@classytic/arc 1.1.0 → 2.1.3

package/dist/auth/redis-session.d.mts

@@ -0,0 +1,43 @@
+import { i as SessionData, s as SessionStore } from "../sessionManager-D_iEHjQl.mjs";
+
+//#region src/auth/redis-session.d.ts
+/** Minimal Redis client interface — compatible with ioredis */
+interface RedisLike {
+  get(key: string): Promise<string | null>;
+  set(key: string, value: string, ...args: unknown[]): Promise<unknown>;
+  del(...keys: string[]): Promise<number>;
+  smembers(key: string): Promise<string[]>;
+  sadd(key: string, ...members: string[]): Promise<number>;
+  srem(key: string, ...members: string[]): Promise<number>;
+  expire(key: string, seconds: number): Promise<number>;
+}
+interface RedisSessionStoreOptions {
+  /** Redis client instance (ioredis or compatible) */
+  redis: RedisLike;
+  /** Key prefix for session keys (default: 'arc:session:') */
+  prefix?: string;
+  /** Key prefix for user-to-sessions index (default: 'arc:user-sessions:') */
+  userPrefix?: string;
+}
+/**
+ * Redis-backed session store for distributed deployments.
+ *
+ * Uses two key patterns:
+ * - `{prefix}{sessionId}` — stores serialized SessionData with TTL
+ * - `{userPrefix}{userId}` — Redis Set of sessionIds for bulk operations
+ *
+ * Session expiration is handled by Redis TTL — no cleanup interval needed.
+ */
+declare class RedisSessionStore implements SessionStore {
+  private redis;
+  private prefix;
+  private userPrefix;
+  constructor(options: RedisSessionStoreOptions);
+  get(sessionId: string): Promise<SessionData | null>;
+  set(sessionId: string, data: SessionData): Promise<void>;
+  delete(sessionId: string): Promise<void>;
+  deleteAll(userId: string): Promise<void>;
+  deleteAllExcept(userId: string, currentSessionId: string): Promise<void>;
+}
+//#endregion
+export { RedisLike, RedisSessionStore, RedisSessionStoreOptions };

package/dist/auth/redis-session.mjs

@@ -0,0 +1,75 @@
+//#region src/auth/redis-session.ts
+/**
+* Redis-backed session store for distributed deployments.
+*
+* Uses two key patterns:
+* - `{prefix}{sessionId}` — stores serialized SessionData with TTL
+* - `{userPrefix}{userId}` — Redis Set of sessionIds for bulk operations
+*
+* Session expiration is handled by Redis TTL — no cleanup interval needed.
+*/
+var RedisSessionStore = class {
+	redis;
+	prefix;
+	userPrefix;
+	constructor(options) {
+		this.redis = options.redis;
+		this.prefix = options.prefix ?? "arc:session:";
+		this.userPrefix = options.userPrefix ?? "arc:user-sessions:";
+	}
+	async get(sessionId) {
+		const raw = await this.redis.get(this.prefix + sessionId);
+		if (!raw) return null;
+		let session;
+		try {
+			session = JSON.parse(raw);
+		} catch {
+			await this.delete(sessionId);
+			return null;
+		}
+		if (Date.now() > session.expiresAt) {
+			await this.delete(sessionId);
+			return null;
+		}
+		return session;
+	}
+	async set(sessionId, data) {
+		const ttlMs = data.expiresAt - Date.now();
+		if (ttlMs <= 0) return;
+		const ttlSeconds = Math.ceil(ttlMs / 1e3);
+		const serialized = JSON.stringify(data);
+		await this.redis.set(this.prefix + sessionId, serialized, "EX", ttlSeconds);
+		const userKey = this.userPrefix + data.userId;
+		await this.redis.sadd(userKey, sessionId);
+		await this.redis.expire(userKey, ttlSeconds + 3600);
+	}
+	async delete(sessionId) {
+		const raw = await this.redis.get(this.prefix + sessionId);
+		if (raw) try {
+			const session = JSON.parse(raw);
+			await this.redis.srem(this.userPrefix + session.userId, sessionId);
+		} catch {}
+		await this.redis.del(this.prefix + sessionId);
+	}
+	async deleteAll(userId) {
+		const userKey = this.userPrefix + userId;
+		const sessionIds = await this.redis.smembers(userKey);
+		if (sessionIds.length > 0) {
+			const keys = sessionIds.map((id) => this.prefix + id);
+			await this.redis.del(...keys);
+		}
+		await this.redis.del(userKey);
+	}
+	async deleteAllExcept(userId, currentSessionId) {
+		const userKey = this.userPrefix + userId;
+		const toDelete = (await this.redis.smembers(userKey)).filter((id) => id !== currentSessionId);
+		if (toDelete.length > 0) {
+			const keys = toDelete.map((id) => this.prefix + id);
+			await this.redis.del(...keys);
+			await this.redis.srem(userKey, ...toDelete);
+		}
+	}
+};
+
+//#endregion
+export { RedisSessionStore };

package/dist/betterAuthOpenApi-DjWDddNc.mjs

@@ -0,0 +1,249 @@
+import { t as __exportAll } from "./chunk-C7Uep-_p.mjs";
+import { a as toJsonSchema } from "./schemaConverter-Dtg0Kt9T.mjs";
+
+//#region src/auth/betterAuthOpenApi.ts
+var betterAuthOpenApi_exports = /* @__PURE__ */ __exportAll({ extractBetterAuthOpenApi: () => extractBetterAuthOpenApi });
+/**
+* Check if a value looks like a Better Auth endpoint (has .path and .options)
+*/
+function isBetterAuthEndpoint(value) {
+	if (typeof value !== "function" && typeof value !== "object") return false;
+	if (!value) return false;
+	const v = value;
+	return typeof v.path === "string" && typeof v.options === "object" && v.options !== null;
+}
+/**
+* Convert Fastify-style path params (/:id) to OpenAPI-style (/{id})
+*/
+function toOpenApiPath(path) {
+	return path.replace(/:([^/]+)/g, "{$1}");
+}
+/**
+* Extract path parameters from a path string
+*/
+function extractPathParams(path) {
+	const params = [];
+	const matches = path.matchAll(/:(\w+)/g);
+	for (const match of matches) params.push({
+		name: match[1],
+		in: "path",
+		required: true,
+		schema: { type: "string" }
+	});
+	return params;
+}
+/**
+* Extract OpenAPI paths from a Better Auth instance's API object.
+*
+* Walks `authApi` (the `auth.api` object from Better Auth), discovers
+* endpoints, converts their Zod schemas to JSON Schema via `z.toJSONSchema()`,
+* and returns a complete `ExternalOpenApiPaths` object ready for Arc's spec builder.
+*/
+function extractBetterAuthOpenApi(authApi, options = {}) {
+	const { basePath = "/api/auth", tagName = "Authentication", tagDescription = "Better Auth authentication endpoints", excludePaths = [], excludeServerOnly = true, userFields } = options;
+	const normalizedBase = basePath.replace(/\/+$/, "");
+	const paths = {};
+	const detectedPlugins = detectActivePlugins(authApi);
+	const securityOptions = [{ cookieAuth: [] }, { bearerAuth: [] }];
+	if (detectedPlugins.apiKey) securityOptions.push({ apiKeyAuth: [] });
+	for (const [key, value] of Object.entries(authApi)) {
+		if (!isBetterAuthEndpoint(value)) continue;
+		const { path: endpointPath, options: endpointOpts } = value;
+		if (excludePaths.includes(endpointPath)) continue;
+		if (excludeServerOnly && endpointOpts.metadata?.SERVER_ONLY) continue;
+		const fullPath = toOpenApiPath(`${normalizedBase}${endpointPath}`);
+		const methods = [];
+		if (endpointOpts.method) if (Array.isArray(endpointOpts.method)) methods.push(...endpointOpts.method.map((m) => m.toLowerCase()));
+		else methods.push(endpointOpts.method.toLowerCase());
+		else methods.push(endpointOpts.body ? "post" : "get");
+		const openApiMeta = endpointOpts.metadata?.openapi;
+		for (const method of methods) {
+			const operation = {
+				tags: openApiMeta?.tags ?? [tagName],
+				operationId: openApiMeta?.operationId ?? key,
+				summary: openApiMeta?.summary ?? formatOperationSummary(key),
+				security: securityOptions
+			};
+			if (openApiMeta?.description) operation.description = openApiMeta.description;
+			const parameters = [...extractPathParams(endpointPath)];
+			if ((method === "get" || method === "delete") && endpointOpts.query) {
+				const querySchema = toJsonSchema(endpointOpts.query);
+				if (querySchema && querySchema.type === "object" && querySchema.properties) {
+					const props = querySchema.properties;
+					const required = querySchema.required ?? [];
+					for (const [name, prop] of Object.entries(props)) {
+						const paramEntry = {
+							name,
+							in: "query",
+							required: required.includes(name),
+							schema: prop
+						};
+						if (prop.description) paramEntry.description = prop.description;
+						parameters.push(paramEntry);
+					}
+				}
+			}
+			if (parameters.length > 0) operation.parameters = parameters;
+			if (method === "post" || method === "put" || method === "patch") {
+				if (openApiMeta?.requestBody) operation.requestBody = structuredClone(openApiMeta.requestBody);
+				else if (endpointOpts.body) {
+					const bodySchema = toJsonSchema(endpointOpts.body);
+					if (bodySchema) operation.requestBody = {
+						required: true,
+						content: { "application/json": { schema: bodySchema } }
+					};
+				}
+				if (userFields && isUserFieldEndpoint(endpointPath) && operation.requestBody) mergeUserFieldsIntoRequestBody(operation.requestBody, userFields, endpointPath);
+			}
+			if (openApiMeta?.responses) operation.responses = openApiMeta.responses;
+			else operation.responses = {
+				"200": { description: "Success" },
+				"400": { description: "Bad request" },
+				"401": { description: "Unauthorized" }
+			};
+			if (!paths[fullPath]) paths[fullPath] = {};
+			paths[fullPath][method] = operation;
+		}
+	}
+	const schemas = {
+		User: {
+			type: "object",
+			properties: {
+				id: { type: "string" },
+				name: { type: "string" },
+				email: {
+					type: "string",
+					format: "email"
+				},
+				emailVerified: { type: "boolean" },
+				image: {
+					type: "string",
+					nullable: true
+				},
+				createdAt: {
+					type: "string",
+					format: "date-time"
+				},
+				updatedAt: {
+					type: "string",
+					format: "date-time"
+				}
+			}
+		},
+		Session: {
+			type: "object",
+			properties: {
+				id: { type: "string" },
+				userId: { type: "string" },
+				token: { type: "string" },
+				expiresAt: {
+					type: "string",
+					format: "date-time"
+				},
+				ipAddress: {
+					type: "string",
+					nullable: true
+				},
+				userAgent: {
+					type: "string",
+					nullable: true
+				},
+				createdAt: {
+					type: "string",
+					format: "date-time"
+				},
+				updatedAt: {
+					type: "string",
+					format: "date-time"
+				}
+			}
+		}
+	};
+	if (userFields) {
+		const userProps = schemas.User.properties;
+		for (const [name, field] of Object.entries(userFields)) {
+			const prop = { type: field.type };
+			if (field.description) prop.description = field.description;
+			userProps[name] = prop;
+		}
+	}
+	const securitySchemes = { cookieAuth: {
+		type: "apiKey",
+		in: "cookie",
+		name: "better-auth.session_token",
+		description: "Session cookie set by Better Auth after sign-in"
+	} };
+	if (detectedPlugins.apiKey) securitySchemes.apiKeyAuth = {
+		type: "apiKey",
+		in: "header",
+		name: "x-api-key",
+		description: "API key for programmatic access. Pass org context via x-organization-id header."
+	};
+	const resourceSecurity = [];
+	if (detectedPlugins.apiKey) resourceSecurity.push({
+		apiKeyAuth: [],
+		orgHeader: []
+	});
+	return {
+		paths,
+		schemas,
+		securitySchemes,
+		tags: [{
+			name: tagName,
+			description: tagDescription
+		}],
+		resourceSecurity: resourceSecurity.length > 0 ? resourceSecurity : void 0
+	};
+}
+/**
+* Auto-detect active Better Auth plugins by inspecting the API object.
+*
+* Rather than hardcoding plugin-specific behavior, we check for known
+* endpoint signatures that each plugin registers. This way the OpenAPI
+* spec adapts automatically to whatever plugins the app has enabled —
+* no Arc update needed when adding/removing plugins.
+*/
+function detectActivePlugins(authApi) {
+	const endpointPaths = /* @__PURE__ */ new Set();
+	for (const value of Object.values(authApi)) if (isBetterAuthEndpoint(value)) endpointPaths.add(value.path);
+	return {
+		apiKey: endpointPaths.has("/api-key/create"),
+		organization: endpointPaths.has("/organization/create")
+	};
+}
+/**
+* Convert a camelCase key like 'signInEmail' to a readable summary like 'Sign in email'
+*/
+function formatOperationSummary(key) {
+	return key.replace(/([A-Z])/g, " $1").replace(/^./, (s) => s.toUpperCase()).trim();
+}
+/**
+* Check if an endpoint path should have userFields merged into its request body.
+*/
+function isUserFieldEndpoint(path) {
+	return path === "/sign-up/email" || path === "/update-user";
+}
+/**
+* Merge user-defined fields into an existing requestBody schema.
+* For updateUser, all fields are treated as optional regardless of their `required` setting.
+*/
+function mergeUserFieldsIntoRequestBody(requestBody, userFields, endpointPath) {
+	const content = requestBody?.content?.["application/json"];
+	if (!content?.schema) return;
+	const schema = content.schema;
+	if (!schema.properties) schema.properties = {};
+	if (!schema.required) schema.required = [];
+	const props = schema.properties;
+	const required = schema.required;
+	for (const [name, field] of Object.entries(userFields)) {
+		if (field.input === false) continue;
+		const isRequired = endpointPath === "/update-user" ? false : field.required ?? false;
+		const prop = { type: field.type };
+		if (field.description) prop.description = field.description;
+		props[name] = prop;
+		if (isRequired && !required.includes(name)) required.push(name);
+	}
+}
+
+//#endregion
+export { extractBetterAuthOpenApi as n, betterAuthOpenApi_exports as t };

package/dist/cache/index.d.mts

@@ -0,0 +1,145 @@
+import { i as CacheStore, n as CacheSetOptions, r as CacheStats, t as CacheLogger } from "../interface-DTbsvIWe.mjs";
+import { a as CacheEnvelope, c as QueryCache, i as queryCachePlugin, l as QueryCacheConfig, n as QueryCacheDefaults, o as CacheResult, r as QueryCachePluginOptions, s as CacheStatus, t as CrossResourceRule } from "../queryCachePlugin-Q6SYuHZ6.mjs";
+
+//#region src/cache/memory.d.ts
+interface MemoryCacheStoreOptions {
+  /** Default TTL in milliseconds (default: 60_000) */
+  defaultTtlMs?: number;
+  /** Hard upper bound for entries (default: 1000) */
+  maxEntries?: number;
+  /** Background cleanup interval in milliseconds (default: 30_000) */
+  cleanupIntervalMs?: number;
+  /**
+   * Maximum serialized entry size in bytes (default: 256 KiB).
+   * Oversized entries are skipped to prevent memory pressure.
+   */
+  maxEntryBytes?: number;
+  /**
+   * Total memory budget in bytes (default: 50 MiB).
+   * When exceeded, LRU entries are evicted until usage drops below watermark.
+   * Set to 0 to disable (rely on maxEntries only).
+   */
+  maxMemoryBytes?: number;
+  /**
+   * Eviction watermark as fraction of maxMemoryBytes (default: 0.9).
+   * When memory exceeds budget, evict until usage drops to budget * watermark.
+   */
+  evictionWatermark?: number;
+  /** Logger for warnings/errors (default: console) */
+  logger?: CacheLogger;
+}
+/**
+ * In-memory LRU+TTL cache store with hard entry cap and memory budget.
+ * - LRU eviction when `maxEntries` or `maxMemoryBytes` is reached
+ * - TTL expiration on read + periodic cleanup
+ * - Entry size guard to avoid runaway memory usage
+ * - Stats tracking for observability
+ */
+declare class MemoryCacheStore<TValue = unknown> implements CacheStore<TValue> {
+  readonly name = "memory-cache";
+  private readonly cache;
+  private readonly defaultTtlMs;
+  private readonly maxEntries;
+  private readonly maxEntryBytes;
+  private readonly maxMemoryBytes;
+  private readonly evictionWatermark;
+  private readonly logger;
+  private readonly cleanupTimer;
+  private currentBytes;
+  private _hits;
+  private _misses;
+  private _evictions;
+  constructor(options?: MemoryCacheStoreOptions);
+  get(key: string): Promise<TValue | undefined>;
+  set(key: string, value: TValue, options?: CacheSetOptions): Promise<void>;
+  delete(key: string): Promise<void>;
+  clear(): Promise<void>;
+  close(): Promise<void>;
+  stats(): CacheStats;
+  private removeEntry;
+  private evictToLimit;
+  private evictToMemoryLimit;
+  private cleanupExpired;
+  private estimateSize;
+}
+//#endregion
+//#region src/cache/redis.d.ts
+interface RedisCacheClient {
+  get(key: string): Promise<string | null>;
+  set(key: string, value: string, options?: {
+    EX?: number;
+    PX?: number;
+    NX?: boolean;
+    XX?: boolean;
+  }): Promise<string | null | unknown>;
+  del(key: string | string[]): Promise<number>;
+  /**
+   * Optional: enables prefix-based `clear()` and `deleteByPrefix()` via SCAN.
+   * Compatible with both ioredis and node-redis.
+   * If not provided, `clear()` is a safe no-op.
+   */
+  scan?(cursor: string | number, ...args: (string | number)[]): Promise<[string | number, string[]]>;
+  /** Optional: pipeline for batched commands (ioredis compatible) */
+  pipeline?(): RedisPipeline;
+}
+interface RedisPipeline {
+  del(key: string): unknown;
+  exec(): Promise<unknown>;
+}
+interface RedisCacheStoreOptions {
+  /** Redis client instance */
+  client: RedisCacheClient;
+  /** Key prefix for namespacing (default: 'arc:cache:') */
+  prefix?: string;
+  /** Default TTL in milliseconds (default: 60_000) */
+  defaultTtlMs?: number;
+  /** Maximum serialized entry size in bytes. Oversized entries are skipped. */
+  maxEntryBytes?: number;
+}
+/**
+ * Redis-backed cache store.
+ * Suitable for multi-instance and horizontally scaled deployments.
+ * Uses pipeline batching when available for bulk operations.
+ */
+declare class RedisCacheStore<TValue = unknown> implements CacheStore<TValue> {
+  readonly name = "redis-cache";
+  private readonly client;
+  private readonly prefix;
+  private readonly defaultTtlMs;
+  private readonly maxEntryBytes;
+  private _hits;
+  private _misses;
+  constructor(options: RedisCacheStoreOptions);
+  get(key: string): Promise<TValue | undefined>;
+  set(key: string, value: TValue, options?: CacheSetOptions): Promise<void>;
+  delete(key: string): Promise<void>;
+  clear(): Promise<void>;
+  /** Delete all keys matching `this.prefix + prefix + *`. Returns count deleted. */
+  deleteByPrefix(prefix: string): Promise<number>;
+  stats(): CacheStats;
+  private scanAndDelete;
+  private withPrefix;
+}
+//#endregion
+//#region src/cache/keys.d.ts
+/**
+ * Cache Key Utilities
+ *
+ * Deterministic, scope-safe key generation for QueryCache.
+ * Keys include resource version, operation, params hash, and user/org scope
+ * to ensure multi-tenant isolation and O(1) version-based invalidation.
+ */
+/** Build a deterministic cache key for a query */
+declare function buildQueryKey(resource: string, operation: string, resourceVersion: number, params: Record<string, unknown>, userId?: string, orgId?: string): string;
+/** Resource version key — stored in CacheStore, bumped on mutations */
+declare function versionKey(resource: string): string;
+/** Tag version key — stored in CacheStore, bumped on cross-resource invalidation */
+declare function tagVersionKey(tag: string): string;
+/**
+ * Stable hash for query params.
+ * Sorts keys recursively, serializes to JSON, then applies djb2 hash.
+ * Returns hex string.
+ */
+declare function hashParams(params: Record<string, unknown>): string;
+//#endregion
+export { type CacheEnvelope, type CacheLogger, type CacheResult, type CacheSetOptions, type CacheStats, type CacheStatus, type CacheStore, type CrossResourceRule, MemoryCacheStore, type MemoryCacheStoreOptions, QueryCache, type QueryCacheConfig, type QueryCacheDefaults, type QueryCachePluginOptions, type RedisCacheClient, RedisCacheStore, type RedisCacheStoreOptions, type RedisPipeline, buildQueryKey, hashParams, queryCachePlugin, tagVersionKey, versionKey };

package/dist/cache/index.mjs

@@ -0,0 +1,91 @@
+import { i as versionKey, n as hashParams, r as tagVersionKey, t as buildQueryKey } from "../keys-DhqDRxv3.mjs";
+import { t as MemoryCacheStore } from "../memory-B2v7KrCB.mjs";
+import { r as QueryCache, t as queryCachePlugin } from "../queryCachePlugin-B6R0d4av.mjs";
+
+//#region src/cache/redis.ts
+/**
+* Redis-backed cache store.
+* Suitable for multi-instance and horizontally scaled deployments.
+* Uses pipeline batching when available for bulk operations.
+*/
+var RedisCacheStore = class {
+	name = "redis-cache";
+	client;
+	prefix;
+	defaultTtlMs;
+	maxEntryBytes;
+	_hits = 0;
+	_misses = 0;
+	constructor(options) {
+		this.client = options.client;
+		this.prefix = options.prefix ?? "arc:cache:";
+		this.defaultTtlMs = options.defaultTtlMs ?? 6e4;
+		this.maxEntryBytes = options.maxEntryBytes ?? 0;
+	}
+	async get(key) {
+		const data = await this.client.get(this.withPrefix(key));
+		if (!data) {
+			this._misses++;
+			return;
+		}
+		try {
+			this._hits++;
+			return JSON.parse(data);
+		} catch {
+			this._misses++;
+			this._hits--;
+			return;
+		}
+	}
+	async set(key, value, options = {}) {
+		const ttlMs = options.ttlMs ?? this.defaultTtlMs;
+		if (!Number.isFinite(ttlMs) || ttlMs <= 0) return;
+		const payload = JSON.stringify(value);
+		if (this.maxEntryBytes > 0 && Buffer.byteLength(payload, "utf8") > this.maxEntryBytes) return;
+		await this.client.set(this.withPrefix(key), payload, { PX: Math.ceil(ttlMs) });
+	}
+	async delete(key) {
+		await this.client.del(this.withPrefix(key));
+	}
+	async clear() {
+		await this.scanAndDelete(`${this.prefix}*`);
+	}
+	/** Delete all keys matching `this.prefix + prefix + *`. Returns count deleted. */
+	async deleteByPrefix(prefix) {
+		return this.scanAndDelete(`${this.prefix}${prefix}*`);
+	}
+	stats() {
+		return {
+			entries: -1,
+			memoryBytes: -1,
+			hits: this._hits,
+			misses: this._misses,
+			evictions: -1
+		};
+	}
+	async scanAndDelete(pattern) {
+		if (!this.client.scan) return 0;
+		const BATCH_SIZE = 200;
+		let cursor = "0";
+		let deleted = 0;
+		do {
+			const [nextCursor, keys] = await this.client.scan(cursor, "MATCH", pattern, "COUNT", BATCH_SIZE);
+			cursor = nextCursor;
+			if (keys.length > 0) {
+				if (this.client.pipeline) {
+					const pipe = this.client.pipeline();
+					for (const key of keys) pipe.del(key);
+					await pipe.exec();
+				} else await this.client.del(keys);
+				deleted += keys.length;
+			}
+		} while (String(cursor) !== "0");
+		return deleted;
+	}
+	withPrefix(key) {
+		return `${this.prefix}${key}`;
+	}
+};
+
+//#endregion
+export { MemoryCacheStore, QueryCache, RedisCacheStore, buildQueryKey, hashParams, queryCachePlugin, tagVersionKey, versionKey };

package/dist/caching-GSDJcA6-.mjs

@@ -0,0 +1,93 @@
+import { t as __exportAll } from "./chunk-C7Uep-_p.mjs";
+import fp from "fastify-plugin";
+
+//#region src/plugins/caching.ts
+/**
+* Caching Plugin
+*
+* Adds ETag and Cache-Control headers to GET/HEAD responses.
+* Supports conditional requests (304 Not Modified) for bandwidth savings.
+*
+* @example
+* import { cachingPlugin } from '@classytic/arc/plugins';
+*
+* // Basic — ETag + conditional requests, no browser caching
+* await fastify.register(cachingPlugin);
+*
+* // With cache rules per path
+* await fastify.register(cachingPlugin, {
+*   rules: [
+*     { match: '/api/products', maxAge: 60 },
+*     { match: '/api/categories', maxAge: 300, staleWhileRevalidate: 60 },
+*   ],
+* });
+*/
+var caching_exports = /* @__PURE__ */ __exportAll({
+	cachingPlugin: () => cachingPlugin,
+	default: () => caching_default
+});
+const FNV_OFFSET = 2166136261;
+const FNV_PRIME = 16777619;
+/** Fast non-cryptographic hash for ETag generation */
+function fnv1a(data) {
+	let hash = FNV_OFFSET;
+	for (let i = 0; i < data.length; i++) {
+		hash ^= data.charCodeAt(i);
+		hash = hash * FNV_PRIME >>> 0;
+	}
+	return hash.toString(36);
+}
+const cachingPlugin = async (fastify, opts = {}) => {
+	const { maxAge = 0, etag = true, conditional = true, methods = ["GET", "HEAD"], exclude = [], rules = [] } = opts;
+	const methodSet = new Set(methods.map((m) => m.toUpperCase()));
+	/** Find the first matching rule for a URL path */
+	function findRule(url) {
+		const path = url.split("?")[0];
+		return rules.find((r) => path.startsWith(r.match));
+	}
+	/** Build Cache-Control header value */
+	function buildCacheControl(rule) {
+		const age = rule?.maxAge ?? maxAge;
+		if (age <= 0) return "no-cache";
+		const parts = [];
+		parts.push(rule?.private ? "private" : "public");
+		parts.push(`max-age=${age}`);
+		if (rule?.staleWhileRevalidate) parts.push(`stale-while-revalidate=${rule.staleWhileRevalidate}`);
+		return parts.join(", ");
+	}
+	fastify.addHook("onSend", async (request, reply, payload) => {
+		const url = request.url;
+		if (exclude.some((p) => url.startsWith(p))) return payload;
+		const method = request.method.toUpperCase();
+		if (!methodSet.has(method)) {
+			if (!reply.hasHeader("cache-control")) reply.header("cache-control", "no-store");
+			return payload;
+		}
+		const statusCode = reply.statusCode;
+		if (statusCode < 200 || statusCode >= 300) return payload;
+		if (!reply.hasHeader("cache-control")) {
+			const rule = findRule(url);
+			reply.header("cache-control", buildCacheControl(rule));
+		}
+		if (etag && payload) {
+			const tag = `"${fnv1a(typeof payload === "string" ? payload : String(payload))}"`;
+			reply.header("etag", tag);
+			if (conditional) {
+				const ifNoneMatch = request.headers["if-none-match"];
+				if (ifNoneMatch && ifNoneMatch === tag) {
+					reply.code(304);
+					return "";
+				}
+			}
+		}
+		return payload;
+	});
+	fastify.log?.debug?.("Caching plugin registered");
+};
+var caching_default = fp(cachingPlugin, {
+	name: "arc-caching",
+	fastify: "5.x"
+});
+
+//#endregion
+export { caching_default as n, caching_exports as r, cachingPlugin as t };