@classytic/arc 2.1.7 → 2.2.0

package/dist/adapters/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import { a as RepositoryLike, i as RelationMetadata, n as DataAdapter, o as SchemaMetadata, r as FieldMetadata, s as ValidationResult, t as AdapterFactory } from "../interface-Cb2klgid.mjs";
+import { a as RepositoryLike, i as RelationMetadata, n as DataAdapter, o as SchemaMetadata, r as FieldMetadata, s as ValidationResult, t as AdapterFactory } from "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
-import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter } from "../prisma-DQBSSHAB.mjs";
+import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter } from "../prisma-Bi9nxirN.mjs";
 export { type AdapterFactory, type DataAdapter, type FieldMetadata, MongooseAdapter, type MongooseAdapterOptions, PrismaAdapter, type PrismaAdapterOptions, type PrismaQueryOptions, PrismaQueryParser, type PrismaQueryParserOptions, type RelationMetadata, type RepositoryLike, type SchemaMetadata, type ValidationResult, createMongooseAdapter, createPrismaAdapter };

package/dist/audit/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import "../interface-Cb2klgid.mjs";
+import "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
 import { a as AuditContext, c as AuditStore, i as AuditAction, l as AuditStoreOptions, n as MongoAuditStoreOptions, o as AuditEntry, r as MongoConnection, s as AuditQueryOptions, u as createAuditEntry } from "../mongodb-ClykrfGo.mjs";
 import { FastifyPluginAsync } from "fastify";

package/dist/audit/mongodb.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import "../interface-Cb2klgid.mjs";
+import "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
 import { n as MongoAuditStoreOptions, t as MongoAuditStore } from "../mongodb-ClykrfGo.mjs";
 export { MongoAuditStore, type MongoAuditStoreOptions };

package/dist/auth/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import "../interface-Cb2klgid.mjs";
+import "../interface-Dm4-jnia.mjs";
 import { t as PermissionCheck } from "../types-RLkFVgaw.mjs";
 import { AuthHelpers, AuthPluginOptions } from "../types/index.mjs";
 import { t as ExternalOpenApiPaths } from "../externalPaths-SyPF2tgK.mjs";

package/dist/cli/commands/init.mjs

@@ -2174,7 +2174,17 @@ ${orgPluginUsage}
         enabled: process.env.NODE_ENV === 'production',
       },
     });
-  }
+${config.adapter === "mongokit" ? `
+    // Register stub Mongoose models for Better Auth collections.
+    // BA uses the raw MongoDB driver, so no Mongoose models exist by default.
+    // These stubs (strict: false) enable populate() on refs like 'user', 'organization', etc.
+    const baCollections = ['user', 'organization', 'member', 'invitation', 'session', 'account'];
+    for (const name of baCollections) {
+      if (!mongoose.models[name]) {
+        mongoose.model(name, new mongoose.Schema({}, { strict: false, collection: name }));
+      }
+    }
+` : ""}  }
 
   return _auth;
 }

package/dist/core/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import { E as defineResource, T as ResourceDefinition, c as BaseController, d as QueryResolverConfig, f as BodySanitizer, h as AccessControlConfig, l as BaseControllerOptions, m as AccessControl, p as BodySanitizerConfig, u as QueryResolver } from "../interface-Cb2klgid.mjs";
+import { E as defineResource, T as ResourceDefinition, c as BaseController, d as QueryResolverConfig, f as BodySanitizer, h as AccessControlConfig, l as BaseControllerOptions, m as AccessControl, p as BodySanitizerConfig, u as QueryResolver } from "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
-import { A as createCrudRouter, C as MutationOperation, D as ActionRouterConfig, E as ActionHandler, O as IdempotencyService, S as MUTATION_OPERATIONS, T as SYSTEM_FIELDS, _ as HookOperation, a as getControllerScope, b as MAX_REGEX_LENGTH, c as CrudOperation, d as DEFAULT_MAX_LIMIT, f as DEFAULT_SORT, g as HOOK_PHASES, h as HOOK_OPERATIONS, i as getControllerContext, j as createPermissionMiddleware, k as createActionRouter, l as DEFAULT_ID_FIELD, m as DEFAULT_UPDATE_METHOD, n as createFastifyHandler, o as sendControllerResponse, p as DEFAULT_TENANT_FIELD, r as createRequestContext, s as CRUD_OPERATIONS, t as createCrudHandlers, u as DEFAULT_LIMIT, v as HookPhase, w as RESERVED_QUERY_PARAMS, x as MAX_SEARCH_LENGTH, y as MAX_FILTER_DEPTH } from "../fastifyAdapter-sGkvUvf5.mjs";
+import { A as createCrudRouter, C as MutationOperation, D as ActionRouterConfig, E as ActionHandler, O as IdempotencyService, S as MUTATION_OPERATIONS, T as SYSTEM_FIELDS, _ as HookOperation, a as getControllerScope, b as MAX_REGEX_LENGTH, c as CrudOperation, d as DEFAULT_MAX_LIMIT, f as DEFAULT_SORT, g as HOOK_PHASES, h as HOOK_OPERATIONS, i as getControllerContext, j as createPermissionMiddleware, k as createActionRouter, l as DEFAULT_ID_FIELD, m as DEFAULT_UPDATE_METHOD, n as createFastifyHandler, o as sendControllerResponse, p as DEFAULT_TENANT_FIELD, r as createRequestContext, s as CRUD_OPERATIONS, t as createCrudHandlers, u as DEFAULT_LIMIT, v as HookPhase, w as RESERVED_QUERY_PARAMS, x as MAX_SEARCH_LENGTH, y as MAX_FILTER_DEPTH } from "../fastifyAdapter-DTOLNtjw.mjs";
 export { AccessControl, type AccessControlConfig, type ActionHandler, type ActionRouterConfig, BaseController, type BaseControllerOptions, BodySanitizer, type BodySanitizerConfig, CRUD_OPERATIONS, CrudOperation, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, HookOperation, HookPhase, type IdempotencyService, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MutationOperation, QueryResolver, type QueryResolverConfig, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, getControllerContext, getControllerScope, sendControllerResponse };

package/dist/core/index.mjs

@@ -1,4 +1,4 @@
 import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "../constants-DdXFXQtN.mjs";
-import { _ as QueryResolver, c as createPermissionMiddleware, d as createFastifyHandler, f as createRequestContext, g as BaseController, h as sendControllerResponse, m as getControllerScope, n as defineResource, o as createActionRouter, p as getControllerContext, s as createCrudRouter, t as ResourceDefinition, u as createCrudHandlers, v as BodySanitizer, y as AccessControl } from "../defineResource-DZVbwsFb.mjs";
+import { _ as QueryResolver, c as createPermissionMiddleware, d as createFastifyHandler, f as createRequestContext, g as BaseController, h as sendControllerResponse, m as getControllerScope, n as defineResource, o as createActionRouter, p as getControllerContext, s as createCrudRouter, t as ResourceDefinition, u as createCrudHandlers, v as BodySanitizer, y as AccessControl } from "../defineResource-Bq_fXZtm.mjs";
 
 export { AccessControl, BaseController, BodySanitizer, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, QueryResolver, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, getControllerContext, getControllerScope, sendControllerResponse };

package/dist/{createApp-D2D5XXaV.mjs → createApp-BTHYuHNU.mjs}

@@ -50,7 +50,9 @@ const productionPreset = {
 		allowedHeaders: [
 			"Content-Type",
 			"Authorization",
-			"Accept"
+			"Accept",
+			"x-organization-id",
+			"x-request-id"
 		]
 	},
 	rateLimit: {
@@ -95,7 +97,9 @@ const developmentPreset = {
 		allowedHeaders: [
 			"Content-Type",
 			"Authorization",
-			"Accept"
+			"Accept",
+			"x-organization-id",
+			"x-request-id"
 		]
 	},
 	rateLimit: {
@@ -337,8 +341,9 @@ async function createApp(options) {
 	} else fastify.log.warn("Helmet disabled - security headers not applied");
 	if (config.cors !== false) {
 		const cors = await loadPlugin("cors");
-		const corsOptions = config.cors ?? {};
+		const corsOptions = { ...config.cors ?? {} };
 		if (config.preset === "production" && (!corsOptions || !("origin" in corsOptions))) throw new Error("CORS origin must be explicitly configured in production.\nSet cors.origin to allowed domains or set cors: false to disable.\nExample: cors: { origin: ['https://yourdomain.com'] }\nDocs: https://github.com/classytic/arc#security");
+		if (corsOptions.credentials && corsOptions.origin === "*") corsOptions.origin = true;
 		await fastify.register(cors, corsOptions);
 		fastify.log.debug("CORS enabled");
 	} else fastify.log.warn("CORS disabled");

package/dist/{defineResource-DZVbwsFb.mjs → defineResource-Bq_fXZtm.mjs}

@@ -397,6 +397,16 @@ var BaseController = class {
 		this.update = this.update.bind(this);
 		this.delete = this.delete.bind(this);
 	}
+	/**
+	* Get the tenant field name if multi-tenant scoping is enabled.
+	* Returns `undefined` when `tenantField` is `false` (platform-universal mode).
+	*
+	* Use this in subclass overrides instead of accessing `this.tenantField` directly
+	* to avoid TypeScript indexing errors with `string | false`.
+	*/
+	getTenantField() {
+		return this.tenantField || void 0;
+	}
 	/** Extract typed Arc internal metadata from request */
 	meta(req) {
 		return req.metadata;

package/dist/docs/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import "../interface-Cb2klgid.mjs";
+import "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
 import { RegistryEntry } from "../types/index.mjs";
 import { t as ExternalOpenApiPaths } from "../externalPaths-SyPF2tgK.mjs";

package/dist/factory/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import "../interface-Cb2klgid.mjs";
+import "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
 import "../queryCachePlugin-Q6SYuHZ6.mjs";
 import "../eventPlugin-H6wDDjGO.mjs";

package/dist/factory/index.mjs

@@ -1,3 +1,3 @@
-import { a as getPreset, i as developmentPreset, n as createApp, o as productionPreset, s as testingPreset, t as ArcFactory } from "../createApp-D2D5XXaV.mjs";
+import { a as getPreset, i as developmentPreset, n as createApp, o as productionPreset, s as testingPreset, t as ArcFactory } from "../createApp-BTHYuHNU.mjs";
 
 export { ArcFactory, createApp, developmentPreset, getPreset, productionPreset, testingPreset };

package/dist/{fastifyAdapter-sGkvUvf5.d.mts → fastifyAdapter-DTOLNtjw.d.mts}

@@ -1,5 +1,5 @@
 import { s as RequestScope } from "./elevation-DGo5shaX.mjs";
-import { b as IControllerResponse, x as IRequestContext, y as IController } from "./interface-Cb2klgid.mjs";
+import { b as IControllerResponse, x as IRequestContext, y as IController } from "./interface-Dm4-jnia.mjs";
 import { t as PermissionCheck } from "./types-RLkFVgaw.mjs";
 import { CrudController, CrudRouterOptions, FastifyWithDecorators, RequestContext, RequestWithExtras } from "./types/index.mjs";
 import { FastifyInstance, FastifyReply, FastifyRequest, RouteHandlerMethod } from "fastify";

package/dist/hooks/index.d.mts

@@ -1,4 +1,4 @@
 import "../elevation-DGo5shaX.mjs";
-import { $ as beforeUpdate, B as DefineHookOptions, G as HookRegistration, H as HookHandler, J as afterCreate, K as HookSystem, Q as beforeDelete, U as HookOperation, V as HookContext, W as HookPhase, X as afterUpdate, Y as afterDelete, Z as beforeCreate, et as createHookSystem, q as HookSystemOptions, tt as defineHook } from "../interface-Cb2klgid.mjs";
+import { $ as beforeUpdate, B as DefineHookOptions, G as HookRegistration, H as HookHandler, J as afterCreate, K as HookSystem, Q as beforeDelete, U as HookOperation, V as HookContext, W as HookPhase, X as afterUpdate, Y as afterDelete, Z as beforeCreate, et as createHookSystem, q as HookSystemOptions, tt as defineHook } from "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
 export { type DefineHookOptions, type HookContext, type HookHandler, type HookOperation, type HookPhase, type HookRegistration, HookSystem, type HookSystemOptions, afterCreate, afterDelete, afterUpdate, beforeCreate, beforeDelete, beforeUpdate, createHookSystem, defineHook };

package/dist/index.d.mts

@@ -1,11 +1,11 @@
 import "./elevation-DGo5shaX.mjs";
-import { D as CrudRepository, E as defineResource, F as OperationFilter, I as PipelineConfig, L as PipelineContext, M as Guard, N as Interceptor, P as NextFunction, R as PipelineStep, S as RouteHandler, T as ResourceDefinition, _ as ControllerLike, a as RepositoryLike, b as IControllerResponse, c as BaseController, i as RelationMetadata, j as QueryOptions, k as PaginatedResult, l as BaseControllerOptions, n as DataAdapter, o as SchemaMetadata, r as FieldMetadata, s as ValidationResult, x as IRequestContext, y as IController, z as Transform } from "./interface-Cb2klgid.mjs";
+import { D as CrudRepository, E as defineResource, F as OperationFilter, I as PipelineConfig, L as PipelineContext, M as Guard, N as Interceptor, P as NextFunction, R as PipelineStep, S as RouteHandler, T as ResourceDefinition, _ as ControllerLike, a as RepositoryLike, b as IControllerResponse, c as BaseController, i as RelationMetadata, j as QueryOptions, k as PaginatedResult, l as BaseControllerOptions, n as DataAdapter, o as SchemaMetadata, r as FieldMetadata, s as ValidationResult, x as IRequestContext, y as IController, z as Transform } from "./interface-Dm4-jnia.mjs";
 import { a as applyFieldWritePermissions, i as applyFieldReadPermissions, n as FieldPermissionMap, o as fields, t as FieldPermission } from "./fields-Bi_AVKSo.mjs";
 import { i as UserBase, n as PermissionContext, r as PermissionResult, t as PermissionCheck } from "./types-RLkFVgaw.mjs";
 import { AdditionalRoute, AnyRecord, ApiResponse, ArcInternalMetadata, AuthPluginOptions, ConfigError, CrudController, CrudRouteKey, CrudRouterOptions, CrudSchemas, EventDefinition, FastifyRequestExtras, FastifyWithAuth, FastifyWithDecorators, FieldRule, GracefulShutdownOptions, HealthCheck, HealthOptions, InferAdapterDoc, InferDocType, InferResourceDoc, IntrospectionData, IntrospectionPluginOptions, JWTPayload, MiddlewareConfig, MiddlewareHandler, OwnershipCheck, PresetFunction, PresetResult, RateLimitConfig, RegistryEntry, RegistryStats, RequestContext, RequestIdOptions, RequestWithExtras, ResourceConfig, ResourceMetadata, RouteHandlerMethod, RouteSchemaOptions, ServiceContext, TypedController, TypedRepository, TypedResourceConfig, UserOrganization, ValidateOptions, ValidationResult as ValidationResult$1 } from "./types/index.mjs";
-import { c as MongooseAdapterOptions, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, s as MongooseAdapter, t as PrismaAdapter } from "./prisma-DQBSSHAB.mjs";
+import { c as MongooseAdapterOptions, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, s as MongooseAdapter, t as PrismaAdapter } from "./prisma-Bi9nxirN.mjs";
 import "./adapters/index.mjs";
-import { C as MutationOperation, S as MUTATION_OPERATIONS, T as SYSTEM_FIELDS, _ as HookOperation, a as getControllerScope, b as MAX_REGEX_LENGTH, c as CrudOperation, d as DEFAULT_MAX_LIMIT, f as DEFAULT_SORT, g as HOOK_PHASES, h as HOOK_OPERATIONS, l as DEFAULT_ID_FIELD, m as DEFAULT_UPDATE_METHOD, p as DEFAULT_TENANT_FIELD, s as CRUD_OPERATIONS, u as DEFAULT_LIMIT, v as HookPhase, w as RESERVED_QUERY_PARAMS, x as MAX_SEARCH_LENGTH, y as MAX_FILTER_DEPTH } from "./fastifyAdapter-sGkvUvf5.mjs";
+import { C as MutationOperation, S as MUTATION_OPERATIONS, T as SYSTEM_FIELDS, _ as HookOperation, a as getControllerScope, b as MAX_REGEX_LENGTH, c as CrudOperation, d as DEFAULT_MAX_LIMIT, f as DEFAULT_SORT, g as HOOK_PHASES, h as HOOK_OPERATIONS, l as DEFAULT_ID_FIELD, m as DEFAULT_UPDATE_METHOD, p as DEFAULT_TENANT_FIELD, s as CRUD_OPERATIONS, u as DEFAULT_LIMIT, v as HookPhase, w as RESERVED_QUERY_PARAMS, x as MAX_SEARCH_LENGTH, y as MAX_FILTER_DEPTH } from "./fastifyAdapter-DTOLNtjw.mjs";
 import "./core/index.mjs";
 import { a as NotFoundError, d as ValidationError, i as ForbiddenError, t as ArcError, u as UnauthorizedError } from "./errors-DAWRdiYP.mjs";
 import { a as presets_d_exports, c as readOnly, i as ownerWithAdminBypass, n as authenticated, o as publicRead, r as fullPublic, s as publicReadAdminWrite, t as adminOnly } from "./presets-BTeYbw7h.mjs";

package/dist/index.mjs

@@ -1,6 +1,6 @@
 import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "./constants-DdXFXQtN.mjs";
 import { a as createMongooseAdapter, i as MongooseAdapter, r as createPrismaAdapter, t as PrismaAdapter } from "./prisma-DJbMt3yf.mjs";
-import { a as validateResourceConfig, g as BaseController, i as formatValidationErrors, l as pipe, m as getControllerScope, n as defineResource, r as assertValidConfig, t as ResourceDefinition } from "./defineResource-DZVbwsFb.mjs";
+import { a as validateResourceConfig, g as BaseController, i as formatValidationErrors, l as pipe, m as getControllerScope, n as defineResource, r as assertValidConfig, t as ResourceDefinition } from "./defineResource-Bq_fXZtm.mjs";
 import { n as applyFieldWritePermissions, r as fields, t as applyFieldReadPermissions } from "./fields-CTd_CrKr.mjs";
 import { i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-DBANPbGr.mjs";
 import { t as requestContext } from "./requestContext-xi6OKBL-.mjs";

package/dist/{interface-Cb2klgid.d.mts → interface-Dm4-jnia.d.mts}

@@ -978,6 +978,14 @@ declare class BaseController<TDoc = AnyRecord, TRepository extends RepositoryLik
   private _presetFields;
   private _cacheConfig?;
   constructor(repository: TRepository, options?: BaseControllerOptions);
+  /**
+   * Get the tenant field name if multi-tenant scoping is enabled.
+   * Returns `undefined` when `tenantField` is `false` (platform-universal mode).
+   *
+   * Use this in subclass overrides instead of accessing `this.tenantField` directly
+   * to avoid TypeScript indexing errors with `string | false`.
+   */
+  protected getTenantField(): string | undefined;
   /** Extract typed Arc internal metadata from request */
   private meta;
   /** Get hook system from request context (instance-scoped) */

package/dist/org/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import { S as RouteHandler } from "../interface-Cb2klgid.mjs";
+import { S as RouteHandler } from "../interface-Dm4-jnia.mjs";
 import { i as UserBase } from "../types-RLkFVgaw.mjs";
 import "../types/index.mjs";
 import { InvitationAdapter, InvitationDoc, MemberDoc, OrgAdapter, OrgDoc, OrgPermissionStatement, OrgRole, OrganizationPluginOptions } from "./types.mjs";

package/dist/plugins/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import { K as HookSystem, w as ResourceRegistry } from "../interface-Cb2klgid.mjs";
+import { K as HookSystem, w as ResourceRegistry } from "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
 import { AdditionalRoute, AnyRecord, MiddlewareConfig, PresetHook, RouteSchemaOptions } from "../types/index.mjs";
 import { t as ExternalOpenApiPaths } from "../externalPaths-SyPF2tgK.mjs";

package/dist/presets/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import { b as IControllerResponse, k as PaginatedResult, x as IRequestContext } from "../interface-Cb2klgid.mjs";
+import { b as IControllerResponse, k as PaginatedResult, x as IRequestContext } from "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
 import { AnyRecord, PresetResult, ResourceConfig } from "../types/index.mjs";
 import multiTenantPreset, { MultiTenantOptions } from "./multiTenant.mjs";

package/dist/presets/multiTenant.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import "../interface-Cb2klgid.mjs";
+import "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
 import { CrudRouteKey, PresetResult } from "../types/index.mjs";
 

package/dist/{prisma-DQBSSHAB.d.mts → prisma-Bi9nxirN.d.mts}

@@ -1,4 +1,4 @@
-import { D as CrudRepository, a as RepositoryLike, n as DataAdapter, o as SchemaMetadata, s as ValidationResult } from "./interface-Cb2klgid.mjs";
+import { D as CrudRepository, a as RepositoryLike, n as DataAdapter, o as SchemaMetadata, s as ValidationResult } from "./interface-Dm4-jnia.mjs";
 import { OpenApiSchemas, ParsedQuery, QueryParserInterface, RouteSchemaOptions } from "./types/index.mjs";
 import { Model } from "mongoose";
 

package/dist/registry/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import { C as RegisterOptions, w as ResourceRegistry } from "../interface-Cb2klgid.mjs";
+import { C as RegisterOptions, w as ResourceRegistry } from "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
 import { IntrospectionPluginOptions } from "../types/index.mjs";
 import { FastifyPluginAsync } from "fastify";

package/dist/testing/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import { D as CrudRepository, T as ResourceDefinition } from "../interface-Cb2klgid.mjs";
+import { D as CrudRepository, T as ResourceDefinition } from "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
 import { AnyRecord } from "../types/index.mjs";
 import "../queryCachePlugin-Q6SYuHZ6.mjs";
@@ -649,7 +649,7 @@ interface HttpTestHarnessOptions<T = unknown> {
   };
   /** Auth provider for generating request headers */
   auth: AuthProvider;
-  /** API path prefix (default: '/api') */
+  /** API path prefix (default: '/api' for eager, '' for deferred) */
   apiPrefix?: string;
 }
 /** Options can be passed directly or as a getter for deferred resolution */
@@ -666,12 +666,21 @@ type OptionsOrGetter<T> = HttpTestHarnessOptions<T> | (() => HttpTestHarnessOpti
 declare class HttpTestHarness<T = unknown> {
   private resource;
   private optionsOrGetter;
-  private baseUrl;
+  private eagerBaseUrl;
   private enabledRoutes;
   private updateMethod;
   constructor(resource: ResourceDefinition<unknown>, optionsOrGetter: OptionsOrGetter<T>);
   /** Resolve options (supports both direct and deferred) */
   private getOptions;
+  /**
+   * Resolve the base URL for requests.
+   *
+   * - Eager mode: uses pre-computed baseUrl from constructor
+   * - Deferred mode: reads apiPrefix from the getter options at runtime
+   *
+   * Must only be called inside it()/afterAll() callbacks (after beforeAll has run).
+   */
+  private getBaseUrl;
   /**
    * Run all test suites: CRUD + permissions + validation
    */
@@ -715,6 +724,7 @@ declare class HttpTestHarness<T = unknown> {
  *
  * createHttpTestHarness(jobResource, () => ({
  *   app: ctx.app,
+ *   apiPrefix: '',
  *   fixtures: { valid: { title: 'Test' } },
  *   auth: createBetterAuthProvider({ ... }),
  * })).runAll();

package/dist/testing/index.mjs

@@ -1000,7 +1000,7 @@ var DatabaseSnapshot = class {
 * ```
 */
 async function createTestApp(options = {}) {
-	const { createApp } = await import("../createApp-D2D5XXaV.mjs").then((n) => n.r);
+	const { createApp } = await import("../createApp-BTHYuHNU.mjs").then((n) => n.r);
 	const { useInMemoryDb = true, mongoUri: providedMongoUri, ...appOptions } = options;
 	const defaultAuth = {
 		type: "jwt",
@@ -1606,6 +1606,7 @@ async function setupBetterAuthOrg(options) {
 *
 * const harness = createHttpTestHarness(jobResource, () => ({
 *   app: ctx.app,
+*   apiPrefix: '',
 *   fixtures: { valid: { title: 'Test' } },
 *   auth: createBetterAuthProvider({ tokens: { admin: ctx.users.admin.token }, orgId: ctx.orgId, adminRole: 'admin' }),
 * }));
@@ -1687,13 +1688,14 @@ function createBetterAuthProvider(options) {
 var HttpTestHarness = class {
 	resource;
 	optionsOrGetter;
-	baseUrl;
+	eagerBaseUrl;
 	enabledRoutes;
 	updateMethod;
 	constructor(resource, optionsOrGetter) {
 		this.resource = resource;
 		this.optionsOrGetter = optionsOrGetter;
-		this.baseUrl = `${typeof optionsOrGetter === "function" ? "/api" : optionsOrGetter.apiPrefix ?? "/api"}${resource.prefix}`;
+		if (typeof optionsOrGetter === "function") this.eagerBaseUrl = null;
+		else this.eagerBaseUrl = `${optionsOrGetter.apiPrefix ?? "/api"}${resource.prefix}`;
 		const disabled = new Set(resource.disabledRoutes ?? []);
 		this.enabledRoutes = new Set(resource.disableDefaultRoutes ? [] : CRUD_OPERATIONS.filter((op) => !disabled.has(op)));
 		this.updateMethod = resource.updateMethod === "PUT" ? "PUT" : "PATCH";
@@ -1703,6 +1705,18 @@ var HttpTestHarness = class {
 		return typeof this.optionsOrGetter === "function" ? this.optionsOrGetter() : this.optionsOrGetter;
 	}
 	/**
+	* Resolve the base URL for requests.
+	*
+	* - Eager mode: uses pre-computed baseUrl from constructor
+	* - Deferred mode: reads apiPrefix from the getter options at runtime
+	*
+	* Must only be called inside it()/afterAll() callbacks (after beforeAll has run).
+	*/
+	getBaseUrl() {
+		if (this.eagerBaseUrl !== null) return this.eagerBaseUrl;
+		return `${this.getOptions().apiPrefix ?? ""}${this.resource.prefix}`;
+	}
+	/**
 	* Run all test suites: CRUD + permissions + validation
 	*/
 	runAll() {
@@ -1722,12 +1736,13 @@ var HttpTestHarness = class {
 	* - GET /:id with non-existent ID → 404
 	*/
 	runCrud() {
-		const { resource, baseUrl, enabledRoutes, updateMethod } = this;
+		const { resource, enabledRoutes, updateMethod } = this;
 		let createdId = null;
 		describe(`${resource.displayName} HTTP CRUD`, () => {
 			afterAll(async () => {
 				if (createdId && enabledRoutes.has("delete")) {
 					const { app, auth } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
 					await app.inject({
 						method: "DELETE",
 						url: `${baseUrl}/${createdId}`,
@@ -1737,6 +1752,7 @@ var HttpTestHarness = class {
 			});
 			if (enabledRoutes.has("create")) it("POST should create a resource", async () => {
 				const { app, auth, fixtures } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
 				const adminHeaders = auth.getHeaders(auth.adminRole);
 				const res = await app.inject({
 					method: "POST",
@@ -1753,6 +1769,7 @@ var HttpTestHarness = class {
 			});
 			if (enabledRoutes.has("list")) it("GET should list resources", async () => {
 				const { app, auth } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
 				const res = await app.inject({
 					method: "GET",
 					url: baseUrl,
@@ -1769,6 +1786,7 @@ var HttpTestHarness = class {
 				it("GET /:id should return the resource", async () => {
 					if (!createdId) return;
 					const { app, auth } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
 					const res = await app.inject({
 						method: "GET",
 						url: `${baseUrl}/${createdId}`,
@@ -1782,6 +1800,7 @@ var HttpTestHarness = class {
 				});
 				it("GET /:id with non-existent ID should return 404", async () => {
 					const { app, auth } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
 					const res = await app.inject({
 						method: "GET",
 						url: `${baseUrl}/000000000000000000000000`,
@@ -1795,6 +1814,7 @@ var HttpTestHarness = class {
 				it(`${updateMethod} /:id should update the resource`, async () => {
 					if (!createdId) return;
 					const { app, auth, fixtures } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
 					const updatePayload = fixtures.update || fixtures.valid;
 					const res = await app.inject({
 						method: updateMethod,
@@ -1809,6 +1829,7 @@ var HttpTestHarness = class {
 				});
 				it(`${updateMethod} /:id with non-existent ID should return 404`, async () => {
 					const { app, auth, fixtures } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
 					expect((await app.inject({
 						method: updateMethod,
 						url: `${baseUrl}/000000000000000000000000`,
@@ -1820,6 +1841,7 @@ var HttpTestHarness = class {
 			if (enabledRoutes.has("delete")) {
 				it("DELETE /:id should delete the resource", async () => {
 					const { app, auth, fixtures } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
 					const adminHeaders = auth.getHeaders(auth.adminRole);
 					let deleteId;
 					if (enabledRoutes.has("create")) {
@@ -1845,6 +1867,7 @@ var HttpTestHarness = class {
 				});
 				it("DELETE /:id with non-existent ID should return 404", async () => {
 					const { app, auth } = this.getOptions();
+					const baseUrl = this.getBaseUrl();
 					expect((await app.inject({
 						method: "DELETE",
 						url: `${baseUrl}/000000000000000000000000`,
@@ -1862,10 +1885,11 @@ var HttpTestHarness = class {
 	* - Admin role gets 2xx for all operations
 	*/
 	runPermissions() {
-		const { resource, baseUrl, enabledRoutes, updateMethod } = this;
+		const { resource, enabledRoutes, updateMethod } = this;
 		describe(`${resource.displayName} HTTP Permissions`, () => {
 			if (enabledRoutes.has("list")) it("GET list without auth should return 401", async () => {
 				const { app } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
 				expect((await app.inject({
 					method: "GET",
 					url: baseUrl
@@ -1873,6 +1897,7 @@ var HttpTestHarness = class {
 			});
 			if (enabledRoutes.has("get")) it("GET get without auth should return 401", async () => {
 				const { app } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
 				expect((await app.inject({
 					method: "GET",
 					url: `${baseUrl}/000000000000000000000000`
@@ -1880,6 +1905,7 @@ var HttpTestHarness = class {
 			});
 			if (enabledRoutes.has("create")) it("POST create without auth should return 401", async () => {
 				const { app, fixtures } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
 				expect((await app.inject({
 					method: "POST",
 					url: baseUrl,
@@ -1888,6 +1914,7 @@ var HttpTestHarness = class {
 			});
 			if (enabledRoutes.has("update")) it(`${updateMethod} update without auth should return 401`, async () => {
 				const { app, fixtures } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
 				expect((await app.inject({
 					method: updateMethod,
 					url: `${baseUrl}/000000000000000000000000`,
@@ -1896,6 +1923,7 @@ var HttpTestHarness = class {
 			});
 			if (enabledRoutes.has("delete")) it("DELETE delete without auth should return 401", async () => {
 				const { app } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
 				expect((await app.inject({
 					method: "DELETE",
 					url: `${baseUrl}/000000000000000000000000`
@@ -1903,6 +1931,7 @@ var HttpTestHarness = class {
 			});
 			if (enabledRoutes.has("list")) it("admin should access list endpoint", async () => {
 				const { app, auth } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
 				expect((await app.inject({
 					method: "GET",
 					url: baseUrl,
@@ -1911,6 +1940,7 @@ var HttpTestHarness = class {
 			});
 			if (enabledRoutes.has("create")) it("admin should access create endpoint", async () => {
 				const { app, auth, fixtures } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
 				const res = await app.inject({
 					method: "POST",
 					url: baseUrl,
@@ -1933,11 +1963,12 @@ var HttpTestHarness = class {
 	* Tests that invalid payloads return 400.
 	*/
 	runValidation() {
-		const { resource, baseUrl, enabledRoutes } = this;
+		const { resource, enabledRoutes } = this;
 		if (!enabledRoutes.has("create")) return;
 		describe(`${resource.displayName} HTTP Validation`, () => {
 			it("POST with invalid payload should not return 2xx", async () => {
 				const { app, auth, fixtures } = this.getOptions();
+				const baseUrl = this.getBaseUrl();
 				if (!fixtures.invalid) return;
 				const res = await app.inject({
 					method: "POST",
@@ -1963,6 +1994,7 @@ var HttpTestHarness = class {
 *
 * createHttpTestHarness(jobResource, () => ({
 *   app: ctx.app,
+*   apiPrefix: '',
 *   fixtures: { valid: { title: 'Test' } },
 *   auth: createBetterAuthProvider({ ... }),
 * })).runAll();

package/dist/types/index.d.mts

@@ -1,5 +1,5 @@
 import { a as AUTHENTICATED_SCOPE, c as getOrgId, d as hasOrgAccess, f as isAuthenticated, l as getOrgRoles, m as isMember, n as ElevationOptions, o as PUBLIC_SCOPE, p as isElevated, s as RequestScope, t as ElevationEvent, u as getTeamId } from "../elevation-DGo5shaX.mjs";
-import { A as PaginationParams, D as CrudRepository, I as PipelineConfig, K as HookSystem, O as InferDoc, S as RouteHandler, _ as ControllerLike, b as IControllerResponse, g as ControllerHandler, j as QueryOptions, k as PaginatedResult, l as BaseControllerOptions, n as DataAdapter, v as FastifyHandler, w as ResourceRegistry, x as IRequestContext, y as IController } from "../interface-Cb2klgid.mjs";
+import { A as PaginationParams, D as CrudRepository, I as PipelineConfig, K as HookSystem, O as InferDoc, S as RouteHandler, _ as ControllerLike, b as IControllerResponse, g as ControllerHandler, j as QueryOptions, k as PaginatedResult, l as BaseControllerOptions, n as DataAdapter, v as FastifyHandler, w as ResourceRegistry, x as IRequestContext, y as IController } from "../interface-Dm4-jnia.mjs";
 import { n as FieldPermissionMap } from "../fields-Bi_AVKSo.mjs";
 import { i as UserBase, n as PermissionContext, r as PermissionResult, t as PermissionCheck } from "../types-RLkFVgaw.mjs";
 import { FastifyInstance, FastifyReply, FastifyRequest, RouteHandlerMethod, RouteHandlerMethod as RouteHandlerMethod$1 } from "fastify";

package/dist/utils/index.d.mts

@@ -1,5 +1,5 @@
 import "../elevation-DGo5shaX.mjs";
-import "../interface-Cb2klgid.mjs";
+import "../interface-Dm4-jnia.mjs";
 import "../types-RLkFVgaw.mjs";
 import { AnyRecord, OpenApiSchemas, ParsedQuery, QueryParserInterface } from "../types/index.mjs";
 import { a as NotFoundError, c as RateLimitError, d as ValidationError, f as createError, i as ForbiddenError, l as ServiceUnavailableError, n as ConflictError, o as OrgAccessDeniedError, p as isArcError, r as ErrorDetails, s as OrgRequiredError, t as ArcError, u as UnauthorizedError } from "../errors-DAWRdiYP.mjs";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@classytic/arc",
-  "version": "2.1.7",
+  "version": "2.2.0",
   "description": "Resource-oriented backend framework for Fastify — clean, minimal, powerful, tree-shakable",
   "type": "module",
   "exports": {
@@ -191,7 +191,7 @@
     "node": ">=22"
   },
   "peerDependencies": {
-    "@classytic/mongokit": "^3.2.3",
+    "@classytic/mongokit": "^3.2.4",
     "@classytic/streamline": ">=1.0.0",
     "@fastify/cors": "^11.0.0",
     "@fastify/helmet": "^13.0.0",