npm - @classytic/arc - Versions diffs - 1.1.0 → 2.1.2 - Mend

@classytic/arc 1.1.0 → 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (322) hide show

package/README.md +247 -794
package/bin/arc.js +91 -52
package/dist/EventTransport-BD2U0BTc.d.mts +100 -0
package/dist/EventTransport-BD2U0BTc.d.mts.map +1 -0
package/dist/HookSystem-BsGV-j2l.mjs +405 -0
package/dist/HookSystem-BsGV-j2l.mjs.map +1 -0
package/dist/ResourceRegistry-DsN4KJjV.mjs +250 -0
package/dist/ResourceRegistry-DsN4KJjV.mjs.map +1 -0
package/dist/adapters/index.d.mts +5 -0
package/dist/adapters/index.mjs +3 -0
package/dist/audit/index.d.mts +82 -0
package/dist/audit/index.d.mts.map +1 -0
package/dist/audit/index.mjs +276 -0
package/dist/audit/index.mjs.map +1 -0
package/dist/audit/mongodb.d.mts +5 -0
package/dist/audit/mongodb.mjs +3 -0
package/dist/audited-C3T5DTUx.mjs +141 -0
package/dist/audited-C3T5DTUx.mjs.map +1 -0
package/dist/auth/index.d.mts +189 -0
package/dist/auth/index.d.mts.map +1 -0
package/dist/auth/index.mjs +1102 -0
package/dist/auth/index.mjs.map +1 -0
package/dist/auth/redis-session.d.mts +44 -0
package/dist/auth/redis-session.d.mts.map +1 -0
package/dist/auth/redis-session.mjs +76 -0
package/dist/auth/redis-session.mjs.map +1 -0
package/dist/betterAuthOpenApi-BrHKeSAx.mjs +250 -0
package/dist/betterAuthOpenApi-BrHKeSAx.mjs.map +1 -0
package/dist/cache/index.d.mts +146 -0
package/dist/cache/index.d.mts.map +1 -0
package/dist/cache/index.mjs +92 -0
package/dist/cache/index.mjs.map +1 -0
package/dist/caching-Bl28lYsR.mjs +94 -0
package/dist/caching-Bl28lYsR.mjs.map +1 -0
package/dist/chunk-C7Uep-_p.mjs +20 -0
package/dist/circuitBreaker-DeY4FCjs.mjs +1097 -0
package/dist/circuitBreaker-DeY4FCjs.mjs.map +1 -0
package/dist/cli/commands/describe.d.mts +19 -0
package/dist/cli/commands/describe.d.mts.map +1 -0
package/dist/cli/commands/describe.mjs +239 -0
package/dist/cli/commands/describe.mjs.map +1 -0
package/dist/cli/commands/docs.d.mts +14 -0
package/dist/cli/commands/docs.d.mts.map +1 -0
package/dist/cli/commands/docs.mjs +53 -0
package/dist/cli/commands/docs.mjs.map +1 -0
package/dist/cli/commands/{generate.d.ts → generate.d.mts} +3 -1
package/dist/cli/commands/generate.d.mts.map +1 -0
package/dist/cli/commands/generate.mjs +358 -0
package/dist/cli/commands/generate.mjs.map +1 -0
package/dist/cli/commands/{init.d.ts → init.d.mts} +12 -8
package/dist/cli/commands/init.d.mts.map +1 -0
package/dist/cli/commands/{init.js → init.mjs} +807 -616
package/dist/cli/commands/init.mjs.map +1 -0
package/dist/cli/commands/introspect.d.mts +11 -0
package/dist/cli/commands/introspect.d.mts.map +1 -0
package/dist/cli/commands/introspect.mjs +76 -0
package/dist/cli/commands/introspect.mjs.map +1 -0
package/dist/cli/index.d.mts +17 -0
package/dist/cli/index.d.mts.map +1 -0
package/dist/cli/index.mjs +157 -0
package/dist/cli/index.mjs.map +1 -0
package/dist/constants-DdXFXQtN.mjs +85 -0
package/dist/constants-DdXFXQtN.mjs.map +1 -0
package/dist/core/index.d.mts +5 -0
package/dist/core/index.mjs +4 -0
package/dist/createApp-CUgNqegw.mjs +560 -0
package/dist/createApp-CUgNqegw.mjs.map +1 -0
package/dist/defineResource-k0_BDn8v.mjs +2197 -0
package/dist/defineResource-k0_BDn8v.mjs.map +1 -0
package/dist/discovery/index.d.mts +47 -0
package/dist/discovery/index.d.mts.map +1 -0
package/dist/discovery/index.mjs +110 -0
package/dist/discovery/index.mjs.map +1 -0
package/dist/docs/index.d.mts +163 -0
package/dist/docs/index.d.mts.map +1 -0
package/dist/docs/index.mjs +73 -0
package/dist/docs/index.mjs.map +1 -0
package/dist/elevation-BRy3yFWT.mjs +113 -0
package/dist/elevation-BRy3yFWT.mjs.map +1 -0
package/dist/elevation-B_2dRLVP.d.mts +88 -0
package/dist/elevation-B_2dRLVP.d.mts.map +1 -0
package/dist/errorHandler-BbcgBmIH.d.mts +73 -0
package/dist/errorHandler-BbcgBmIH.d.mts.map +1 -0
package/dist/errorHandler-C1okiriz.mjs +109 -0
package/dist/errorHandler-C1okiriz.mjs.map +1 -0
package/dist/errors-B9bZok84.mjs +212 -0
package/dist/errors-B9bZok84.mjs.map +1 -0
package/dist/errors-ChKiFz62.d.mts +125 -0
package/dist/errors-ChKiFz62.d.mts.map +1 -0
package/dist/eventPlugin-CTrLH3mt.d.mts +125 -0
package/dist/eventPlugin-CTrLH3mt.d.mts.map +1 -0
package/dist/eventPlugin-DGR_B2on.mjs +230 -0
package/dist/eventPlugin-DGR_B2on.mjs.map +1 -0
package/dist/events/index.d.mts +54 -0
package/dist/events/index.d.mts.map +1 -0
package/dist/events/index.mjs +52 -0
package/dist/events/index.mjs.map +1 -0
package/dist/events/transports/redis-stream-entry.d.mts +2 -0
package/dist/events/transports/redis-stream-entry.mjs +178 -0
package/dist/events/transports/redis-stream-entry.mjs.map +1 -0
package/dist/events/transports/redis.d.mts +77 -0
package/dist/events/transports/redis.d.mts.map +1 -0
package/dist/events/transports/redis.mjs +125 -0
package/dist/events/transports/redis.mjs.map +1 -0
package/dist/externalPaths-DlINfKbP.d.mts +51 -0
package/dist/externalPaths-DlINfKbP.d.mts.map +1 -0
package/dist/factory/index.d.mts +64 -0
package/dist/factory/index.d.mts.map +1 -0
package/dist/factory/index.mjs +3 -0
package/dist/fastifyAdapter-BkrGrlFi.d.mts +217 -0
package/dist/fastifyAdapter-BkrGrlFi.d.mts.map +1 -0
package/dist/fields-DyaDVX4J.d.mts +110 -0
package/dist/fields-DyaDVX4J.d.mts.map +1 -0
package/dist/fields-iagOozy0.mjs +115 -0
package/dist/fields-iagOozy0.mjs.map +1 -0
package/dist/hooks/index.d.mts +4 -0
package/dist/hooks/index.mjs +3 -0
package/dist/idempotency/index.d.mts +97 -0
package/dist/idempotency/index.d.mts.map +1 -0
package/dist/idempotency/index.mjs +320 -0
package/dist/idempotency/index.mjs.map +1 -0
package/dist/idempotency/mongodb.d.mts +2 -0
package/dist/idempotency/mongodb.mjs +115 -0
package/dist/idempotency/mongodb.mjs.map +1 -0
package/dist/idempotency/redis.d.mts +2 -0
package/dist/idempotency/redis.mjs +104 -0
package/dist/idempotency/redis.mjs.map +1 -0
package/dist/index.d.mts +261 -0
package/dist/index.d.mts.map +1 -0
package/dist/index.mjs +105 -0
package/dist/index.mjs.map +1 -0
package/dist/integrations/event-gateway.d.mts +47 -0
package/dist/integrations/event-gateway.d.mts.map +1 -0
package/dist/integrations/event-gateway.mjs +44 -0
package/dist/integrations/event-gateway.mjs.map +1 -0
package/dist/integrations/index.d.mts +5 -0
package/dist/integrations/index.mjs +1 -0
package/dist/integrations/jobs.d.mts +104 -0
package/dist/integrations/jobs.d.mts.map +1 -0
package/dist/integrations/jobs.mjs +124 -0
package/dist/integrations/jobs.mjs.map +1 -0
package/dist/integrations/streamline.d.mts +61 -0
package/dist/integrations/streamline.d.mts.map +1 -0
package/dist/integrations/streamline.mjs +126 -0
package/dist/integrations/streamline.mjs.map +1 -0
package/dist/integrations/websocket.d.mts +83 -0
package/dist/integrations/websocket.d.mts.map +1 -0
package/dist/integrations/websocket.mjs +289 -0
package/dist/integrations/websocket.mjs.map +1 -0
package/dist/interface-B01JvPVc.d.mts +78 -0
package/dist/interface-B01JvPVc.d.mts.map +1 -0
package/dist/interface-CZe8IkMf.d.mts +55 -0
package/dist/interface-CZe8IkMf.d.mts.map +1 -0
package/dist/interface-Ch8HU9uM.d.mts +1098 -0
package/dist/interface-Ch8HU9uM.d.mts.map +1 -0
package/dist/introspectionPlugin-rFdO8ZUa.mjs +54 -0
package/dist/introspectionPlugin-rFdO8ZUa.mjs.map +1 -0
package/dist/keys-BqNejWup.mjs +43 -0
package/dist/keys-BqNejWup.mjs.map +1 -0
package/dist/logger-Df2O2WsW.mjs +79 -0
package/dist/logger-Df2O2WsW.mjs.map +1 -0
package/dist/memory-cQgelFOj.mjs +144 -0
package/dist/memory-cQgelFOj.mjs.map +1 -0
package/dist/migrations/index.d.mts +157 -0
package/dist/migrations/index.d.mts.map +1 -0
package/dist/migrations/index.mjs +261 -0
package/dist/migrations/index.mjs.map +1 -0
package/dist/mongodb-BfJVlUJH.mjs +94 -0
package/dist/mongodb-BfJVlUJH.mjs.map +1 -0
package/dist/mongodb-CGzRbfAK.d.mts +119 -0
package/dist/mongodb-CGzRbfAK.d.mts.map +1 -0
package/dist/mongodb-JN-9JA7K.d.mts +72 -0
package/dist/mongodb-JN-9JA7K.d.mts.map +1 -0
package/dist/openapi-G3Cw7XuM.mjs +524 -0
package/dist/openapi-G3Cw7XuM.mjs.map +1 -0
package/dist/org/index.d.mts +69 -0
package/dist/org/index.d.mts.map +1 -0
package/dist/org/index.mjs +514 -0
package/dist/org/index.mjs.map +1 -0
package/dist/org/types.d.mts +83 -0
package/dist/org/types.d.mts.map +1 -0
package/dist/org/types.mjs +1 -0
package/dist/permissions/index.d.mts +279 -0
package/dist/permissions/index.d.mts.map +1 -0
package/dist/permissions/index.mjs +579 -0
package/dist/permissions/index.mjs.map +1 -0
package/dist/plugins/index.d.mts +173 -0
package/dist/plugins/index.d.mts.map +1 -0
package/dist/plugins/index.mjs +523 -0
package/dist/plugins/index.mjs.map +1 -0
package/dist/plugins/response-cache.d.mts +88 -0
package/dist/plugins/response-cache.d.mts.map +1 -0
package/dist/plugins/response-cache.mjs +284 -0
package/dist/plugins/response-cache.mjs.map +1 -0
package/dist/plugins/tracing-entry.d.mts +2 -0
package/dist/plugins/tracing-entry.mjs +186 -0
package/dist/plugins/tracing-entry.mjs.map +1 -0
package/dist/pluralize-CEweyOEm.mjs +87 -0
package/dist/pluralize-CEweyOEm.mjs.map +1 -0
package/dist/policies/{index.d.ts → index.d.mts} +204 -169
package/dist/policies/index.d.mts.map +1 -0
package/dist/policies/index.mjs +322 -0
package/dist/policies/index.mjs.map +1 -0
package/dist/presets/{index.d.ts → index.d.mts} +63 -131
package/dist/presets/index.d.mts.map +1 -0
package/dist/presets/index.mjs +144 -0
package/dist/presets/index.mjs.map +1 -0
package/dist/presets/multiTenant.d.mts +25 -0
package/dist/presets/multiTenant.d.mts.map +1 -0
package/dist/presets/multiTenant.mjs +114 -0
package/dist/presets/multiTenant.mjs.map +1 -0
package/dist/presets-BITljm96.mjs +120 -0
package/dist/presets-BITljm96.mjs.map +1 -0
package/dist/presets-DzSMwlKj.d.mts +58 -0
package/dist/presets-DzSMwlKj.d.mts.map +1 -0
package/dist/prisma-DJbMt3yf.mjs +628 -0
package/dist/prisma-DJbMt3yf.mjs.map +1 -0
package/dist/prisma-Dg9GoVdj.d.mts +275 -0
package/dist/prisma-Dg9GoVdj.d.mts.map +1 -0
package/dist/queryCachePlugin-7THaI5mt.d.mts +72 -0
package/dist/queryCachePlugin-7THaI5mt.d.mts.map +1 -0
package/dist/queryCachePlugin-DMBnp2Q0.mjs +139 -0
package/dist/queryCachePlugin-DMBnp2Q0.mjs.map +1 -0
package/dist/redis-D-JAeLtm.d.mts +50 -0
package/dist/redis-D-JAeLtm.d.mts.map +1 -0
package/dist/redis-stream-Bdh_vUU8.d.mts +104 -0
package/dist/redis-stream-Bdh_vUU8.d.mts.map +1 -0
package/dist/registry/index.d.mts +12 -0
package/dist/registry/index.d.mts.map +1 -0
package/dist/registry/index.mjs +4 -0
package/dist/requestContext-QQD6ROJc.mjs +56 -0
package/dist/requestContext-QQD6ROJc.mjs.map +1 -0
package/dist/schemaConverter-BwrmWroW.mjs +99 -0
package/dist/schemaConverter-BwrmWroW.mjs.map +1 -0
package/dist/schemas/index.d.mts +64 -0
package/dist/schemas/index.d.mts.map +1 -0
package/dist/schemas/index.mjs +83 -0
package/dist/schemas/index.mjs.map +1 -0
package/dist/scope/index.d.mts +22 -0
package/dist/scope/index.d.mts.map +1 -0
package/dist/scope/index.mjs +66 -0
package/dist/scope/index.mjs.map +1 -0
package/dist/sessionManager-jPKLbHE0.d.mts +187 -0
package/dist/sessionManager-jPKLbHE0.d.mts.map +1 -0
package/dist/sse-B3c3_yZp.mjs +124 -0
package/dist/sse-B3c3_yZp.mjs.map +1 -0
package/dist/testing/index.d.mts +908 -0
package/dist/testing/index.d.mts.map +1 -0
package/dist/testing/index.mjs +1977 -0
package/dist/testing/index.mjs.map +1 -0
package/dist/tracing-Cc7vVQPp.d.mts +71 -0
package/dist/tracing-Cc7vVQPp.d.mts.map +1 -0
package/dist/typeGuards-DhMNLuvU.mjs +10 -0
package/dist/typeGuards-DhMNLuvU.mjs.map +1 -0
package/dist/types/index.d.mts +947 -0
package/dist/types/index.d.mts.map +1 -0
package/dist/types/index.mjs +15 -0
package/dist/types/index.mjs.map +1 -0
package/dist/types-Beqn1Un7.mjs +39 -0
package/dist/types-Beqn1Un7.mjs.map +1 -0
package/dist/types-CIgB7UUl.d.mts +446 -0
package/dist/types-CIgB7UUl.d.mts.map +1 -0
package/dist/types-aYB4V7uN.d.mts +87 -0
package/dist/types-aYB4V7uN.d.mts.map +1 -0
package/dist/utils/index.d.mts +748 -0
package/dist/utils/index.d.mts.map +1 -0
package/dist/utils/index.mjs +6 -0
package/package.json +194 -68
package/dist/BaseController-DVAiHxEQ.d.ts +0 -233
package/dist/adapters/index.d.ts +0 -237
package/dist/adapters/index.js +0 -668
package/dist/arcCorePlugin-CsShQdyP.d.ts +0 -273
package/dist/audit/index.d.ts +0 -195
package/dist/audit/index.js +0 -319
package/dist/auth/index.d.ts +0 -47
package/dist/auth/index.js +0 -174
package/dist/cli/commands/docs.d.ts +0 -11
package/dist/cli/commands/docs.js +0 -474
package/dist/cli/commands/generate.js +0 -334
package/dist/cli/commands/introspect.d.ts +0 -8
package/dist/cli/commands/introspect.js +0 -338
package/dist/cli/index.d.ts +0 -4
package/dist/cli/index.js +0 -3269
package/dist/core/index.d.ts +0 -220
package/dist/core/index.js +0 -2786
package/dist/createApp-Ce9wl8W9.d.ts +0 -77
package/dist/docs/index.d.ts +0 -166
package/dist/docs/index.js +0 -658
package/dist/errors-8WIxGS_6.d.ts +0 -122
package/dist/events/index.d.ts +0 -117
package/dist/events/index.js +0 -89
package/dist/factory/index.d.ts +0 -38
package/dist/factory/index.js +0 -1652
package/dist/hooks/index.d.ts +0 -4
package/dist/hooks/index.js +0 -199
package/dist/idempotency/index.d.ts +0 -323
package/dist/idempotency/index.js +0 -500
package/dist/index-B4t03KQ0.d.ts +0 -1366
package/dist/index.d.ts +0 -135
package/dist/index.js +0 -4756
package/dist/migrations/index.d.ts +0 -185
package/dist/migrations/index.js +0 -274
package/dist/org/index.d.ts +0 -129
package/dist/org/index.js +0 -220
package/dist/permissions/index.d.ts +0 -144
package/dist/permissions/index.js +0 -103
package/dist/plugins/index.d.ts +0 -46
package/dist/plugins/index.js +0 -1069
package/dist/policies/index.js +0 -196
package/dist/presets/index.js +0 -384
package/dist/presets/multiTenant.d.ts +0 -39
package/dist/presets/multiTenant.js +0 -112
package/dist/registry/index.d.ts +0 -16
package/dist/registry/index.js +0 -253
package/dist/testing/index.d.ts +0 -618
package/dist/testing/index.js +0 -48020
package/dist/types/index.d.ts +0 -4
package/dist/types/index.js +0 -8
package/dist/types-B99TBmFV.d.ts +0 -76
package/dist/types-BvckRbs2.d.ts +0 -143
package/dist/utils/index.d.ts +0 -679
package/dist/utils/index.js +0 -931

package/dist/policies/{index.d.ts → index.d.mts} RENAMED Viewed

@@ -1,130 +1,91 @@
-import { FastifyRequest, FastifyReply } from 'fastify';
-/**
- * Policy Interface
- *
- * Pluggable authorization interface for Arc.
- * Apps implement this interface to define custom authorization strategies.
- *
- * @example RBAC Policy
- * ```typescript
- * class RBACPolicy implements PolicyEngine {
- *   can(user, operation, context) {
- *     return {
- *       allowed: user.roles.includes('admin'),
- *       reason: 'Admin role required',
- *     };
- *   }
- *   toMiddleware(operation) {
- *     return async (request, reply) => {
- *       const result = await this.can(request.user, operation);
- *       if (!result.allowed) {
- *         reply.code(403).send({ error: result.reason });
- *       }
- *     };
- *   }
- * }
- * ```
- *
- * @example ABAC (Attribute-Based) Policy
- * ```typescript
- * class ABACPolicy implements PolicyEngine {
- *   can(user, operation, context) {
- *     return {
- *       allowed: this.evaluateAttributes(user, operation, context),
- *       filters: { department: user.department },
- *       fieldMask: { exclude: ['salary', 'ssn'] },
- *     };
- *   }
- *   // ...
- * }
- * ```
- */
+import { t as PermissionCheck } from "../types-aYB4V7uN.mjs";
+import { FastifyReply, FastifyRequest } from "fastify";
+//#region src/policies/PolicyInterface.d.ts
 /**
  * Policy result returned by can() method
  */
 interface PolicyResult {
-    /**
-     * Whether the operation is allowed
-     */
-    allowed: boolean;
-    /**
-     * Human-readable reason if denied
-     * Returned in 403 error responses
-     */
-    reason?: string;
-    /**
-     * Query filters to apply (for list operations)
-     *
-     * @example
-     * ```typescript
-     * // Multi-tenant filter
-     * { organizationId: user.organizationId }
-     *
-     * // Ownership filter
-     * { userId: user.id }
-     *
-     * // Complex filter
-     * { $or: [{ public: true }, { createdBy: user.id }] }
-     * ```
-     */
-    filters?: Record<string, any>;
-    /**
-     * Fields to include/exclude in response
-     *
-     * @example
-     * ```typescript
-     * // Hide sensitive fields from non-admins
-     * { exclude: ['password', 'ssn', 'salary'] }
-     *
-     * // Only show specific fields
-     * { include: ['name', 'email', 'role'] }
-     * ```
-     */
-    fieldMask?: {
-        include?: string[];
-        exclude?: string[];
-    };
-    /**
-     * Additional context for downstream middleware
-     *
-     * @example
-     * ```typescript
-     * {
-     *   auditLog: { action: 'read', resource: 'patient', userId: user.id },
-     *   rateLimit: { tier: user.subscriptionTier },
-     * }
-     * ```
-     */
-    metadata?: Record<string, any>;
+  /**
+   * Whether the operation is allowed
+   */
+  allowed: boolean;
+  /**
+   * Human-readable reason if denied
+   * Returned in 403 error responses
+   */
+  reason?: string;
+  /**
+   * Query filters to apply (for list operations)
+   *
+   * @example
+   * ```typescript
+   * // Multi-tenant filter
+   * { organizationId: user.organizationId }
+   *
+   * // Ownership filter
+   * { userId: user.id }
+   *
+   * // Complex filter
+   * { $or: [{ public: true }, { createdBy: user.id }] }
+   * ```
+   */
+  filters?: Record<string, any>;
+  /**
+   * Fields to include/exclude in response
+   *
+   * @example
+   * ```typescript
+   * // Hide sensitive fields from non-admins
+   * { exclude: ['password', 'ssn', 'salary'] }
+   *
+   * // Only show specific fields
+   * { include: ['name', 'email', 'role'] }
+   * ```
+   */
+  fieldMask?: {
+    include?: string[];
+    exclude?: string[];
+  };
+  /**
+   * Additional context for downstream middleware
+   *
+   * @example
+   * ```typescript
+   * {
+   *   auditLog: { action: 'read', resource: 'patient', userId: user.id },
+   *   rateLimit: { tier: user.subscriptionTier },
+   * }
+   * ```
+   */
+  metadata?: Record<string, any>;
 }
 /**
  * Policy context provided to can() method
  */
 interface PolicyContext {
-    /**
-     * The document being accessed (for update/delete/get)
-     * Populated by fetchDocument middleware
-     */
-    document?: any;
-    /**
-     * Request body (for create/update)
-     */
-    body?: any;
-    /**
-     * Request params (e.g., :id from route)
-     */
-    params?: any;
-    /**
-     * Request query parameters
-     */
-    query?: any;
-    /**
-     * Additional app-specific context
-     * Can include anything your policy needs to make decisions
-     */
-    [key: string]: any;
+  /**
+   * The document being accessed (for update/delete/get)
+   * Populated by fetchDocument middleware
+   */
+  document?: any;
+  /**
+   * Request body (for create/update)
+   */
+  body?: any;
+  /**
+   * Request params (e.g., :id from route)
+   */
+  params?: any;
+  /**
+   * Request query parameters
+   */
+  query?: any;
+  /**
+   * Additional app-specific context
+   * Can include anything your policy needs to make decisions
+   */
+  [key: string]: any;
 }
 /**
  * Policy Engine Interface
@@ -212,48 +173,48 @@ interface PolicyContext {
  * ```
  */
 interface PolicyEngine {
-    /**
-     * Check if user can perform operation
-     *
-     * @param user - User object from request (request.user)
-     * @param operation - Operation name (list, get, create, update, delete, custom)
-     * @param context - Additional context (document, body, params, query, etc.)
-     * @returns Policy result with allowed/denied and optional filters/fieldMask
-     *
-     * @example
-     * ```typescript
-     * const result = await policy.can(request.user, 'update', {
-     *   document: existingDocument,
-     *   body: request.body,
-     * });
-     *
-     * if (!result.allowed) {
-     *   throw new Error(result.reason);
-     * }
-     * ```
-     */
-    can(user: any, operation: string, context?: PolicyContext): PolicyResult | Promise<PolicyResult>;
-    /**
-     * Generate Fastify middleware for this policy
-     *
-     * Called during route registration to create preHandler middleware.
-     * Middleware should:
-     * 1. Call can() with request context
-     * 2. Return 403 if denied
-     * 3. Attach result to request for downstream use
-     *
-     * @param operation - Operation name (list, get, create, update, delete)
-     * @returns Fastify preHandler middleware
-     *
-     * @example
-     * ```typescript
-     * const middleware = policy.toMiddleware('update');
-     * fastify.put('/products/:id', {
-     *   preHandler: [authenticate, middleware],
-     * }, handler);
-     * ```
-     */
-    toMiddleware(operation: string): (request: FastifyRequest, reply: FastifyReply) => Promise<void>;
+  /**
+   * Check if user can perform operation
+   *
+   * @param user - User object from request (request.user)
+   * @param operation - Operation name (list, get, create, update, delete, custom)
+   * @param context - Additional context (document, body, params, query, etc.)
+   * @returns Policy result with allowed/denied and optional filters/fieldMask
+   *
+   * @example
+   * ```typescript
+   * const result = await policy.can(request.user, 'update', {
+   *   document: existingDocument,
+   *   body: request.body,
+   * });
+   *
+   * if (!result.allowed) {
+   *   throw new Error(result.reason);
+   * }
+   * ```
+   */
+  can(user: any, operation: string, context?: PolicyContext): PolicyResult | Promise<PolicyResult>;
+  /**
+   * Generate Fastify middleware for this policy
+   *
+   * Called during route registration to create preHandler middleware.
+   * Middleware should:
+   * 1. Call can() with request context
+   * 2. Return 403 if denied
+   * 3. Attach result to request for downstream use
+   *
+   * @param operation - Operation name (list, get, create, update, delete)
+   * @returns Fastify preHandler middleware
+   *
+   * @example
+   * ```typescript
+   * const middleware = policy.toMiddleware('update');
+   * fastify.put('/products/:id', {
+   *   preHandler: [authenticate, middleware],
+   * }, handler);
+   * ```
+   */
+  toMiddleware(operation: string): (request: FastifyRequest, reply: FastifyReply) => Promise<void>;
 }
 /**
  * Policy factory function signature
@@ -278,18 +239,91 @@ type PolicyFactory<TConfig = any> = (config: TConfig) => PolicyEngine;
 /**
  * Extended Fastify request with policy result
  */
-declare module 'fastify' {
-    interface FastifyRequest {
-        policyResult?: PolicyResult;
-    }
+/**
+ * Access control statement
+ *
+ * Maps to Better Auth's organization permission model
+ * where permissions are defined as resource + action pairs.
+ */
+interface AccessControlStatement {
+  /** Resource name (e.g., 'product', 'order') */
+  resource: string;
+  /** Allowed actions on this resource */
+  action: string[];
 }
 /**
- * Policy Helper Utilities
+ * Options for createAccessControlPolicy
+ */
+interface AccessControlPolicyOptions {
+  /** Permission statements defining resource-action pairs */
+  statements: AccessControlStatement[];
+  /**
+   * Optional async permission check against external source (e.g., org role permissions).
+   * Called when the static statements allow the action — use this for dynamic checks
+   * like verifying the user's org role actually grants the permission.
+   *
+   * @param userId - ID of the user
+   * @param resource - Resource being accessed
+   * @param action - Action being performed
+   * @returns Whether the user has the permission
+   */
+  checkPermission?: (userId: string, resource: string, action: string) => Promise<boolean>;
+}
+/**
+ * Create a PermissionCheck from access control statements.
  *
- * Common operations for working with PolicyEngine implementations.
+ * Maps Better Auth's statement-based access control model to Arc's
+ * PermissionCheck function, which can be used directly in resource permissions.
+ *
+ * The returned PermissionCheck:
+ * 1. Looks up the resource + action in the statements list
+ * 2. If no matching statement exists, denies access
+ * 3. If a matching statement exists and `checkPermission` is provided,
+ *    calls it for dynamic verification (e.g., check org role)
+ * 4. If `checkPermission` is not provided, allows access based on static statements
+ *
+ * @example Static statements only
+ * ```typescript
+ * import { createAccessControlPolicy } from '@classytic/arc/policies';
+ *
+ * const editorPermissions = createAccessControlPolicy({
+ *   statements: [
+ *     { resource: 'product', action: ['create', 'update'] },
+ *     { resource: 'order', action: ['read'] },
+ *   ],
+ * });
+ *
+ * // Use in resource config
+ * defineResource({
+ *   name: 'product',
+ *   permissions: {
+ *     create: editorPermissions,
+ *     update: editorPermissions,
+ *   },
+ * });
+ * ```
+ *
+ * @example With dynamic permission check (Better Auth org roles)
+ * ```typescript
+ * const policy = createAccessControlPolicy({
+ *   statements: [
+ *     { resource: 'product', action: ['create', 'update'] },
+ *     { resource: 'order', action: ['read'] },
+ *   ],
+ *   checkPermission: async (userId, resource, action) => {
+ *     return hasOrgPermission(userId, resource, action);
+ *   },
+ * });
+ * ```
  */
+declare function createAccessControlPolicy(options: AccessControlPolicyOptions): PermissionCheck;
+declare module 'fastify' {
+  interface FastifyRequest {
+    policyResult?: PolicyResult;
+  }
+} //# sourceMappingURL=PolicyInterface.d.ts.map
+//#endregion
+//#region src/policies/helpers.d.ts
 /**
  * Helper to create Fastify middleware from any PolicyEngine implementation
  *
@@ -394,5 +428,6 @@ declare function allowAll(): PolicyEngine;
  * ```
  */
 declare function denyAll(reason?: string): PolicyEngine;
-export { type PolicyContext, type PolicyEngine, type PolicyFactory, type PolicyResult, allowAll, anyPolicy, combinePolicies, createPolicyMiddleware, denyAll };
+//#endregion
+export { type AccessControlPolicyOptions, type AccessControlStatement, type PolicyContext, type PolicyEngine, type PolicyFactory, type PolicyResult, allowAll, anyPolicy, combinePolicies, createAccessControlPolicy, createPolicyMiddleware, denyAll };
+//# sourceMappingURL=index.d.mts.map

package/dist/policies/index.d.mts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.mts","names":[],"sources":["../../src/policies/PolicyInterface.ts","../../src/policies/helpers.ts"],"mappings":";;;;;;;UA+CiB,YAAA;EAyMb;;;EArMF,OAAA;EA4NA;;;;EAtNA,MAAA;EAwN6B;;;;AAsB/B;;;;;;;;;;AAWA;EAxOE,OAAA,GAAU,MAAA;;;;AAkPZ;;;;;;;;;EApOE,SAAA;IACE,OAAA;IACA,OAAA;EAAA;EAiSY;;;;;;;;;AAmDf;;EAtUC,QAAA,GAAW,MAAA;AAAA;;;;UAMI,aAAA;EAoUc;;;;EA/T7B,QAAA;ECnFc;;;EDwFd,IAAA;ECrFW;;;ED0FX,MAAA;EC1F0D;;;ED+F1D,KAAA;EC/FW;;;;EAAA,CDqGV,GAAA;AAAA;;AC5BH;;;;;;;;;AA4HA;;;;;;;;;AA2FA;;;;;AA6BA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;UDhIiB,YAAA;;;;;;;;;;;;;;;;;;;;;EAqBf,GAAA,CACE,IAAA,OACA,SAAA,UACA,OAAA,GAAU,aAAA,GACT,YAAA,GAAe,OAAA,CAAQ,YAAA;;;;;;;;;;;;;;;;;;;;;EAsB1B,YAAA,CACE,SAAA,YACE,OAAA,EAAS,cAAA,EAAgB,KAAA,EAAO,YAAA,KAAiB,OAAA;AAAA;;;;;;;;;;;;;;;;;;;;KAsB3C,aAAA,mBAAgC,MAAA,EAAQ,OAAA,KAAY,YAAA;;;;;;;;;;UAW/C,sBAAA;;EAEf,QAAA;;EAEA,MAAA;AAAA;;;;UAMe,0BAAA;;EAEf,UAAA,EAAY,sBAAA;;;;;;;;;;;EAWZ,eAAA,IAAmB,MAAA,UAAgB,QAAA,UAAkB,MAAA,aAAmB,OAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAkD1D,yBAAA,CACd,OAAA,EAAS,0BAAA,GACR,eAAA;AAAA;EAAA,UAoDS,cAAA;IACR,YAAA,GAAe,YAAA;EAAA;AAAA;;;;;;;;;;;;;;;AApUnB;;;;;;;;;;;iBC9EgB,sBAAA,CACd,MAAA,EAAQ,YAAA,EACR,SAAA,YACE,OAAA,EAAS,cAAA,EAAgB,KAAA,EAAO,YAAA,KAAiB,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ADoQrD;iBC3LgB,eAAA,CAAA,GAAmB,QAAA,EAAU,YAAA,KAAiB,YAAA;;;;;;;;;ADsM9D;;;;;AAUA;;;;;;;iBCpFgB,SAAA,CAAA,GAAa,QAAA,EAAU,YAAA,KAAiB,YAAA;;;;;;ADmJxD;;;;;;;iBCxDgB,QAAA,CAAA,GAAY,YAAA;;AD2G3B;;;;;;;;;;;;;AC9YD;iBAgUgB,OAAA,CAAQ,MAAA,YAAmC,YAAA"}