleDocument }" : ""} from './example.model.js';
 import exampleRepository from './example.repository.js';
 import exampleController from './example.controller.js';
-const exampleResource = defineResource({
+const exampleResource = defineResource${ts ? "<ExampleDocument>" : ""}({
   name: 'example',
   displayName: 'Examples',
   prefix: '/examples',
@@ -1507,7 +1535,7 @@ const exampleResource = defineResource({
     flexibleMultiTenantPreset({ tenantField: 'organizationId' }),` : ""}
   ],
-  permissions: publicReadPermissions,
+  permissions: ${config.tenant === "multi" ? "orgStaffPermissions" : "publicReadPermissions"},
   // Add custom routes here:
   // additionalRoutes: [
@@ -1524,8 +1552,7 @@ export default exampleResource;
 `;
 }
 function exampleControllerTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+	return `/**
  * Example Controller
  * Generated by Arc CLI
  *
@@ -1541,7 +1568,11 @@ import { exampleSchemaOptions } from './example.schemas.js';
 class ExampleController extends BaseController {
   constructor() {
-    super(exampleRepository${ts ? " as any" : ""}, { schemaOptions: exampleSchemaOptions });
+    super(exampleRepository${config.typescript ? " as any" : ""}, {
+      schemaOptions: exampleSchemaOptions,${config.tenant === "multi" ? `
+      tenantField: 'organizationId', // Configurable tenant field for multi-tenant` : `
+      // tenantField: 'organizationId', // For multi-tenant apps`}
+    });
   }
   // Add custom controller methods here:
@@ -1555,9 +1586,9 @@ export default exampleController;
 `;
 }
 function exampleSchemasTemplate(config) {
-  const ts = config.typescript;
-  const multiTenantFields = config.tenant === "multi";
-  return `/**
+	const ts = config.typescript;
+	const multiTenantFields = config.tenant === "multi";
+	return `/**
  * Example Schemas
  * Generated by Arc CLI
  *
@@ -1602,8 +1633,8 @@ export default crudSchemas;
 `;
 }
 function exampleTestTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+	const ts = config.typescript;
+	return `/**
  * Example Resource Tests
  * Generated by Arc CLI
  *
@@ -1668,13 +1699,13 @@ ${config.adapter === "mongokit" ? "    await mongoose.connection.close();" : ""}
 `;
 }
 function userModelTemplate(config) {
-  const ts = config.typescript;
-  const orgRoles = config.tenant === "multi" ? `
+	const ts = config.typescript;
+	const orgRoles = config.tenant === "multi" ? `
 // Organization roles (for multi-tenant)
 const ORG_ROLES = ['owner', 'manager', 'hr', 'staff', 'contractor'] as const;
 type OrgRole = typeof ORG_ROLES[number];
 ` : "";
-  const orgInterface = config.tenant === "multi" ? `
+	const orgInterface = config.tenant === "multi" ? `
 type UserOrganization = {
   organizationId: Types.ObjectId;
   organizationName: string;
@@ -1682,7 +1713,7 @@ type UserOrganization = {
   joinedAt: Date;
 };
 ` : "";
-  const orgSchema = config.tenant === "multi" ? `
+	const orgSchema = config.tenant === "multi" ? `
     // Multi-org support
     organizations: [{
       organizationId: { type: Schema.Types.ObjectId, ref: 'Organization', required: true },
@@ -1691,7 +1722,7 @@ type UserOrganization = {
       joinedAt: { type: Date, default: () => new Date() },
     }],
 ` : "";
-  const orgMethods = config.tenant === "multi" ? `
+	const orgMethods = config.tenant === "multi" ? `
 // Organization methods
 userSchema.methods.getOrgRoles = function(orgId${ts ? ": Types.ObjectId | string" : ""}) {
   const org = this.organizations.find(o => o.organizationId.toString() === orgId.toString());
@@ -1725,7 +1756,7 @@ userSchema.methods.removeOrganization = function(organizationId${ts ? ": Types.O
 // Index for org queries
 userSchema.index({ 'organizations.organizationId': 1 });
 ` : "";
-  const userType = ts ? `
+	const userType = ts ? `
 type PlatformRole = 'user' | 'admin' | 'superadmin';
 type User = {
@@ -1749,7 +1780,7 @@ type UserMethods = {
 export type UserDocument = HydratedDocument<User, UserMethods>;
 export type UserModel = Model<User, {}, UserMethods>;
 ` : "";
-  return `/**
+	return `/**
  * User Model
  * Generated by Arc CLI
  */
@@ -1812,9 +1843,8 @@ export default User;
 `;
 }
 function userRepositoryTemplate(config) {
-  const ts = config.typescript;
-  const typeImport = ts ? "import type { UserDocument } from './user.model.js';\nimport type { ClientSession, Types } from 'mongoose';\n" : "";
-  return `/**
+	const ts = config.typescript;
+	return `/**
  * User Repository
  * Generated by Arc CLI
  *
@@ -1826,7 +1856,7 @@ import {
   methodRegistryPlugin,
   mongoOperationsPlugin,
 } from '@classytic/mongokit';
-${typeImport}import User from './user.model.js';
+${ts ? "import type { UserDocument } from './user.model.js';\nimport type { ClientSession, Types } from 'mongoose';\n" : ""}import User from './user.model.js';
 ${ts ? "type ID = string | Types.ObjectId;\n" : ""}
 class UserRepository extends Repository${ts ? "<UserDocument>" : ""} {
@@ -1904,8 +1934,7 @@ export { UserRepository };
 `;
 }
 function userControllerTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+	return `/**
  * User Controller
  * Generated by Arc CLI
  *
@@ -1918,7 +1947,7 @@ import userRepository from './user.repository.js';
 class UserController extends BaseController {
   constructor() {
-    super(userRepository${ts ? " as any" : ""});
+    super(userRepository${config.typescript ? " as any" : ""});
   }
   // Custom user operations can be added here
@@ -1929,8 +1958,8 @@ export default userController;
 `;
 }
 function authResourceTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+	const ts = config.typescript;
+	return `/**
  * Auth Resource
  * Generated by Arc CLI
  *
@@ -1972,7 +2001,7 @@ export const authResource = defineResource({
       permissions: allowPublic(),
       handler: handlers.register,
       wrapHandler: false,
-      schema: { body: schemas.registerBody },
+      schema: { body: schemas.registerBody, response: { 201: schemas.successResponse } },
     },
     {
       method: 'POST',
@@ -1981,7 +2010,7 @@ export const authResource = defineResource({
       permissions: allowPublic(),
       handler: handlers.login,
       wrapHandler: false,
-      schema: { body: schemas.loginBody },
+      schema: { body: schemas.loginBody, response: { 200: schemas.loginResponse } },
     },
     {
       method: 'POST',
@@ -1990,7 +2019,7 @@ export const authResource = defineResource({
       permissions: allowPublic(),
       handler: handlers.refreshToken,
       wrapHandler: false,
-      schema: { body: schemas.refreshBody },
+      schema: { body: schemas.refreshBody, response: { 200: schemas.tokenResponse } },
     },
     {
       method: 'POST',
@@ -1999,7 +2028,7 @@ export const authResource = defineResource({
       permissions: allowPublic(),
       handler: handlers.forgotPassword,
       wrapHandler: false,
-      schema: { body: schemas.forgotBody },
+      schema: { body: schemas.forgotBody, response: { 200: schemas.successResponse } },
     },
     {
       method: 'POST',
@@ -2008,7 +2037,7 @@ export const authResource = defineResource({
       permissions: allowPublic(),
       handler: handlers.resetPassword,
       wrapHandler: false,
-      schema: { body: schemas.resetBody },
+      schema: { body: schemas.resetBody, response: { 200: schemas.successResponse } },
     },
   ],
 });
@@ -2033,6 +2062,7 @@ export const userProfileResource = defineResource({
       permissions: requireAuth(),
       handler: handlers.getUserProfile,
       wrapHandler: false,
+      schema: { response: { 200: schemas.userProfileResponse } },
     },
     {
       method: 'PATCH',
@@ -2041,7 +2071,7 @@ export const userProfileResource = defineResource({
       permissions: requireAuth(),
       handler: handlers.updateUserProfile,
       wrapHandler: false,
-      schema: { body: schemas.updateUserBody },
+      schema: { body: schemas.updateUserBody, response: { 200: schemas.userProfileResponse } },
     },
   ],
 });
@@ -2049,26 +2079,128 @@ export const userProfileResource = defineResource({
 export default authResource;
 `;
 }
+function betterAuthSetupTemplate(config) {
+	const ts = config.typescript;
+	const mongoImport = config.adapter === "mongokit" ? `import mongoose from 'mongoose';
+import { mongodbAdapter } from 'better-auth/adapters/mongodb';` : "";
+	const dbAdapter = config.adapter === "mongokit" ? config.typescript ? `database: mongodbAdapter(mongoose.connection.getClient().db() as any),` : `database: mongodbAdapter(mongoose.connection.getClient().db()),` : `// Configure your database adapter here
+    // See: https://www.better-auth.com/docs/concepts/database`;
+	const orgPlugin = config.tenant === "multi" ? `
+import { organization } from 'better-auth/plugins/organization';
+import { bearer } from 'better-auth/plugins/bearer';` : "";
+	const orgPluginUsage = config.tenant === "multi" ? `
+      plugins: [
+        bearer(),
+        organization({
+          allowUserToCreateOrganization: true,
+          creatorRole: 'owner',
+          teams: {
+            enabled: true,
+          },
+        }),
+      ],` : "";
+	return `/**
+ * Better Auth Configuration
+ * Generated by Arc CLI
+ *
+ * Authentication is handled entirely by Better Auth.
+ * Routes are registered automatically at /api/auth/*
+ *
+ * Better Auth manages these collections:
+ * - user, session, account${config.tenant === "multi" ? ", organization, member, invitation, team, teamMember" : ""}
+ *
+ * @see https://www.better-auth.com/docs
+ */
+import { betterAuth } from 'better-auth';
+${mongoImport}${orgPlugin}
+import config from '#config/index.js';
+let _auth${ts ? ": ReturnType<typeof betterAuth> | null" : ""} = null;
+/**
+ * Get the Better Auth instance (lazy singleton)
+ *
+ * Must be called AFTER database connection is established.
+ */
+export function getAuth()${ts ? ": ReturnType<typeof betterAuth>" : ""} {
+  if (process.env.NODE_ENV === 'production' && !process.env.BETTER_AUTH_SECRET) {
+    throw new Error('BETTER_AUTH_SECRET is required in production (min 32 chars)');
+  }
+  if (!_auth) {
+    _auth = betterAuth({
+      secret: config.betterAuth.secret,
+      baseURL: process.env.BETTER_AUTH_URL || \`http://localhost:\${config.server.port}\`,
+      basePath: '/api/auth',
+      ${dbAdapter}
+${config.tenant === "multi" ? `
+      user: {
+        additionalFields: {
+          roles: {
+            type: 'string[]',
+            defaultValue: ['user'],
+            required: false,
+            input: false, // Cannot be set during signup
+          },
+        },
+      },
+` : ""}
+      emailAndPassword: {
+        enabled: true,
+        minPasswordLength: 6,
+      },
+      // Google OAuth (enabled when env vars are set)
+      ...(process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET
+        ? {
+            socialProviders: {
+              google: {
+                clientId: process.env.GOOGLE_CLIENT_ID,
+                clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+              },
+            },
+          }
+        : {}),
+${orgPluginUsage}
+      session: {
+        cookieCache: {
+          enabled: true,
+          maxAge: 5 * 60, // 5 minutes
+        },
+      },
+      trustedOrigins: [config.frontend.url],
+      rateLimit: {
+        enabled: process.env.NODE_ENV === 'production',
+      },
+    });
+  }
+  return _auth;
+}
+export default getAuth;
+`;
+}
 function authHandlersTemplate(config) {
-  const ts = config.typescript;
-  const typeAnnotations = ts ? `
-import type { FastifyRequest, FastifyReply } from 'fastify';
-` : "";
-  return `/**
+	const ts = config.typescript;
+	return `/**
  * Auth Handlers
  * Generated by Arc CLI
+ *
+ * Uses Arc's built-in JWT utilities via fastify.auth (provided by @fastify/jwt v10).
+ * No standalone jsonwebtoken dependency needed.
  */
-import jwt from 'jsonwebtoken';
-import config from '#config/index.js';
 import userRepository from '../user/user.repository.js';
-${typeAnnotations}
-// Token helpers
-function generateTokens(userId${ts ? ": string" : ""}) {
-  const accessToken = jwt.sign({ id: userId }, config.jwt.secret, { expiresIn: '15m' });
-  const refreshToken = jwt.sign({ id: userId }, config.jwt.secret, { expiresIn: '7d' });
-  return { accessToken, refreshToken };
-}
+${ts ? `
+import type { FastifyRequest, FastifyReply } from 'fastify';
+// Load Arc auth type augmentations (adds request.server.auth typings)
+import '@classytic/arc/auth';
+` : ""}
 /**
  * Register new user
@@ -2104,7 +2236,7 @@ export async function login(request${ts ? ": FastifyRequest" : ""}, reply${ts ?
       return reply.code(401).send({ success: false, message: 'Invalid credentials' });
     }
-    const tokens = generateTokens(user._id.toString());
+    const tokens = request.server.auth.issueTokens({ id: user._id.toString(), roles: user.roles });
     return reply.send({
       success: true,
@@ -2127,8 +2259,8 @@ export async function refreshToken(request${ts ? ": FastifyRequest" : ""}, reply
       return reply.code(401).send({ success: false, message: 'Refresh token required' });
     }
-    const decoded = jwt.verify(token, config.jwt.secret)${ts ? " as { id: string }" : ""};
-    const tokens = generateTokens(decoded.id);
+    const decoded = request.server.auth.verifyRefreshToken(token)${ts ? " as { id: string }" : ""};
+    const tokens = request.server.auth.issueTokens({ id: decoded.id });
     return reply.send({ success: true, ...tokens });
   } catch {
@@ -2145,11 +2277,12 @@ export async function forgotPassword(request${ts ? ": FastifyRequest" : ""}, rep
     const user = await userRepository.findByEmail(email);
     if (user) {
-      const token = Math.random().toString(36).slice(2) + Date.now().toString(36);
+      const { randomBytes } = await import('node:crypto');
+      const token = randomBytes(32).toString('hex');
       const expires = new Date(Date.now() + 3600000); // 1 hour
       await userRepository.setResetToken(user._id, token, expires);
-      // TODO: Send email with reset link
-      request.log.info(\`Password reset token for \${email}: \${token}\`);
+      // SCAFFOLD: Integrate your email provider to send the reset link
+      request.log.info(\`Password reset requested for \${email}\`);
     }
     // Always return success to prevent email enumeration
@@ -2221,8 +2354,8 @@ export async function updateUserProfile(request${ts ? ": FastifyRequest" : ""},
 }
 `;
 }
-function authSchemasTemplate(config) {
-  return `/**
+function authSchemasTemplate(_config) {
+	return `/**
  * Auth Schemas
  * Generated by Arc CLI
  */
@@ -2278,11 +2411,56 @@ export const updateUserBody = {
     email: { type: 'string', format: 'email' },
   },
 };
+// Response schemas (enables fast-json-stringify serialization)
+export const successResponse = {
+  type: 'object',
+  properties: {
+    success: { type: 'boolean' },
+    message: { type: 'string' },
+  },
+};
+export const loginResponse = {
+  type: 'object',
+  properties: {
+    success: { type: 'boolean' },
+    user: {
+      type: 'object',
+      properties: {
+        id: { type: 'string' },
+        name: { type: 'string' },
+        email: { type: 'string' },
+        roles: { type: 'array', items: { type: 'string' } },
+      },
+    },
+    accessToken: { type: 'string' },
+    refreshToken: { type: 'string' },
+  },
+};
+export const tokenResponse = {
+  type: 'object',
+  properties: {
+    success: { type: 'boolean' },
+    accessToken: { type: 'string' },
+    refreshToken: { type: 'string' },
+  },
+};
+export const userProfileResponse = {
+  type: 'object',
+  properties: {
+    success: { type: 'boolean' },
+    data: { type: 'object', additionalProperties: true },
+  },
+};
 `;
 }
 function authTestTemplate(config) {
-  const ts = config.typescript;
-  return `/**
+	const ts = config.typescript;
+	return `/**
  * Auth Tests
  * Generated by Arc CLI
  */
@@ -2378,18 +2556,32 @@ ${config.adapter === "mongokit" ? `    await mongoose.connection.collection('use
 `;
 }
 function printSuccessMessage(config, skipInstall) {
-  const installStep = skipInstall ? `  npm install
-` : "";
-  console.log(`
+	const installStep = skipInstall ? `  npm install\n` : "";
+	const ext = config.typescript ? "ts" : "js";
+	const authInfo = config.auth === "better-auth" ? `
+Auth (Better Auth):
+  Auth routes:  http://localhost:8040/api/auth/*
+  Better Auth handles: registration, login, sessions, OAuth
+  Config file:  src/auth.${ext}
+` : `
+Auth (JWT):
+  POST /auth/register      # Register
+  POST /auth/login         # Login (returns JWT)
+  POST /auth/refresh       # Refresh token
+  GET  /users/me           # Current user profile
+`;
+	console.log(`
 ╔═══════════════════════════════════════════════════════════════╗
-║                    ✅ Project Created!                        ║
+║                    Project Created                             ║
 ╚═══════════════════════════════════════════════════════════════╝
 Next steps:
   cd ${config.name}
 ${installStep}  npm run dev         # Uses .env.dev automatically
+${authInfo}
 API Documentation:
   http://localhost:8040/docs           # Scalar UI
@@ -2402,15 +2594,13 @@ Run tests:
 Add resources:
-  1. Create folder: src/resources/product/
-  2. Add: index.${config.typescript ? "ts" : "js"}, model.${config.typescript ? "ts" : "js"}, repository.${config.typescript ? "ts" : "js"}
-  3. Register in src/resources/index.${config.typescript ? "ts" : "js"}
+  arc generate resource product
 Project structure:
   src/
-  ├── app.${config.typescript ? "ts" : "js"}        # App factory (for workers/tests)
-  ├── index.${config.typescript ? "ts" : "js"}      # Server entry
+  ├── app.${ext}        # App factory (for workers/tests)
+  ├── index.${ext}      # Server entry${config.auth === "better-auth" ? `\n  ├── auth.${ext}       # Better Auth config` : ""}
   ├── config/       # Configuration
   ├── shared/       # Adapters, presets, permissions
   ├── plugins/      # App plugins (DI pattern)
@@ -2420,6 +2610,7 @@ Documentation:
   https://github.com/classytic/arc
 `);
 }
-var init_default = init;
-export { init_default as default, init };
+//#endregion
+export { init as default, init };
+//# sourceMappingURL=init.mjs.map