npm - @classytic/arc - Versions diffs - 2.10.3 → 2.11.0 - Mend

@classytic/arc 2.10.3 → 2.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (153) hide show

package/README.md +1 -1
package/dist/{BaseController-CbKKIflT.mjs → BaseController-JNV08qOT.mjs} +595 -537
package/dist/{queryCachePlugin-BKbWjgDG.d.mts → QueryCache-DOBNHBE0.d.mts} +2 -32
package/dist/actionPermissions-C8YYU92K.mjs +22 -0
package/dist/adapters/index.d.mts +2 -2
package/dist/adapters/index.mjs +1 -1
package/dist/{adapters-BXY4i-hw.mjs → adapters-D0tT2Tyo.mjs} +54 -0
package/dist/audit/index.d.mts +2 -2
package/dist/audit/index.mjs +15 -17
package/dist/auth/index.d.mts +4 -4
package/dist/auth/index.mjs +3 -3
package/dist/auth/redis-session.d.mts +1 -1
package/dist/{betterAuthOpenApi-BBRVhjQN.mjs → betterAuthOpenApi-DwxtK3uG.mjs} +1 -1
package/dist/cache/index.d.mts +3 -2
package/dist/cache/index.mjs +3 -3
package/dist/cli/commands/docs.mjs +2 -2
package/dist/cli/commands/generate.mjs +37 -27
package/dist/cli/commands/init.mjs +47 -34
package/dist/cli/commands/introspect.mjs +1 -1
package/dist/context/index.d.mts +58 -0
package/dist/context/index.mjs +2 -0
package/dist/core/index.d.mts +3 -3
package/dist/core/index.mjs +4 -3
package/dist/core-DXdSSFW-.mjs +1037 -0
package/dist/createActionRouter-BwaSM0No.mjs +166 -0
package/dist/{createApp-BuvPma24.mjs → createApp-DvNYEhpb.mjs} +118 -36
package/dist/docs/index.d.mts +2 -2
package/dist/docs/index.mjs +1 -1
package/dist/{elevation-C7hgL_aI.mjs → elevation-DOFoxoDs.mjs} +1 -1
package/dist/errorHandler-Co3lnVmJ.d.mts +114 -0
package/dist/{eventPlugin-DCUjuiQT.mjs → eventPlugin--5HIkdPU.mjs} +1 -1
package/dist/{eventPlugin-CxWgpd6K.d.mts → eventPlugin-CUNjYYRY.d.mts} +1 -1
package/dist/events/index.d.mts +4 -4
package/dist/events/index.mjs +69 -51
package/dist/events/transports/redis-stream-entry.d.mts +1 -1
package/dist/events/transports/redis.d.mts +1 -1
package/dist/factory/index.d.mts +1 -1
package/dist/factory/index.mjs +2 -2
package/dist/{fields-Lo1VUDpt.d.mts → fields-C8Y0XLAu.d.mts} +1 -1
package/dist/hooks/index.d.mts +1 -1
package/dist/hooks/index.mjs +1 -1
package/dist/idempotency/index.d.mts +3 -3
package/dist/idempotency/index.mjs +38 -27
package/dist/idempotency/redis.d.mts +1 -1
package/dist/{index-ChIw3776.d.mts → index-BYCqHCVu.d.mts} +4 -4
package/dist/{index-Cl0uoKd5.d.mts → index-Cm0vUrr_.d.mts} +2100 -1688
package/dist/{index-DStwgFUK.d.mts → index-DAushRTt.d.mts} +29 -10
package/dist/index-DsJ1MNfC.d.mts +1179 -0
package/dist/{index-8qw4y6ff.d.mts → index-t8pLpPFW.d.mts} +13 -10
package/dist/index.d.mts +7 -251
package/dist/index.mjs +8 -128
package/dist/integrations/event-gateway.d.mts +2 -2
package/dist/integrations/event-gateway.mjs +1 -1
package/dist/integrations/index.d.mts +2 -2
package/dist/integrations/mcp/index.d.mts +2 -2
package/dist/integrations/mcp/index.mjs +1 -1
package/dist/integrations/mcp/testing.d.mts +1 -1
package/dist/integrations/mcp/testing.mjs +1 -1
package/dist/integrations/streamline.d.mts +46 -5
package/dist/integrations/streamline.mjs +50 -21
package/dist/integrations/websocket-redis.d.mts +1 -1
package/dist/integrations/websocket.d.mts +2 -154
package/dist/integrations/websocket.mjs +292 -224
package/dist/{keys-qcD-TVJl.mjs → keys-CARyUjiR.mjs} +2 -0
package/dist/{loadResources-BAzJItAJ.mjs → loadResources-YNwKHvRA.mjs} +3 -1
package/dist/logger/index.d.mts +81 -0
package/dist/{logger-DLg8-Ueg.mjs → logger/index.mjs} +1 -6
package/dist/middleware/index.d.mts +109 -0
package/dist/middleware/index.mjs +70 -0
package/dist/multipartBody-CvTR1Un6.mjs +123 -0
package/dist/{openapi-B5F8AddX.mjs → openapi-C0L9ar7m.mjs} +9 -7
package/dist/org/index.d.mts +2 -2
package/dist/permissions/index.d.mts +2 -2
package/dist/permissions/index.mjs +1 -3
package/dist/{permissions-Dk6mshja.mjs → permissions-B4vU9L0Q.mjs} +220 -2
package/dist/pipe-DVoIheVC.mjs +62 -0
package/dist/pipeline/index.d.mts +62 -0
package/dist/pipeline/index.mjs +53 -0
package/dist/plugins/index.d.mts +25 -5
package/dist/plugins/index.mjs +10 -10
package/dist/plugins/response-cache.mjs +1 -1
package/dist/plugins/tracing-entry.d.mts +1 -1
package/dist/plugins/tracing-entry.mjs +42 -24
package/dist/presets/filesUpload.d.mts +4 -4
package/dist/presets/filesUpload.mjs +255 -1
package/dist/presets/index.d.mts +1 -1
package/dist/presets/index.mjs +2 -2
package/dist/presets/multiTenant.d.mts +1 -1
package/dist/presets/multiTenant.mjs +48 -8
package/dist/presets/search.d.mts +2 -2
package/dist/presets/search.mjs +1 -1
package/dist/{presets-fLJVXdVn.mjs → presets-k604Lj99.mjs} +1 -1
package/dist/queryCachePlugin-BUXBSm4F.d.mts +34 -0
package/dist/{queryCachePlugin-DQCEfJis.mjs → queryCachePlugin-Bq6bO6vc.mjs} +3 -3
package/dist/{redis-DqyeggCa.d.mts → redis-Cm1gnRDf.d.mts} +1 -1
package/dist/{redis-stream-CakIQmwR.d.mts → redis-stream-CM8TXTix.d.mts} +1 -1
package/dist/registry/index.d.mts +1 -1
package/dist/registry/index.mjs +2 -2
package/dist/{requestContext-xHIKedG6.mjs → requestContext-CfRkaxwf.mjs} +1 -1
package/dist/{resourceToTools-BElv3xPT.mjs → resourceToTools--okX6QBr.mjs} +534 -415
package/dist/routerShared-DeESFp4a.mjs +515 -0
package/dist/schemaIR-BlG9bY7v.mjs +137 -0
package/dist/scope/index.d.mts +2 -2
package/dist/scope/index.mjs +1 -1
package/dist/{sse-yBCgOLGu.mjs → sse-V7aXc3bW.mjs} +1 -1
package/dist/{store-helpers-ZCSMJJAX.mjs → store-helpers-BhrzxvyQ.mjs} +4 -0
package/dist/testing/index.d.mts +367 -711
package/dist/testing/index.mjs +646 -1434
package/dist/testing/storageContract.d.mts +1 -1
package/dist/{tracing-65B51Dw3.d.mts → tracing-DokiEsuz.d.mts} +9 -4
package/dist/types/index.d.mts +5 -5
package/dist/types/index.mjs +1 -3
package/dist/types/storage.d.mts +1 -1
package/dist/{types-Co8k3NyS.d.mts → types-CgikqKAj.d.mts} +133 -21
package/dist/{types-Btdda02s.d.mts → types-D9NqiYIw.d.mts} +1 -1
package/dist/utils/index.d.mts +2 -898
package/dist/utils/index.mjs +4 -5
package/dist/utils-D3Yxnrwr.mjs +1639 -0
package/dist/versioning-M9lNLhO8.d.mts +117 -0
package/dist/websocket-CyJ1VIFI.d.mts +186 -0
package/package.json +26 -8
package/skills/arc/SKILL.md +124 -39
package/skills/arc/references/testing.md +212 -183
package/dist/applyPermissionResult-QhV1Pa-g.mjs +0 -37
package/dist/core-CcR01lup.mjs +0 -1411
package/dist/createActionRouter-Bp_5c_2b.mjs +0 -249
package/dist/errorHandler-DRQ3EqfL.d.mts +0 -218
package/dist/errors-CCSsMpXE.d.mts +0 -140
package/dist/fields-bxkeltzz.mjs +0 -126
package/dist/filesUpload-t21LS-py.mjs +0 -377
package/dist/queryParser-DBqBB6AC.mjs +0 -352
package/dist/types-Csi3FLfq.mjs +0 -27
package/dist/utils-B2fNOD_i.mjs +0 -929
/package/dist/{EventTransport-CUw5NNWe.d.mts → EventTransport-CfVEGaEl.d.mts} +0 -0
/package/dist/{HookSystem-BNYKnrXF.mjs → HookSystem-CGsMd6oK.mjs} +0 -0
/package/dist/{ResourceRegistry-BPd6NQDm.mjs → ResourceRegistry-DkAeAuTX.mjs} +0 -0
/package/dist/{caching-CBpK_SCM.mjs → caching-CheW3m-S.mjs} +0 -0
/package/dist/{elevation-C5SwtkAn.d.mts → elevation-s5ykdNHr.d.mts} +0 -0
/package/dist/{errorHandler-Bb49BvPD.mjs → errorHandler-BQm8ZxTK.mjs} +0 -0
/package/dist/{externalPaths-BQ8QijNH.d.mts → externalPaths-Bapitwvd.d.mts} +0 -0
/package/dist/{interface-CSbZdv_3.d.mts → interface-CkkWm5uR.d.mts} +0 -0
/package/dist/{interface-D218ikEo.d.mts → interface-Da0r7Lna.d.mts} +0 -0
/package/dist/{memory-B5Amv9A1.mjs → memory-DikHSvWa.mjs} +0 -0
/package/dist/{metrics-DuhiSEZI.mjs → metrics-Csh4nsvv.mjs} +0 -0
/package/dist/{pluralize-A0tWEl1K.mjs → pluralize-BneOJkpi.mjs} +0 -0
/package/dist/{registry-B3lRFBWo.mjs → registry-D63ee7fl.mjs} +0 -0
/package/dist/{replyHelpers-CXtJDAZ0.mjs → replyHelpers-ByllIXXV.mjs} +0 -0
/package/dist/{schemaConverter-BxFDdtXu.mjs → schemaConverter-B0oKLuqI.mjs} +0 -0
/package/dist/{sessionManager-BkzVU8h2.d.mts → sessionManager-D-oNWHz3.d.mts} +0 -0
/package/dist/{storage-CVk_SEn2.d.mts → storage-BwGQXUpd.d.mts} +0 -0
/package/dist/{typeGuards-Cj5Rgvlg.mjs → typeGuards-CcFZXgU7.mjs} +0 -0
/package/dist/{types-BD85MlEK.d.mts → types-tgR4Pt8F.d.mts} +0 -0
/package/dist/{versioning-C2U_bLY0.mjs → versioning-CGPjkqAg.mjs} +0 -0

package/dist/{queryCachePlugin-BKbWjgDG.d.mts → QueryCache-DOBNHBE0.d.mts} RENAMED Viewed

@@ -1,5 +1,4 @@
-import { r as CacheStore } from "./interface-D218ikEo.mjs";
-import { FastifyPluginAsync } from "fastify";
+import { r as CacheStore } from "./interface-Da0r7Lna.mjs";
 //#region src/cache/QueryCache.d.ts
 /** Metadata wrapper stored in CacheStore */
@@ -39,33 +38,4 @@ declare class QueryCache {
   bumpTagVersion(tag: string): Promise<void>;
 }
 //#endregion
-//#region src/cache/queryCachePlugin.d.ts
-interface QueryCachePluginOptions {
-  /** CacheStore instance. Default: MemoryCacheStore with default options. */
-  store?: CacheStore;
-  /** Global defaults for staleTime/gcTime (seconds) */
-  defaults?: {
-    staleTime?: number;
-    gcTime?: number;
-  };
-}
-interface QueryCacheDefaults {
-  staleTime: number;
-  gcTime: number;
-}
-/** Cross-resource invalidation rules collected from resource configs */
-interface CrossResourceRule {
-  pattern: string;
-  tags: string[];
-}
-declare module "fastify" {
-  interface FastifyInstance {
-    queryCache: QueryCache;
-    queryCacheConfig: QueryCacheDefaults;
-    /** Register cross-resource invalidation rules (called by defineResource) */
-    registerCacheInvalidationRule?(rule: CrossResourceRule): void;
-  }
-}
-declare const queryCachePlugin: FastifyPluginAsync<QueryCachePluginOptions>;
-//#endregion
-export { CacheEnvelope as a, QueryCache as c, queryCachePlugin as i, QueryCacheConfig as l, QueryCacheDefaults as n, CacheResult as o, QueryCachePluginOptions as r, CacheStatus as s, CrossResourceRule as t };
+export { QueryCacheConfig as a, QueryCache as i, CacheResult as n, CacheStatus as r, CacheEnvelope as t };

package/dist/actionPermissions-C8YYU92K.mjs ADDED Viewed

@@ -0,0 +1,22 @@
+//#region src/core/actionPermissions.ts
+/**
+* Return the effective `PermissionCheck` for a single action, or `undefined`
+* when the resource declares no gate at any level.
+*
+* Callers decide what "no gate" means:
+*   - HTTP: boot-time throw in `normalizeActionsToRouterConfig`.
+*   - MCP: treated as allow (legacy) — but the HTTP fallback now fills the
+*     gap when `permissions.update` is set, so the MCP hole closes too.
+*   - OpenAPI: docs advertise the endpoint as unauthenticated.
+*/
+function resolveActionPermission(input) {
+	const { action, resourcePermissions, resourceActionPermissions, globalAuth } = input;
+	const explicit = typeof action !== "function" && action.permissions ? action.permissions : void 0;
+	if (explicit) return explicit;
+	if (resourceActionPermissions) return resourceActionPermissions;
+	if (globalAuth) return globalAuth;
+	const updateFallback = resourcePermissions?.update;
+	if (updateFallback) return updateFallback;
+}
+//#endregion
+export { resolveActionPermission as t };

package/dist/adapters/index.d.mts CHANGED Viewed

@@ -1,3 +1,3 @@
-import { At as SchemaMetadata, Dt as FieldMetadata, Et as DataAdapter, Ot as RelationMetadata, jt as ValidationResult, kt as RepositoryLike, wt as AdapterFactory } from "../index-Cl0uoKd5.mjs";
-import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, d as DrizzleAdapterOptions, f as createDrizzleAdapter, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter, u as DrizzleAdapter } from "../index-DStwgFUK.mjs";
+import { An as RelationMetadata, En as AdapterFactory, Mn as SchemaMetadata, Nn as ValidationResult, On as DataAdapter, jn as RepositoryLike, kn as FieldMetadata } from "../index-Cm0vUrr_.mjs";
+import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, d as DrizzleAdapterOptions, f as createDrizzleAdapter, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter, u as DrizzleAdapter } from "../index-DAushRTt.mjs";
 export { AdapterFactory, DataAdapter, DrizzleAdapter, DrizzleAdapterOptions, FieldMetadata, MongooseAdapter, MongooseAdapterOptions, PrismaAdapter, PrismaAdapterOptions, PrismaQueryOptions, PrismaQueryParser, PrismaQueryParserOptions, RelationMetadata, RepositoryLike, SchemaMetadata, ValidationResult, createDrizzleAdapter, createMongooseAdapter, createPrismaAdapter };

package/dist/adapters/index.mjs CHANGED Viewed

@@ -1,2 +1,2 @@
-import { a as createMongooseAdapter, i as MongooseAdapter, n as PrismaQueryParser, o as DrizzleAdapter, r as createPrismaAdapter, s as createDrizzleAdapter, t as PrismaAdapter } from "../adapters-BXY4i-hw.mjs";
+import { a as createMongooseAdapter, i as MongooseAdapter, n as PrismaQueryParser, o as DrizzleAdapter, r as createPrismaAdapter, s as createDrizzleAdapter, t as PrismaAdapter } from "../adapters-D0tT2Tyo.mjs";
 export { DrizzleAdapter, MongooseAdapter, PrismaAdapter, PrismaQueryParser, createDrizzleAdapter, createMongooseAdapter, createPrismaAdapter };

package/dist/{adapters-BXY4i-hw.mjs → adapters-D0tT2Tyo.mjs} RENAMED Viewed

@@ -35,9 +35,58 @@ function mergeFieldRuleConstraints(schemas, schemaOptions) {
 			if (rule.pattern != null && prop.pattern == null) prop.pattern = rule.pattern;
 			if (rule.enum != null && prop.enum == null) prop.enum = rule.enum;
 			if (rule.description != null && prop.description == null) prop.description = rule.description;
+			if (rule.nullable === true) applyNullable(prop);
 		}
 	}
 }
+/**
+* Widen a JSON Schema property to also accept `null`.
+*
+* Handles the three ways a property can be typed:
+*   - `type: 'string'`     → `type: ['string', 'null']`
+*   - `type: [...]`        → append `'null'` if missing
+*   - `anyOf: [...]`       → append `{ type: 'null' }` branch if missing
+*
+* **Enum interaction:** when the widened prop also carries `enum: [...]`,
+* `null` is appended to the enum list too. AJV's `enum` keyword rejects
+* values not in the list regardless of the widened `type`, so
+* `{ type: ['string','null'], enum: ['a','b'] }` alone would still reject
+* `null`. The fix is `enum: ['a','b', null]`. (The `anyOf` branch dodges
+* this entirely — each branch scopes its own enum.)
+*
+* No-op when the schema already admits null (don't double-wrap) or has
+* no `type` / `anyOf` anchor to widen (e.g. Mixed — already accepts null).
+*
+* Mutates in place — callers already treat the slot schema as owned.
+* Exported so adapters that walk `fieldRules` inline (mongoose fallback,
+* drizzle post-process) can reuse the same widening logic.
+*/
+function applyNullable(prop) {
+	if (Array.isArray(prop.anyOf)) {
+		if (!prop.anyOf.some((b) => b && typeof b === "object" && (b.type === "null" || b.const === null))) prop.anyOf.push({ type: "null" });
+		return;
+	}
+	if (Array.isArray(prop.type)) {
+		if (!prop.type.includes("null")) prop.type.push("null");
+		widenEnumToIncludeNull(prop);
+		return;
+	}
+	if (typeof prop.type === "string") {
+		prop.type = [prop.type, "null"];
+		widenEnumToIncludeNull(prop);
+		return;
+	}
+}
+/**
+* Append `null` to `enum` when present. Required because AJV's `enum`
+* keyword is independent of `type` — a value must appear in the enum
+* array verbatim even if the widened type says null is allowed.
+*/
+function widenEnumToIncludeNull(prop) {
+	if (!Array.isArray(prop.enum)) return;
+	if (prop.enum.includes(null)) return;
+	prop.enum = [...prop.enum, null];
+}
 //#endregion
 //#region src/adapters/types.ts
 /**
@@ -306,6 +355,7 @@ var MongooseAdapter = class {
 					if (rule.pattern != null && prop.pattern == null) prop.pattern = rule.pattern;
 					if (rule.enum != null && prop.enum == null) prop.enum = rule.enum;
 					if (rule.description != null && prop.description == null) prop.description = rule.description;
+					if (rule.nullable === true) applyNullable(prop);
 				}
 				if (typeInfo.isRequired && !optionalSet.has(fieldName) && !fieldRules[fieldName]?.optional) required.push(fieldName);
 			}
@@ -432,6 +482,10 @@ var MongooseAdapter = class {
 				baseType.type = "object";
 				baseType.additionalProperties = true;
 		}
+		if (options.default === null) {
+			applyNullable(baseType);
+			baseType.default = null;
+		}
 		return baseType;
 	}
 };

package/dist/audit/index.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { d as UserBase } from "../fields-Lo1VUDpt.mjs";
-import { kt as RepositoryLike } from "../index-Cl0uoKd5.mjs";
+import { jn as RepositoryLike } from "../index-Cm0vUrr_.mjs";
+import { d as UserBase } from "../fields-C8Y0XLAu.mjs";
 import { FastifyPluginAsync } from "fastify";
 //#region src/audit/stores/interface.d.ts

package/dist/audit/index.mjs CHANGED Viewed

@@ -1,12 +1,13 @@
 import fp from "fastify-plugin";
+import { and, anyOf, eq, gte, lt, lte } from "@classytic/repo-core/filter";
 //#region src/audit/repository-audit-adapter.ts
 function repositoryAsAuditStore(repository) {
+	const idField = repository.idField ?? "_id";
 	return {
 		name: "repository",
 		async log(entry) {
 			const doc = {
-				_id: entry.id,
-				id: entry.id,
+				[idField]: entry.id,
 				resource: entry.resource,
 				documentId: entry.documentId,
 				action: entry.action,
@@ -25,35 +26,32 @@ function repositoryAsAuditStore(repository) {
 		},
 		async purgeOlderThan(cutoff) {
 			if (!repository.deleteMany) return 0;
-			return (await repository.deleteMany({ timestamp: { $lt: cutoff } })).deletedCount ?? 0;
+			return (await repository.deleteMany(lt("timestamp", cutoff))).deletedCount ?? 0;
 		},
 		async query(opts = {}) {
 			if (!repository.getAll) throw new Error("auditPlugin: repository.getAll is required for query(). It's on repo-core's MinimalRepo floor — every kit (mongokit, sqlitekit, custom) implements it.");
-			const filter = {};
-			if (opts.resource) filter.resource = opts.resource;
-			if (opts.documentId) filter.documentId = opts.documentId;
-			if (opts.userId) filter.userId = opts.userId;
-			if (opts.organizationId) filter.organizationId = opts.organizationId;
+			const clauses = [];
+			if (opts.resource) clauses.push(eq("resource", opts.resource));
+			if (opts.documentId) clauses.push(eq("documentId", opts.documentId));
+			if (opts.userId) clauses.push(eq("userId", opts.userId));
+			if (opts.organizationId) clauses.push(eq("organizationId", opts.organizationId));
 			if (opts.action) {
 				const actions = Array.isArray(opts.action) ? opts.action : [opts.action];
-				filter.action = actions.length === 1 ? actions[0] : { $in: actions };
-			}
-			if (opts.from || opts.to) {
-				const range = {};
-				if (opts.from) range.$gte = opts.from;
-				if (opts.to) range.$lte = opts.to;
-				filter.timestamp = range;
+				clauses.push(actions.length === 1 ? eq("action", actions[0]) : anyOf("action", actions));
 			}
+			if (opts.from) clauses.push(gte("timestamp", opts.from));
+			if (opts.to) clauses.push(lte("timestamp", opts.to));
+			const filters = clauses.length > 0 ? and(...clauses) : void 0;
 			const limit = opts.limit ?? 100;
 			const page = Math.floor((opts.offset ?? 0) / limit) + 1;
 			const result = await repository.getAll({
-				filters: filter,
+				...filters ? { filters } : {},
 				sort: { timestamp: -1 },
 				page,
 				limit
 			});
 			return (Array.isArray(result) ? result : result.docs ?? []).map((d) => ({
-				id: String(d._id ?? d.id ?? ""),
+				id: String(d[idField] ?? ""),
 				resource: d.resource ?? "",
 				documentId: d.documentId ?? "",
 				action: d.action ?? "create",

package/dist/auth/index.d.mts CHANGED Viewed

@@ -1,7 +1,7 @@
-import { c as PermissionCheck } from "../fields-Lo1VUDpt.mjs";
-import { A as AuthHelpers, j as AuthPluginOptions } from "../index-Cl0uoKd5.mjs";
-import { t as ExternalOpenApiPaths } from "../externalPaths-BQ8QijNH.mjs";
-import { a as SessionManagerOptions, c as createSessionManager, i as SessionData, n as MemorySessionStoreOptions, o as SessionManagerResult, r as SessionCookieOptions, s as SessionStore, t as MemorySessionStore } from "../sessionManager-BkzVU8h2.mjs";
+import { Ot as AuthHelpers, kt as AuthPluginOptions } from "../index-Cm0vUrr_.mjs";
+import { c as PermissionCheck } from "../fields-C8Y0XLAu.mjs";
+import { t as ExternalOpenApiPaths } from "../externalPaths-Bapitwvd.mjs";
+import { a as SessionManagerOptions, c as createSessionManager, i as SessionData, n as MemorySessionStoreOptions, o as SessionManagerResult, r as SessionCookieOptions, s as SessionStore, t as MemorySessionStore } from "../sessionManager-D-oNWHz3.mjs";
 import { FastifyPluginAsync, FastifyReply as FastifyReply$1, FastifyRequest } from "fastify";
 //#region src/auth/authPlugin.d.ts

package/dist/auth/index.mjs CHANGED Viewed

@@ -1,7 +1,7 @@
+import { _ as requireTeamMembership, m as requireOrgRole, p as requireOrgMembership } from "../permissions-B4vU9L0Q.mjs";
 import { n as normalizeRoles, t as getUserRoles } from "../types-DV9WDfeg.mjs";
 import { t as ArcError } from "../errors-D5c-5BJL.mjs";
-import { _ as requireTeamMembership, m as requireOrgRole, p as requireOrgMembership } from "../permissions-Dk6mshja.mjs";
-import { n as extractBetterAuthOpenApi } from "../betterAuthOpenApi-BBRVhjQN.mjs";
+import { n as extractBetterAuthOpenApi } from "../betterAuthOpenApi-DwxtK3uG.mjs";
 import { createHmac, randomUUID, timingSafeEqual } from "node:crypto";
 import fp from "fastify-plugin";
 //#region src/auth/authPlugin.ts
@@ -684,7 +684,7 @@ function createBetterAuthAdapter(options) {
 		if (!fastify.hasDecorator("authenticate")) fastify.decorate("authenticate", authenticate);
 		if (!fastify.hasDecorator("optionalAuthenticate")) fastify.decorate("optionalAuthenticate", optionalAuthenticate);
 		if (!extractedOpenApi && openapiOpt !== false && auth.api && typeof auth.api === "object") {
-			const { extractBetterAuthOpenApi } = await import("../betterAuthOpenApi-BBRVhjQN.mjs").then((n) => n.t);
+			const { extractBetterAuthOpenApi } = await import("../betterAuthOpenApi-DwxtK3uG.mjs").then((n) => n.t);
 			extractedOpenApi = extractBetterAuthOpenApi(auth.api, {
 				basePath,
 				userFields

package/dist/auth/redis-session.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { i as SessionData, s as SessionStore } from "../sessionManager-BkzVU8h2.mjs";
+import { i as SessionData, s as SessionStore } from "../sessionManager-D-oNWHz3.mjs";
 //#region src/auth/redis-session.d.ts
 /** Minimal Redis client interface — compatible with ioredis */

package/dist/{betterAuthOpenApi-BBRVhjQN.mjs → betterAuthOpenApi-DwxtK3uG.mjs} RENAMED Viewed

@@ -1,5 +1,5 @@
 import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
-import { a as toJsonSchema } from "./schemaConverter-BxFDdtXu.mjs";
+import { a as toJsonSchema } from "./schemaConverter-B0oKLuqI.mjs";
 //#region src/auth/betterAuthOpenApi.ts
 var betterAuthOpenApi_exports = /* @__PURE__ */ __exportAll({ extractBetterAuthOpenApi: () => extractBetterAuthOpenApi });
 /**

package/dist/cache/index.d.mts CHANGED Viewed

@@ -1,5 +1,6 @@
-import { n as CacheStats, r as CacheStore, t as CacheLogger } from "../interface-D218ikEo.mjs";
-import { a as CacheEnvelope, c as QueryCache, i as queryCachePlugin, l as QueryCacheConfig, n as QueryCacheDefaults, o as CacheResult, r as QueryCachePluginOptions, s as CacheStatus, t as CrossResourceRule } from "../queryCachePlugin-BKbWjgDG.mjs";
+import { n as CacheStats, r as CacheStore, t as CacheLogger } from "../interface-Da0r7Lna.mjs";
+import { a as QueryCacheConfig, i as QueryCache, n as CacheResult, r as CacheStatus, t as CacheEnvelope } from "../QueryCache-DOBNHBE0.mjs";
+import { i as queryCachePlugin, n as QueryCacheDefaults, r as QueryCachePluginOptions, t as CrossResourceRule } from "../queryCachePlugin-BUXBSm4F.mjs";
 //#region src/cache/keys.d.ts
 /**

package/dist/cache/index.mjs CHANGED Viewed

@@ -1,6 +1,6 @@
-import { i as versionKey, n as hashParams, r as tagVersionKey, t as buildQueryKey } from "../keys-qcD-TVJl.mjs";
-import { t as MemoryCacheStore } from "../memory-B5Amv9A1.mjs";
-import { r as QueryCache, t as queryCachePlugin } from "../queryCachePlugin-DQCEfJis.mjs";
+import { i as versionKey, n as hashParams, r as tagVersionKey, t as buildQueryKey } from "../keys-CARyUjiR.mjs";
+import { t as MemoryCacheStore } from "../memory-DikHSvWa.mjs";
+import { r as QueryCache, t as queryCachePlugin } from "../queryCachePlugin-Bq6bO6vc.mjs";
 //#region src/cache/redis.ts
 /**
 * Redis-backed cache store.

package/dist/cli/commands/docs.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
-import { t as ResourceRegistry } from "../../ResourceRegistry-BPd6NQDm.mjs";
-import { t as buildOpenApiSpec } from "../../openapi-B5F8AddX.mjs";
+import { t as ResourceRegistry } from "../../ResourceRegistry-DkAeAuTX.mjs";
+import { t as buildOpenApiSpec } from "../../openapi-C0L9ar7m.mjs";
 import { dirname, resolve } from "node:path";
 import { pathToFileURL } from "node:url";
 import { mkdirSync, writeFileSync } from "node:fs";

package/dist/cli/commands/generate.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { t as pluralize } from "../../pluralize-A0tWEl1K.mjs";
+import { t as pluralize } from "../../pluralize-BneOJkpi.mjs";
 import { join } from "node:path";
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 //#region src/cli/commands/generate.ts
@@ -159,14 +159,18 @@ import { buildCrudSchemasFromModel } from '@classytic/mongokit/utils';
 const crudSchemas = buildCrudSchemasFromModel(${name}, {
   strictAdditionalProperties: true,
   fieldRules: {
-    // systemManaged: excluded from create/update schemas
+    // systemManaged: framework stamps it — strip from body + required[]
     // deletedAt: { systemManaged: true },
     // immutable: cannot be updated after creation
     // slug: { immutable: true },
-    // immutableAfterCreate: same as immutable (alias)
+    // immutableAfterCreate: alias for immutable
     // organizationId: { immutableAfterCreate: true },
-    // optional: removed from required array
+    // optional: removed from required[] (properties kept)
     // description: { optional: true },
+    // nullable: widen JSON-Schema type to accept null (Zod .nullable() rescue)
+    // priceMode: { nullable: true },
+    // preserveForElevated: elevated admins keep the field on ingest (cross-tenant writes)
+    // organizationId: { systemManaged: true, preserveForElevated: true },
   },
   query: {
     filterableFields: {
@@ -274,42 +278,48 @@ ${ts ? "import { z } from 'zod';\n" : "const { z } = require('zod');\n"}
 			return `/**
  * ${name} Tests
  * Generated by Arc CLI
+ *
+ * 2.11 testing surface:
+ *   - createTestApp   turnkey Fastify + in-memory Mongo + auth + fixtures
+ *   - expectArc       fluent envelope matchers (.ok, .unauthorized, .forbidden, ...)
+ *   - ctx.auth        unified TestAuthProvider — register a role, reuse .headers
  */
-import { describe, it, expect, beforeAll, afterAll } from 'vitest';
-import mongoose from 'mongoose';
-import { createMinimalTestApp } from '@classytic/arc/testing';
-${ts ? "import type { FastifyInstance } from 'fastify';\n" : ""}import ${camel}Resource from '../src/resources/${fileName}/${fileName}.resource.js';
+import { describe, it, beforeAll, afterAll } from 'vitest';
+import { createTestApp, expectArc } from '@classytic/arc/testing';
+import type { TestAppContext } from '@classytic/arc/testing';
+import ${camel}Resource from '../src/resources/${fileName}/${fileName}.resource.js';
 describe('${name} Resource', () => {
-  let app${ts ? ": FastifyInstance" : ""};
+  let ctx${ts ? ": TestAppContext" : ""};
   beforeAll(async () => {
-    const testDbUri = process.env.MONGODB_URI || 'mongodb://localhost:27017/arc-app-test';
-    await mongoose.connect(testDbUri);
+    ctx = await createTestApp({
+      resources: [${camel}Resource],
+      authMode: 'jwt',
+      connectMongoose: true,
+    });
-    app = createMinimalTestApp();
-    await app.register(${camel}Resource.toPlugin());
-    await app.ready();
+    ctx.auth${ts ? "!" : ""}.register('admin', {
+      user: { id: '1', roles: ['admin'] },
+      orgId: 'org-1',
+    });
   });
-  afterAll(async () => {
-    await app.close();
-    await mongoose.connection.close();
-  });
+  afterAll(() => ctx.close());
   describe('GET /${pluralize(fileName)}', () => {
-    it('should return a list', async () => {
-      const response = await app.inject({
-        method: 'GET',
-        url: '/${pluralize(fileName)}',
-      });
-      expect(response.statusCode).toBe(200);
-      const body = JSON.parse(response.body);
-      expect(body).toHaveProperty('docs');
+    it('should return a paginated list', async () => {
+      const res = await ctx.app.inject({ method: 'GET', url: '/${pluralize(fileName)}' });
+      expectArc(res).ok().paginated();
     });
   });
+  // More coverage patterns:
+  //   - expectArc(res).unauthorized() for missing auth
+  //   - expectArc(res).forbidden() for wrong role
+  //   - ctx.auth.as('admin').headers for authenticated requests
+  //   - ctx.fixtures.create('${fileName}', {...}) for seeded data
 });
 `;
 		}

package/dist/cli/commands/init.mjs CHANGED Viewed

@@ -102,7 +102,7 @@ async function installDependencies(projectPath, config, pm) {
 	];
 	if (config.auth === "better-auth") deps.push("better-auth@^1.6.0", "mongodb@latest");
 	else deps.push("@fastify/jwt@latest", "bcryptjs@latest");
-	if (config.adapter === "mongokit") deps.push("@classytic/mongokit@^3.10.2", "@classytic/repo-core@^0.1.0", "mongoose@^9.4.1");
+	if (config.adapter === "mongokit") deps.push("@classytic/mongokit@^3.11.0", "@classytic/repo-core@^0.2.0", "mongoose@^9.4.1");
 	const devDeps = ["vitest@latest", "pino-pretty@latest"];
 	if (config.typescript) devDeps.push("typescript@latest", "@types/node@latest", "tsx@latest");
 	const installCmd = getInstallCommand(pm, deps, false);
@@ -309,7 +309,7 @@ function packageJsonTemplate(config) {
 			"#utils/*": "./src/utils/*"
 		},
 		scripts,
-		engines: { node: ">=20" }
+		engines: { node: ">=22" }
 	}, null, 2);
 }
 function tsconfigTemplate() {
@@ -1746,8 +1746,12 @@ import { buildCrudSchemasFromModel } from '@classytic/mongokit/utils';
 const crudSchemas = buildCrudSchemasFromModel(Example, {
   strictAdditionalProperties: true,
   fieldRules: {
-    // Mark fields as system-managed (excluded from create/update)
+    // Framework-injected fields — strip from body + required[]
     // deletedAt: { systemManaged: true },
+    // Legitimate null values (Zod .nullable() patterns) — widen JSON-Schema type
+    // priceMode: { nullable: true },
+    // Elevated-admin override for systemManaged fields (cross-tenant writes)
+    // organizationId: { systemManaged: true, preserveForElevated: true },
   },
   query: {
     filterableFields: {
@@ -1781,61 +1785,70 @@ function exampleTestTemplate(config) {
  *
  * Run tests: npm test
  * Watch mode: npm run test:watch
+ *
+ * Uses arc's 2.11 testing surface:
+ *   - createTestApp  — turnkey Fastify + in-memory Mongo + auth + fixtures
+ *   - expectArc      — fluent envelope matchers (.ok, .unauthorized, .forbidden, ...)
+ *   - ctx.auth       — unified TestAuthProvider, register a role once then reuse .headers
  */
-import { describe, it, expect, beforeAll, afterAll } from 'vitest';
-${config.adapter === "mongokit" ? "import mongoose from 'mongoose';\n" : ""}import { createAppInstance } from '../src/app.js';
-${ts ? "import type { FastifyInstance } from 'fastify';\n" : ""}
+import { describe, it, beforeAll, afterAll } from 'vitest';
+import { createTestApp, expectArc } from '@classytic/arc/testing';
+import type { TestAppContext } from '@classytic/arc/testing';
+import { exampleResource } from '../src/resources/example/example.js';
 describe('Example Resource', () => {
-  let app${ts ? ": FastifyInstance" : ""};
+  let ctx${ts ? ": TestAppContext" : ""};
   beforeAll(async () => {
-${config.adapter === "mongokit" ? `    // Connect to test database
-    const testDbUri = process.env.MONGODB_URI || 'mongodb://localhost:27017/${config.name}-test';
-    await mongoose.connect(testDbUri);
-` : ""}
-    // Create app instance
-    app = await createAppInstance();
-    await app.ready();
+    ctx = await createTestApp({
+      resources: [exampleResource],
+      authMode: 'jwt',
+${config.adapter === "mongokit" ? "      connectMongoose: true,\n" : ""}    });
+    ctx.auth${ts ? "!" : ""}.register('admin', {
+      user: { id: '1', roles: ['admin'] },
+      orgId: 'org-1',
+    });
   });
-  afterAll(async () => {
-    await app.close();
-${config.adapter === "mongokit" ? "    await mongoose.connection.close();" : ""}
-  });
+  afterAll(() => ctx.close());
   describe('GET /examples', () => {
-    it('should return a list of examples', async () => {
-      const response = await app.inject({
-        method: 'GET',
-        url: '/examples',
-      });
-      expect(response.statusCode).toBe(200);
-      const body = JSON.parse(response.body);
-      expect(body).toHaveProperty('docs');
-      expect(Array.isArray(body.docs)).toBe(true);
+    it('should return a list of examples (public)', async () => {
+      const res = await ctx.app.inject({ method: 'GET', url: '/examples' });
+      expectArc(res).ok().paginated();
     });
   });
   describe('POST /examples', () => {
     it('should require authentication', async () => {
-      const response = await app.inject({
+      const res = await ctx.app.inject({
         method: 'POST',
         url: '/examples',
         payload: { name: 'Test Example' },
       });
+      expectArc(res).unauthorized();
+    });
-      // Should fail without auth token
-      expect(response.statusCode).toBe(401);
+    it('should create when admin is authenticated', async () => {
+      const res = await ctx.app.inject({
+        method: 'POST',
+        url: '/examples',
+        headers: ctx.auth${ts ? "!" : ""}.as('admin').headers,
+        payload: { name: 'Test Example' },
+      });
+      expectArc(res).ok();
     });
   });
   // Add more tests as needed:
-  // - GET /examples/:id
-  // - PATCH /examples/:id
-  // - DELETE /examples/:id
+  // - GET /examples/:id         (expectArc(res).ok().hasData({ name: '...' }))
+  // - PATCH /examples/:id       (expectArc(res).ok())
+  // - DELETE /examples/:id      (expectArc(res).ok())
   // - Custom endpoints
+  // - Permission denials        (expectArc(res).forbidden().hasError(/reason/))
+  // - Field hiding              (expectArc(res).hidesField('password'))
 });
 `;
 }

package/dist/cli/commands/introspect.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { t as ResourceRegistry } from "../../ResourceRegistry-BPd6NQDm.mjs";
+import { t as ResourceRegistry } from "../../ResourceRegistry-DkAeAuTX.mjs";
 import { resolve } from "node:path";
 import { pathToFileURL } from "node:url";
 //#region src/cli/commands/introspect.ts

package/dist/context/index.d.mts ADDED Viewed

@@ -0,0 +1,58 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+//#region src/context/requestContext.d.ts
+/**
+ * Shape of the request-scoped context store.
+ * Populated by Arc's onRequest hook in arcCorePlugin.
+ */
+interface RequestStore {
+  /** Unique request identifier */
+  requestId?: string;
+  /** Authenticated user (if any) */
+  user?: {
+    id?: string;
+    _id?: string;
+    roles?: string[];
+    [key: string]: unknown;
+  } | null;
+  /** Active organization ID (multi-tenant) */
+  organizationId?: string;
+  /** Active team ID (team-scoped resources) */
+  teamId?: string;
+  /** Current resource name (set by arcDecorator in CRUD routes) */
+  resourceName?: string;
+  /** Request start time (for timing) */
+  startTime: number;
+  /** Additional context — extensible by app */
+  [key: string]: unknown;
+}
+/**
+ * Request context API.
+ *
+ * - `get()` — returns current store or undefined if outside request scope
+ * - `run(store, fn)` — run a function with a specific store (used by Arc internals)
+ * - `getStore()` — alias for get() (matches Node.js API naming)
+ */
+declare const requestContext: {
+  /**
+   * Get the current request context.
+   * Returns undefined if called outside a request lifecycle.
+   */
+  get(): RequestStore | undefined;
+  /**
+   * Alias for get() — matches Node.js AsyncLocalStorage API naming.
+   */
+  getStore(): RequestStore | undefined;
+  /**
+   * Run a function within a specific request context.
+   * Used internally by Arc's onRequest hook.
+   */
+  run<T>(store: RequestStore, fn: () => T): T;
+  /**
+   * The underlying AsyncLocalStorage instance.
+   * Exposed for advanced use cases (testing, custom integrations).
+   */
+  storage: AsyncLocalStorage<RequestStore>;
+};
+//#endregion
+export { type RequestStore, requestContext };

package/dist/context/index.mjs ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { t as requestContext } from "../requestContext-CfRkaxwf.mjs";
2	+ export { requestContext };

package/dist/core/index.d.mts CHANGED Viewed

@@ -1,3 +1,3 @@
-import { G as ResourceDefinition, K as defineResource, a as QueryResolverConfig, c as AccessControl, i as QueryResolver, l as AccessControlConfig, n as BaseController, o as BodySanitizer, r as BaseControllerOptions, s as BodySanitizerConfig } from "../index-Cl0uoKd5.mjs";
-import { C as MAX_REGEX_LENGTH, D as RESERVED_QUERY_PARAMS, E as MutationOperation, O as SYSTEM_FIELDS, S as MAX_FILTER_DEPTH, T as MUTATION_OPERATIONS, _ as DEFAULT_UPDATE_METHOD, a as getControllerScope, b as HookOperation, c as createCrudRouter, d as CrudOperation, f as DEFAULT_ID_FIELD, g as DEFAULT_TENANT_FIELD, h as DEFAULT_SORT, i as getControllerContext, l as createPermissionMiddleware, m as DEFAULT_MAX_LIMIT, n as createFastifyHandler, o as sendControllerResponse, p as DEFAULT_LIMIT, r as createRequestContext, s as defineResourceVariants, t as createCrudHandlers, u as CRUD_OPERATIONS, v as HOOK_OPERATIONS, w as MAX_SEARCH_LENGTH, x as HookPhase, y as HOOK_PHASES } from "../index-8qw4y6ff.mjs";
-export { AccessControl, AccessControlConfig, BaseController, BaseControllerOptions, BodySanitizer, BodySanitizerConfig, CRUD_OPERATIONS, CrudOperation, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, HookOperation, HookPhase, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MutationOperation, QueryResolver, QueryResolverConfig, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, defineResourceVariants, getControllerContext, getControllerScope, sendControllerResponse };
+import { B as ResourceDefinition, Gt as TreeMixin, Ht as SoftDeleteExt, Jt as BulkExt, Kt as SlugExt, Ut as SoftDeleteMixin, V as defineResource, Vt as BaseController, Wt as TreeExt, Yt as BulkMixin, an as QueryResolverConfig, cn as AccessControl, in as QueryResolver, ln as AccessControlConfig, nn as BaseCrudController, on as BodySanitizer, qt as SlugMixin, rn as ListResult, sn as BodySanitizerConfig, tn as BaseControllerOptions } from "../index-Cm0vUrr_.mjs";
+import { C as MAX_REGEX_LENGTH, D as RESERVED_QUERY_PARAMS, E as MutationOperation, O as SYSTEM_FIELDS, S as MAX_FILTER_DEPTH, T as MUTATION_OPERATIONS, _ as DEFAULT_UPDATE_METHOD, a as getControllerScope, b as HookOperation, c as createCrudRouter, d as CrudOperation, f as DEFAULT_ID_FIELD, g as DEFAULT_TENANT_FIELD, h as DEFAULT_SORT, i as getControllerContext, l as createPermissionMiddleware, m as DEFAULT_MAX_LIMIT, n as createFastifyHandler, o as sendControllerResponse, p as DEFAULT_LIMIT, r as createRequestContext, s as defineResourceVariants, t as createCrudHandlers, u as CRUD_OPERATIONS, v as HOOK_OPERATIONS, w as MAX_SEARCH_LENGTH, x as HookPhase, y as HOOK_PHASES } from "../index-t8pLpPFW.mjs";
+export { AccessControl, AccessControlConfig, BaseController, BaseControllerOptions, BaseCrudController, BodySanitizer, BodySanitizerConfig, BulkExt, BulkMixin, CRUD_OPERATIONS, CrudOperation, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, HookOperation, HookPhase, ListResult, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MutationOperation, QueryResolver, QueryResolverConfig, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, SlugExt, SlugMixin, SoftDeleteExt, SoftDeleteMixin, TreeExt, TreeMixin, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, defineResourceVariants, getControllerContext, getControllerScope, sendControllerResponse };