@classytic/arc 2.10.3 → 2.10.8

package/dist/types/index.d.mts

@@ -1,5 +1,5 @@
-import { n as ElevationOptions, t as ElevationEvent } from "../elevation-C5SwtkAn.mjs";
-import { _ as isAuthenticated, c as getOrgRoles, g as hasOrgAccess, n as PUBLIC_SCOPE, p as getTeamId, r as RequestScope, s as getOrgId, t as AUTHENTICATED_SCOPE, v as isElevated, y as isMember } from "../types-BD85MlEK.mjs";
-import { c as PermissionCheck, d as UserBase, l as PermissionContext, u as PermissionResult } from "../fields-Lo1VUDpt.mjs";
-import { $ as CrudSchemas, A as AuthHelpers, B as FastifyWithDecorators, Bt as ArcInternalMetadata, C as ResourceMetadata, Ct as RouteHandler, D as HealthOptions, E as HealthCheck, F as TokenPair, Gt as PopulateOption, H as RequestWithExtras, Ht as LookupOption, I as ArcDecorator, J as ActionEntry, Jt as ServiceContext, Kt as QueryParserInterface, L as EventsDecorator, M as Authenticator, N as AuthenticatorContext, O as IntrospectionPluginOptions, P as JwtContext, Q as CrudRouteKey, R as FastifyRequestExtras, S as RegistryStats, St as IRequestContext, T as GracefulShutdownOptions, Ut as OwnershipCheck, V as MiddlewareHandler, Vt as ControllerQueryOptions, Wt as ParsedQuery, X as ActionsMap, Y as ActionHandlerFn, Z as CrudController, _ as ConfigError, _n as UserOrganization, _t as ControllerHandler, at as PresetHook, b as IntrospectionData, bt as IController, ct as ResourceCacheConfig, d as InferAdapterDoc, dn as AnyRecord, dt as ResourceHooks, et as EventDefinition, f as InferDocType, fn as ApiResponse, ft as ResourcePermissions, g as TypedResourceConfig, gn as UserLike, gt as RouteSchemaOptions, h as TypedRepository, hn as ObjectId, ht as RouteMethod, it as PresetFunction, j as AuthPluginOptions, k as RequestIdOptions, lt as ResourceConfig, m as TypedController, mn as JWTPayload, mt as RouteMcpConfig, nt as MiddlewareConfig, ot as PresetResult, p as InferResourceDoc, pn as ArcRequest, pt as RouteDefinition, q as ActionDefinition, qt as RequestContext, r as BaseControllerOptions, rt as OpenApiSchemas, st as RateLimitConfig, t as RouteHandlerMethod, tt as FieldRule, u as PaginationResult, ut as ResourceHookContext, v as ValidateOptions, vn as envelope, vt as ControllerLike, w as CrudRouterOptions, x as RegistryEntry, xt as IControllerResponse, y as ValidationResult, yn as getUserId, yt as FastifyHandler, z as FastifyWithAuth } from "../index-Cl0uoKd5.mjs";
+import { $t as ObjectId, A as RequestIdOptions, At as FastifyHandler, C as RequestContext, Ct as ResourcePermissions, D as HealthCheck, Dt as RouteSchemaOptions, E as GracefulShutdownOptions, Et as RouteMethod, F as FastifyWithDecorators, Gt as Authenticator, I as MiddlewareHandler, Jt as TokenPair, Kt as AuthenticatorContext, L as RequestWithExtras, M as EventsDecorator, Mt as IControllerResponse, N as FastifyRequestExtras, Nt as IRequestContext, O as HealthOptions, Ot as ControllerHandler, P as FastifyWithAuth, Pt as RouteHandler, Qt as JWTPayload, S as QueryParserInterface, St as ResourceHooks, T as CrudRouterOptions, Tt as RouteMcpConfig, Ut as AuthHelpers, Wt as AuthPluginOptions, Xt as ApiResponse, Yt as AnyRecord, Zt as ArcRequest, _ as ControllerQueryOptions, _t as PresetResult, a as InferAdapterDoc, an as BaseControllerOptions, at as ActionEntry, b as ParsedQuery, bt as ResourceConfig, c as TypedController, ct as CrudController, d as PaginationResult, dt as EventDefinition, en as UserLike, f as IntrospectionData, ft as FieldRule, g as ArcInternalMetadata, gt as PresetHook, h as ResourceMetadata, ht as PresetFunction, i as ValidationResult, it as ActionDefinition, j as ArcDecorator, jt as IController, k as IntrospectionPluginOptions, kt as ControllerLike, l as TypedRepository, lt as CrudRouteKey, m as RegistryStats, mt as OpenApiSchemas, n as ConfigError, nn as envelope, o as InferDocType, ot as ActionHandlerFn, p as RegistryEntry, pt as MiddlewareConfig, qt as JwtContext, r as ValidateOptions, rn as getUserId, s as InferResourceDoc, st as ActionsMap, t as RouteHandlerMethod, tn as UserOrganization, u as TypedResourceConfig, ut as CrudSchemas, v as LookupOption, vt as RateLimitConfig, w as ServiceContext, wt as RouteDefinition, x as PopulateOption, xt as ResourceHookContext, y as OwnershipCheck, yt as ResourceCacheConfig } from "../index-BGbpGVyM.mjs";
+import { _ as isAuthenticated, c as getOrgRoles, g as hasOrgAccess, n as PUBLIC_SCOPE, p as getTeamId, r as RequestScope, s as getOrgId, t as AUTHENTICATED_SCOPE, v as isElevated, y as isMember } from "../types-tgR4Pt8F.mjs";
+import { c as PermissionCheck, d as UserBase, l as PermissionContext, u as PermissionResult } from "../fields-C8Y0XLAu.mjs";
+import { n as ElevationOptions, t as ElevationEvent } from "../elevation-s5ykdNHr.mjs";
 export { AUTHENTICATED_SCOPE, ActionDefinition, ActionEntry, ActionHandlerFn, ActionsMap, AnyRecord, ApiResponse, ArcDecorator, ArcInternalMetadata, ArcRequest, AuthHelpers, AuthPluginOptions, Authenticator, AuthenticatorContext, BaseControllerOptions, ConfigError, ControllerHandler, ControllerLike, ControllerQueryOptions, CrudController, CrudRouteKey, CrudRouterOptions, CrudSchemas, ElevationEvent, ElevationOptions, EventDefinition, EventsDecorator, FastifyHandler, FastifyRequestExtras, FastifyWithAuth, FastifyWithDecorators, FieldRule, GracefulShutdownOptions, HealthCheck, HealthOptions, IController, IControllerResponse, IRequestContext, InferAdapterDoc, InferDocType, InferResourceDoc, IntrospectionData, IntrospectionPluginOptions, JWTPayload, JwtContext, LookupOption, MiddlewareConfig, MiddlewareHandler, ObjectId, OpenApiSchemas, OwnershipCheck, PUBLIC_SCOPE, PaginationResult, ParsedQuery, PermissionCheck, PermissionContext, PermissionResult, PopulateOption, PresetFunction, PresetHook, PresetResult, QueryParserInterface, RateLimitConfig, RegistryEntry, RegistryStats, RequestContext, RequestIdOptions, RequestScope, RequestWithExtras, ResourceCacheConfig, ResourceConfig, ResourceHookContext, ResourceHooks, ResourceMetadata, ResourcePermissions, RouteDefinition, RouteHandler, RouteHandlerMethod, RouteMcpConfig, RouteMethod, RouteSchemaOptions, ServiceContext, TokenPair, TypedController, TypedRepository, TypedResourceConfig, UserBase, UserLike, UserOrganization, ValidateOptions, ValidationResult, envelope, getOrgId, getOrgRoles, getTeamId, getUserId, hasOrgAccess, isAuthenticated, isElevated, isMember };

package/dist/types/index.mjs

@@ -1,3 +1,3 @@
 import { _ as isElevated, f as getTeamId, g as isAuthenticated, h as hasOrgAccess, n as PUBLIC_SCOPE, o as getOrgId, s as getOrgRoles, t as AUTHENTICATED_SCOPE, v as isMember } from "../types-AOD8fxIw.mjs";
-import { n as getUserId, t as envelope } from "../types-Csi3FLfq.mjs";
+import { n as getUserId, t as envelope } from "../types-CDnTEpga.mjs";
 export { AUTHENTICATED_SCOPE, PUBLIC_SCOPE, envelope, getOrgId, getOrgRoles, getTeamId, getUserId, hasOrgAccess, isAuthenticated, isElevated, isMember };

package/dist/types/storage.d.mts

@@ -1,2 +1,2 @@
-import { a as StorageReadResult, i as StorageReadRange, n as StorageContext, o as StorageUploadInput, r as StorageFile, t as Storage } from "../storage-CVk_SEn2.mjs";
+import { a as StorageReadResult, i as StorageReadRange, n as StorageContext, o as StorageUploadInput, r as StorageFile, t as Storage } from "../storage-BwGQXUpd.mjs";
 export { Storage, StorageContext, StorageFile, StorageReadRange, StorageReadResult, StorageUploadInput };

package/dist/{types-Btdda02s.d.mts → types-CVKBssX5.d.mts}

@@ -1,4 +1,4 @@
-import { G as ResourceDefinition } from "./index-Cl0uoKd5.mjs";
+import { B as ResourceDefinition } from "./index-BGbpGVyM.mjs";
 import { z } from "zod";
 
 //#region src/integrations/mcp/types.d.ts

package/dist/{types-Co8k3NyS.d.mts → types-CVdgPXBW.d.mts}

@@ -1,12 +1,13 @@
-import { n as ElevationOptions } from "./elevation-C5SwtkAn.mjs";
-import { M as Authenticator } from "./index-Cl0uoKd5.mjs";
-import { o as EventTransport } from "./EventTransport-CUw5NNWe.mjs";
-import { t as ExternalOpenApiPaths } from "./externalPaths-BQ8QijNH.mjs";
-import { r as CacheStore } from "./interface-D218ikEo.mjs";
-import { r as QueryCachePluginOptions } from "./queryCachePlugin-BKbWjgDG.mjs";
-import { t as EventPluginOptions } from "./eventPlugin-CxWgpd6K.mjs";
-import { a as VersioningOptions, g as CachingOptions, p as SSEOptions, t as ErrorHandlerOptions, u as MetricsOptions } from "./errorHandler-DRQ3EqfL.mjs";
-import { r as IdempotencyStore } from "./interface-CSbZdv_3.mjs";
+import { Gt as Authenticator } from "./index-BGbpGVyM.mjs";
+import { n as ElevationOptions } from "./elevation-s5ykdNHr.mjs";
+import { o as EventTransport } from "./EventTransport-CfVEGaEl.mjs";
+import { t as ExternalOpenApiPaths } from "./externalPaths-Bapitwvd.mjs";
+import { r as CacheStore } from "./interface-yhyb_pLY.mjs";
+import { r as QueryCachePluginOptions } from "./queryCachePlugin-Dumka73q.mjs";
+import { t as EventPluginOptions } from "./eventPlugin-D1ThQ1Pp.mjs";
+import { f as CachingOptions, l as SSEOptions, o as MetricsOptions, t as VersioningOptions } from "./versioning-CeUXHfjw.mjs";
+import { t as ErrorHandlerOptions } from "./errorHandler-2ii4RIYr.mjs";
+import { r as IdempotencyStore } from "./interface-B-pe8fhj.mjs";
 import { FastifyInstance, FastifyPluginAsync, FastifyReply, FastifyRequest, FastifyServerOptions } from "fastify";
 
 //#region src/factory/loadResources.d.ts
@@ -149,6 +150,18 @@ type HelmetOptions = Record<string, unknown>;
 type RateLimitOpts = Record<string, unknown> & {
   max?: number;
   timeWindow?: string | number;
+  /**
+   * Path patterns to exempt from rate limiting. Supports exact match
+   * (`/health`) or prefix match with trailing `*` (`/api/auth/*`).
+   *
+   * Implemented by synthesising a `@fastify/rate-limit` `allowList`
+   * function. When combined with a user-supplied `allowList`, both
+   * are OR-ed together (path OR ip/custom match skips the limit).
+   *
+   * Use this for endpoints that are hit frequently but independently
+   * of user traffic — session heartbeat, webhooks, health probes.
+   */
+  skipPaths?: string[];
 };
 /**
  * Arc's built-in JWT auth

package/dist/utils/index.d.mts

@@ -1,5 +1,6 @@
-import { Kt as QueryParserInterface, Wt as ParsedQuery, dn as AnyRecord, rt as OpenApiSchemas } from "../index-Cl0uoKd5.mjs";
-import { a as NotFoundError, c as RateLimitError, d as ValidationError, f as createDomainError, i as ForbiddenError, l as ServiceUnavailableError, m as isArcError, n as ConflictError, o as OrgAccessDeniedError, p as createError, r as ErrorDetails, s as OrgRequiredError, t as ArcError, u as UnauthorizedError } from "../errors-CCSsMpXE.mjs";
+import { S as QueryParserInterface, Yt as AnyRecord, b as ParsedQuery, mt as OpenApiSchemas } from "../index-BGbpGVyM.mjs";
+import { n as ErrorMapper } from "../errorHandler-2ii4RIYr.mjs";
+import { a as NotFoundError, c as RateLimitError, d as ValidationError, f as createDomainError, i as ForbiddenError, l as ServiceUnavailableError, m as isArcError, n as ConflictError, o as OrgAccessDeniedError, p as createError, r as ErrorDetails, s as OrgRequiredError, t as ArcError, u as UnauthorizedError } from "../errors-BI8kEKsO.mjs";
 import { FastifyInstance, FastifyReply, FastifyRequest, RouteHandlerMethod } from "fastify";
 
 //#region src/utils/circuitBreaker.d.ts
@@ -296,6 +297,22 @@ interface CompensationDefinition<TCtx extends Record<string, unknown> = Record<s
 }
 declare function defineCompensation<TCtx extends Record<string, unknown> = Record<string, unknown>>(name: string, steps: readonly CompensationStep<TCtx>[]): CompensationDefinition<TCtx>;
 //#endregion
+//#region src/utils/defineErrorMapper.d.ts
+/**
+ * Register an `ErrorMapper` with its domain-specific generic argument and
+ * have it assign cleanly into `ErrorMapper[]` (no `as unknown as ErrorMapper`).
+ *
+ * The returned mapper is identical at runtime — `type` and `toResponse` are
+ * passed through untouched. Only the declared type widens from
+ * `ErrorMapper<T>` to `ErrorMapper` so the array inference works.
+ *
+ * Safety: the `errorHandlerPlugin` dispatches via `error instanceof mapper.type`
+ * before invoking `toResponse`, so the widened callback signature is never
+ * called with a non-`T` error at runtime. This helper codifies that invariant
+ * in one place.
+ */
+declare function defineErrorMapper<T extends Error>(mapper: ErrorMapper<T>): ErrorMapper;
+//#endregion
 //#region src/utils/defineGuard.d.ts
 interface GuardConfig<T> {
   /** Unique name — used as the storage key on the request. */
@@ -765,6 +782,59 @@ declare function convertOpenApiSchemas(schemas: OpenApiSchemas, target?: JsonSch
  */
 declare function convertRouteSchema(schema: Record<string, unknown>, target?: JsonSchemaTarget): Record<string, unknown>;
 //#endregion
+//#region src/utils/simpleEqualityMatcher.d.ts
+/**
+ * `simpleEqualityMatcher` — a minimal, dialect-agnostic flat-key equality
+ * matcher for `DataAdapter.matchesFilter` / `BaseController({ matchesFilter })`.
+ *
+ * **What it does:** for each `[key, expected]` in the filter, compares
+ * `item[key]` to `expected` via string coercion (so Mongo `ObjectId` values
+ * match their string representation) and returns `true` only if every
+ * filter entry matches. Array item values are matched implicitly (contains).
+ *
+ * **What it does NOT do:**
+ * - No `$eq` / `$ne` / `$in` / `$nin` / `$gt` / `$lt` / `$regex` / `$exists`
+ * - No `$and` / `$or`
+ * - No dot-path traversal (`"owner.id"`)
+ * - No schema-specific coercion
+ *
+ * **Why it exists:** 95%+ of arc's `_policyFilters` are produced by built-in
+ * permission helpers and are shaped like `{ ownerId: "u1" }` or
+ * `{ organizationId: "org_x" }` — flat equality. For that common shape,
+ * this helper is a safe, tested, 15-line defense-in-depth matcher that
+ * hosts using minimal repos (no `getOne(compoundFilter)` DB path) can opt
+ * into without arc shipping a full Mongo-syntax engine.
+ *
+ * **When to use:**
+ * - Your adapter/repo doesn't natively filter on `getOne(compoundFilter)`
+ * - Your `_policyFilters` are flat equality (from arc's built-in permission helpers)
+ * - You want defense-in-depth on `validateItemAccess` / `fetchDetailed`'s `getById` fallback
+ *
+ * **When NOT to use:**
+ * - Your `_policyFilters` use operators (`$in`, `$ne`, etc.) — supply a
+ *   native matcher (mongokit's repo does the filter at the DB layer; for
+ *   custom repos, wrap the kit's own predicate engine).
+ * - You're a mongokit / sqlitekit / Prisma user — the DB-level filter
+ *   applied by `getOne(compoundFilter)` already covers this.
+ *
+ * @example
+ * ```ts
+ * import { simpleEqualityMatcher } from '@classytic/arc/utils';
+ *
+ * // On a custom adapter
+ * const adapter: DataAdapter = {
+ *   repository,
+ *   type: 'custom',
+ *   name: 'in-memory',
+ *   matchesFilter: simpleEqualityMatcher,
+ * };
+ *
+ * // Or directly on BaseController for ad-hoc controllers
+ * new BaseController(repo, { matchesFilter: simpleEqualityMatcher });
+ * ```
+ */
+declare function simpleEqualityMatcher(item: unknown, filters: Record<string, unknown>): boolean;
+//#endregion
 //#region src/utils/stateMachine.d.ts
 /**
  * State Machine Utility
@@ -895,4 +965,4 @@ declare function hasEvents(instance: FastifyInstance): instance is FastifyInstan
   events: EventsDecorator;
 };
 //#endregion
-export { ArcError, ArcQueryParser, type ArcQueryParserOptions, CircuitBreaker, CircuitBreakerError, type CircuitBreakerOptions, CircuitBreakerRegistry, type CircuitBreakerStats, CircuitState, type CompensationDefinition, type CompensationError, type CompensationHooks, type CompensationResult, type CompensationStep, ConflictError, type ErrorDetails, type EventsDecorator, ForbiddenError, type Guard, type GuardConfig, type JsonSchema, type JsonSchemaTarget, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, type StateMachine, type TransitionConfig, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createDomainError, createError, createQueryParser, createStateMachine, defineCompensation, defineGuard, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, handleRaw, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };
+export { ArcError, ArcQueryParser, type ArcQueryParserOptions, CircuitBreaker, CircuitBreakerError, type CircuitBreakerOptions, CircuitBreakerRegistry, type CircuitBreakerStats, CircuitState, type CompensationDefinition, type CompensationError, type CompensationHooks, type CompensationResult, type CompensationStep, ConflictError, type ErrorDetails, type EventsDecorator, ForbiddenError, type Guard, type GuardConfig, type JsonSchema, type JsonSchemaTarget, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, type StateMachine, type TransitionConfig, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createDomainError, createError, createQueryParser, createStateMachine, defineCompensation, defineErrorMapper, defineGuard, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, handleRaw, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, simpleEqualityMatcher, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };

package/dist/utils/index.mjs

@@ -1,6 +1,6 @@
-import { a as OrgAccessDeniedError, c as ServiceUnavailableError, d as createDomainError, f as createError, i as NotFoundError, l as UnauthorizedError, n as ConflictError, o as OrgRequiredError, p as isArcError, r as ForbiddenError, s as RateLimitError, t as ArcError, u as ValidationError } from "../errors-D5c-5BJL.mjs";
-import { n as createQueryParser, t as ArcQueryParser } from "../queryParser-DBqBB6AC.mjs";
-import { C as createCircuitBreakerRegistry, S as createCircuitBreaker, _ as withCompensation, a as getListQueryParams, b as CircuitBreakerRegistry, c as mutationResponse, d as responses, f as successResponseSchema, g as defineCompensation, h as defineGuard, i as getDefaultCrudSchemas, l as paginationSchema, m as handleRaw, n as deleteResponse, o as itemResponse, p as wrapResponse, r as errorResponseSchema, s as listResponse, t as createStateMachine, u as queryParams, v as CircuitBreaker, x as CircuitState, y as CircuitBreakerError } from "../utils-B2fNOD_i.mjs";
+import { n as createQueryParser, r as simpleEqualityMatcher, t as ArcQueryParser } from "../queryParser-NR__Qiju.mjs";
+import { a as OrgAccessDeniedError, c as ServiceUnavailableError, d as createDomainError, f as createError, i as NotFoundError, l as UnauthorizedError, n as ConflictError, o as OrgRequiredError, p as isArcError, r as ForbiddenError, s as RateLimitError, t as ArcError, u as ValidationError } from "../errors-BqdUDja_.mjs";
+import { C as createCircuitBreaker, S as CircuitState, _ as defineCompensation, a as getListQueryParams, b as CircuitBreakerError, c as mutationResponse, d as responses, f as successResponseSchema, g as defineErrorMapper, h as defineGuard, i as getDefaultCrudSchemas, l as paginationSchema, m as handleRaw, n as deleteResponse, o as itemResponse, p as wrapResponse, r as errorResponseSchema, s as listResponse, t as createStateMachine, u as queryParams, v as withCompensation, w as createCircuitBreakerRegistry, x as CircuitBreakerRegistry, y as CircuitBreaker } from "../utils-LMwVidKy.mjs";
 import { a as toJsonSchema, i as isZodSchema, n as convertRouteSchema, r as isJsonSchema, t as convertOpenApiSchemas } from "../schemaConverter-BxFDdtXu.mjs";
 import { t as hasEvents } from "../typeGuards-Cj5Rgvlg.mjs";
-export { ArcError, ArcQueryParser, CircuitBreaker, CircuitBreakerError, CircuitBreakerRegistry, CircuitState, ConflictError, ForbiddenError, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createDomainError, createError, createQueryParser, createStateMachine, defineCompensation, defineGuard, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, handleRaw, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };
+export { ArcError, ArcQueryParser, CircuitBreaker, CircuitBreakerError, CircuitBreakerRegistry, CircuitState, ConflictError, ForbiddenError, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createDomainError, createError, createQueryParser, createStateMachine, defineCompensation, defineErrorMapper, defineGuard, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, handleRaw, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, simpleEqualityMatcher, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };

package/dist/{utils-B2fNOD_i.mjs → utils-LMwVidKy.mjs}

@@ -1,4 +1,4 @@
-import { t as ArcError } from "./errors-D5c-5BJL.mjs";
+import { t as ArcError } from "./errors-BqdUDja_.mjs";
 //#region src/utils/circuitBreaker.ts
 /**
 * Circuit Breaker Pattern
@@ -353,6 +353,24 @@ function defineCompensation(name, steps) {
 	};
 }
 //#endregion
+//#region src/utils/defineErrorMapper.ts
+/**
+* Register an `ErrorMapper` with its domain-specific generic argument and
+* have it assign cleanly into `ErrorMapper[]` (no `as unknown as ErrorMapper`).
+*
+* The returned mapper is identical at runtime — `type` and `toResponse` are
+* passed through untouched. Only the declared type widens from
+* `ErrorMapper<T>` to `ErrorMapper` so the array inference works.
+*
+* Safety: the `errorHandlerPlugin` dispatches via `error instanceof mapper.type`
+* before invoking `toResponse`, so the widened callback signature is never
+* called with a non-`T` error at runtime. This helper codifies that invariant
+* in one place.
+*/
+function defineErrorMapper(mapper) {
+	return mapper;
+}
+//#endregion
 //#region src/utils/defineGuard.ts
 /** Hidden property key for guard context storage on the request object. */
 const GUARD_STORE_KEY = "__arcGuardContext";
@@ -926,4 +944,4 @@ function createStateMachine(name, transitions = {}, options = {}) {
 	};
 }
 //#endregion
-export { createCircuitBreakerRegistry as C, createCircuitBreaker as S, withCompensation as _, getListQueryParams as a, CircuitBreakerRegistry as b, mutationResponse as c, responses as d, successResponseSchema as f, defineCompensation as g, defineGuard as h, getDefaultCrudSchemas as i, paginationSchema as l, handleRaw as m, deleteResponse as n, itemResponse as o, wrapResponse as p, errorResponseSchema as r, listResponse as s, createStateMachine as t, queryParams as u, CircuitBreaker as v, CircuitState as x, CircuitBreakerError as y };
+export { createCircuitBreaker as C, CircuitState as S, defineCompensation as _, getListQueryParams as a, CircuitBreakerError as b, mutationResponse as c, responses as d, successResponseSchema as f, defineErrorMapper as g, defineGuard as h, getDefaultCrudSchemas as i, paginationSchema as l, handleRaw as m, deleteResponse as n, itemResponse as o, wrapResponse as p, errorResponseSchema as r, listResponse as s, createStateMachine as t, queryParams as u, withCompensation as v, createCircuitBreakerRegistry as w, CircuitBreakerRegistry as x, CircuitBreaker as y };

package/dist/versioning-CeUXHfjw.d.mts

@@ -0,0 +1,117 @@
+import { n as DomainEvent } from "./EventTransport-CfVEGaEl.mjs";
+import { FastifyPluginAsync, FastifyRequest } from "fastify";
+
+//#region src/plugins/caching.d.ts
+interface CachingRule {
+  /** Path prefix to match (e.g., '/api/products') */
+  match: string;
+  /** Cache-Control max-age in seconds */
+  maxAge: number;
+  /** Cache-Control: private vs public (default: public) */
+  private?: boolean;
+  /** stale-while-revalidate directive in seconds */
+  staleWhileRevalidate?: number;
+}
+interface CachingOptions {
+  /** Default max-age in seconds for Cache-Control (default: 0 = no-cache) */
+  maxAge?: number;
+  /** Enable ETag generation (default: true) */
+  etag?: boolean;
+  /** Enable conditional requests — 304 Not Modified (default: true) */
+  conditional?: boolean;
+  /** HTTP methods to cache (default: ['GET', 'HEAD']) */
+  methods?: string[];
+  /** Paths to exclude from caching (prefix match) */
+  exclude?: string[];
+  /** Custom cache rules per path prefix */
+  rules?: CachingRule[];
+}
+declare const cachingPlugin: FastifyPluginAsync<CachingOptions>;
+declare const _default$3: FastifyPluginAsync<CachingOptions>;
+//#endregion
+//#region src/plugins/sse.d.ts
+interface SSEOptions {
+  /** SSE endpoint path (default: '/events/stream') */
+  path?: string;
+  /** Require authentication (default: true) */
+  requireAuth?: boolean;
+  /** Event patterns to stream (default: ['*'] = all) */
+  patterns?: string[];
+  /** Heartbeat interval in ms (default: 30000) */
+  heartbeat?: number;
+  /** Filter events by organizationId from request.scope (default: false) */
+  orgScoped?: boolean;
+  /** Custom event filter function */
+  filter?: (event: DomainEvent<unknown>, request: FastifyRequest) => boolean;
+}
+declare const ssePlugin: FastifyPluginAsync<SSEOptions>;
+declare const _default$2: FastifyPluginAsync<SSEOptions>;
+//#endregion
+//#region src/plugins/metrics.d.ts
+interface MetricsOptions {
+  /** Endpoint path (default: '/_metrics') */
+  path?: string;
+  /** Prefix for all metric names (default: 'arc') */
+  prefix?: string;
+  /** Called after metrics are collected (for OTLP push, etc.) */
+  onCollect?: (metrics: MetricEntry[]) => void;
+}
+interface MetricEntry {
+  name: string;
+  type: "counter" | "histogram" | "gauge";
+  help: string;
+  values: Array<{
+    labels: Record<string, string>;
+    value: number;
+  }>;
+}
+interface MetricsCollector {
+  /** Get all metrics as structured data */
+  collect(): MetricEntry[];
+  /** Reset all metrics */
+  reset(): void;
+  /** Record a CRUD operation */
+  recordOperation(resource: string, operation: string, status: number, durationMs: number): void;
+  /** Record a cache hit */
+  recordCacheHit(resource: string): void;
+  /** Record a cache miss */
+  recordCacheMiss(resource: string): void;
+  /** Record an event publish */
+  recordEventPublish(eventType: string): void;
+  /** Record an event consume */
+  recordEventConsume(eventType: string): void;
+  /** Record a circuit breaker state change */
+  recordCircuitBreakerState(service: string, state: string): void;
+}
+declare module "fastify" {
+  interface FastifyInstance {
+    metrics: MetricsCollector;
+  }
+}
+declare const metricsPlugin: FastifyPluginAsync<MetricsOptions>;
+declare const _default$1: FastifyPluginAsync<MetricsOptions>;
+//#endregion
+//#region src/plugins/versioning.d.ts
+interface VersioningOptions {
+  /** Versioning strategy */
+  type: "header" | "prefix";
+  /** Default version when none specified (default: '1') */
+  defaultVersion?: string;
+  /** Header name to read (default: 'accept-version') */
+  headerName?: string;
+  /** Response header name (default: 'x-api-version') */
+  responseHeader?: string;
+  /** Deprecated versions — adds Deprecation + Sunset headers */
+  deprecated?: string[];
+  /** Sunset date for deprecated versions (ISO 8601) */
+  sunset?: string;
+}
+declare module "fastify" {
+  interface FastifyRequest {
+    apiVersion: string;
+  }
+}
+declare const versioningPlugin: FastifyPluginAsync<VersioningOptions>;
+declare const _default: FastifyPluginAsync<VersioningOptions>;
+//#endregion
+export { MetricsCollector as a, metricsPlugin as c, ssePlugin as d, CachingOptions as f, cachingPlugin as h, MetricEntry as i, SSEOptions as l, _default$3 as m, _default as n, MetricsOptions as o, CachingRule as p, versioningPlugin as r, _default$1 as s, VersioningOptions as t, _default$2 as u };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@classytic/arc",
-  "version": "2.10.3",
+  "version": "2.10.8",
   "description": "Resource-oriented backend framework for Fastify — clean, minimal, powerful, tree-shakable",
   "type": "module",
   "exports": {
@@ -64,6 +64,22 @@
       "types": "./dist/hooks/index.d.mts",
       "default": "./dist/hooks/index.mjs"
     },
+    "./middleware": {
+      "types": "./dist/middleware/index.d.mts",
+      "default": "./dist/middleware/index.mjs"
+    },
+    "./pipeline": {
+      "types": "./dist/pipeline/index.d.mts",
+      "default": "./dist/pipeline/index.mjs"
+    },
+    "./context": {
+      "types": "./dist/context/index.d.mts",
+      "default": "./dist/context/index.mjs"
+    },
+    "./logger": {
+      "types": "./dist/logger/index.d.mts",
+      "default": "./dist/logger/index.mjs"
+    },
     "./registry": {
       "types": "./dist/registry/index.d.mts",
       "default": "./dist/registry/index.mjs"
@@ -223,8 +239,8 @@
     "node": ">=22"
   },
   "peerDependencies": {
-    "@classytic/mongokit": ">=3.10.2",
-    "@classytic/repo-core": ">=0.1.0",
+    "@classytic/mongokit": ">=3.11.0",
+    "@classytic/repo-core": ">=0.2.0",
     "@classytic/streamline": ">=2.1.0",
     "@fastify/cors": ">=11.0.0",
     "@fastify/helmet": ">=13.0.0",
@@ -347,9 +363,9 @@
     "@better-auth/drizzle-adapter": "^1.6.2",
     "@better-auth/mongo-adapter": "^1.6.2",
     "@biomejs/biome": "^2.4.11",
-    "@classytic/mongokit": "^3.10.2",
-    "@classytic/repo-core": "^0.1.0",
-    "@classytic/sqlitekit": "^0.1.0",
+    "@classytic/mongokit": "^3.11.0",
+    "@classytic/repo-core": "^0.2.0",
+    "@classytic/sqlitekit": "^0.2.0",
     "@classytic/streamline": "^2.1.0",
     "@fastify/cors": "^11.2.0",
     "@fastify/helmet": "^13.0.2",

package/skills/arc/SKILL.md

@@ -787,7 +787,7 @@ afterUpdate(hooks, 'product', async (ctx) => { await invalidateCache(ctx.result.
 ## Pipeline
 
 ```typescript
-import { guard, transform, intercept } from '@classytic/arc';
+import { guard, transform, intercept } from '@classytic/arc/pipeline';
 
 defineResource({
   pipe: {

package/dist/errorHandler-DRQ3EqfL.d.mts

@@ -1,218 +0,0 @@
-import { n as DomainEvent } from "./EventTransport-CUw5NNWe.mjs";
-import { FastifyInstance, FastifyPluginAsync, FastifyRequest } from "fastify";
-
-//#region src/plugins/caching.d.ts
-interface CachingRule {
-  /** Path prefix to match (e.g., '/api/products') */
-  match: string;
-  /** Cache-Control max-age in seconds */
-  maxAge: number;
-  /** Cache-Control: private vs public (default: public) */
-  private?: boolean;
-  /** stale-while-revalidate directive in seconds */
-  staleWhileRevalidate?: number;
-}
-interface CachingOptions {
-  /** Default max-age in seconds for Cache-Control (default: 0 = no-cache) */
-  maxAge?: number;
-  /** Enable ETag generation (default: true) */
-  etag?: boolean;
-  /** Enable conditional requests — 304 Not Modified (default: true) */
-  conditional?: boolean;
-  /** HTTP methods to cache (default: ['GET', 'HEAD']) */
-  methods?: string[];
-  /** Paths to exclude from caching (prefix match) */
-  exclude?: string[];
-  /** Custom cache rules per path prefix */
-  rules?: CachingRule[];
-}
-declare const cachingPlugin: FastifyPluginAsync<CachingOptions>;
-declare const _default$3: FastifyPluginAsync<CachingOptions>;
-//#endregion
-//#region src/plugins/sse.d.ts
-interface SSEOptions {
-  /** SSE endpoint path (default: '/events/stream') */
-  path?: string;
-  /** Require authentication (default: true) */
-  requireAuth?: boolean;
-  /** Event patterns to stream (default: ['*'] = all) */
-  patterns?: string[];
-  /** Heartbeat interval in ms (default: 30000) */
-  heartbeat?: number;
-  /** Filter events by organizationId from request.scope (default: false) */
-  orgScoped?: boolean;
-  /** Custom event filter function */
-  filter?: (event: DomainEvent<unknown>, request: FastifyRequest) => boolean;
-}
-declare const ssePlugin: FastifyPluginAsync<SSEOptions>;
-declare const _default$2: FastifyPluginAsync<SSEOptions>;
-//#endregion
-//#region src/plugins/metrics.d.ts
-interface MetricsOptions {
-  /** Endpoint path (default: '/_metrics') */
-  path?: string;
-  /** Prefix for all metric names (default: 'arc') */
-  prefix?: string;
-  /** Called after metrics are collected (for OTLP push, etc.) */
-  onCollect?: (metrics: MetricEntry[]) => void;
-}
-interface MetricEntry {
-  name: string;
-  type: "counter" | "histogram" | "gauge";
-  help: string;
-  values: Array<{
-    labels: Record<string, string>;
-    value: number;
-  }>;
-}
-interface MetricsCollector {
-  /** Get all metrics as structured data */
-  collect(): MetricEntry[];
-  /** Reset all metrics */
-  reset(): void;
-  /** Record a CRUD operation */
-  recordOperation(resource: string, operation: string, status: number, durationMs: number): void;
-  /** Record a cache hit */
-  recordCacheHit(resource: string): void;
-  /** Record a cache miss */
-  recordCacheMiss(resource: string): void;
-  /** Record an event publish */
-  recordEventPublish(eventType: string): void;
-  /** Record an event consume */
-  recordEventConsume(eventType: string): void;
-  /** Record a circuit breaker state change */
-  recordCircuitBreakerState(service: string, state: string): void;
-}
-declare module "fastify" {
-  interface FastifyInstance {
-    metrics: MetricsCollector;
-  }
-}
-declare const metricsPlugin: FastifyPluginAsync<MetricsOptions>;
-declare const _default$1: FastifyPluginAsync<MetricsOptions>;
-//#endregion
-//#region src/plugins/versioning.d.ts
-interface VersioningOptions {
-  /** Versioning strategy */
-  type: "header" | "prefix";
-  /** Default version when none specified (default: '1') */
-  defaultVersion?: string;
-  /** Header name to read (default: 'accept-version') */
-  headerName?: string;
-  /** Response header name (default: 'x-api-version') */
-  responseHeader?: string;
-  /** Deprecated versions — adds Deprecation + Sunset headers */
-  deprecated?: string[];
-  /** Sunset date for deprecated versions (ISO 8601) */
-  sunset?: string;
-}
-declare module "fastify" {
-  interface FastifyRequest {
-    apiVersion: string;
-  }
-}
-declare const versioningPlugin: FastifyPluginAsync<VersioningOptions>;
-declare const _default: FastifyPluginAsync<VersioningOptions>;
-//#endregion
-//#region src/plugins/errorHandler.d.ts
-/** Class-based error mapper — maps thrown error instances to HTTP responses */
-interface ErrorMapper<T extends Error = Error> {
-  /** Error class to match (uses instanceof) */
-  type: new (...args: unknown[]) => T;
-  /** Convert the error to an HTTP response shape */
-  toResponse: (error: T) => {
-    status: number;
-    code?: string;
-    message?: string;
-    details?: Record<string, unknown>;
-  };
-}
-interface ErrorHandlerOptions {
-  /**
-   * Include stack trace in error responses (default: false in production)
-   */
-  includeStack?: boolean;
-  /**
-   * Custom error callback for logging to external services
-   */
-  onError?: (error: Error, request: FastifyRequest) => void | Promise<void>;
-  /**
-   * Map specific error types to custom responses (by error.name string)
-   */
-  errorMap?: Record<string, {
-    statusCode: number;
-    code: string;
-    message?: string;
-  }>;
-  /**
-   * Class-based error mappers — checked via `instanceof`, highest priority.
-   *
-   * Register your domain error classes once; Arc auto-catches and maps them
-   * in every handler. Handlers just `throw` — no try/catch needed.
-   *
-   * @example
-   * ```typescript
-   * class AccountingError extends Error {
-   *   constructor(message: string, public status: number, public code: string) {
-   *     super(message);
-   *   }
-   * }
-   *
-   * const app = await createApp({
-   *   errorHandler: {
-   *     errorMappers: [
-   *       {
-   *         type: AccountingError,
-   *         toResponse: (err) => ({ status: err.status, code: err.code, message: err.message }),
-   *       },
-   *     ],
-   *   },
-   * });
-   *
-   * // Now handlers just throw:
-   * handler: async (req) => {
-   *   await ledger.post(id); // throws AccountingError → Arc maps to proper HTTP response
-   * }
-   * ```
-   */
-  errorMappers?: ErrorMapper[];
-  /**
-   * Classify an error as a duplicate-key / unique-constraint violation →
-   * mapped to `409 Conflict` with `code: "DUPLICATE_KEY"`.
-   *
-   * Mirrors `RepositoryLike.isDuplicateKeyError` for the Fastify layer: errors
-   * that escape a controller (custom routes, user hooks, raw driver calls)
-   * still land here, so the classifier is duplicated at the edge. Defaults
-   * cover MongoDB (`code 11000` / `codeName "DuplicateKey"`), Prisma
-   * (`code "P2002"`), and Postgres (`code "23505"`). Override to add other
-   * backends (DynamoDB `ConditionalCheckFailedException`, etc.) or to disable
-   * the built-in detection.
-   */
-  isDuplicateKeyError?: (err: unknown) => boolean;
-}
-/**
- * Default duplicate-key detector covering the mainstream drivers arc sees
- * most. Detection is strictly by known driver codes — never by message
- * string matching — because false positives on dup-key silently mask real
- * errors (WriteConflict, NotWritablePrimary, etc.) as 409s. For long-tail
- * drivers (Neo4j, MSSQL, DynamoDB, custom kits), compose rather than
- * replace:
- *
- * ```ts
- * import { defaultIsDuplicateKeyError } from '@classytic/arc/plugins';
- *
- * errorHandler: {
- *   isDuplicateKeyError: (err) =>
- *     defaultIsDuplicateKeyError(err) || isNeo4jDupKey(err),
- * }
- * ```
- *
- * Drizzle apps get coverage transitively (Drizzle doesn't wrap driver
- * errors — pg/mysql2/better-sqlite3 codes propagate as-is). Neon is
- * Postgres-wire-compatible → `23505` covers `@neondatabase/serverless`.
- */
-declare function defaultIsDuplicateKeyError(err: unknown): boolean;
-declare function errorHandlerPluginFn(fastify: FastifyInstance, options?: ErrorHandlerOptions): Promise<void>;
-declare const errorHandlerPlugin: typeof errorHandlerPluginFn;
-//#endregion
-export { CachingRule as _, VersioningOptions as a, MetricEntry as c, _default$1 as d, metricsPlugin as f, CachingOptions as g, ssePlugin as h, errorHandlerPlugin as i, MetricsCollector as l, _default$2 as m, ErrorMapper as n, _default as o, SSEOptions as p, defaultIsDuplicateKeyError as r, versioningPlugin as s, ErrorHandlerOptions as t, MetricsOptions as u, _default$3 as v, cachingPlugin as y };