@classytic/arc 1.1.0 → 2.1.2

package/dist/index.js

@@ -1,4756 +0,0 @@
-import fp from 'fastify-plugin';
-import { randomUUID } from 'crypto';
-import { createRequire } from 'module';
-import Fastify from 'fastify';
-import qs from 'qs';
-
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __esm = (fn, res) => function __init() {
-  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-
-// src/hooks/HookSystem.ts
-var HookSystem, hookSystem;
-var init_HookSystem = __esm({
-  "src/hooks/HookSystem.ts"() {
-    HookSystem = class {
-      hooks;
-      logger;
-      constructor(options) {
-        this.hooks = /* @__PURE__ */ new Map();
-        this.logger = options?.logger ?? { error: (...args) => console.error(...args) };
-      }
-      /**
-       * Generate hook key
-       */
-      getKey(resource, operation, phase) {
-        return `${resource}:${operation}:${phase}`;
-      }
-      /**
-       * Register a hook
-       * Supports both object parameter and positional arguments
-       */
-      register(resourceOrOptions, operation, phase, handler, priority = 10) {
-        let resource;
-        let finalOperation;
-        let finalPhase;
-        let finalHandler;
-        let finalPriority;
-        if (typeof resourceOrOptions === "object") {
-          resource = resourceOrOptions.resource;
-          finalOperation = resourceOrOptions.operation;
-          finalPhase = resourceOrOptions.phase;
-          finalHandler = resourceOrOptions.handler;
-          finalPriority = resourceOrOptions.priority ?? 10;
-        } else {
-          resource = resourceOrOptions;
-          finalOperation = operation;
-          finalPhase = phase;
-          finalHandler = handler;
-          finalPriority = priority;
-        }
-        const key = this.getKey(resource, finalOperation, finalPhase);
-        if (!this.hooks.has(key)) {
-          this.hooks.set(key, []);
-        }
-        const registration = {
-          resource,
-          operation: finalOperation,
-          phase: finalPhase,
-          handler: finalHandler,
-          priority: finalPriority
-        };
-        const hooks = this.hooks.get(key);
-        hooks.push(registration);
-        hooks.sort((a, b) => a.priority - b.priority);
-        return () => {
-          const idx = hooks.indexOf(registration);
-          if (idx !== -1) {
-            hooks.splice(idx, 1);
-          }
-        };
-      }
-      /**
-       * Register before hook
-       */
-      before(resource, operation, handler, priority = 10) {
-        return this.register(resource, operation, "before", handler, priority);
-      }
-      /**
-       * Register after hook
-       */
-      after(resource, operation, handler, priority = 10) {
-        return this.register(resource, operation, "after", handler, priority);
-      }
-      /**
-       * Execute hooks for a given context
-       */
-      async execute(ctx) {
-        const key = this.getKey(ctx.resource, ctx.operation, ctx.phase);
-        const hooks = this.hooks.get(key) ?? [];
-        const wildcardKey = this.getKey("*", ctx.operation, ctx.phase);
-        const wildcardHooks = this.hooks.get(wildcardKey) ?? [];
-        const allHooks = [...wildcardHooks, ...hooks];
-        allHooks.sort((a, b) => a.priority - b.priority);
-        let result = ctx.data;
-        for (const hook of allHooks) {
-          const handlerContext = {
-            resource: ctx.resource,
-            operation: ctx.operation,
-            phase: ctx.phase,
-            data: result,
-            result: ctx.result,
-            user: ctx.user,
-            context: ctx.context,
-            meta: ctx.meta
-          };
-          const hookResult = await hook.handler(handlerContext);
-          if (hookResult !== void 0 && hookResult !== null) {
-            result = hookResult;
-          }
-        }
-        return result;
-      }
-      /**
-       * Execute before hooks
-       */
-      async executeBefore(resource, operation, data, options) {
-        const result = await this.execute({
-          resource,
-          operation,
-          phase: "before",
-          data,
-          user: options?.user,
-          context: options?.context,
-          meta: options?.meta
-        });
-        return result ?? data;
-      }
-      /**
-       * Execute after hooks
-       * Errors in after hooks are logged but don't fail the request
-       */
-      async executeAfter(resource, operation, result, options) {
-        try {
-          await this.execute({
-            resource,
-            operation,
-            phase: "after",
-            result,
-            user: options?.user,
-            context: options?.context,
-            meta: options?.meta
-          });
-        } catch (error) {
-          this.logger.error(
-            `[HookSystem] Error in after hook for ${resource}:${operation}:`,
-            error
-          );
-        }
-      }
-      /**
-       * Get all registered hooks
-       */
-      getAll() {
-        const all = [];
-        for (const hooks of this.hooks.values()) {
-          all.push(...hooks);
-        }
-        return all;
-      }
-      /**
-       * Get hooks for a specific resource
-       */
-      getForResource(resource) {
-        const all = [];
-        for (const [key, hooks] of this.hooks.entries()) {
-          if (key.startsWith(`${resource}:`)) {
-            all.push(...hooks);
-          }
-        }
-        return all;
-      }
-      /**
-       * Clear all hooks
-       */
-      clear() {
-        this.hooks.clear();
-      }
-      /**
-       * Clear hooks for a specific resource
-       */
-      clearResource(resource) {
-        for (const key of this.hooks.keys()) {
-          if (key.startsWith(`${resource}:`)) {
-            this.hooks.delete(key);
-          }
-        }
-      }
-    };
-    hookSystem = new HookSystem();
-  }
-});
-
-// src/registry/ResourceRegistry.ts
-var ResourceRegistry, registryKey, globalScope, resourceRegistry;
-var init_ResourceRegistry = __esm({
-  "src/registry/ResourceRegistry.ts"() {
-    ResourceRegistry = class {
-      _resources;
-      _frozen;
-      constructor() {
-        this._resources = /* @__PURE__ */ new Map();
-        this._frozen = false;
-      }
-      /**
-       * Register a resource
-       */
-      register(resource, options = {}) {
-        if (this._frozen) {
-          throw new Error(
-            `Registry frozen. Cannot register '${resource.name}' after startup.`
-          );
-        }
-        if (this._resources.has(resource.name)) {
-          throw new Error(`Resource '${resource.name}' already registered.`);
-        }
-        const entry = {
-          name: resource.name,
-          displayName: resource.displayName,
-          tag: resource.tag,
-          prefix: resource.prefix,
-          module: options.module ?? void 0,
-          adapter: resource.adapter ? {
-            type: resource.adapter.type,
-            name: resource.adapter.name
-          } : null,
-          permissions: resource.permissions,
-          presets: resource._appliedPresets ?? [],
-          routes: [],
-          // Populated later by getIntrospection()
-          additionalRoutes: resource.additionalRoutes.map((r) => ({
-            method: r.method,
-            path: r.path,
-            handler: typeof r.handler === "string" ? r.handler : r.handler.name || "anonymous",
-            summary: r.summary,
-            description: r.description,
-            permissions: r.permissions,
-            wrapHandler: r.wrapHandler,
-            schema: r.schema
-            // Include schema for OpenAPI docs
-          })),
-          events: Object.keys(resource.events ?? {}),
-          registeredAt: (/* @__PURE__ */ new Date()).toISOString(),
-          disableDefaultRoutes: resource.disableDefaultRoutes,
-          openApiSchemas: options.openApiSchemas,
-          plugin: resource.toPlugin()
-          // Store plugin factory
-        };
-        this._resources.set(resource.name, entry);
-        return this;
-      }
-      /**
-       * Get resource by name
-       */
-      get(name) {
-        return this._resources.get(name);
-      }
-      /**
-       * Get all resources
-       */
-      getAll() {
-        return Array.from(this._resources.values());
-      }
-      /**
-       * Get resources by module
-       */
-      getByModule(moduleName) {
-        return this.getAll().filter((r) => r.module === moduleName);
-      }
-      /**
-       * Get resources by preset
-       */
-      getByPreset(presetName) {
-        return this.getAll().filter((r) => r.presets.includes(presetName));
-      }
-      /**
-       * Check if resource exists
-       */
-      has(name) {
-        return this._resources.has(name);
-      }
-      /**
-       * Get registry statistics
-       */
-      getStats() {
-        const resources = this.getAll();
-        const presetCounts = {};
-        for (const r of resources) {
-          for (const preset of r.presets) {
-            presetCounts[preset] = (presetCounts[preset] ?? 0) + 1;
-          }
-        }
-        return {
-          totalResources: resources.length,
-          byModule: this._groupBy(resources, "module"),
-          presetUsage: presetCounts,
-          totalRoutes: resources.reduce((sum, r) => {
-            const defaultRouteCount = r.disableDefaultRoutes ? 0 : 5;
-            return sum + (r.additionalRoutes?.length ?? 0) + defaultRouteCount;
-          }, 0),
-          totalEvents: resources.reduce((sum, r) => sum + (r.events?.length ?? 0), 0)
-        };
-      }
-      /**
-       * Get full introspection data
-       */
-      getIntrospection() {
-        return {
-          resources: this.getAll().map((r) => {
-            const defaultRoutes = r.disableDefaultRoutes ? [] : [
-              { method: "GET", path: r.prefix, operation: "list" },
-              { method: "GET", path: `${r.prefix}/:id`, operation: "get" },
-              { method: "POST", path: r.prefix, operation: "create" },
-              { method: "PATCH", path: `${r.prefix}/:id`, operation: "update" },
-              { method: "DELETE", path: `${r.prefix}/:id`, operation: "delete" }
-            ];
-            return {
-              name: r.name,
-              displayName: r.displayName,
-              prefix: r.prefix,
-              module: r.module,
-              presets: r.presets,
-              permissions: r.permissions,
-              routes: [
-                ...defaultRoutes,
-                ...r.additionalRoutes?.map((ar) => ({
-                  method: ar.method,
-                  path: `${r.prefix}${ar.path}`,
-                  operation: typeof ar.handler === "string" ? ar.handler : "custom",
-                  handler: typeof ar.handler === "string" ? ar.handler : void 0,
-                  summary: ar.summary
-                })) ?? []
-              ],
-              events: r.events
-            };
-          }),
-          stats: this.getStats(),
-          generatedAt: (/* @__PURE__ */ new Date()).toISOString()
-        };
-      }
-      /**
-       * Freeze registry (prevent further registrations)
-       */
-      freeze() {
-        this._frozen = true;
-      }
-      /**
-       * Check if frozen
-       */
-      isFrozen() {
-        return this._frozen;
-      }
-      /**
-       * Unfreeze registry (for testing)
-       */
-      _unfreeze() {
-        this._frozen = false;
-      }
-      /**
-       * Clear all resources (for testing)
-       */
-      _clear() {
-        this._resources.clear();
-        this._frozen = false;
-      }
-      /**
-       * Group by key
-       */
-      _groupBy(arr, key) {
-        const result = {};
-        for (const item of arr) {
-          const k = String(item[key] ?? "uncategorized");
-          result[k] = (result[k] ?? 0) + 1;
-        }
-        return result;
-      }
-    };
-    registryKey = /* @__PURE__ */ Symbol.for("arc.resourceRegistry");
-    globalScope = globalThis;
-    resourceRegistry = globalScope[registryKey] ?? new ResourceRegistry();
-    if (!globalScope[registryKey]) {
-      globalScope[registryKey] = resourceRegistry;
-    }
-  }
-});
-
-// src/utils/errors.ts
-function isArcError(error) {
-  return error instanceof ArcError;
-}
-var ArcError, NotFoundError, ValidationError, UnauthorizedError, ForbiddenError;
-var init_errors = __esm({
-  "src/utils/errors.ts"() {
-    ArcError = class extends Error {
-      name;
-      code;
-      statusCode;
-      details;
-      cause;
-      timestamp;
-      requestId;
-      constructor(message, options = {}) {
-        super(message);
-        this.name = "ArcError";
-        this.code = options.code ?? "ARC_ERROR";
-        this.statusCode = options.statusCode ?? 500;
-        this.details = options.details;
-        this.cause = options.cause;
-        this.timestamp = (/* @__PURE__ */ new Date()).toISOString();
-        this.requestId = options.requestId;
-        if (Error.captureStackTrace) {
-          Error.captureStackTrace(this, this.constructor);
-        }
-      }
-      /**
-       * Set request ID (typically from request context)
-       */
-      withRequestId(requestId) {
-        this.requestId = requestId;
-        return this;
-      }
-      /**
-       * Convert to JSON response
-       */
-      toJSON() {
-        return {
-          success: false,
-          error: this.message,
-          code: this.code,
-          timestamp: this.timestamp,
-          ...this.requestId && { requestId: this.requestId },
-          ...this.details && { details: this.details }
-        };
-      }
-    };
-    NotFoundError = class extends ArcError {
-      constructor(resource, identifier) {
-        const message = identifier ? `${resource} with identifier '${identifier}' not found` : `${resource} not found`;
-        super(message, {
-          code: "NOT_FOUND",
-          statusCode: 404,
-          details: { resource, identifier }
-        });
-        this.name = "NotFoundError";
-      }
-    };
-    ValidationError = class extends ArcError {
-      errors;
-      constructor(message, errors = []) {
-        super(message, {
-          code: "VALIDATION_ERROR",
-          statusCode: 400,
-          details: { errors }
-        });
-        this.name = "ValidationError";
-        this.errors = errors;
-      }
-    };
-    UnauthorizedError = class extends ArcError {
-      constructor(message = "Authentication required") {
-        super(message, {
-          code: "UNAUTHORIZED",
-          statusCode: 401
-        });
-        this.name = "UnauthorizedError";
-      }
-    };
-    ForbiddenError = class extends ArcError {
-      constructor(message = "Access denied") {
-        super(message, {
-          code: "FORBIDDEN",
-          statusCode: 403
-        });
-        this.name = "ForbiddenError";
-      }
-    };
-  }
-});
-var requestIdPlugin, requestId_default;
-var init_requestId = __esm({
-  "src/plugins/requestId.ts"() {
-    requestIdPlugin = async (fastify, opts = {}) => {
-      const {
-        header = "x-request-id",
-        generator = randomUUID,
-        setResponseHeader = true
-      } = opts;
-      if (!fastify.hasRequestDecorator("requestId")) {
-        fastify.decorateRequest("requestId", "");
-      }
-      fastify.addHook("onRequest", async (request) => {
-        const incomingId = request.headers[header];
-        const requestId = typeof incomingId === "string" && incomingId.trim() ? incomingId.trim() : generator();
-        request.id = requestId;
-        request.requestId = requestId;
-      });
-      if (setResponseHeader) {
-        fastify.addHook("onSend", async (request, reply) => {
-          reply.header(header, request.requestId);
-        });
-      }
-      fastify.log?.debug?.("Request ID plugin registered");
-    };
-    requestId_default = fp(requestIdPlugin, {
-      name: "arc-request-id",
-      fastify: "5.x"
-    });
-  }
-});
-async function runChecks(checks) {
-  const results = [];
-  for (const check of checks) {
-    const start = Date.now();
-    const timeout = check.timeout ?? 5e3;
-    try {
-      const checkPromise = Promise.resolve(check.check());
-      const timeoutPromise = new Promise((_, reject) => {
-        setTimeout(() => reject(new Error("Health check timeout")), timeout);
-      });
-      const healthy = await Promise.race([checkPromise, timeoutPromise]);
-      results.push({
-        name: check.name,
-        healthy: Boolean(healthy),
-        duration: Date.now() - start
-      });
-    } catch (err) {
-      results.push({
-        name: check.name,
-        healthy: false,
-        duration: Date.now() - start,
-        error: err.message
-      });
-    }
-  }
-  return results;
-}
-var httpMetrics, healthPlugin, health_default;
-var init_health = __esm({
-  "src/plugins/health.ts"() {
-    httpMetrics = {
-      requestsTotal: {},
-      requestDurations: [],
-      startTime: Date.now()
-    };
-    healthPlugin = async (fastify, opts = {}) => {
-      const {
-        prefix = "/_health",
-        checks = [],
-        metrics = false,
-        metricsCollector,
-        version: version2,
-        collectHttpMetrics = metrics
-      } = opts;
-      fastify.get(`${prefix}/live`, {
-        schema: {
-          tags: ["Health"],
-          summary: "Liveness probe",
-          description: "Returns 200 if the process is alive",
-          response: {
-            200: {
-              type: "object",
-              properties: {
-                status: { type: "string", enum: ["ok"] },
-                timestamp: { type: "string" },
-                version: { type: "string" }
-              }
-            }
-          }
-        }
-      }, async () => {
-        return {
-          status: "ok",
-          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-          ...version2 ? { version: version2 } : {}
-        };
-      });
-      fastify.get(`${prefix}/ready`, {
-        schema: {
-          tags: ["Health"],
-          summary: "Readiness probe",
-          description: "Returns 200 if all dependencies are healthy",
-          response: {
-            200: {
-              type: "object",
-              properties: {
-                status: { type: "string", enum: ["ready", "not_ready"] },
-                timestamp: { type: "string" },
-                checks: {
-                  type: "array",
-                  items: {
-                    type: "object",
-                    properties: {
-                      name: { type: "string" },
-                      healthy: { type: "boolean" },
-                      duration: { type: "number" },
-                      error: { type: "string" }
-                    }
-                  }
-                }
-              }
-            },
-            503: {
-              type: "object",
-              properties: {
-                status: { type: "string", enum: ["not_ready"] },
-                timestamp: { type: "string" },
-                checks: { type: "array" }
-              }
-            }
-          }
-        }
-      }, async (_, reply) => {
-        const results = await runChecks(checks);
-        const criticalFailed = results.some(
-          (r) => !r.healthy && (checks.find((c) => c.name === r.name)?.critical ?? true)
-        );
-        const response = {
-          status: criticalFailed ? "not_ready" : "ready",
-          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-          checks: results
-        };
-        if (criticalFailed) {
-          reply.code(503);
-        }
-        return response;
-      });
-      if (metrics) {
-        fastify.get(`${prefix}/metrics`, async (_, reply) => {
-          reply.type("text/plain; charset=utf-8");
-          if (metricsCollector) {
-            return await metricsCollector();
-          }
-          const uptime = process.uptime();
-          const memory = process.memoryUsage();
-          const cpu = process.cpuUsage();
-          const lines = [
-            "# HELP process_uptime_seconds Process uptime in seconds",
-            "# TYPE process_uptime_seconds gauge",
-            `process_uptime_seconds ${uptime.toFixed(2)}`,
-            "",
-            "# HELP process_memory_heap_bytes Heap memory usage in bytes",
-            "# TYPE process_memory_heap_bytes gauge",
-            `process_memory_heap_bytes{type="used"} ${memory.heapUsed}`,
-            `process_memory_heap_bytes{type="total"} ${memory.heapTotal}`,
-            "",
-            "# HELP process_memory_rss_bytes RSS memory in bytes",
-            "# TYPE process_memory_rss_bytes gauge",
-            `process_memory_rss_bytes ${memory.rss}`,
-            "",
-            "# HELP process_memory_external_bytes External memory in bytes",
-            "# TYPE process_memory_external_bytes gauge",
-            `process_memory_external_bytes ${memory.external}`,
-            "",
-            "# HELP process_cpu_user_microseconds User CPU time in microseconds",
-            "# TYPE process_cpu_user_microseconds counter",
-            `process_cpu_user_microseconds ${cpu.user}`,
-            "",
-            "# HELP process_cpu_system_microseconds System CPU time in microseconds",
-            "# TYPE process_cpu_system_microseconds counter",
-            `process_cpu_system_microseconds ${cpu.system}`,
-            ""
-          ];
-          if (collectHttpMetrics && Object.keys(httpMetrics.requestsTotal).length > 0) {
-            lines.push(
-              "# HELP http_requests_total Total HTTP requests by status code",
-              "# TYPE http_requests_total counter"
-            );
-            for (const [status, count] of Object.entries(httpMetrics.requestsTotal)) {
-              lines.push(`http_requests_total{status="${status}"} ${count}`);
-            }
-            lines.push("");
-            if (httpMetrics.requestDurations.length > 0) {
-              const sorted = [...httpMetrics.requestDurations].sort((a, b) => a - b);
-              const p50 = sorted[Math.floor(sorted.length * 0.5)] || 0;
-              const p95 = sorted[Math.floor(sorted.length * 0.95)] || 0;
-              const p99 = sorted[Math.floor(sorted.length * 0.99)] || 0;
-              const sum = sorted.reduce((a, b) => a + b, 0);
-              lines.push(
-                "# HELP http_request_duration_milliseconds HTTP request duration",
-                "# TYPE http_request_duration_milliseconds summary",
-                `http_request_duration_milliseconds{quantile="0.5"} ${p50.toFixed(2)}`,
-                `http_request_duration_milliseconds{quantile="0.95"} ${p95.toFixed(2)}`,
-                `http_request_duration_milliseconds{quantile="0.99"} ${p99.toFixed(2)}`,
-                `http_request_duration_milliseconds_sum ${sum.toFixed(2)}`,
-                `http_request_duration_milliseconds_count ${sorted.length}`,
-                ""
-              );
-            }
-          }
-          return lines.join("\n");
-        });
-      }
-      if (collectHttpMetrics) {
-        fastify.addHook("onRequest", async (request) => {
-          request._startTime = Date.now();
-        });
-        fastify.addHook("onResponse", async (request, reply) => {
-          const duration = Date.now() - (request._startTime || Date.now());
-          const statusBucket = `${Math.floor(reply.statusCode / 100)}xx`;
-          httpMetrics.requestsTotal[statusBucket] = (httpMetrics.requestsTotal[statusBucket] || 0) + 1;
-          httpMetrics.requestDurations.push(duration);
-          if (httpMetrics.requestDurations.length > 1e4) {
-            httpMetrics.requestDurations.shift();
-          }
-        });
-      }
-      fastify.log?.info?.(`Health plugin registered at ${prefix}`);
-    };
-    health_default = fp(healthPlugin, {
-      name: "arc-health",
-      fastify: "5.x"
-    });
-  }
-});
-function createTracerProvider(options) {
-  if (!isAvailable) {
-    return null;
-  }
-  const { serviceName = "@classytic/arc", exporterUrl = "http://localhost:4318/v1/traces" } = options;
-  const exporter = new OTLPTraceExporter({
-    url: exporterUrl
-  });
-  const provider = new NodeTracerProvider({
-    resource: {
-      attributes: {
-        "service.name": serviceName,
-        "service.version": "1.0.0"
-      }
-    }
-  });
-  provider.addSpanProcessor(new BatchSpanProcessor(exporter));
-  provider.register();
-  return provider;
-}
-async function tracingPlugin(fastify, options = {}) {
-  const {
-    serviceName = "@classytic/arc",
-    autoInstrumentation = true,
-    traceRepository = true,
-    traceController = true,
-    sampleRate = 1
-  } = options;
-  if (!isAvailable) {
-    fastify.log.warn("OpenTelemetry not installed. Tracing disabled.");
-    fastify.log.warn("Install: npm install @opentelemetry/api @opentelemetry/sdk-node");
-    return;
-  }
-  const provider = createTracerProvider(options);
-  if (!provider) {
-    return;
-  }
-  if (autoInstrumentation && getNodeAutoInstrumentations) {
-    getNodeAutoInstrumentations({
-      "@opentelemetry/instrumentation-http": {
-        enabled: true
-      },
-      "@opentelemetry/instrumentation-mongodb": {
-        enabled: true
-      }
-    });
-  }
-  const tracer = trace.getTracer(serviceName);
-  fastify.decorateRequest("tracer", void 0);
-  fastify.addHook("onRequest", async (request, reply) => {
-    if (Math.random() > sampleRate) {
-      return;
-    }
-    const span = tracer.startSpan(`HTTP ${request.method} ${request.url}`, {
-      kind: 1,
-      // SpanKind.SERVER
-      attributes: {
-        "http.method": request.method,
-        "http.url": request.url,
-        "http.target": request.routeOptions?.url ?? request.url,
-        "http.host": request.hostname,
-        "http.scheme": request.protocol,
-        "http.user_agent": request.headers["user-agent"]
-      }
-    });
-    request.tracer = {
-      tracer,
-      currentSpan: span
-    };
-    context.with(trace.setSpan(context.active(), span), () => {
-    });
-  });
-  fastify.addHook("onResponse", async (request, reply) => {
-    if (!request.tracer?.currentSpan) {
-      return;
-    }
-    const span = request.tracer.currentSpan;
-    span.setAttributes({
-      "http.status_code": reply.statusCode,
-      "http.response_content_length": reply.getHeader("content-length")
-    });
-    if (reply.statusCode >= 500) {
-      span.setStatus({
-        code: SpanStatusCode.ERROR,
-        message: `HTTP ${reply.statusCode}`
-      });
-    } else {
-      span.setStatus({ code: SpanStatusCode.OK });
-    }
-    span.end();
-  });
-  fastify.addHook("onError", async (request, reply, error) => {
-    if (!request.tracer?.currentSpan) {
-      return;
-    }
-    const span = request.tracer.currentSpan;
-    span.recordException(error);
-    span.setStatus({
-      code: SpanStatusCode.ERROR,
-      message: error.message
-    });
-  });
-  fastify.log.info({ serviceName }, "OpenTelemetry tracing enabled");
-}
-function createSpan(request, name, fn, attributes) {
-  if (!isAvailable || !request.tracer) {
-    return fn(null);
-  }
-  const { tracer, currentSpan } = request.tracer;
-  const span = tracer.startSpan(
-    name,
-    {
-      parent: currentSpan,
-      attributes: attributes || {}
-    },
-    trace.setSpan(context.active(), currentSpan)
-  );
-  return context.with(trace.setSpan(context.active(), span), async () => {
-    try {
-      const result = await fn(span);
-      span.setStatus({ code: SpanStatusCode.OK });
-      return result;
-    } catch (error) {
-      span.recordException(error);
-      span.setStatus({
-        code: SpanStatusCode.ERROR,
-        message: error.message
-      });
-      throw error;
-    } finally {
-      span.end();
-    }
-  });
-}
-function traced(spanName) {
-  return function(target, propertyKey, descriptor) {
-    const originalMethod = descriptor.value;
-    descriptor.value = async function(...args) {
-      const request = args.find((arg) => arg && arg.tracer);
-      if (!request?.tracer) {
-        return originalMethod.apply(this, args);
-      }
-      const name = spanName || `${target.constructor.name}.${propertyKey}`;
-      return createSpan(request, name, async (span) => {
-        if (span) {
-          span.setAttribute("db.operation", propertyKey);
-          span.setAttribute("db.system", "mongodb");
-        }
-        return originalMethod.apply(this, args);
-      });
-    };
-    return descriptor;
-  };
-}
-function isTracingAvailable() {
-  return isAvailable;
-}
-var require2, trace, context, SpanStatusCode, NodeTracerProvider, BatchSpanProcessor, OTLPTraceExporter, HttpInstrumentation, MongoDBInstrumentation, getNodeAutoInstrumentations, isAvailable, tracing_default;
-var init_tracing = __esm({
-  "src/plugins/tracing.ts"() {
-    require2 = createRequire(import.meta.url);
-    isAvailable = false;
-    try {
-      const api = require2("@opentelemetry/api");
-      trace = api.trace;
-      context = api.context;
-      SpanStatusCode = api.SpanStatusCode;
-      const sdkNode = require2("@opentelemetry/sdk-node");
-      NodeTracerProvider = sdkNode.NodeTracerProvider;
-      BatchSpanProcessor = sdkNode.BatchSpanProcessor;
-      const exporterTraceOtlp = require2("@opentelemetry/exporter-trace-otlp-http");
-      OTLPTraceExporter = exporterTraceOtlp.OTLPTraceExporter;
-      const instrHttp = require2("@opentelemetry/instrumentation-http");
-      HttpInstrumentation = instrHttp.HttpInstrumentation;
-      const instrMongo = require2("@opentelemetry/instrumentation-mongodb");
-      MongoDBInstrumentation = instrMongo.MongoDBInstrumentation;
-      const autoInstr = require2("@opentelemetry/auto-instrumentations-node");
-      getNodeAutoInstrumentations = autoInstr.getNodeAutoInstrumentations;
-      isAvailable = true;
-    } catch (e) {
-    }
-    tracing_default = fp(tracingPlugin, {
-      name: "arc-tracing",
-      fastify: "5.x"
-    });
-  }
-});
-var gracefulShutdownPlugin, gracefulShutdown_default;
-var init_gracefulShutdown = __esm({
-  "src/plugins/gracefulShutdown.ts"() {
-    gracefulShutdownPlugin = async (fastify, opts = {}) => {
-      const {
-        timeout = 3e4,
-        onShutdown,
-        signals = ["SIGTERM", "SIGINT"],
-        logEvents = true
-      } = opts;
-      let isShuttingDown = false;
-      const shutdown = async (signal) => {
-        if (isShuttingDown) {
-          if (logEvents) {
-            fastify.log?.warn?.({ signal }, "Shutdown already in progress, ignoring signal");
-          }
-          return;
-        }
-        isShuttingDown = true;
-        if (logEvents) {
-          fastify.log?.info?.({ signal, timeout }, "Shutdown signal received, starting graceful shutdown");
-        }
-        const forceExitTimer = setTimeout(() => {
-          if (logEvents) {
-            fastify.log?.error?.("Graceful shutdown timeout exceeded, forcing exit");
-          }
-          process.exit(1);
-        }, timeout);
-        forceExitTimer.unref();
-        try {
-          if (logEvents) {
-            fastify.log?.info?.("Closing server to new connections");
-          }
-          await fastify.close();
-          if (onShutdown) {
-            if (logEvents) {
-              fastify.log?.info?.("Running custom shutdown handler");
-            }
-            await onShutdown();
-          }
-          if (logEvents) {
-            fastify.log?.info?.("Graceful shutdown complete");
-          }
-          clearTimeout(forceExitTimer);
-          process.exit(0);
-        } catch (err) {
-          if (logEvents) {
-            fastify.log?.error?.({ error: err.message }, "Error during shutdown");
-          }
-          clearTimeout(forceExitTimer);
-          process.exit(1);
-        }
-      };
-      for (const signal of signals) {
-        process.on(signal, () => {
-          void shutdown(signal);
-        });
-      }
-      fastify.decorate("shutdown", async () => {
-        await shutdown("MANUAL");
-      });
-      if (logEvents) {
-        fastify.log?.debug?.({ signals }, "Graceful shutdown plugin registered");
-      }
-    };
-    gracefulShutdown_default = fp(gracefulShutdownPlugin, {
-      name: "arc-graceful-shutdown",
-      fastify: "5.x"
-    });
-  }
-});
-async function errorHandlerPluginFn(fastify, options = {}) {
-  const {
-    includeStack = process.env.NODE_ENV !== "production",
-    onError,
-    errorMap = {}
-  } = options;
-  fastify.setErrorHandler(async (error, request, reply) => {
-    if (onError) {
-      try {
-        await onError(error, request);
-      } catch (callbackError) {
-        request.log.error({ err: callbackError }, "Error in onError callback");
-      }
-    }
-    const requestId = request.id;
-    const response = {
-      success: false,
-      error: error.message || "Internal Server Error",
-      code: "INTERNAL_ERROR",
-      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-      ...requestId && { requestId }
-    };
-    let statusCode = 500;
-    if (isArcError(error)) {
-      statusCode = error.statusCode;
-      response.code = error.code;
-      if (error.details) {
-        response.details = error.details;
-      }
-      if (error.requestId) {
-        response.requestId = error.requestId;
-      }
-    } else if ("validation" in error && Array.isArray(error.validation)) {
-      statusCode = 400;
-      response.code = "VALIDATION_ERROR";
-      response.error = "Validation failed";
-      response.details = {
-        errors: error.validation?.map((v) => ({
-          field: v.instancePath?.replace(/^\//, "") || v.params?.missingProperty || "unknown",
-          message: v.message || "Invalid value",
-          keyword: v.keyword
-        }))
-      };
-    } else if ("statusCode" in error && typeof error.statusCode === "number") {
-      statusCode = error.statusCode;
-      response.code = statusCodeToCode(statusCode);
-    } else if (error.name && errorMap[error.name]) {
-      const mapping = errorMap[error.name];
-      statusCode = mapping.statusCode;
-      response.code = mapping.code;
-      if (mapping.message) {
-        response.error = mapping.message;
-      }
-    } else if (error.name === "ValidationError" && "errors" in error) {
-      statusCode = 400;
-      response.code = "VALIDATION_ERROR";
-      const mongooseErrors = error.errors;
-      if (process.env.NODE_ENV === "production") {
-        response.details = { errorCount: Object.keys(mongooseErrors).length };
-      } else {
-        response.details = {
-          errors: Object.entries(mongooseErrors).map(([field, err]) => ({
-            field: err.path || field,
-            message: err.message
-          }))
-        };
-      }
-    } else if (error.name === "CastError") {
-      statusCode = 400;
-      response.code = "INVALID_ID";
-      response.error = "Invalid identifier format";
-    } else if (error.name === "MongoServerError" && error.code === 11e3) {
-      statusCode = 409;
-      response.code = "DUPLICATE_KEY";
-      response.error = "Resource already exists";
-      const keyValue = error.keyValue;
-      if (keyValue && process.env.NODE_ENV !== "production") {
-        response.details = { duplicateFields: Object.keys(keyValue) };
-      }
-    }
-    if (includeStack && error.stack) {
-      response.stack = error.stack;
-    }
-    if (statusCode >= 500) {
-      request.log.error({ err: error, statusCode }, "Server error");
-    } else if (statusCode >= 400) {
-      request.log.warn({ err: error, statusCode }, "Client error");
-    }
-    return reply.status(statusCode).send(response);
-  });
-}
-function statusCodeToCode(statusCode) {
-  const codes = {
-    400: "BAD_REQUEST",
-    401: "UNAUTHORIZED",
-    403: "FORBIDDEN",
-    404: "NOT_FOUND",
-    405: "METHOD_NOT_ALLOWED",
-    409: "CONFLICT",
-    422: "UNPROCESSABLE_ENTITY",
-    429: "RATE_LIMITED",
-    500: "INTERNAL_ERROR",
-    502: "BAD_GATEWAY",
-    503: "SERVICE_UNAVAILABLE",
-    504: "GATEWAY_TIMEOUT"
-  };
-  return codes[statusCode] ?? "ERROR";
-}
-var errorHandlerPlugin, errorHandler_default;
-var init_errorHandler = __esm({
-  "src/plugins/errorHandler.ts"() {
-    init_errors();
-    errorHandlerPlugin = fp(errorHandlerPluginFn, {
-      name: "arc-error-handler",
-      fastify: "5.x"
-    });
-    errorHandler_default = errorHandlerPlugin;
-  }
-});
-function hasEvents(instance) {
-  return "events" in instance && instance.events != null && typeof instance.events.publish === "function";
-}
-var arcCorePlugin, arcCorePlugin_default;
-var init_arcCorePlugin = __esm({
-  "src/core/arcCorePlugin.ts"() {
-    init_HookSystem();
-    init_ResourceRegistry();
-    arcCorePlugin = async (fastify, opts = {}) => {
-      const {
-        emitEvents = true,
-        hookSystem: hookSystem2,
-        registry,
-        useGlobalSingletons = false
-      } = opts;
-      const actualHookSystem = useGlobalSingletons ? hookSystem : hookSystem2 ?? new HookSystem();
-      const actualRegistry = useGlobalSingletons ? resourceRegistry : registry ?? new ResourceRegistry();
-      fastify.decorate("arc", {
-        hooks: actualHookSystem,
-        registry: actualRegistry,
-        emitEvents
-      });
-      if (emitEvents) {
-        const eventOperations = ["create", "update", "delete"];
-        for (const operation of eventOperations) {
-          actualHookSystem.after("*", operation, async (ctx) => {
-            if (!hasEvents(fastify)) return;
-            const eventType = `${ctx.resource}.${operation}d`;
-            const payload = {
-              resource: ctx.resource,
-              operation: ctx.operation,
-              data: ctx.result,
-              userId: ctx.user?.id ?? ctx.user?._id,
-              organizationId: ctx.context?.organizationId,
-              timestamp: (/* @__PURE__ */ new Date()).toISOString()
-            };
-            try {
-              await fastify.events.publish(eventType, payload);
-            } catch (error) {
-              fastify.log?.warn?.(
-                { eventType, error },
-                "Failed to emit event"
-              );
-            }
-          });
-        }
-      }
-      fastify.addHook("onClose", async () => {
-        actualHookSystem.clear();
-        actualRegistry._clear();
-      });
-      fastify.log?.info?.("✅ Arc core plugin enabled (instance-scoped hooks & registry)");
-    };
-    arcCorePlugin_default = fp(arcCorePlugin, {
-      name: "arc-core",
-      fastify: "5.x"
-    });
-  }
-});
-
-// src/plugins/index.ts
-var plugins_exports = {};
-__export(plugins_exports, {
-  arcCorePlugin: () => arcCorePlugin_default,
-  arcCorePluginFn: () => arcCorePlugin,
-  createSpan: () => createSpan,
-  errorHandlerPlugin: () => errorHandler_default,
-  errorHandlerPluginFn: () => errorHandlerPlugin,
-  gracefulShutdownPlugin: () => gracefulShutdown_default,
-  gracefulShutdownPluginFn: () => gracefulShutdownPlugin,
-  healthPlugin: () => health_default,
-  healthPluginFn: () => healthPlugin,
-  isTracingAvailable: () => isTracingAvailable,
-  requestIdPlugin: () => requestId_default,
-  requestIdPluginFn: () => requestIdPlugin,
-  traced: () => traced,
-  tracingPlugin: () => tracing_default
-});
-var init_plugins = __esm({
-  "src/plugins/index.ts"() {
-    init_requestId();
-    init_health();
-    init_tracing();
-    init_gracefulShutdown();
-    init_errorHandler();
-    init_arcCorePlugin();
-  }
-});
-function parseExpiresIn(input, defaultValue) {
-  if (!input) return defaultValue;
-  if (/^\d+$/.test(input)) return parseInt(input, 10);
-  const match = /^(\d+)\s*([smhd])$/i.exec(input);
-  if (!match) return defaultValue;
-  const value = parseInt(match[1], 10);
-  const unit = match[2].toLowerCase();
-  const multipliers = { s: 1, m: 60, h: 3600, d: 86400 };
-  return value * (multipliers[unit] ?? 1);
-}
-function extractBearerToken(request) {
-  const auth = request.headers.authorization;
-  if (!auth?.startsWith("Bearer ")) return null;
-  return auth.slice(7);
-}
-var authPlugin, authPlugin_default;
-var init_authPlugin = __esm({
-  "src/auth/authPlugin.ts"() {
-    authPlugin = async (fastify, opts = {}) => {
-      const { jwt: jwtConfig, authenticate: appAuthenticator, onFailure, userProperty = "user" } = opts;
-      let jwtContext = null;
-      if (jwtConfig?.secret) {
-        if (jwtConfig.secret.length < 32) {
-          throw new Error(
-            `JWT secret must be at least 32 characters (current: ${jwtConfig.secret.length}).
-Use a strong random secret for production.`
-          );
-        }
-        const jwtPlugin = await import('@fastify/jwt');
-        await fastify.register(jwtPlugin.default ?? jwtPlugin, {
-          secret: jwtConfig.secret,
-          sign: {
-            expiresIn: jwtConfig.expiresIn ?? "15m",
-            ...jwtConfig.sign ?? {}
-          },
-          verify: { ...jwtConfig.verify ?? {} }
-        });
-        const fastifyWithJwt = fastify;
-        jwtContext = {
-          verify: (token) => {
-            return fastifyWithJwt.jwt.verify(token);
-          },
-          sign: (payload, options) => {
-            return fastifyWithJwt.jwt.sign(payload, options);
-          },
-          decode: (token) => {
-            try {
-              return fastifyWithJwt.jwt.decode(token);
-            } catch {
-              return null;
-            }
-          }
-        };
-        fastify.log.info("Auth: JWT infrastructure enabled");
-      }
-      const authContext = {
-        jwt: jwtContext,
-        fastify
-      };
-      const authenticate = async (request, reply) => {
-        try {
-          let user = null;
-          if (appAuthenticator) {
-            user = await appAuthenticator(request, authContext);
-          } else if (jwtContext) {
-            const token = extractBearerToken(request);
-            if (token) {
-              const decoded = jwtContext.verify(token);
-              user = decoded;
-            }
-          } else {
-            throw new Error(
-              "No authenticator configured. Provide auth.authenticate function or auth.jwt.secret."
-            );
-          }
-          if (!user) {
-            throw new Error("Authentication required");
-          }
-          request[userProperty] = user;
-        } catch (err) {
-          const error = err instanceof Error ? err : new Error(String(err));
-          if (onFailure) {
-            await onFailure(request, reply, error);
-            return;
-          }
-          const message = process.env.NODE_ENV === "production" ? "Authentication required" : error.message;
-          reply.code(401).send({
-            success: false,
-            error: "Unauthorized",
-            message
-          });
-        }
-      };
-      const refreshSecret = jwtConfig?.refreshSecret ?? jwtConfig?.secret;
-      const accessExpiresIn = jwtConfig?.expiresIn ?? "15m";
-      const refreshExpiresIn = jwtConfig?.refreshExpiresIn ?? "7d";
-      const issueTokens = (payload, options) => {
-        if (!jwtContext) {
-          throw new Error("JWT not configured. Provide auth.jwt.secret to use issueTokens.");
-        }
-        const accessTtl = options?.expiresIn ?? accessExpiresIn;
-        const refreshTtl = options?.refreshExpiresIn ?? refreshExpiresIn;
-        const accessToken = jwtContext.sign(payload, { expiresIn: accessTtl });
-        const refreshPayload = payload.id ? { id: payload.id, type: "refresh" } : payload._id ? { id: payload._id, type: "refresh" } : { ...payload, type: "refresh" };
-        let refreshToken;
-        if (refreshSecret) {
-          const fastifyWithJwt = fastify;
-          refreshToken = fastifyWithJwt.jwt.sign(refreshPayload, {
-            expiresIn: refreshTtl,
-            // Use refresh secret if different from main secret
-            ...refreshSecret !== jwtConfig?.secret ? { secret: refreshSecret } : {}
-          });
-        }
-        return {
-          accessToken,
-          refreshToken,
-          expiresIn: parseExpiresIn(accessTtl, 900),
-          refreshExpiresIn: refreshToken ? parseExpiresIn(refreshTtl, 604800) : void 0,
-          tokenType: "Bearer"
-        };
-      };
-      const verifyRefreshToken = (token) => {
-        if (!jwtContext) {
-          throw new Error("JWT not configured. Provide auth.jwt.secret to use verifyRefreshToken.");
-        }
-        const fastifyWithJwt = fastify;
-        return fastifyWithJwt.jwt.verify(token, {
-          ...refreshSecret !== jwtConfig?.secret ? { secret: refreshSecret } : {}
-        });
-      };
-      const authorize = (...allowedRoles) => {
-        return async (request, reply) => {
-          const user = request[userProperty];
-          if (!user) {
-            reply.code(401).send({
-              success: false,
-              error: "Unauthorized",
-              message: "No user context"
-            });
-            return;
-          }
-          const userRoles = user.roles ?? [];
-          if (allowedRoles.length === 1 && allowedRoles[0] === "*") {
-            return;
-          }
-          const hasRole = allowedRoles.some((role) => userRoles.includes(role));
-          if (!hasRole) {
-            reply.code(403).send({
-              success: false,
-              error: "Forbidden",
-              message: `Requires one of: ${allowedRoles.join(", ")}`
-            });
-            return;
-          }
-        };
-      };
-      const authHelpers = {
-        jwt: jwtContext,
-        issueTokens,
-        verifyRefreshToken
-      };
-      fastify.decorate("authenticate", authenticate);
-      fastify.decorate("authorize", authorize);
-      fastify.decorate("auth", authHelpers);
-      fastify.log.info(
-        `Auth: Plugin registered (jwt=${!!jwtContext}, customAuth=${!!appAuthenticator})`
-      );
-    };
-    authPlugin_default = fp(authPlugin, {
-      name: "arc-auth",
-      fastify: "5.x"
-    });
-  }
-});
-
-// src/auth/index.ts
-var auth_exports = {};
-__export(auth_exports, {
-  authPlugin: () => authPlugin_default,
-  authPluginFn: () => authPlugin
-});
-var init_auth = __esm({
-  "src/auth/index.ts"() {
-    init_authPlugin();
-  }
-});
-
-// src/adapters/types.ts
-function isMongooseModel(value) {
-  return typeof value === "function" && value.prototype && "modelName" in value && "schema" in value;
-}
-function isRepository(value) {
-  return typeof value === "object" && value !== null && "getAll" in value && "getById" in value && "create" in value && "update" in value && "delete" in value;
-}
-
-// src/adapters/mongoose.ts
-var MongooseAdapter = class {
-  type = "mongoose";
-  name;
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  model;
-  repository;
-  constructor(options) {
-    if (!isMongooseModel(options.model)) {
-      throw new TypeError(
-        "MongooseAdapter: Invalid model. Expected Mongoose Model instance.\nUsage: createMongooseAdapter({ model: YourModel, repository: yourRepo })"
-      );
-    }
-    if (!isRepository(options.repository)) {
-      throw new TypeError(
-        "MongooseAdapter: Invalid repository. Expected CrudRepository instance.\nUsage: createMongooseAdapter({ model: YourModel, repository: yourRepo })"
-      );
-    }
-    this.model = options.model;
-    this.repository = options.repository;
-    this.name = `MongooseAdapter<${options.model.modelName}>`;
-  }
-  /**
-   * Get schema metadata from Mongoose model
-   */
-  getSchemaMetadata() {
-    const schema = this.model.schema;
-    const paths = schema.paths;
-    const fields = {};
-    for (const [fieldName, schemaType] of Object.entries(paths)) {
-      if (fieldName.startsWith("_") && fieldName !== "_id") continue;
-      const typeInfo = schemaType;
-      const mongooseType = typeInfo.instance || "Mixed";
-      const typeMap = {
-        String: "string",
-        Number: "number",
-        Boolean: "boolean",
-        Date: "date",
-        ObjectID: "objectId",
-        Array: "array",
-        Mixed: "object",
-        Buffer: "object",
-        Embedded: "object"
-      };
-      fields[fieldName] = {
-        type: typeMap[mongooseType] ?? "object",
-        required: !!typeInfo.isRequired,
-        ref: typeInfo.options?.ref
-      };
-    }
-    return {
-      name: this.model.modelName,
-      fields,
-      relations: this.extractRelations(paths)
-    };
-  }
-  /**
-   * Generate OpenAPI schemas from Mongoose model
-   */
-  generateSchemas(schemaOptions) {
-    try {
-      const schema = this.model.schema;
-      const paths = schema.paths;
-      const properties = {};
-      const required = [];
-      const fieldRules = schemaOptions?.fieldRules || {};
-      const blockedFields = new Set(
-        Object.entries(fieldRules).filter(([, rules]) => rules.systemManaged || rules.hidden).map(([field]) => field)
-      );
-      for (const [fieldName, schemaType] of Object.entries(paths)) {
-        if (fieldName.startsWith("__")) continue;
-        if (blockedFields.has(fieldName)) continue;
-        const typeInfo = schemaType;
-        properties[fieldName] = this.mongooseTypeToOpenApi(typeInfo);
-        if (typeInfo.isRequired) {
-          required.push(fieldName);
-        }
-      }
-      const baseSchema = {
-        type: "object",
-        properties,
-        required: required.length > 0 ? required : void 0
-      };
-      return {
-        create: {
-          body: {
-            ...baseSchema,
-            // Remove system-managed fields from create
-            properties: Object.fromEntries(
-              Object.entries(properties).filter(
-                ([field]) => !["_id", "createdAt", "updatedAt", "deletedAt"].includes(field)
-              )
-            )
-          }
-        },
-        update: {
-          body: {
-            ...baseSchema,
-            // All fields optional for PATCH
-            required: void 0,
-            properties: Object.fromEntries(
-              Object.entries(properties).filter(
-                ([field]) => !["_id", "createdAt", "updatedAt", "deletedAt"].includes(field)
-              )
-            )
-          }
-        },
-        response: {
-          type: "object",
-          properties
-        }
-      };
-    } catch {
-      return null;
-    }
-  }
-  /**
-   * Extract relation metadata
-   */
-  extractRelations(paths) {
-    const relations = {};
-    for (const [fieldName, schemaType] of Object.entries(paths)) {
-      const ref = schemaType.options?.ref;
-      if (ref) {
-        relations[fieldName] = {
-          type: "one-to-one",
-          // Mongoose refs are typically one-to-one
-          target: ref,
-          foreignKey: fieldName
-        };
-      }
-    }
-    return Object.keys(relations).length > 0 ? relations : void 0;
-  }
-  /**
-   * Convert Mongoose type to OpenAPI type
-   */
-  mongooseTypeToOpenApi(typeInfo) {
-    const instance = typeInfo.instance;
-    const options = typeInfo.options || {};
-    const baseType = {};
-    switch (instance) {
-      case "String":
-        baseType.type = "string";
-        if (options.enum) baseType.enum = options.enum;
-        if (options.minlength) baseType.minLength = options.minlength;
-        if (options.maxlength) baseType.maxLength = options.maxlength;
-        break;
-      case "Number":
-        baseType.type = "number";
-        if (options.min !== void 0) baseType.minimum = options.min;
-        if (options.max !== void 0) baseType.maximum = options.max;
-        break;
-      case "Boolean":
-        baseType.type = "boolean";
-        break;
-      case "Date":
-        baseType.type = "string";
-        baseType.format = "date-time";
-        break;
-      case "ObjectID":
-        baseType.type = "string";
-        baseType.pattern = "^[a-f\\d]{24}$";
-        break;
-      case "Array":
-        baseType.type = "array";
-        baseType.items = { type: "string" };
-        break;
-      default:
-        baseType.type = "object";
-    }
-    return baseType;
-  }
-};
-function createMongooseAdapter(options) {
-  return new MongooseAdapter(options);
-}
-
-// src/adapters/prisma.ts
-var PrismaQueryParser = class {
-  maxLimit;
-  defaultLimit;
-  softDeleteEnabled;
-  softDeleteField;
-  /** Map Arc operators to Prisma operators */
-  operatorMap = {
-    $eq: "equals",
-    $ne: "not",
-    $gt: "gt",
-    $gte: "gte",
-    $lt: "lt",
-    $lte: "lte",
-    $in: "in",
-    $nin: "notIn",
-    $regex: "contains",
-    $exists: void 0
-    // Handled specially
-  };
-  constructor(options = {}) {
-    this.maxLimit = options.maxLimit ?? 1e3;
-    this.defaultLimit = options.defaultLimit ?? 20;
-    this.softDeleteEnabled = options.softDeleteEnabled ?? true;
-    this.softDeleteField = options.softDeleteField ?? "deletedAt";
-  }
-  /**
-   * Parse URL query parameters (delegates to ArcQueryParser format)
-   */
-  parse(query) {
-    const q = query ?? {};
-    const page = this.parseNumber(q.page, 1);
-    const limit = Math.min(this.parseNumber(q.limit, this.defaultLimit), this.maxLimit);
-    return {
-      filters: this.parseFilters(q),
-      limit,
-      page,
-      sort: this.parseSort(q.sort),
-      search: q.search,
-      select: this.parseSelect(q.select)
-    };
-  }
-  /**
-   * Convert ParsedQuery to Prisma query options
-   */
-  toPrismaQuery(parsed, policyFilters) {
-    const where = {};
-    if (parsed.filters) {
-      Object.assign(where, this.translateFilters(parsed.filters));
-    }
-    if (policyFilters) {
-      Object.assign(where, this.translateFilters(policyFilters));
-    }
-    if (this.softDeleteEnabled) {
-      where[this.softDeleteField] = null;
-    }
-    const orderBy = parsed.sort ? Object.entries(parsed.sort).map(([field, dir]) => ({
-      [field]: dir === 1 ? "asc" : "desc"
-    })) : void 0;
-    const take = parsed.limit ?? this.defaultLimit;
-    const skip = parsed.page ? (parsed.page - 1) * take : 0;
-    const select = parsed.select ? Object.fromEntries(
-      Object.entries(parsed.select).filter(([, v]) => v === 1).map(([k]) => [k, true])
-    ) : void 0;
-    return {
-      where: Object.keys(where).length > 0 ? where : void 0,
-      orderBy: orderBy && orderBy.length > 0 ? orderBy : void 0,
-      take,
-      skip,
-      select: select && Object.keys(select).length > 0 ? select : void 0
-    };
-  }
-  /**
-   * Translate Arc/MongoDB-style filters to Prisma where clause
-   */
-  translateFilters(filters) {
-    const result = {};
-    for (const [field, value] of Object.entries(filters)) {
-      if (value === null || value === void 0) continue;
-      if (typeof value === "object" && !Array.isArray(value)) {
-        const prismaCondition = {};
-        for (const [op, opValue] of Object.entries(value)) {
-          if (op === "$exists") {
-            result[field] = opValue ? { not: null } : null;
-            continue;
-          }
-          const prismaOp = this.operatorMap[op];
-          if (prismaOp) {
-            prismaCondition[prismaOp] = opValue;
-          }
-        }
-        if (Object.keys(prismaCondition).length > 0) {
-          result[field] = prismaCondition;
-        }
-      } else {
-        result[field] = value;
-      }
-    }
-    return result;
-  }
-  parseNumber(value, defaultValue) {
-    if (value === void 0 || value === null) return defaultValue;
-    const num = parseInt(String(value), 10);
-    return Number.isNaN(num) ? defaultValue : Math.max(1, num);
-  }
-  parseSort(value) {
-    if (!value) return void 0;
-    const sortStr = String(value);
-    const result = {};
-    for (const field of sortStr.split(",")) {
-      const trimmed = field.trim();
-      if (!trimmed || !/^-?[a-zA-Z_][a-zA-Z0-9_.]*$/.test(trimmed)) continue;
-      if (trimmed.startsWith("-")) {
-        result[trimmed.slice(1)] = -1;
-      } else {
-        result[trimmed] = 1;
-      }
-    }
-    return Object.keys(result).length > 0 ? result : void 0;
-  }
-  parseSelect(value) {
-    if (!value) return void 0;
-    const result = {};
-    for (const field of String(value).split(",")) {
-      const trimmed = field.trim();
-      if (!trimmed || !/^-?[a-zA-Z_][a-zA-Z0-9_.]*$/.test(trimmed)) continue;
-      result[trimmed.startsWith("-") ? trimmed.slice(1) : trimmed] = trimmed.startsWith("-") ? 0 : 1;
-    }
-    return Object.keys(result).length > 0 ? result : void 0;
-  }
-  parseFilters(query) {
-    const reserved = /* @__PURE__ */ new Set(["page", "limit", "sort", "search", "select", "populate", "after", "cursor"]);
-    const filters = {};
-    const operators = {
-      eq: "$eq",
-      ne: "$ne",
-      gt: "$gt",
-      gte: "$gte",
-      lt: "$lt",
-      lte: "$lte",
-      in: "$in",
-      nin: "$nin",
-      like: "$regex",
-      contains: "$regex",
-      exists: "$exists"
-    };
-    for (const [key, value] of Object.entries(query)) {
-      if (reserved.has(key) || value === void 0 || value === null) continue;
-      const match = key.match(/^([a-zA-Z_][a-zA-Z0-9_.]*)(?:\[([a-z]+)\])?$/);
-      if (!match) continue;
-      const [, fieldName, operator] = match;
-      if (!fieldName) continue;
-      if (operator && operators[operator]) {
-        if (!filters[fieldName]) filters[fieldName] = {};
-        filters[fieldName][operators[operator]] = this.coerceValue(value, operator);
-      } else if (!operator) {
-        filters[fieldName] = this.coerceValue(value);
-      }
-    }
-    return filters;
-  }
-  coerceValue(value, operator) {
-    if (operator === "in" || operator === "nin") {
-      if (Array.isArray(value)) return value.map((v) => this.coerceValue(v));
-      if (typeof value === "string" && value.includes(",")) {
-        return value.split(",").map((v) => this.coerceValue(v.trim()));
-      }
-      return [this.coerceValue(value)];
-    }
-    if (operator === "exists") {
-      return String(value).toLowerCase() === "true" || value === "1";
-    }
-    if (value === "true") return true;
-    if (value === "false") return false;
-    if (value === "null") return null;
-    if (typeof value === "string") {
-      const num = Number(value);
-      if (!Number.isNaN(num) && value.trim() !== "") return num;
-    }
-    return value;
-  }
-};
-var PrismaAdapter = class {
-  type = "prisma";
-  name;
-  repository;
-  queryParser;
-  client;
-  modelName;
-  dmmf;
-  softDeleteEnabled;
-  softDeleteField;
-  constructor(options) {
-    this.client = options.client;
-    this.modelName = options.modelName;
-    this.repository = options.repository;
-    this.dmmf = options.dmmf;
-    this.name = `prisma:${options.modelName}`;
-    this.softDeleteEnabled = options.softDeleteEnabled ?? true;
-    this.softDeleteField = options.softDeleteField ?? "deletedAt";
-    this.queryParser = options.queryParser ?? new PrismaQueryParser({
-      softDeleteEnabled: this.softDeleteEnabled,
-      softDeleteField: this.softDeleteField
-    });
-  }
-  /**
-   * Parse URL query parameters and convert to Prisma query options
-   */
-  parseQuery(query, policyFilters) {
-    const parsed = this.queryParser.parse(query);
-    return this.queryParser.toPrismaQuery(parsed, policyFilters);
-  }
-  /**
-   * Apply policy filters to existing Prisma where clause
-   * Used for multi-tenant, ownership, and other security filters
-   */
-  applyPolicyFilters(where, policyFilters) {
-    return { ...where, ...policyFilters };
-  }
-  generateSchemas(options) {
-    if (!this.dmmf) return null;
-    try {
-      const model = this.dmmf.datamodel?.models?.find(
-        (m) => m.name.toLowerCase() === this.modelName.toLowerCase()
-      );
-      if (!model) return null;
-      const entitySchema = this.buildEntitySchema(model, options);
-      const createBodySchema = this.buildCreateSchema(model, options);
-      const updateBodySchema = this.buildUpdateSchema(model, options);
-      return {
-        entity: entitySchema,
-        createBody: createBodySchema,
-        updateBody: updateBodySchema,
-        params: {
-          type: "object",
-          properties: {
-            id: { type: "string" }
-          },
-          required: ["id"]
-        },
-        listQuery: {
-          type: "object",
-          properties: {
-            page: { type: "number", minimum: 1, description: "Page number for pagination" },
-            limit: { type: "number", minimum: 1, maximum: 100, description: "Items per page" },
-            sort: { type: "string", description: 'Sort field (e.g., "name", "-createdAt")' }
-            // Note: Actual filtering requires custom query parser implementation
-            // This is placeholder documentation only
-          }
-        }
-      };
-    } catch {
-      return null;
-    }
-  }
-  getSchemaMetadata() {
-    if (!this.dmmf) return null;
-    try {
-      const model = this.dmmf.datamodel?.models?.find(
-        (m) => m.name.toLowerCase() === this.modelName.toLowerCase()
-      );
-      if (!model) return null;
-      const fields = {};
-      for (const field of model.fields) {
-        fields[field.name] = this.convertPrismaFieldToMetadata(field);
-      }
-      return {
-        name: model.name,
-        fields,
-        indexes: model.uniqueIndexes?.map((idx) => ({
-          fields: idx.fields,
-          unique: true
-        }))
-      };
-    } catch (err) {
-      return null;
-    }
-  }
-  async validate(data) {
-    if (!data || typeof data !== "object") {
-      return {
-        valid: false,
-        errors: [{ field: "root", message: "Data must be an object" }]
-      };
-    }
-    if (this.dmmf) {
-      try {
-        const model = this.dmmf.datamodel?.models?.find(
-          (m) => m.name.toLowerCase() === this.modelName.toLowerCase()
-        );
-        if (model) {
-          const requiredFields = model.fields.filter(
-            (f) => f.isRequired && !f.hasDefaultValue && !f.isGenerated
-          );
-          const errors = [];
-          for (const field of requiredFields) {
-            if (!(field.name in data)) {
-              errors.push({
-                field: field.name,
-                message: `${field.name} is required`
-              });
-            }
-          }
-          if (errors.length > 0) {
-            return { valid: false, errors };
-          }
-        }
-      } catch (err) {
-      }
-    }
-    return { valid: true };
-  }
-  async healthCheck() {
-    try {
-      const delegateName = this.modelName.charAt(0).toLowerCase() + this.modelName.slice(1);
-      const delegate = this.client[delegateName];
-      if (!delegate) {
-        return false;
-      }
-      await delegate.findMany({ take: 1 });
-      return true;
-    } catch (err) {
-      return false;
-    }
-  }
-  async close() {
-    try {
-      await this.client.$disconnect();
-    } catch (err) {
-    }
-  }
-  // ============================================================================
-  // Private Helper Methods
-  // ============================================================================
-  buildEntitySchema(model, options) {
-    const properties = {};
-    const required = [];
-    for (const field of model.fields) {
-      if (this.shouldSkipField(field, options)) continue;
-      properties[field.name] = this.convertPrismaFieldToJsonSchema(field);
-      if (field.isRequired && !field.hasDefaultValue) {
-        required.push(field.name);
-      }
-    }
-    return {
-      type: "object",
-      properties,
-      ...required.length > 0 && { required }
-    };
-  }
-  buildCreateSchema(model, options) {
-    const properties = {};
-    const required = [];
-    for (const field of model.fields) {
-      if (field.isGenerated || field.relationName) continue;
-      if (this.shouldSkipField(field, options)) continue;
-      properties[field.name] = this.convertPrismaFieldToJsonSchema(field);
-      if (field.isRequired && !field.hasDefaultValue) {
-        required.push(field.name);
-      }
-    }
-    return {
-      type: "object",
-      properties,
-      ...required.length > 0 && { required }
-    };
-  }
-  buildUpdateSchema(model, options) {
-    const properties = {};
-    for (const field of model.fields) {
-      if (field.isGenerated || field.isId || field.relationName) continue;
-      if (this.shouldSkipField(field, options)) continue;
-      properties[field.name] = this.convertPrismaFieldToJsonSchema(field);
-    }
-    return {
-      type: "object",
-      properties
-    };
-  }
-  shouldSkipField(field, options) {
-    if (options?.excludeFields?.includes(field.name)) {
-      return true;
-    }
-    if (field.name.startsWith("_")) {
-      return true;
-    }
-    return false;
-  }
-  convertPrismaFieldToJsonSchema(field) {
-    const schema = {};
-    switch (field.type) {
-      case "String":
-        schema.type = "string";
-        break;
-      case "Int":
-      case "BigInt":
-        schema.type = "integer";
-        break;
-      case "Float":
-      case "Decimal":
-        schema.type = "number";
-        break;
-      case "Boolean":
-        schema.type = "boolean";
-        break;
-      case "DateTime":
-        schema.type = "string";
-        schema.format = "date-time";
-        break;
-      case "Json":
-        schema.type = "object";
-        break;
-      default:
-        if (field.kind === "enum") {
-          schema.type = "string";
-          if (this.dmmf?.datamodel?.enums) {
-            const enumDef = this.dmmf.datamodel.enums.find((e) => e.name === field.type);
-            if (enumDef) {
-              schema.enum = enumDef.values.map((v) => v.name);
-            }
-          }
-        } else {
-          schema.type = "string";
-        }
-    }
-    if (field.isList) {
-      return {
-        type: "array",
-        items: schema
-      };
-    }
-    if (field.documentation) {
-      schema.description = field.documentation;
-    }
-    return schema;
-  }
-  convertPrismaFieldToMetadata(field) {
-    const metadata = {
-      type: this.mapPrismaTypeToMetadataType(field.type, field.kind),
-      required: field.isRequired,
-      array: field.isList
-    };
-    if (field.isUnique) {
-      metadata.unique = true;
-    }
-    if (field.hasDefaultValue) {
-      metadata.default = field.default;
-    }
-    if (field.documentation) {
-      metadata.description = field.documentation;
-    }
-    if (field.relationName) {
-      metadata.ref = field.type;
-    }
-    return metadata;
-  }
-  mapPrismaTypeToMetadataType(type, kind) {
-    if (kind === "enum") return "enum";
-    switch (type) {
-      case "String":
-        return "string";
-      case "Int":
-      case "BigInt":
-      case "Float":
-      case "Decimal":
-        return "number";
-      case "Boolean":
-        return "boolean";
-      case "DateTime":
-        return "date";
-      case "Json":
-        return "object";
-      default:
-        return "string";
-    }
-  }
-};
-function createPrismaAdapter(options) {
-  return new PrismaAdapter(options);
-}
-
-// src/types/index.ts
-function getUserId(user) {
-  if (!user) return void 0;
-  const id = user.id ?? user._id;
-  return id ? String(id) : void 0;
-}
-
-// src/core/BaseController.ts
-init_HookSystem();
-
-// src/utils/queryParser.ts
-var DANGEROUS_REGEX_PATTERNS = /(\{[0-9,]+\}|\*\+|\+\+|\?\+|(\(.+\))\+|\(\?\:|\\[0-9]|(\[.+\]).+(\[.+\]))/;
-var MAX_REGEX_LENGTH = 500;
-var MAX_SEARCH_LENGTH = 200;
-var MAX_FILTER_DEPTH = 10;
-var MAX_LIMIT = 1e3;
-var DEFAULT_LIMIT = 20;
-var ArcQueryParser = class {
-  maxLimit;
-  defaultLimit;
-  maxRegexLength;
-  maxSearchLength;
-  maxFilterDepth;
-  /** Supported filter operators */
-  operators = {
-    eq: "$eq",
-    ne: "$ne",
-    gt: "$gt",
-    gte: "$gte",
-    lt: "$lt",
-    lte: "$lte",
-    in: "$in",
-    nin: "$nin",
-    like: "$regex",
-    contains: "$regex",
-    regex: "$regex",
-    exists: "$exists"
-  };
-  constructor(options = {}) {
-    this.maxLimit = options.maxLimit ?? MAX_LIMIT;
-    this.defaultLimit = options.defaultLimit ?? DEFAULT_LIMIT;
-    this.maxRegexLength = options.maxRegexLength ?? MAX_REGEX_LENGTH;
-    this.maxSearchLength = options.maxSearchLength ?? MAX_SEARCH_LENGTH;
-    this.maxFilterDepth = options.maxFilterDepth ?? MAX_FILTER_DEPTH;
-  }
-  /**
-   * Parse URL query parameters into structured query options
-   */
-  parse(query) {
-    const q = query ?? {};
-    const page = this.parseNumber(q.page, 1);
-    const limit = Math.min(this.parseNumber(q.limit, this.defaultLimit), this.maxLimit);
-    const after = this.parseString(q.after ?? q.cursor);
-    const sort = this.parseSort(q.sort);
-    const populate = this.parseString(q.populate);
-    const search = this.parseSearch(q.search);
-    const select = this.parseSelect(q.select);
-    const filters = this.parseFilters(q);
-    return {
-      filters,
-      limit,
-      sort,
-      populate,
-      search,
-      page: after ? void 0 : page,
-      after,
-      select
-    };
-  }
-  // ============================================================================
-  // Parse Helpers
-  // ============================================================================
-  parseNumber(value, defaultValue) {
-    if (value === void 0 || value === null) return defaultValue;
-    const num = parseInt(String(value), 10);
-    return Number.isNaN(num) ? defaultValue : Math.max(1, num);
-  }
-  parseString(value) {
-    if (value === void 0 || value === null) return void 0;
-    const str = String(value).trim();
-    return str.length > 0 ? str : void 0;
-  }
-  parseSort(value) {
-    if (!value) return void 0;
-    const sortStr = String(value);
-    const result = {};
-    for (const field of sortStr.split(",")) {
-      const trimmed = field.trim();
-      if (!trimmed) continue;
-      if (!/^-?[a-zA-Z_][a-zA-Z0-9_.]*$/.test(trimmed)) continue;
-      if (trimmed.startsWith("-")) {
-        result[trimmed.slice(1)] = -1;
-      } else {
-        result[trimmed] = 1;
-      }
-    }
-    return Object.keys(result).length > 0 ? result : void 0;
-  }
-  parseSearch(value) {
-    if (!value) return void 0;
-    const search = String(value).trim();
-    if (search.length === 0) return void 0;
-    if (search.length > this.maxSearchLength) {
-      return search.slice(0, this.maxSearchLength);
-    }
-    return search;
-  }
-  parseSelect(value) {
-    if (!value) return void 0;
-    const selectStr = String(value);
-    const result = {};
-    for (const field of selectStr.split(",")) {
-      const trimmed = field.trim();
-      if (!trimmed) continue;
-      if (!/^-?[a-zA-Z_][a-zA-Z0-9_.]*$/.test(trimmed)) continue;
-      if (trimmed.startsWith("-")) {
-        result[trimmed.slice(1)] = 0;
-      } else {
-        result[trimmed] = 1;
-      }
-    }
-    return Object.keys(result).length > 0 ? result : void 0;
-  }
-  parseFilters(query) {
-    const reservedKeys = /* @__PURE__ */ new Set([
-      "page",
-      "limit",
-      "sort",
-      "populate",
-      "search",
-      "select",
-      "after",
-      "cursor",
-      "lean",
-      "_policyFilters"
-    ]);
-    const filters = {};
-    for (const [key, value] of Object.entries(query)) {
-      if (reservedKeys.has(key)) continue;
-      if (value === void 0 || value === null) continue;
-      if (!/^[a-zA-Z_][a-zA-Z0-9_.]*$/.test(key)) continue;
-      if (typeof value === "object" && value !== null && !Array.isArray(value)) {
-        const operatorObj = value;
-        const operatorKeys = Object.keys(operatorObj);
-        const allOperators = operatorKeys.every((op) => this.operators[op]);
-        if (allOperators && operatorKeys.length > 0) {
-          const mongoFilters = {};
-          for (const [op, opValue] of Object.entries(operatorObj)) {
-            const mongoOp = this.operators[op];
-            if (mongoOp) {
-              mongoFilters[mongoOp] = this.parseFilterValue(opValue, op);
-            }
-          }
-          filters[key] = mongoFilters;
-          continue;
-        }
-      }
-      const match = key.match(/^([a-zA-Z_][a-zA-Z0-9_.]*)(?:\[([a-z]+)\])?$/);
-      if (!match) continue;
-      const [, fieldName, operator] = match;
-      if (!fieldName) continue;
-      if (operator && this.operators[operator]) {
-        const mongoOp = this.operators[operator];
-        const parsedValue = this.parseFilterValue(value, operator);
-        if (!filters[fieldName]) {
-          filters[fieldName] = {};
-        }
-        filters[fieldName][mongoOp] = parsedValue;
-      } else if (!operator) {
-        filters[fieldName] = this.parseFilterValue(value);
-      }
-    }
-    return filters;
-  }
-  parseFilterValue(value, operator) {
-    if (operator === "in" || operator === "nin") {
-      if (Array.isArray(value)) {
-        return value.map((v) => this.coerceValue(v));
-      }
-      if (typeof value === "string" && value.includes(",")) {
-        return value.split(",").map((v) => this.coerceValue(v.trim()));
-      }
-      return [this.coerceValue(value)];
-    }
-    if (operator === "like" || operator === "contains" || operator === "regex") {
-      return this.sanitizeRegex(String(value));
-    }
-    if (operator === "exists") {
-      const str = String(value).toLowerCase();
-      return str === "true" || str === "1";
-    }
-    return this.coerceValue(value);
-  }
-  coerceValue(value) {
-    if (value === "true") return true;
-    if (value === "false") return false;
-    if (value === "null") return null;
-    if (typeof value === "string") {
-      const num = Number(value);
-      if (!Number.isNaN(num) && value.trim() !== "") {
-        return num;
-      }
-    }
-    return value;
-  }
-  sanitizeRegex(pattern) {
-    let sanitized = pattern.slice(0, this.maxRegexLength);
-    if (DANGEROUS_REGEX_PATTERNS.test(sanitized)) {
-      sanitized = sanitized.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-    }
-    return sanitized;
-  }
-};
-
-// src/core/BaseController.ts
-var defaultParser = new ArcQueryParser();
-function getDefaultQueryParser() {
-  return defaultParser;
-}
-var BaseController = class _BaseController {
-  repository;
-  schemaOptions;
-  queryParser;
-  maxLimit;
-  defaultLimit;
-  defaultSort;
-  resourceName;
-  disableEvents;
-  /** Preset field names for dynamic param reading */
-  _presetFields = {};
-  constructor(repository, options = {}) {
-    this.repository = repository;
-    this.schemaOptions = options.schemaOptions ?? {};
-    this.queryParser = options.queryParser ?? getDefaultQueryParser();
-    this.maxLimit = options.maxLimit ?? 100;
-    this.defaultLimit = options.defaultLimit ?? 20;
-    this.defaultSort = options.defaultSort ?? "-createdAt";
-    this.resourceName = options.resourceName;
-    this.disableEvents = options.disableEvents ?? false;
-    this.list = this.list.bind(this);
-    this.get = this.get.bind(this);
-    this.create = this.create.bind(this);
-    this.update = this.update.bind(this);
-    this.delete = this.delete.bind(this);
-  }
-  /**
-   * Inject resource options from defineResource
-   */
-  _setResourceOptions(options) {
-    if (options.schemaOptions) {
-      this.schemaOptions = { ...this.schemaOptions, ...options.schemaOptions };
-    }
-    if (options.presetFields) {
-      this._presetFields = { ...this._presetFields, ...options.presetFields };
-    }
-    if (options.resourceName) {
-      this.resourceName = options.resourceName;
-    }
-    if (options.queryParser) {
-      this.queryParser = options.queryParser;
-    }
-  }
-  // ============================================================================
-  // Context & Query Parsing
-  // ============================================================================
-  /**
-   * Build service context from IRequestContext
-   */
-  _buildContext(req) {
-    const parsed = this.queryParser.parse(req.query);
-    const arcContext = req.metadata;
-    const selectString = this._selectToString(parsed.select) ?? req.query?.select;
-    const sanitizedSelect = this._sanitizeSelect(selectString, this.schemaOptions);
-    return {
-      user: req.user,
-      organizationId: arcContext?.organizationId ?? req.organizationId ?? void 0,
-      select: sanitizedSelect ? sanitizedSelect.split(/\s+/) : void 0,
-      populate: this._sanitizePopulate(parsed.populate, this.schemaOptions),
-      lean: this._parseLean(req.query?.lean)
-    };
-  }
-  /**
-   * Parse query into QueryOptions using queryParser
-   */
-  _parseQueryOptions(req) {
-    const parsed = this.queryParser.parse(req.query);
-    const arcContext = req.metadata;
-    delete parsed.filters._policyFilters;
-    const limit = Math.min(Math.max(1, parsed.limit || this.defaultLimit), this.maxLimit);
-    const page = parsed.after ? void 0 : parsed.page ? Math.max(1, parsed.page) : 1;
-    const sortString = parsed.sort ? Object.entries(parsed.sort).map(([k, v]) => v === -1 ? `-${k}` : k).join(",") : this.defaultSort;
-    const selectString = this._selectToString(parsed.select) ?? req.query?.select;
-    return {
-      page,
-      limit,
-      sort: sortString,
-      select: this._sanitizeSelect(selectString, this.schemaOptions),
-      populate: this._sanitizePopulate(parsed.populate, this.schemaOptions),
-      // Advanced populate options from MongoKit QueryParser (takes precedence over simple populate)
-      populateOptions: parsed.populateOptions,
-      filters: parsed.filters,
-      // MongoKit features
-      search: parsed.search,
-      after: parsed.after,
-      user: req.user,
-      organizationId: arcContext?.organizationId ?? req.organizationId,
-      context: arcContext
-    };
-  }
-  /**
-   * Apply org and policy filters
-   */
-  _applyFilters(options, req) {
-    const filters = { ...options.filters };
-    const arcContext = req.metadata;
-    const policyFilters = arcContext?._policyFilters;
-    if (policyFilters) {
-      Object.assign(filters, policyFilters);
-    }
-    const orgId = arcContext?.organizationId ?? req.organizationId;
-    if (orgId) {
-      filters.organizationId = orgId;
-    }
-    return { ...options, filters };
-  }
-  /**
-   * Build filter for single-item operations (get/update/delete)
-   * Combines ID filter with policy/org filters for proper security enforcement
-   */
-  _buildIdFilter(id, req) {
-    const filter = { _id: id };
-    const arcContext = req.metadata;
-    const policyFilters = arcContext?._policyFilters;
-    if (policyFilters) {
-      Object.assign(filter, policyFilters);
-    }
-    const orgId = arcContext?.organizationId ?? req.organizationId;
-    if (orgId) {
-      filter.organizationId = orgId;
-    }
-    return filter;
-  }
-  /**
-   * Check if a value matches a MongoDB query operator
-   */
-  _matchesOperator(itemValue, operator, filterValue) {
-    switch (operator) {
-      case "$eq":
-        return itemValue === filterValue;
-      case "$ne":
-        return itemValue !== filterValue;
-      case "$gt":
-        return typeof itemValue === "number" && typeof filterValue === "number" && itemValue > filterValue;
-      case "$gte":
-        return typeof itemValue === "number" && typeof filterValue === "number" && itemValue >= filterValue;
-      case "$lt":
-        return typeof itemValue === "number" && typeof filterValue === "number" && itemValue < filterValue;
-      case "$lte":
-        return typeof itemValue === "number" && typeof filterValue === "number" && itemValue <= filterValue;
-      case "$in":
-        return Array.isArray(filterValue) && filterValue.includes(itemValue);
-      case "$nin":
-        return Array.isArray(filterValue) && !filterValue.includes(itemValue);
-      case "$exists":
-        return filterValue ? itemValue !== void 0 : itemValue === void 0;
-      case "$regex":
-        if (typeof itemValue === "string" && (typeof filterValue === "string" || filterValue instanceof RegExp)) {
-          const regex = typeof filterValue === "string" ? new RegExp(filterValue) : filterValue;
-          return regex.test(itemValue);
-        }
-        return false;
-      default:
-        return false;
-    }
-  }
-  /**
-   * Forbidden paths that could lead to prototype pollution
-   */
-  static FORBIDDEN_PATHS = ["__proto__", "constructor", "prototype"];
-  /**
-   * Get nested value from object using dot notation (e.g., "owner.id")
-   * Security: Validates path against forbidden patterns to prevent prototype pollution
-   */
-  _getNestedValue(obj, path) {
-    if (_BaseController.FORBIDDEN_PATHS.some((p) => path.toLowerCase().includes(p))) {
-      return void 0;
-    }
-    const keys = path.split(".");
-    let value = obj;
-    for (const key of keys) {
-      if (value == null) return void 0;
-      if (_BaseController.FORBIDDEN_PATHS.includes(key.toLowerCase())) {
-        return void 0;
-      }
-      value = value[key];
-    }
-    return value;
-  }
-  /**
-   * Check if item matches a single filter condition
-   * Supports nested paths (e.g., "owner.id", "metadata.status")
-   */
-  _matchesFilter(item, key, filterValue) {
-    const itemValue = key.includes(".") ? this._getNestedValue(item, key) : item[key];
-    if (filterValue && typeof filterValue === "object" && !Array.isArray(filterValue)) {
-      const operators = Object.keys(filterValue);
-      if (operators.some((op) => op.startsWith("$"))) {
-        for (const [operator, opValue] of Object.entries(filterValue)) {
-          if (!this._matchesOperator(itemValue, operator, opValue)) {
-            return false;
-          }
-        }
-        return true;
-      }
-    }
-    return String(itemValue) === String(filterValue);
-  }
-  /**
-   * Check if item matches policy filters (for get/update/delete operations)
-   * Validates that fetched item satisfies all policy constraints
-   * Supports MongoDB query operators: $eq, $ne, $gt, $gte, $lt, $lte, $in, $nin, $exists, $regex, $and, $or
-   */
-  _checkPolicyFilters(item, req) {
-    const arcContext = req.metadata;
-    const policyFilters = arcContext?._policyFilters;
-    if (!policyFilters) return true;
-    if (policyFilters.$and && Array.isArray(policyFilters.$and)) {
-      return policyFilters.$and.every((condition) => {
-        return Object.entries(condition).every(([key, value]) => {
-          return this._matchesFilter(item, key, value);
-        });
-      });
-    }
-    if (policyFilters.$or && Array.isArray(policyFilters.$or)) {
-      return policyFilters.$or.some((condition) => {
-        return Object.entries(condition).every(([key, value]) => {
-          return this._matchesFilter(item, key, value);
-        });
-      });
-    }
-    for (const [key, value] of Object.entries(policyFilters)) {
-      if (key.startsWith("$")) continue;
-      if (!this._matchesFilter(item, key, value)) {
-        return false;
-      }
-    }
-    return true;
-  }
-  // ============================================================================
-  // Sanitization Helpers
-  // ============================================================================
-  /** Parse lean option (default: true for performance) */
-  _parseLean(leanValue) {
-    if (typeof leanValue === "boolean") return leanValue;
-    if (typeof leanValue === "string") return leanValue.toLowerCase() !== "false";
-    return true;
-  }
-  /** Get blocked fields from schema options */
-  _getBlockedFields(schemaOptions) {
-    const fieldRules = schemaOptions.fieldRules ?? {};
-    return Object.entries(fieldRules).filter(([, rules]) => rules.systemManaged || rules.hidden).map(([field]) => field);
-  }
-  /**
-   * Convert parsed select object to string format
-   * Converts { name: 1, email: 1, password: 0 } → 'name email -password'
-   */
-  _selectToString(select) {
-    if (!select) return void 0;
-    if (typeof select === "string") return select;
-    if (Array.isArray(select)) return select.join(" ");
-    if (Object.keys(select).length === 0) return void 0;
-    return Object.entries(select).map(([field, include]) => include === 0 ? `-${field}` : field).join(" ");
-  }
-  /** Sanitize select fields */
-  _sanitizeSelect(select, schemaOptions) {
-    if (!select) return void 0;
-    const blockedFields = this._getBlockedFields(schemaOptions);
-    if (blockedFields.length === 0) return select;
-    const fields = select.split(/[\s,]+/).filter(Boolean);
-    const sanitized = fields.filter((f) => {
-      const fieldName = f.replace(/^-/, "");
-      return !blockedFields.includes(fieldName);
-    });
-    return sanitized.length > 0 ? sanitized.join(" ") : void 0;
-  }
-  /** Sanitize populate fields */
-  _sanitizePopulate(populate, schemaOptions) {
-    if (!populate) return void 0;
-    const allowedPopulate = schemaOptions.query?.allowedPopulate;
-    const requested = typeof populate === "string" ? populate.split(",").map((p) => p.trim()) : Array.isArray(populate) ? populate.map(String) : [];
-    if (requested.length === 0) return void 0;
-    if (!allowedPopulate) return requested;
-    const sanitized = requested.filter((p) => allowedPopulate.includes(p));
-    return sanitized.length > 0 ? sanitized : void 0;
-  }
-  // ============================================================================
-  // Access Control Helpers
-  // ============================================================================
-  /** Check org scope for a document */
-  _checkOrgScope(item, arcContext) {
-    if (!item || !arcContext?.organizationId) return true;
-    const itemOrgId = item.organizationId;
-    if (!itemOrgId) return true;
-    return String(itemOrgId) === String(arcContext.organizationId);
-  }
-  /** Check ownership for update/delete (ownedByUser preset) */
-  _checkOwnership(item, req) {
-    const ownershipCheck = req.metadata?._ownershipCheck;
-    if (!item || !ownershipCheck) return true;
-    const { field, userId } = ownershipCheck;
-    const itemOwnerId = item[field];
-    if (!itemOwnerId) return true;
-    return String(itemOwnerId) === String(userId);
-  }
-  /**
-   * Get hook system from context (instance-scoped) or fall back to global singleton
-   * This allows proper isolation when running multiple app instances (e.g., in tests)
-   */
-  _getHooks(req) {
-    const arcMeta = req.metadata?.arc;
-    return arcMeta?.hooks ?? hookSystem;
-  }
-  // ============================================================================
-  // IController Implementation - CRUD Operations
-  // ============================================================================
-  /**
-   * List resources with filtering, pagination, sorting
-   * Implements IController.list()
-   */
-  async list(req) {
-    const options = this._parseQueryOptions(req);
-    const filteredOptions = this._applyFilters(options, req);
-    const result = await this.repository.getAll(filteredOptions);
-    if (Array.isArray(result)) {
-      return {
-        success: true,
-        data: {
-          docs: result,
-          page: 1,
-          limit: result.length,
-          total: result.length,
-          pages: 1,
-          hasNext: false,
-          hasPrev: false
-        },
-        status: 200
-      };
-    }
-    return {
-      success: true,
-      data: result,
-      status: 200
-    };
-  }
-  /**
-   * Get single resource by ID
-   * Implements IController.get()
-   */
-  async get(req) {
-    const id = req.params.id;
-    if (!id) {
-      return {
-        success: false,
-        error: "ID parameter is required",
-        status: 400
-      };
-    }
-    const options = this._parseQueryOptions(req);
-    const arcContext = req.metadata;
-    try {
-      const item = await this.repository.getById(id, options);
-      const hasItem = !!item;
-      const orgScopeOk = this._checkOrgScope(item, arcContext);
-      const policyFiltersOk = this._checkPolicyFilters(item, req);
-      if (!hasItem || !orgScopeOk || !policyFiltersOk) {
-        return {
-          success: false,
-          error: "Resource not found",
-          status: 404
-        };
-      }
-      return {
-        success: true,
-        data: item,
-        status: 200
-      };
-    } catch (error) {
-      if (error instanceof Error && error.message?.includes("not found")) {
-        return {
-          success: false,
-          error: "Resource not found",
-          status: 404
-        };
-      }
-      throw error;
-    }
-  }
-  /**
-   * Create new resource
-   * Implements IController.create()
-   */
-  async create(req) {
-    const data = { ...req.body };
-    const arcContext = req.metadata;
-    if (arcContext?.organizationId) {
-      data.organizationId = arcContext.organizationId;
-    }
-    const userId = getUserId(req.user);
-    if (userId) {
-      data.createdBy = userId;
-    }
-    const hooks = this._getHooks(req);
-    const user = req.user;
-    let processedData = data;
-    if (this.resourceName) {
-      processedData = await hooks.executeBefore(this.resourceName, "create", data, {
-        user,
-        context: arcContext
-      });
-    }
-    const item = await this.repository.create(processedData, {
-      user,
-      context: arcContext
-    });
-    if (this.resourceName) {
-      await hooks.executeAfter(this.resourceName, "create", item, {
-        user,
-        context: arcContext
-      });
-    }
-    return {
-      success: true,
-      data: item,
-      status: 201,
-      meta: { message: "Created successfully" }
-    };
-  }
-  /**
-   * Update existing resource
-   * Implements IController.update()
-   */
-  async update(req) {
-    const id = req.params.id;
-    if (!id) {
-      return {
-        success: false,
-        error: "ID parameter is required",
-        status: 400
-      };
-    }
-    const data = { ...req.body };
-    const arcContext = req.metadata;
-    const user = req.user;
-    const userId = getUserId(user);
-    if (userId) {
-      data.updatedBy = userId;
-    }
-    const existing = await this.repository.getById(id);
-    if (!existing) {
-      return {
-        success: false,
-        error: "Resource not found",
-        status: 404
-      };
-    }
-    if (!this._checkOrgScope(existing, arcContext) || !this._checkPolicyFilters(existing, req)) {
-      return {
-        success: false,
-        error: "Resource not found",
-        status: 404
-      };
-    }
-    if (!this._checkOwnership(existing, req)) {
-      return {
-        success: false,
-        error: "You do not have permission to modify this resource",
-        details: { code: "OWNERSHIP_DENIED" },
-        status: 403
-      };
-    }
-    const hooks = this._getHooks(req);
-    let processedData = data;
-    if (this.resourceName) {
-      processedData = await hooks.executeBefore(this.resourceName, "update", data, {
-        user,
-        context: arcContext,
-        meta: { id, existing }
-      });
-    }
-    const item = await this.repository.update(id, processedData, {
-      user,
-      context: arcContext
-    });
-    if (!item) {
-      return {
-        success: false,
-        error: "Resource not found",
-        status: 404
-      };
-    }
-    if (this.resourceName) {
-      await hooks.executeAfter(this.resourceName, "update", item, {
-        user,
-        context: arcContext,
-        meta: { id, existing }
-      });
-    }
-    return {
-      success: true,
-      data: item,
-      status: 200,
-      meta: { message: "Updated successfully" }
-    };
-  }
-  /**
-   * Delete resource
-   * Implements IController.delete()
-   */
-  async delete(req) {
-    const id = req.params.id;
-    if (!id) {
-      return {
-        success: false,
-        error: "ID parameter is required",
-        status: 400
-      };
-    }
-    const arcContext = req.metadata;
-    const user = req.user;
-    const existing = await this.repository.getById(id);
-    if (!existing) {
-      return {
-        success: false,
-        error: "Resource not found",
-        status: 404
-      };
-    }
-    if (!this._checkOrgScope(existing, arcContext) || !this._checkPolicyFilters(existing, req)) {
-      return {
-        success: false,
-        error: "Resource not found",
-        status: 404
-      };
-    }
-    if (!this._checkOwnership(existing, req)) {
-      return {
-        success: false,
-        error: "You do not have permission to delete this resource",
-        details: { code: "OWNERSHIP_DENIED" },
-        status: 403
-      };
-    }
-    const hooks = this._getHooks(req);
-    if (this.resourceName) {
-      await hooks.executeBefore(this.resourceName, "delete", existing, {
-        user,
-        context: arcContext,
-        meta: { id }
-      });
-    }
-    const result = await this.repository.delete(id, {
-      user,
-      context: arcContext
-    });
-    const deleteSuccess = typeof result === "object" ? result?.success : result;
-    if (!deleteSuccess) {
-      return {
-        success: false,
-        error: "Resource not found",
-        status: 404
-      };
-    }
-    if (this.resourceName) {
-      await hooks.executeAfter(this.resourceName, "delete", existing, {
-        user,
-        context: arcContext,
-        meta: { id }
-      });
-    }
-    return {
-      success: true,
-      data: { message: "Deleted successfully" },
-      status: 200
-    };
-  }
-  // ============================================================================
-  // Preset Methods (framework-agnostic versions)
-  // ============================================================================
-  /** Get resource by slug (slugLookup preset) */
-  async getBySlug(req) {
-    const repo = this.repository;
-    if (!repo.getBySlug) {
-      return {
-        success: false,
-        error: "Slug lookup not implemented",
-        status: 501
-      };
-    }
-    const slugField = this._presetFields.slugField ?? "slug";
-    const slug = req.params[slugField] ?? req.params.slug;
-    const options = this._parseQueryOptions(req);
-    const arcContext = req.metadata;
-    const item = await repo.getBySlug(slug, options);
-    if (!item || !this._checkOrgScope(item, arcContext)) {
-      return {
-        success: false,
-        error: "Resource not found",
-        status: 404
-      };
-    }
-    return {
-      success: true,
-      data: item,
-      status: 200
-    };
-  }
-  /** Get soft-deleted resources (softDelete preset) */
-  async getDeleted(req) {
-    const repo = this.repository;
-    if (!repo.getDeleted) {
-      return {
-        success: false,
-        error: "Soft delete not implemented",
-        status: 501
-      };
-    }
-    const options = this._parseQueryOptions(req);
-    const filteredOptions = this._applyFilters(options, req);
-    const result = await repo.getDeleted(filteredOptions);
-    if (Array.isArray(result)) {
-      return {
-        success: true,
-        data: {
-          docs: result,
-          page: 1,
-          limit: result.length,
-          total: result.length,
-          pages: 1,
-          hasNext: false,
-          hasPrev: false
-        },
-        status: 200
-      };
-    }
-    return {
-      success: true,
-      data: result,
-      status: 200
-    };
-  }
-  /** Restore soft-deleted resource (softDelete preset) */
-  async restore(req) {
-    const repo = this.repository;
-    if (!repo.restore) {
-      return {
-        success: false,
-        error: "Restore not implemented",
-        status: 501
-      };
-    }
-    const id = req.params.id;
-    if (!id) {
-      return {
-        success: false,
-        error: "ID parameter is required",
-        status: 400
-      };
-    }
-    const item = await repo.restore(id);
-    if (!item) {
-      return {
-        success: false,
-        error: "Resource not found",
-        status: 404
-      };
-    }
-    return {
-      success: true,
-      data: item,
-      status: 200,
-      meta: { message: "Restored successfully" }
-    };
-  }
-  /** Get hierarchical tree (tree preset) */
-  async getTree(req) {
-    const repo = this.repository;
-    if (!repo.getTree) {
-      return {
-        success: false,
-        error: "Tree structure not implemented",
-        status: 501
-      };
-    }
-    const options = this._parseQueryOptions(req);
-    const filteredOptions = this._applyFilters(options, req);
-    const tree = await repo.getTree(filteredOptions);
-    return {
-      success: true,
-      data: tree,
-      status: 200
-    };
-  }
-  /** Get children of parent (tree preset) */
-  async getChildren(req) {
-    const repo = this.repository;
-    if (!repo.getChildren) {
-      return {
-        success: false,
-        error: "Tree structure not implemented",
-        status: 501
-      };
-    }
-    const parentField = this._presetFields.parentField ?? "parent";
-    const parentId = req.params[parentField] ?? req.params.parent ?? req.params.id;
-    const options = this._parseQueryOptions(req);
-    const filteredOptions = this._applyFilters(options, req);
-    const children = await repo.getChildren(parentId, filteredOptions);
-    return {
-      success: true,
-      data: children,
-      status: 200
-    };
-  }
-};
-
-// src/core/fastifyAdapter.ts
-function applyFieldMaskToObject(obj, fieldMask) {
-  if (!obj || typeof obj !== "object") return obj;
-  const { include, exclude } = fieldMask;
-  if (include && include.length > 0) {
-    const filtered = {};
-    for (const field of include) {
-      if (field in obj) {
-        filtered[field] = obj[field];
-      }
-    }
-    return filtered;
-  }
-  if (exclude && exclude.length > 0) {
-    const filtered = { ...obj };
-    for (const field of exclude) {
-      delete filtered[field];
-    }
-    return filtered;
-  }
-  return obj;
-}
-function applyFieldMask(data, fieldMask) {
-  if (!fieldMask) return data;
-  if (Array.isArray(data)) {
-    return data.map((item) => applyFieldMaskToObject(item, fieldMask));
-  }
-  if (data && typeof data === "object") {
-    return applyFieldMaskToObject(data, fieldMask);
-  }
-  return data;
-}
-function createRequestContext(req) {
-  const reqWithExtras = req;
-  return {
-    query: reqWithExtras.query ?? {},
-    body: reqWithExtras.body ?? {},
-    params: reqWithExtras.params ?? {},
-    headers: reqWithExtras.headers,
-    user: reqWithExtras.user ? (() => {
-      const user = reqWithExtras.user;
-      return {
-        ...user,
-        // Normalize ID for MongoDB compatibility
-        id: String(user._id ?? user.id),
-        _id: user._id ?? user.id
-        // Preserve original role/roles/permissions as-is
-        // Devs can define their own authorization structure
-      };
-    })() : void 0,
-    organizationId: reqWithExtras.organizationId,
-    metadata: {
-      ...reqWithExtras.context,
-      // Include Arc metadata for hook execution
-      arc: reqWithExtras.arc,
-      // Include ownership check for access control
-      _ownershipCheck: reqWithExtras._ownershipCheck,
-      // Merge policy filters - TRUSTED sources override user input
-      // Order matters: query (can be user-injected) FIRST, then trusted middleware LAST
-      _policyFilters: {
-        ...reqWithExtras.query?._policyFilters ?? {},
-        ...reqWithExtras._policyFilters ?? {}
-      },
-      // Include logger for logging
-      log: reqWithExtras.log
-    }
-  };
-}
-function sendControllerResponse(reply, response, request) {
-  const reqWithExtras = request;
-  const fieldMask = reqWithExtras?.fieldMask;
-  const fieldMaskConfig = fieldMask ? { include: fieldMask } : void 0;
-  if (response.success && response.data && typeof response.data === "object" && "docs" in response.data) {
-    const paginatedData = response.data;
-    const filteredDocs = fieldMaskConfig ? applyFieldMask(paginatedData.docs, fieldMaskConfig) : paginatedData.docs;
-    reply.code(response.status ?? 200).send({
-      success: true,
-      docs: filteredDocs,
-      page: paginatedData.page,
-      limit: paginatedData.limit,
-      total: paginatedData.total,
-      pages: paginatedData.pages,
-      hasNext: paginatedData.hasNext,
-      hasPrev: paginatedData.hasPrev,
-      ...response.meta ?? {}
-    });
-    return;
-  }
-  const filteredData = fieldMaskConfig ? applyFieldMask(response.data, fieldMaskConfig) : response.data;
-  reply.code(response.status ?? (response.success ? 200 : 400)).send({
-    success: response.success,
-    data: filteredData,
-    error: response.error,
-    details: response.details,
-    ...response.meta ?? {}
-  });
-}
-function createFastifyHandler(controllerMethod) {
-  return async (req, reply) => {
-    const requestContext = createRequestContext(req);
-    const response = await controllerMethod(requestContext);
-    sendControllerResponse(reply, response, req);
-  };
-}
-function createCrudHandlers(controller) {
-  return {
-    list: createFastifyHandler(controller.list.bind(controller)),
-    get: createFastifyHandler(controller.get.bind(controller)),
-    create: createFastifyHandler(controller.create.bind(controller)),
-    update: createFastifyHandler(controller.update.bind(controller)),
-    delete: createFastifyHandler(controller.delete.bind(controller))
-  };
-}
-
-// src/core/createCrudRouter.ts
-function requiresAuthentication(permission) {
-  if (!permission) return false;
-  return !permission._isPublic;
-}
-function buildAuthMiddleware(fastify, permission) {
-  if (!requiresAuthentication(permission)) return null;
-  if (!fastify.authenticate) return null;
-  return fastify.authenticate;
-}
-function buildPermissionMiddleware(permissionCheck, resourceName, action) {
-  if (!permissionCheck) return null;
-  return async (request, reply) => {
-    const reqWithExtras = request;
-    const context2 = {
-      user: reqWithExtras.user ?? null,
-      request,
-      resource: resourceName,
-      action,
-      resourceId: request.params?.id,
-      organizationId: reqWithExtras.organizationId,
-      data: request.body
-    };
-    const result = await permissionCheck(context2);
-    if (typeof result === "boolean") {
-      if (!result) {
-        reply.code(context2.user ? 403 : 401).send({
-          success: false,
-          error: context2.user ? "Permission denied" : "Authentication required"
-        });
-        return;
-      }
-      return;
-    }
-    const permResult = result;
-    if (!permResult.granted) {
-      reply.code(context2.user ? 403 : 401).send({
-        success: false,
-        error: permResult.reason ?? (context2.user ? "Permission denied" : "Authentication required")
-      });
-      return;
-    }
-    if (permResult.filters) {
-      reqWithExtras._policyFilters = {
-        ...reqWithExtras._policyFilters ?? {},
-        ...permResult.filters
-      };
-    }
-  };
-}
-function buildOrgScopedMiddleware(fastify, orgScoped, globalOrgScoped) {
-  const shouldApplyOrgScoped = orgScoped ?? globalOrgScoped;
-  if (!shouldApplyOrgScoped) return [];
-  if (!fastify.organizationScoped) {
-    throw new Error(
-      "Organization scoping is enabled but fastify.organizationScoped decorator is not registered.\nRegister the org scope plugin before mounting resources:\nawait app.register(orgScopePlugin);\nDocs: https://github.com/classytic/arc#multi-tenant"
-    );
-  }
-  return [fastify.organizationScoped()];
-}
-function createAdditionalRoutes(fastify, routes, controller, options) {
-  const { tag, resourceName, orgMw, arcDecorator } = options;
-  for (const route of routes) {
-    let handler;
-    if (typeof route.handler === "string") {
-      if (!controller) {
-        throw new Error(
-          `Route ${route.method} ${route.path}: string handler '${route.handler}' requires a controller. Either provide a controller or use a function handler instead.`
-        );
-      }
-      const ctrl = controller;
-      const method = ctrl[route.handler];
-      if (typeof method !== "function") {
-        throw new Error(`Handler '${route.handler}' not found on controller`);
-      }
-      const boundMethod = method.bind(controller);
-      handler = route.wrapHandler ? createFastifyHandler(boundMethod) : boundMethod;
-    } else {
-      handler = route.wrapHandler ? createFastifyHandler(route.handler) : route.handler;
-    }
-    const routeTags = route.tags ?? (tag ? [tag] : void 0);
-    const schema = {
-      ...routeTags ? { tags: routeTags } : {},
-      ...route.summary ? { summary: route.summary } : {},
-      ...route.description ? { description: route.description } : {},
-      ...route.schema ?? {}
-    };
-    const authMw = buildAuthMiddleware(fastify, route.permissions);
-    const permissionMw = buildPermissionMiddleware(route.permissions, resourceName, route.method.toLowerCase());
-    const customPreHandlers = typeof route.preHandler === "function" ? route.preHandler(fastify) : route.preHandler ?? [];
-    const preHandler = [
-      arcDecorator,
-      authMw,
-      // Authenticate first (populates request.user)
-      permissionMw,
-      // Then check permissions
-      ...orgMw(),
-      ...customPreHandlers
-    ].filter(Boolean);
-    fastify.route({
-      method: route.method,
-      url: route.path,
-      schema,
-      // Fastify schema is flexible - allow any valid JSON schema
-      preHandler: preHandler.length > 0 ? preHandler : void 0,
-      handler
-    });
-  }
-}
-function createCrudRouter(fastify, controller, options = {}) {
-  const {
-    tag = "Resource",
-    schemas = {},
-    permissions = {},
-    middlewares = {},
-    additionalRoutes = [],
-    disableDefaultRoutes = false,
-    disabledRoutes = [],
-    organizationScoped = false,
-    resourceName = "unknown",
-    schemaOptions
-  } = options;
-  const orgMw = (orgScoped) => {
-    return buildOrgScopedMiddleware(fastify, orgScoped, organizationScoped);
-  };
-  const arcDecorator = async (req, _reply) => {
-    req.arc = {
-      resourceName,
-      schemaOptions,
-      permissions,
-      // Include instance-scoped hooks if available (for proper isolation)
-      hooks: fastify.arc?.hooks,
-      // Include events emitter if available
-      events: fastify.events
-    };
-  };
-  const mw = {
-    list: middlewares.list ?? [],
-    get: middlewares.get ?? [],
-    create: middlewares.create ?? [],
-    update: middlewares.update ?? [],
-    delete: middlewares.delete ?? []
-  };
-  const idParamsSchema = {
-    type: "object",
-    properties: { id: { type: "string" } },
-    required: ["id"]
-  };
-  let handlers;
-  if (!disableDefaultRoutes) {
-    if (!controller) {
-      throw new Error(
-        "Controller is required when disableDefaultRoutes is not true. Provide a controller or use defineResource which auto-creates BaseController."
-      );
-    }
-    handlers = createCrudHandlers(controller);
-  }
-  if (!disableDefaultRoutes && handlers) {
-    if (!disabledRoutes.includes("list")) {
-      const authMw = buildAuthMiddleware(fastify, permissions.list);
-      const permMw = buildPermissionMiddleware(permissions.list, resourceName, "list");
-      const listPreHandler = [arcDecorator, authMw, permMw, ...orgMw(), ...mw.list].filter(Boolean);
-      fastify.route({
-        method: "GET",
-        url: "/",
-        schema: {
-          tags: [tag],
-          summary: `List ${tag}`,
-          ...schemas.list ?? {}
-        },
-        preHandler: listPreHandler.length > 0 ? listPreHandler : void 0,
-        handler: handlers.list
-      });
-    }
-    if (!disabledRoutes.includes("get")) {
-      const authMw = buildAuthMiddleware(fastify, permissions.get);
-      const permMw = buildPermissionMiddleware(permissions.get, resourceName, "get");
-      const getPreHandler = [arcDecorator, authMw, permMw, ...orgMw(), ...mw.get].filter(Boolean);
-      fastify.route({
-        method: "GET",
-        url: "/:id",
-        schema: {
-          tags: [tag],
-          summary: `Get ${tag} by ID`,
-          params: idParamsSchema,
-          ...schemas.get ?? {}
-        },
-        preHandler: getPreHandler.length > 0 ? getPreHandler : void 0,
-        handler: handlers.get
-      });
-    }
-    if (!disabledRoutes.includes("create")) {
-      const authMw = buildAuthMiddleware(fastify, permissions.create);
-      const permMw = buildPermissionMiddleware(permissions.create, resourceName, "create");
-      const createPreHandler = [arcDecorator, authMw, permMw, ...orgMw(), ...mw.create].filter(Boolean);
-      fastify.route({
-        method: "POST",
-        url: "/",
-        schema: {
-          tags: [tag],
-          summary: `Create ${tag}`,
-          ...schemas.create ?? {}
-        },
-        preHandler: createPreHandler.length > 0 ? createPreHandler : void 0,
-        handler: handlers.create
-      });
-    }
-    if (!disabledRoutes.includes("update")) {
-      const authMw = buildAuthMiddleware(fastify, permissions.update);
-      const permMw = buildPermissionMiddleware(permissions.update, resourceName, "update");
-      const updatePreHandler = [arcDecorator, authMw, permMw, ...orgMw(), ...mw.update].filter(Boolean);
-      fastify.route({
-        method: "PATCH",
-        url: "/:id",
-        schema: {
-          tags: [tag],
-          summary: `Update ${tag}`,
-          params: idParamsSchema,
-          ...schemas.update ?? {}
-        },
-        preHandler: updatePreHandler.length > 0 ? updatePreHandler : void 0,
-        handler: handlers.update
-      });
-    }
-    if (!disabledRoutes.includes("delete")) {
-      const authMw = buildAuthMiddleware(fastify, permissions.delete);
-      const permMw = buildPermissionMiddleware(permissions.delete, resourceName, "delete");
-      const deletePreHandler = [arcDecorator, authMw, permMw, ...orgMw(), ...mw.delete].filter(Boolean);
-      fastify.route({
-        method: "DELETE",
-        url: "/:id",
-        schema: {
-          tags: [tag],
-          summary: `Delete ${tag}`,
-          params: idParamsSchema,
-          ...schemas.delete ?? {}
-        },
-        preHandler: deletePreHandler.length > 0 ? deletePreHandler : void 0,
-        handler: handlers.delete
-      });
-    }
-  }
-  if (additionalRoutes.length > 0) {
-    createAdditionalRoutes(fastify, additionalRoutes, controller, { tag, resourceName, orgMw, arcDecorator });
-  }
-}
-
-// src/permissions/index.ts
-function allowPublic() {
-  const check = () => true;
-  check._isPublic = true;
-  return check;
-}
-function requireAuth() {
-  const check = (ctx) => {
-    if (!ctx.user) {
-      return { granted: false, reason: "Authentication required" };
-    }
-    return true;
-  };
-  return check;
-}
-function requireRoles(roles, options) {
-  const check = (ctx) => {
-    if (!ctx.user) {
-      return { granted: false, reason: "Authentication required" };
-    }
-    const userRoles = ctx.user.roles ?? [];
-    if (options?.bypassRoles?.some((r) => userRoles.includes(r))) {
-      return true;
-    }
-    if (roles.some((r) => userRoles.includes(r))) {
-      return true;
-    }
-    return {
-      granted: false,
-      reason: `Required roles: ${roles.join(", ")}`
-    };
-  };
-  check._roles = roles;
-  return check;
-}
-function requireOwnership(ownerField = "userId", options) {
-  return (ctx) => {
-    if (!ctx.user) {
-      return { granted: false, reason: "Authentication required" };
-    }
-    const userRoles = ctx.user.roles ?? [];
-    if (options?.bypassRoles?.some((r) => userRoles.includes(r))) {
-      return true;
-    }
-    const userId = ctx.user.id ?? ctx.user._id;
-    return {
-      granted: true,
-      filters: { [ownerField]: userId }
-    };
-  };
-}
-function allOf(...checks) {
-  return async (ctx) => {
-    let mergedFilters = {};
-    for (const check of checks) {
-      const result = await check(ctx);
-      const normalized = typeof result === "boolean" ? { granted: result } : result;
-      if (!normalized.granted) {
-        return normalized;
-      }
-      if (normalized.filters) {
-        mergedFilters = { ...mergedFilters, ...normalized.filters };
-      }
-    }
-    return {
-      granted: true,
-      filters: Object.keys(mergedFilters).length > 0 ? mergedFilters : void 0
-    };
-  };
-}
-function anyOf(...checks) {
-  return async (ctx) => {
-    const reasons = [];
-    for (const check of checks) {
-      const result = await check(ctx);
-      const normalized = typeof result === "boolean" ? { granted: result } : result;
-      if (normalized.granted) {
-        return normalized;
-      }
-      if (normalized.reason) {
-        reasons.push(normalized.reason);
-      }
-    }
-    return {
-      granted: false,
-      reason: reasons.join("; ")
-    };
-  };
-}
-function denyAll(reason = "Access denied") {
-  return () => ({ granted: false, reason });
-}
-function when(condition) {
-  return async (ctx) => {
-    const result = await condition(ctx);
-    return {
-      granted: result,
-      reason: result ? void 0 : "Condition not met"
-    };
-  };
-}
-
-// src/presets/softDelete.ts
-function softDeletePreset(options = {}) {
-  const { deletedField: _deletedField = "deletedAt" } = options;
-  return {
-    name: "softDelete",
-    additionalRoutes: (permissions) => [
-      {
-        method: "GET",
-        path: "/deleted",
-        handler: "getDeleted",
-        summary: "Get soft-deleted items",
-        permissions: permissions.list ?? requireRoles(["admin"]),
-        wrapHandler: true
-      },
-      {
-        method: "POST",
-        path: "/:id/restore",
-        handler: "restore",
-        summary: "Restore soft-deleted item",
-        permissions: permissions.update ?? requireRoles(["admin"]),
-        wrapHandler: true
-      }
-    ]
-  };
-}
-
-// src/presets/slugLookup.ts
-function slugLookupPreset(options = {}) {
-  const { slugField = "slug" } = options;
-  return {
-    name: "slugLookup",
-    additionalRoutes: (permissions) => [
-      {
-        method: "GET",
-        path: `/slug/:${slugField}`,
-        handler: "getBySlug",
-        summary: "Get by slug",
-        permissions: permissions.get ?? allowPublic(),
-        wrapHandler: true
-        // Handler is a ControllerHandler
-      }
-    ],
-    // Pass to controller so it knows which param to read
-    controllerOptions: {
-      slugField
-    }
-  };
-}
-
-// src/presets/ownedByUser.ts
-function createOwnershipCheck(ownerField, bypassRoles) {
-  return async (request, _reply) => {
-    const user = request.user;
-    if (!user) return;
-    const userWithRoles = user;
-    if (userWithRoles.roles && bypassRoles.some((r) => userWithRoles.roles.includes(r))) return;
-    const userWithId = user;
-    const userId = userWithId._id ?? userWithId.id;
-    if (userId) {
-      request._ownershipCheck = {
-        field: ownerField,
-        userId
-      };
-    }
-  };
-}
-function ownedByUserPreset(options = {}) {
-  const {
-    ownerField = "userId",
-    bypassRoles = ["admin", "superadmin"]
-  } = options;
-  const ownershipMiddleware = createOwnershipCheck(ownerField, bypassRoles);
-  return {
-    name: "ownedByUser",
-    middlewares: {
-      update: [ownershipMiddleware],
-      delete: [ownershipMiddleware]
-    }
-  };
-}
-
-// src/presets/multiTenant.ts
-function defaultExtractOrganizationId(request) {
-  const context2 = request.context;
-  if (context2?.organizationId) {
-    return context2.organizationId;
-  }
-  const user = request.user;
-  if (user?.organizationId) {
-    return user.organizationId;
-  }
-  if (user?.organization) {
-    const org = user.organization;
-    return org._id || org.id || org;
-  }
-  return null;
-}
-function createTenantFilter(tenantField, bypassRoles, extractOrganizationId) {
-  return async (request, reply) => {
-    const user = request.user;
-    if (!user) {
-      reply.code(401).send({
-        success: false,
-        error: "Unauthorized",
-        message: "Authentication required for multi-tenant resources"
-      });
-      return;
-    }
-    const userWithRoles = user;
-    if (userWithRoles.roles && bypassRoles.some((r) => userWithRoles.roles.includes(r))) return;
-    const orgId = extractOrganizationId(request);
-    if (!orgId) {
-      reply.code(403).send({
-        success: false,
-        error: "Forbidden",
-        message: "Organization context required for this operation"
-      });
-      return;
-    }
-    request.query = request.query ?? {};
-    request.query._policyFilters = {
-      ...request.query._policyFilters ?? {},
-      [tenantField]: orgId
-    };
-  };
-}
-function createFlexibleTenantFilter(tenantField, bypassRoles, extractOrganizationId) {
-  return async (request, reply) => {
-    const user = request.user;
-    const orgId = extractOrganizationId(request);
-    if (!orgId) {
-      return;
-    }
-    if (!user) {
-      reply.code(401).send({
-        success: false,
-        error: "Unauthorized",
-        message: "Authentication required for organization-scoped data"
-      });
-      return;
-    }
-    const userWithRoles = user;
-    if (userWithRoles.roles && bypassRoles.some((r) => userWithRoles.roles.includes(r))) {
-      return;
-    }
-    request.query = request.query ?? {};
-    request.query._policyFilters = {
-      ...request.query._policyFilters ?? {},
-      [tenantField]: orgId
-    };
-  };
-}
-function createTenantInjection(tenantField, extractOrganizationId) {
-  return async (request, reply) => {
-    const orgId = extractOrganizationId(request);
-    if (!orgId) {
-      reply.code(403).send({
-        success: false,
-        error: "Forbidden",
-        message: "Organization context required to create resources"
-      });
-      return;
-    }
-    if (request.body) {
-      request.body[tenantField] = orgId;
-    }
-  };
-}
-function multiTenantPreset(options = {}) {
-  const {
-    tenantField = "organizationId",
-    bypassRoles = ["superadmin"],
-    extractOrganizationId = defaultExtractOrganizationId,
-    allowPublic: allowPublic2 = []
-  } = options;
-  const strictTenantFilter = createTenantFilter(tenantField, bypassRoles, extractOrganizationId);
-  const flexibleTenantFilter = createFlexibleTenantFilter(tenantField, bypassRoles, extractOrganizationId);
-  const tenantInjection = createTenantInjection(tenantField, extractOrganizationId);
-  const getFilter = (route) => allowPublic2.includes(route) ? flexibleTenantFilter : strictTenantFilter;
-  return {
-    name: "multiTenant",
-    middlewares: {
-      list: [getFilter("list")],
-      get: [getFilter("get")],
-      create: [tenantInjection],
-      update: [getFilter("update")],
-      delete: [getFilter("delete")]
-    }
-  };
-}
-
-// src/presets/tree.ts
-function treePreset(options = {}) {
-  const { parentField = "parent" } = options;
-  return {
-    name: "tree",
-    additionalRoutes: (permissions) => [
-      {
-        method: "GET",
-        path: "/tree",
-        handler: "getTree",
-        summary: "Get hierarchical tree",
-        permissions: permissions.list ?? allowPublic(),
-        wrapHandler: true
-      },
-      {
-        method: "GET",
-        path: `/:${parentField}/children`,
-        handler: "getChildren",
-        summary: "Get children of parent",
-        permissions: permissions.list ?? allowPublic(),
-        wrapHandler: true
-      }
-    ],
-    // Pass to controller so it knows which param to read
-    controllerOptions: {
-      parentField
-    }
-  };
-}
-
-// src/presets/audited.ts
-function auditedPreset(options = {}) {
-  const { createdByField = "createdBy", updatedByField = "updatedBy" } = options;
-  const injectCreatedBy = async (request, _reply) => {
-    const userWithId = request.user;
-    if (userWithId?._id || userWithId?.id) {
-      const userId = userWithId._id ?? userWithId.id;
-      request.body[createdByField] = userId;
-      request.body[updatedByField] = userId;
-    }
-    return void 0;
-  };
-  const injectUpdatedBy = async (request, _reply) => {
-    const userWithId = request.user;
-    if (userWithId?._id || userWithId?.id) {
-      request.body[updatedByField] = userWithId._id ?? userWithId.id;
-    }
-    return void 0;
-  };
-  return {
-    name: "audited",
-    schemaOptions: {
-      fieldRules: {
-        [createdByField]: { systemManaged: true },
-        [updatedByField]: { systemManaged: true },
-        createdAt: { systemManaged: true },
-        updatedAt: { systemManaged: true }
-      }
-    },
-    middlewares: {
-      create: [injectCreatedBy],
-      update: [injectUpdatedBy]
-    }
-  };
-}
-
-// src/presets/index.ts
-var presetRegistry = {
-  softDelete: softDeletePreset,
-  slugLookup: slugLookupPreset,
-  ownedByUser: ownedByUserPreset,
-  multiTenant: multiTenantPreset,
-  tree: treePreset,
-  audited: auditedPreset
-};
-function resolvePreset(name, options = {}) {
-  const factory = presetRegistry[name];
-  if (!factory) {
-    const available = Object.keys(presetRegistry).join(", ");
-    throw new Error(
-      `Unknown preset: '${name}'
-Available presets: ${available}
-Docs: https://github.com/classytic/arc#presets`
-    );
-  }
-  return factory(options);
-}
-function getAvailablePresets() {
-  return Object.keys(presetRegistry);
-}
-function applyPresets(config, presets = []) {
-  let result = { ...config };
-  for (const preset of presets) {
-    const resolved = resolvePresetInput(preset);
-    result = mergePreset(result, resolved);
-  }
-  return result;
-}
-function resolvePresetInput(preset) {
-  if (typeof preset === "object" && ("middlewares" in preset || "additionalRoutes" in preset)) {
-    return preset;
-  }
-  if (typeof preset === "object" && "name" in preset) {
-    const { name, ...options } = preset;
-    return resolvePreset(name, options);
-  }
-  return resolvePreset(preset);
-}
-function mergePreset(config, preset) {
-  const result = { ...config };
-  if (preset.additionalRoutes) {
-    const routes = typeof preset.additionalRoutes === "function" ? preset.additionalRoutes(config.permissions ?? {}) : preset.additionalRoutes;
-    result.additionalRoutes = [
-      ...result.additionalRoutes ?? [],
-      ...routes
-    ];
-  }
-  if (preset.middlewares) {
-    result.middlewares = result.middlewares ?? {};
-    for (const [op, mws] of Object.entries(preset.middlewares)) {
-      const key = op;
-      result.middlewares[key] = [
-        ...result.middlewares[key] ?? [],
-        ...mws ?? []
-      ];
-    }
-  }
-  if (preset.schemaOptions) {
-    result.schemaOptions = {
-      ...result.schemaOptions,
-      ...preset.schemaOptions
-    };
-  }
-  if (preset.controllerOptions) {
-    result._controllerOptions = {
-      ...result._controllerOptions,
-      ...preset.controllerOptions
-    };
-  }
-  if (preset.hooks && preset.hooks.length > 0) {
-    result._hooks = result._hooks ?? [];
-    for (const hook of preset.hooks) {
-      result._hooks.push({
-        presetName: preset.name,
-        operation: hook.operation,
-        phase: hook.phase,
-        handler: hook.handler,
-        priority: hook.priority
-      });
-    }
-  }
-  return result;
-}
-
-// src/registry/index.ts
-init_ResourceRegistry();
-
-// src/core/validateResourceConfig.ts
-function validateResourceConfig(config, options = {}) {
-  const errors = [];
-  const warnings = [];
-  if (!config.name) {
-    errors.push({
-      field: "name",
-      message: "Resource name is required",
-      suggestion: 'Add a unique resource name (e.g., "product", "user")'
-    });
-  } else if (!/^[a-z][a-z0-9-]*$/i.test(config.name)) {
-    errors.push({
-      field: "name",
-      message: `Invalid resource name "${config.name}"`,
-      suggestion: "Use alphanumeric characters and hyphens, starting with a letter"
-    });
-  }
-  const crudRoutes = ["list", "get", "create", "update", "delete"];
-  const disabledRoutes = new Set(config.disabledRoutes ?? []);
-  const enabledCrudRoutes = crudRoutes.filter((route) => !disabledRoutes.has(route));
-  const hasCrudRoutes = !config.disableDefaultRoutes && enabledCrudRoutes.length > 0;
-  if (hasCrudRoutes) {
-    if (!config.adapter) {
-      errors.push({
-        field: "adapter",
-        message: "Data adapter is required when CRUD routes are enabled",
-        suggestion: "Provide an adapter: createMongooseAdapter({ model, repository })"
-      });
-    } else if (!config.adapter.repository) {
-      errors.push({
-        field: "adapter.repository",
-        message: "Adapter must provide a repository",
-        suggestion: "Ensure your adapter returns a valid CrudRepository"
-      });
-    }
-    if (!config.controller) {
-      warnings.push({
-        field: "controller",
-        message: "No controller provided, will auto-create BaseController"
-      });
-    }
-  } else {
-    if (!config.adapter && !config.additionalRoutes?.length) {
-      warnings.push({
-        field: "config",
-        message: "Resource has no adapter and no additionalRoutes",
-        suggestion: "Provide either adapter for CRUD or additionalRoutes for custom logic"
-      });
-    }
-  }
-  if (config.controller && !options.skipControllerCheck && !config.disableDefaultRoutes) {
-    const ctrl = config.controller;
-    const requiredMethods = ["list", "get", "create", "update", "delete"];
-    for (const method of requiredMethods) {
-      if (typeof ctrl[method] !== "function") {
-        errors.push({
-          field: `controller.${method}`,
-          message: `Missing required CRUD method "${method}"`,
-          suggestion: "Extend BaseController which implements IController interface"
-        });
-      }
-    }
-  }
-  if (config.controller && config.additionalRoutes) {
-    validateAdditionalRouteHandlers(config.controller, config.additionalRoutes, errors);
-  }
-  if (config.permissions) {
-    validatePermissionKeys(config, options, errors, warnings);
-  }
-  if (config.presets && !options.allowUnknownPresets) {
-    validatePresets(config.presets, errors, warnings);
-  }
-  if (config.prefix) {
-    if (!config.prefix.startsWith("/")) {
-      errors.push({
-        field: "prefix",
-        message: `Prefix must start with "/" (got "${config.prefix}")`,
-        suggestion: `Change to "/${config.prefix}"`
-      });
-    }
-    if (config.prefix.endsWith("/") && config.prefix !== "/") {
-      warnings.push({
-        field: "prefix",
-        message: `Prefix should not end with "/" (got "${config.prefix}")`,
-        suggestion: `Change to "${config.prefix.slice(0, -1)}"`
-      });
-    }
-  }
-  if (config.additionalRoutes) {
-    validateAdditionalRoutes(config.additionalRoutes, errors);
-  }
-  return {
-    valid: errors.length === 0,
-    errors,
-    warnings
-  };
-}
-function validateAdditionalRouteHandlers(controller, routes, errors) {
-  const ctrl = controller;
-  for (const route of routes) {
-    if (typeof route.handler === "string") {
-      if (typeof ctrl[route.handler] !== "function") {
-        errors.push({
-          field: `additionalRoutes[${route.method} ${route.path}]`,
-          message: `Handler "${route.handler}" not found on controller`,
-          suggestion: `Add method "${route.handler}" to controller or use a function handler`
-        });
-      }
-    }
-  }
-}
-function validatePermissionKeys(config, options, errors, warnings) {
-  const validKeys = /* @__PURE__ */ new Set([
-    "list",
-    "get",
-    "create",
-    "update",
-    "delete",
-    ...options.additionalPermissionKeys ?? []
-  ]);
-  for (const route of config.additionalRoutes ?? []) {
-    if (typeof route.handler === "string") {
-      validKeys.add(route.handler);
-    }
-  }
-  for (const preset of config.presets ?? []) {
-    const presetName = typeof preset === "string" ? preset : preset.name;
-    if (presetName === "softDelete") {
-      validKeys.add("deleted");
-      validKeys.add("restore");
-    }
-    if (presetName === "slugLookup") {
-      validKeys.add("getBySlug");
-    }
-    if (presetName === "tree") {
-      validKeys.add("tree");
-      validKeys.add("children");
-      validKeys.add("getTree");
-      validKeys.add("getChildren");
-    }
-  }
-  for (const key of Object.keys(config.permissions ?? {})) {
-    if (!validKeys.has(key)) {
-      warnings.push({
-        field: `permissions.${key}`,
-        message: `Unknown permission key "${key}"`,
-        suggestion: `Valid keys: ${Array.from(validKeys).join(", ")}`
-      });
-    }
-  }
-}
-function validatePresets(presets, errors, warnings) {
-  const availablePresets = getAvailablePresets();
-  for (const preset of presets) {
-    if (typeof preset === "object" && ("middlewares" in preset || "additionalRoutes" in preset)) {
-      continue;
-    }
-    const presetName = typeof preset === "string" ? preset : preset.name;
-    if (!availablePresets.includes(presetName)) {
-      errors.push({
-        field: "presets",
-        message: `Unknown preset "${presetName}"`,
-        suggestion: `Available presets: ${availablePresets.join(", ")}`
-      });
-    }
-    if (typeof preset === "object") {
-      validatePresetOptions(preset, warnings);
-    }
-  }
-}
-function validatePresetOptions(preset, warnings) {
-  const knownOptions = {
-    slugLookup: ["slugField"],
-    tree: ["parentField"],
-    softDelete: ["deletedField"],
-    ownedByUser: ["ownerField", "bypassRoles"],
-    multiTenant: ["tenantField", "bypassRoles"]
-  };
-  const validOptions = knownOptions[preset.name] ?? [];
-  const providedOptions = Object.keys(preset).filter((k) => k !== "name");
-  for (const opt of providedOptions) {
-    if (!validOptions.includes(opt)) {
-      warnings.push({
-        field: `presets[${preset.name}].${opt}`,
-        message: `Unknown option "${opt}" for preset "${preset.name}"`,
-        suggestion: validOptions.length > 0 ? `Valid options: ${validOptions.join(", ")}` : `Preset "${preset.name}" has no configurable options`
-      });
-    }
-  }
-}
-function validateAdditionalRoutes(routes, errors) {
-  const validMethods = ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"];
-  const seenRoutes = /* @__PURE__ */ new Set();
-  for (const [i, route] of routes.entries()) {
-    if (!validMethods.includes(route.method)) {
-      errors.push({
-        field: `additionalRoutes[${i}].method`,
-        message: `Invalid HTTP method "${route.method}"`,
-        suggestion: `Valid methods: ${validMethods.join(", ")}`
-      });
-    }
-    if (!route.path) {
-      errors.push({
-        field: `additionalRoutes[${i}].path`,
-        message: "Route path is required"
-      });
-    } else if (!route.path.startsWith("/")) {
-      errors.push({
-        field: `additionalRoutes[${i}].path`,
-        message: `Route path must start with "/" (got "${route.path}")`,
-        suggestion: `Change to "/${route.path}"`
-      });
-    }
-    if (!route.handler) {
-      errors.push({
-        field: `additionalRoutes[${i}].handler`,
-        message: "Route handler is required"
-      });
-    }
-    const routeKey = `${route.method} ${route.path}`;
-    if (seenRoutes.has(routeKey)) {
-      errors.push({
-        field: `additionalRoutes[${i}]`,
-        message: `Duplicate route "${routeKey}"`
-      });
-    }
-    seenRoutes.add(routeKey);
-  }
-}
-function formatValidationErrors(resourceName, result) {
-  const lines = [];
-  if (result.errors.length > 0) {
-    lines.push(`Resource "${resourceName}" validation failed:`);
-    lines.push("");
-    lines.push("ERRORS:");
-    for (const err of result.errors) {
-      lines.push(`  ✗ ${err.field}: ${err.message}`);
-      if (err.suggestion) {
-        lines.push(`    → ${err.suggestion}`);
-      }
-    }
-  }
-  if (result.warnings.length > 0) {
-    if (lines.length > 0) lines.push("");
-    lines.push("WARNINGS:");
-    for (const warn of result.warnings) {
-      lines.push(`  ⚠ ${warn.field}: ${warn.message}`);
-      if (warn.suggestion) {
-        lines.push(`    → ${warn.suggestion}`);
-      }
-    }
-  }
-  return lines.join("\n");
-}
-function assertValidConfig(config, options) {
-  const result = validateResourceConfig(config, options);
-  if (!result.valid) {
-    const errorMsg = formatValidationErrors(config.name ?? "unknown", result);
-    throw new Error(errorMsg);
-  }
-  if (result.warnings.length > 0 && process.env.NODE_ENV !== "production") {
-    console.warn(formatValidationErrors(config.name ?? "unknown", {
-      errors: [],
-      warnings: result.warnings
-    }));
-  }
-}
-
-// src/hooks/index.ts
-init_HookSystem();
-
-// src/core/defineResource.ts
-function defineResource(config) {
-  if (!config.skipValidation) {
-    assertValidConfig(config, { skipControllerCheck: true });
-    if (config.permissions) {
-      for (const [key, value] of Object.entries(config.permissions)) {
-        if (value !== void 0 && typeof value !== "function") {
-          throw new Error(
-            `[Arc] Resource '${config.name}': permissions.${key} must be a PermissionCheck function.
-Use allowPublic(), requireAuth(), or requireRoles(['role']) from @classytic/arc/permissions.`
-          );
-        }
-      }
-    }
-    for (const route of config.additionalRoutes ?? []) {
-      if (typeof route.permissions !== "function") {
-        throw new Error(
-          `[Arc] Resource '${config.name}' route ${route.method} ${route.path}: permissions is required and must be a PermissionCheck function.
-Use allowPublic() or requireAuth() from @classytic/arc/permissions.`
-        );
-      }
-      if (typeof route.wrapHandler !== "boolean") {
-        throw new Error(
-          `[Arc] Resource '${config.name}' route ${route.method} ${route.path}: wrapHandler is required.
-Set true for ControllerHandler (context object) or false for FastifyHandler (req, reply).`
-        );
-      }
-    }
-  }
-  const repository = config.adapter?.repository;
-  const crudRoutes = ["list", "get", "create", "update", "delete"];
-  const disabledRoutes = new Set(config.disabledRoutes ?? []);
-  const hasCrudRoutes = !config.disableDefaultRoutes && crudRoutes.some((route) => !disabledRoutes.has(route));
-  let controller = config.controller;
-  if (!controller && hasCrudRoutes && repository) {
-    controller = new BaseController(repository, {
-      resourceName: config.name,
-      schemaOptions: config.schemaOptions,
-      queryParser: config.queryParser
-    });
-  }
-  const originalPresets = (config.presets ?? []).map(
-    (p) => typeof p === "string" ? p : p.name
-  );
-  const resolvedConfig = config.presets?.length ? applyPresets(config, config.presets) : config;
-  resolvedConfig._appliedPresets = originalPresets;
-  if (controller) {
-    const ctrl = controller;
-    if (typeof ctrl._setResourceOptions === "function") {
-      ctrl._setResourceOptions({
-        schemaOptions: resolvedConfig.schemaOptions,
-        presetFields: resolvedConfig._controllerOptions ? {
-          slugField: resolvedConfig._controllerOptions.slugField,
-          parentField: resolvedConfig._controllerOptions.parentField
-        } : void 0,
-        resourceName: resolvedConfig.name,
-        queryParser: resolvedConfig.queryParser
-      });
-    }
-  }
-  const resource = new ResourceDefinition({
-    ...resolvedConfig,
-    adapter: config.adapter,
-    controller
-  });
-  if (!config.skipValidation && controller) {
-    resource._validateControllerMethods();
-  }
-  if (resolvedConfig._hooks?.length) {
-    for (const hook of resolvedConfig._hooks) {
-      hookSystem.register({
-        resource: resolvedConfig.name,
-        operation: hook.operation,
-        phase: hook.phase,
-        handler: hook.handler,
-        priority: hook.priority ?? 10
-      });
-    }
-  }
-  if (!config.skipRegistry) {
-    try {
-      let openApiSchemas = config.openApiSchemas;
-      if (!openApiSchemas && config.adapter?.generateSchemas) {
-        const generated = config.adapter.generateSchemas(config.schemaOptions);
-        if (generated) {
-          openApiSchemas = generated;
-        }
-      }
-      const queryParser = config.queryParser;
-      if (!openApiSchemas?.listQuery && queryParser?.getQuerySchema) {
-        const querySchema = queryParser.getQuerySchema();
-        if (querySchema) {
-          openApiSchemas = {
-            ...openApiSchemas,
-            listQuery: querySchema
-          };
-        }
-      }
-      resourceRegistry.register(resource, {
-        module: config.module,
-        openApiSchemas
-      });
-    } catch {
-    }
-  }
-  return resource;
-}
-var ResourceDefinition = class {
-  // Identity
-  name;
-  displayName;
-  tag;
-  prefix;
-  // Adapter (database abstraction) - optional for service resources
-  adapter;
-  // Controller
-  controller;
-  // Schema & Validation
-  schemaOptions;
-  customSchemas;
-  // Security
-  permissions;
-  // Customization
-  additionalRoutes;
-  middlewares;
-  disableDefaultRoutes;
-  disabledRoutes;
-  organizationScoped;
-  // Events
-  events;
-  // Presets tracking
-  _appliedPresets;
-  constructor(config) {
-    this.name = config.name;
-    this.displayName = config.displayName ?? capitalize(config.name) + "s";
-    this.tag = config.tag ?? this.displayName;
-    this.prefix = config.prefix ?? `/${config.name}s`;
-    this.adapter = config.adapter;
-    this.controller = config.controller;
-    this.schemaOptions = config.schemaOptions ?? {};
-    this.customSchemas = config.customSchemas ?? {};
-    this.permissions = config.permissions ?? {};
-    this.additionalRoutes = config.additionalRoutes ?? [];
-    this.middlewares = config.middlewares ?? {};
-    this.disableDefaultRoutes = config.disableDefaultRoutes ?? false;
-    this.disabledRoutes = config.disabledRoutes ?? [];
-    this.organizationScoped = config.organizationScoped ?? false;
-    this.events = config.events ?? {};
-    this._appliedPresets = config._appliedPresets ?? [];
-  }
-  /** Get repository from adapter (if available) */
-  get repository() {
-    return this.adapter?.repository;
-  }
-  /** Get model from adapter (if available) */
-  get model() {
-    if (!this.adapter) return void 0;
-    return this.adapter.getSchemaMetadata?.() ? this.adapter.model : void 0;
-  }
-  _validateControllerMethods() {
-    const errors = [];
-    const crudRoutes = ["list", "get", "create", "update", "delete"];
-    const disabledRoutes = new Set(this.disabledRoutes ?? []);
-    const enabledCrudRoutes = crudRoutes.filter((route) => !disabledRoutes.has(route));
-    const hasCrudRoutes = !this.disableDefaultRoutes && enabledCrudRoutes.length > 0;
-    if (hasCrudRoutes) {
-      if (!this.controller) {
-        errors.push("Controller is required when CRUD routes are enabled");
-      } else {
-        const ctrl = this.controller;
-        for (const method of enabledCrudRoutes) {
-          if (typeof ctrl[method] !== "function") {
-            errors.push(`CRUD method '${method}' not found on controller`);
-          }
-        }
-      }
-    }
-    for (const route of this.additionalRoutes) {
-      if (typeof route.handler === "string") {
-        if (!this.controller) {
-          errors.push(
-            `Route ${route.method} ${route.path}: string handler '${route.handler}' requires a controller`
-          );
-        } else {
-          const ctrl = this.controller;
-          if (typeof ctrl[route.handler] !== "function") {
-            errors.push(
-              `Route ${route.method} ${route.path}: handler '${route.handler}' not found`
-            );
-          }
-        }
-      }
-    }
-    if (errors.length > 0) {
-      const errorMsg = [
-        `Resource '${this.name}' validation failed:`,
-        ...errors.map((e) => `  - ${e}`),
-        "",
-        "Ensure controller implements IController<TDoc> interface.",
-        "For preset routes (softDelete, tree), add corresponding methods to controller."
-      ].join("\n");
-      throw new Error(errorMsg);
-    }
-  }
-  toPlugin() {
-    const self = this;
-    return async function resourcePlugin(fastify, _opts) {
-      await fastify.register(async (instance) => {
-        const typedInstance = instance;
-        let schemas = null;
-        if (self.adapter) {
-          const metadata = self.adapter.getSchemaMetadata?.();
-          if (metadata && typedInstance.generateSchemas) {
-            const model = self.adapter.model;
-            if (model && typeof typedInstance.generateSchemas === "function") {
-              schemas = typedInstance.generateSchemas(model, self.schemaOptions);
-            }
-          }
-        }
-        if (self.customSchemas && Object.keys(self.customSchemas).length > 0) {
-          schemas = schemas ?? {};
-          for (const [op, customSchema] of Object.entries(self.customSchemas)) {
-            const key = op;
-            schemas[key] = schemas[key] ? deepMergeSchemas(schemas[key], customSchema) : customSchema;
-          }
-        }
-        const resolvedRoutes = self.additionalRoutes;
-        createCrudRouter(typedInstance, self.controller, {
-          tag: self.tag,
-          schemas: schemas ?? void 0,
-          permissions: self.permissions,
-          middlewares: self.middlewares,
-          additionalRoutes: resolvedRoutes,
-          disableDefaultRoutes: self.disableDefaultRoutes,
-          disabledRoutes: self.disabledRoutes,
-          organizationScoped: self.organizationScoped,
-          resourceName: self.name,
-          schemaOptions: self.schemaOptions
-        });
-        if (self.events && Object.keys(self.events).length > 0) {
-          typedInstance.log?.info?.(
-            `Resource '${self.name}' defined ${Object.keys(self.events).length} events`
-          );
-        }
-      }, { prefix: self.prefix });
-    };
-  }
-  /**
-   * Get event definitions for registry
-   */
-  getEvents() {
-    return Object.entries(this.events).map(([action, meta]) => ({
-      name: `${this.name}:${action}`,
-      module: this.name,
-      schema: meta.schema,
-      description: meta.description
-    }));
-  }
-  /**
-   * Get resource metadata
-   */
-  getMetadata() {
-    return {
-      name: this.name,
-      displayName: this.displayName,
-      tag: this.tag,
-      prefix: this.prefix,
-      presets: this._appliedPresets,
-      permissions: this.permissions,
-      additionalRoutes: this.additionalRoutes,
-      routes: [],
-      // Populated at runtime during registration
-      events: Object.keys(this.events)
-    };
-  }
-};
-function deepMergeSchemas(base, override) {
-  if (!override) return base;
-  if (!base) return override;
-  const result = { ...base };
-  for (const [key, value] of Object.entries(override)) {
-    if (value && typeof value === "object" && !Array.isArray(value)) {
-      result[key] = deepMergeSchemas(result[key], value);
-    } else {
-      result[key] = value;
-    }
-  }
-  return result;
-}
-function capitalize(str) {
-  if (!str) return "";
-  return str.charAt(0).toUpperCase() + str.slice(1);
-}
-
-// src/utils/index.ts
-init_errors();
-
-// src/index.ts
-init_plugins();
-
-// src/events/EventTransport.ts
-var MemoryEventTransport = class {
-  name = "memory";
-  handlers = /* @__PURE__ */ new Map();
-  async publish(event) {
-    const exactHandlers = this.handlers.get(event.type) ?? /* @__PURE__ */ new Set();
-    const wildcardHandlers = this.handlers.get("*") ?? /* @__PURE__ */ new Set();
-    const patternHandlers = /* @__PURE__ */ new Set();
-    for (const [pattern, handlers] of this.handlers.entries()) {
-      if (pattern.endsWith(".*")) {
-        const prefix = pattern.slice(0, -2);
-        if (event.type.startsWith(prefix + ".")) {
-          handlers.forEach((h) => patternHandlers.add(h));
-        }
-      }
-    }
-    const allHandlers = /* @__PURE__ */ new Set([...exactHandlers, ...wildcardHandlers, ...patternHandlers]);
-    for (const handler of allHandlers) {
-      try {
-        await handler(event);
-      } catch (err) {
-        console.error(`[EventTransport] Handler error for ${event.type}:`, err);
-      }
-    }
-  }
-  async subscribe(pattern, handler) {
-    if (!this.handlers.has(pattern)) {
-      this.handlers.set(pattern, /* @__PURE__ */ new Set());
-    }
-    this.handlers.get(pattern).add(handler);
-    return () => {
-      this.handlers.get(pattern)?.delete(handler);
-    };
-  }
-  async close() {
-    this.handlers.clear();
-  }
-};
-function createEvent(type, payload, meta) {
-  return {
-    type,
-    payload,
-    meta: {
-      id: crypto.randomUUID(),
-      timestamp: /* @__PURE__ */ new Date(),
-      ...meta
-    }
-  };
-}
-var eventPlugin = async (fastify, opts = {}) => {
-  const {
-    transport = new MemoryEventTransport(),
-    logEvents = false
-  } = opts;
-  fastify.decorate("events", {
-    publish: async (type, payload, meta) => {
-      const event = createEvent(type, payload, meta);
-      if (logEvents) {
-        fastify.log?.info?.({ eventType: type, eventId: event.meta.id }, "Publishing event");
-      }
-      await transport.publish(event);
-    },
-    subscribe: async (pattern, handler) => {
-      if (logEvents) {
-        fastify.log?.info?.({ pattern }, "Subscribing to events");
-      }
-      return transport.subscribe(pattern, handler);
-    },
-    transportName: transport.name
-  });
-  fastify.addHook("onClose", async () => {
-    await transport.close?.();
-  });
-  if (transport.name === "memory") {
-    fastify.log?.warn?.(
-      "[Arc Events] Using in-memory transport. Events will not persist or scale across instances. For production, configure a durable transport (Redis, RabbitMQ, etc.)"
-    );
-  } else {
-    fastify.log?.info?.(`[Arc Events] Using ${transport.name} transport`);
-  }
-};
-fp(eventPlugin, {
-  name: "arc-events",
-  fastify: "5.x"
-});
-
-// src/factory/presets.ts
-var productionPreset = {
-  // Raw JSON logs for production (log aggregators like Datadog, CloudWatch, etc.)
-  logger: {
-    level: "info"
-  },
-  trustProxy: true,
-  // Security
-  helmet: {
-    contentSecurityPolicy: {
-      directives: {
-        defaultSrc: ["'self'"],
-        styleSrc: ["'self'", "'unsafe-inline'"],
-        scriptSrc: ["'self'"],
-        imgSrc: ["'self'", "data:", "https:"]
-      }
-    }
-  },
-  // CORS - must be explicitly configured
-  cors: {
-    origin: false,
-    // Disabled by default in production
-    credentials: true,
-    methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
-    allowedHeaders: ["Content-Type", "Authorization", "Accept"]
-  },
-  // Rate limiting - strict
-  rateLimit: {
-    max: 100,
-    timeWindow: "1 minute"
-  },
-  // Note: Compression not included (use proxy/CDN instead)
-  // Under pressure - health monitoring
-  underPressure: {
-    exposeStatusRoute: true,
-    maxEventLoopDelay: 1e3,
-    maxHeapUsedBytes: 1024 * 1024 * 1024,
-    // 1GB
-    maxRssBytes: 1024 * 1024 * 1024
-    // 1GB
-  }
-};
-var developmentPreset = {
-  logger: {
-    level: "debug",
-    transport: {
-      target: "pino-pretty",
-      options: {
-        colorize: true,
-        translateTime: "SYS:HH:MM:ss",
-        ignore: "pid,hostname"
-      }
-    }
-  },
-  trustProxy: true,
-  // Security - relaxed for development
-  helmet: {
-    contentSecurityPolicy: false
-    // Disable CSP in dev
-  },
-  // CORS - allow all origins in development
-  cors: {
-    origin: true,
-    // Allow all origins
-    credentials: true,
-    methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
-    allowedHeaders: ["Content-Type", "Authorization", "Accept"]
-  },
-  // Rate limiting - very relaxed
-  rateLimit: {
-    max: 1e3,
-    timeWindow: "1 minute"
-  },
-  // Note: Compression not included (use proxy/CDN instead)
-  // Under pressure - relaxed
-  underPressure: {
-    exposeStatusRoute: true,
-    maxEventLoopDelay: 5e3
-  }
-};
-var testingPreset = {
-  logger: false,
-  // Disable logging in tests
-  trustProxy: false,
-  // Security - disabled for tests
-  helmet: false,
-  cors: false,
-  rateLimit: false,
-  underPressure: false,
-  // Sensible plugins still enabled
-  sensible: true,
-  multipart: {
-    limits: {
-      fileSize: 1024 * 1024,
-      // 1MB
-      files: 5
-    }
-  }
-};
-function getPreset(name) {
-  switch (name) {
-    case "production":
-      return productionPreset;
-    case "development":
-      return developmentPreset;
-    case "testing":
-      return testingPreset;
-    default:
-      throw new Error(`Unknown preset: ${name}`);
-  }
-}
-
-// src/factory/createApp.ts
-var PLUGIN_PACKAGES = {
-  cors: "@fastify/cors",
-  helmet: "@fastify/helmet",
-  rateLimit: "@fastify/rate-limit",
-  underPressure: "@fastify/under-pressure",
-  sensible: "@fastify/sensible",
-  multipart: "@fastify/multipart",
-  rawBody: "fastify-raw-body"
-};
-var OPTIONAL_PLUGINS = /* @__PURE__ */ new Set(["multipart", "rawBody"]);
-async function loadPlugin(name, logger) {
-  const packageName = PLUGIN_PACKAGES[name];
-  if (!packageName) {
-    throw new Error(`Unknown plugin: ${name}`);
-  }
-  try {
-    switch (name) {
-      case "cors":
-        return (await import('@fastify/cors')).default;
-      case "helmet":
-        return (await import('@fastify/helmet')).default;
-      case "rateLimit":
-        return (await import('@fastify/rate-limit')).default;
-      case "underPressure":
-        return (await import('@fastify/under-pressure')).default;
-      case "sensible":
-        return (await import('@fastify/sensible')).default;
-      case "multipart":
-        return (await import('@fastify/multipart')).default;
-      case "rawBody":
-        return (await import('fastify-raw-body')).default;
-      default:
-        throw new Error(`Unknown plugin: ${name}`);
-    }
-  } catch (error) {
-    const err = error;
-    const isModuleNotFound = err.message.includes("Cannot find module") || err.message.includes("Cannot find package") || err.message.includes("MODULE_NOT_FOUND") || err.message.includes("Could not resolve");
-    if (isModuleNotFound && OPTIONAL_PLUGINS.has(name)) {
-      logger?.warn(`ℹ️  Optional plugin '${name}' skipped (${packageName} not installed)`);
-      return null;
-    }
-    if (isModuleNotFound) {
-      throw new Error(
-        `Plugin '${name}' requires package '${packageName}' which is not installed.
-Install it with: npm install ${packageName}
-Or disable this plugin by setting ${name}: false in createApp options.`
-      );
-    }
-    throw new Error(`Failed to load plugin '${name}': ${err.message}`);
-  }
-}
-async function createApp(options) {
-  const authConfig = options.auth;
-  const isAuthDisabled = authConfig === false;
-  const hasCustomPlugin = typeof authConfig === "object" && "plugin" in authConfig && authConfig.plugin;
-  const hasCustomAuthenticator = typeof authConfig === "object" && "authenticate" in authConfig;
-  const jwtSecret = typeof authConfig === "object" && "jwt" in authConfig ? authConfig.jwt?.secret : void 0;
-  if (!isAuthDisabled && !hasCustomPlugin && !jwtSecret && !hasCustomAuthenticator) {
-    throw new Error(
-      "createApp: JWT secret required when Arc auth is enabled.\nProvide auth.jwt.secret, auth.authenticate, or set auth: false to disable.\nExample: auth: { jwt: { secret: process.env.JWT_SECRET } }"
-    );
-  }
-  const presetConfig = options.preset ? getPreset(options.preset) : {};
-  const config = { ...presetConfig, ...options };
-  const fastify = Fastify({
-    logger: config.logger ?? true,
-    trustProxy: config.trustProxy ?? false,
-    // Use qs parser to support nested bracket notation in query strings
-    // e.g., ?populate[author][select]=name,email → { populate: { author: { select: 'name,email' } } }
-    // This is required for MongoKit's advanced populate options to work
-    querystringParser: (str) => qs.parse(str),
-    ajv: {
-      customOptions: {
-        coerceTypes: true,
-        useDefaults: true,
-        removeAdditional: false
-      }
-    }
-  });
-  if (config.helmet !== false) {
-    const helmet = await loadPlugin("helmet");
-    await fastify.register(helmet, config.helmet ?? {});
-    fastify.log.info("✅ Helmet (security headers) enabled");
-  } else {
-    fastify.log.warn("⚠️  Helmet disabled - security headers not applied");
-  }
-  if (config.cors !== false) {
-    const cors = await loadPlugin("cors");
-    const corsOptions = config.cors ?? {};
-    if (config.preset === "production" && (!corsOptions || !("origin" in corsOptions))) {
-      throw new Error(
-        "CORS origin must be explicitly configured in production.\nSet cors.origin to allowed domains or set cors: false to disable.\nExample: cors: { origin: ['https://yourdomain.com'] }\nDocs: https://github.com/classytic/arc#security"
-      );
-    }
-    await fastify.register(cors, corsOptions);
-    fastify.log.info("✅ CORS enabled");
-  } else {
-    fastify.log.warn("⚠️  CORS disabled");
-  }
-  if (config.rateLimit !== false) {
-    const rateLimit = await loadPlugin("rateLimit");
-    await fastify.register(rateLimit, config.rateLimit ?? { max: 100, timeWindow: "1 minute" });
-    fastify.log.info("✅ Rate limiting enabled");
-  } else {
-    fastify.log.warn("⚠️  Rate limiting disabled");
-  }
-  if (config.underPressure !== false) {
-    const underPressure = await loadPlugin("underPressure");
-    await fastify.register(underPressure, config.underPressure ?? { exposeStatusRoute: true });
-    fastify.log.info("✅ Health monitoring (under-pressure) enabled");
-  } else {
-    fastify.log.info("ℹ️  Health monitoring disabled");
-  }
-  if (config.sensible !== false) {
-    const sensible = await loadPlugin("sensible");
-    await fastify.register(sensible);
-    fastify.log.info("✅ Sensible (HTTP helpers) enabled");
-  }
-  if (config.multipart !== false) {
-    const multipart = await loadPlugin("multipart", fastify.log);
-    if (multipart) {
-      const multipartDefaults = {
-        limits: {
-          fileSize: 10 * 1024 * 1024,
-          // 10MB
-          files: 10
-        }
-      };
-      await fastify.register(multipart, { ...multipartDefaults, ...config.multipart });
-      fastify.log.info("✅ Multipart (file uploads) enabled");
-    }
-  }
-  if (config.rawBody !== false) {
-    const rawBody = await loadPlugin("rawBody", fastify.log);
-    if (rawBody) {
-      const rawBodyDefaults = {
-        field: "rawBody",
-        global: false,
-        encoding: "utf8",
-        runFirst: true
-      };
-      await fastify.register(rawBody, { ...rawBodyDefaults, ...config.rawBody });
-      fastify.log.info("✅ Raw body parsing enabled");
-    }
-  }
-  const { arcCorePlugin: arcCorePlugin2 } = await Promise.resolve().then(() => (init_plugins(), plugins_exports));
-  await fastify.register(arcCorePlugin2, {
-    emitEvents: config.arcPlugins?.emitEvents !== false
-  });
-  if (config.arcPlugins?.requestId !== false) {
-    const { requestIdPlugin: requestIdPlugin2 } = await Promise.resolve().then(() => (init_plugins(), plugins_exports));
-    await fastify.register(requestIdPlugin2);
-    fastify.log.info("✅ Arc requestId plugin enabled");
-  }
-  if (config.arcPlugins?.health !== false) {
-    const { healthPlugin: healthPlugin2 } = await Promise.resolve().then(() => (init_plugins(), plugins_exports));
-    await fastify.register(healthPlugin2);
-    fastify.log.info("✅ Arc health plugin enabled");
-  }
-  if (config.arcPlugins?.gracefulShutdown !== false) {
-    const { gracefulShutdownPlugin: gracefulShutdownPlugin2 } = await Promise.resolve().then(() => (init_plugins(), plugins_exports));
-    await fastify.register(gracefulShutdownPlugin2);
-    fastify.log.info("✅ Arc gracefulShutdown plugin enabled");
-  }
-  if (!isAuthDisabled) {
-    if (hasCustomPlugin) {
-      const pluginFn = authConfig.plugin;
-      await pluginFn(fastify);
-      fastify.log.info("✅ Custom authentication plugin enabled");
-    } else {
-      const { authPlugin: authPlugin2 } = await Promise.resolve().then(() => (init_auth(), auth_exports));
-      const { plugin: _, ...authOpts } = typeof authConfig === "object" ? authConfig : {};
-      await fastify.register(authPlugin2, authOpts);
-      fastify.log.info("✅ Arc authentication plugin enabled");
-    }
-  } else {
-    fastify.log.info("ℹ️  Authentication disabled");
-  }
-  if (config.plugins) {
-    await config.plugins(fastify);
-    fastify.log.info("✅ Custom plugins registered");
-  }
-  fastify.log.info(
-    `🚀 Arc application created successfully (preset: ${config.preset ?? "custom"}, security: helmet=${config.helmet !== false}, cors=${config.cors !== false}, rateLimit=${config.rateLimit !== false})`
-  );
-  return fastify;
-}
-var ArcFactory = {
-  /**
-   * Create production app with strict security
-   */
-  async production(options) {
-    return createApp({ ...options, preset: "production" });
-  },
-  /**
-   * Create development app with relaxed security
-   */
-  async development(options) {
-    return createApp({ ...options, preset: "development" });
-  },
-  /**
-   * Create testing app with minimal setup
-   */
-  async testing(options) {
-    return createApp({ ...options, preset: "testing" });
-  }
-};
-
-// src/index.ts
-var version = "1.0.0";
-
-export { ArcError, ArcFactory, BaseController, ForbiddenError, MongooseAdapter, NotFoundError, PrismaAdapter, ResourceDefinition, UnauthorizedError, ValidationError, allOf, allowPublic, anyOf, assertValidConfig, createApp, createMongooseAdapter, createPrismaAdapter, defineResource, denyAll, eventPlugin, formatValidationErrors, gracefulShutdown_default as gracefulShutdownPlugin, health_default as healthPlugin, hookSystem, requestId_default as requestIdPlugin, requireAuth, requireOwnership, requireRoles, resourceRegistry, validateResourceConfig, version, when };