@classytic/arc 2.10.3 → 2.11.0

package/dist/createActionRouter-BwaSM0No.mjs

@@ -0,0 +1,166 @@
+import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
+import { a as buildAuthMiddlewareForPermissions, c as buildPreHandlerChain, d as resolveRouterPluginMw, f as selectPluginMw, l as buildRateLimitConfig, n as buildActionPipelineHandler, r as buildArcDecorator, t as buildActionPermissionMw, u as resolvePipelineSteps, v as sendControllerResponse } from "./routerShared-DeESFp4a.mjs";
+import { n as schemaIRToJsonSchemaBranch, t as normalizeSchemaIR } from "./schemaIR-BlG9bY7v.mjs";
+//#region src/core/createActionRouter.ts
+var createActionRouter_exports = /* @__PURE__ */ __exportAll({
+	buildActionBodySchema: () => buildActionBodySchema,
+	createActionRouter: () => createActionRouter
+});
+/**
+* Register the unified action endpoint: `POST /:id/action`.
+*
+* Shares every lifecycle primitive with the CRUD router — the preHandler
+* chain, the arc decorator, idempotency, rate-limit, and the response
+* shaper. The only thing that stays local is the dynamic permission check
+* (keyed by `body.action` at request time).
+*/
+function createActionRouter(fastify, config) {
+	const { tag, resourceName = tag ?? "action", actions, actionPermissions = {}, actionSchemas = {}, globalAuth, onError, fields: fieldPermissions, schemaOptions, permissions: resourcePermissions, routeGuards = [], pipeline, rateLimit } = config;
+	const actionEnum = Object.keys(actions);
+	if (actionEnum.length === 0) {
+		fastify.log.warn("[createActionRouter] No actions defined, skipping route creation");
+		return;
+	}
+	const bodySchema = buildActionBodySchema(actionEnum, actionSchemas);
+	const routeSchema = {
+		tags: tag ? [tag] : void 0,
+		summary: `Perform action (${actionEnum.join("/")})`,
+		description: buildActionDescription(actions, actionPermissions),
+		params: {
+			type: "object",
+			properties: { id: {
+				type: "string",
+				description: "Resource ID"
+			} },
+			required: ["id"]
+		},
+		body: bodySchema
+	};
+	const arcDecorator = buildArcDecorator({
+		resourceName,
+		schemaOptions,
+		permissions: resourcePermissions,
+		hooks: fastify.arc?.hooks,
+		events: fastify.events,
+		fields: fieldPermissions
+	});
+	const authMw = buildAuthMiddlewareForPermissions(fastify, actionEnum.map((name) => actionPermissions[name] ?? globalAuth));
+	const pluginMw = resolveRouterPluginMw(fastify, false);
+	const wrappedHandlers = /* @__PURE__ */ new Map();
+	for (const [name, handler] of Object.entries(actions)) {
+		const steps = resolvePipelineSteps(pipeline, name);
+		wrappedHandlers.set(name, buildActionPipelineHandler(handler, steps, name, resourceName));
+	}
+	const preHandler = buildPreHandlerChain({
+		arcDecorator,
+		authMw,
+		permissionMw: buildActionPermissionMw(actionEnum, actionPermissions, globalAuth, resourceName),
+		pluginMw: selectPluginMw("POST", pluginMw),
+		routeGuards
+	});
+	const rateLimitConfig = buildRateLimitConfig(rateLimit);
+	fastify.route({
+		method: "POST",
+		url: "/:id/action",
+		schema: routeSchema,
+		preHandler: preHandler.length > 0 ? preHandler : void 0,
+		...rateLimitConfig ? { config: rateLimitConfig } : {},
+		handler: async (req, reply) => {
+			const { action, ...data } = req.body;
+			const { id } = req.params;
+			const handler = wrappedHandlers.get(action);
+			if (!handler) return sendControllerResponse(reply, {
+				success: false,
+				status: 400,
+				error: `Invalid action '${action}'. Valid actions: ${actionEnum.join(", ")}`,
+				meta: { validActions: actionEnum }
+			}, req);
+			try {
+				return sendControllerResponse(reply, await handler(id, data, req), req);
+			} catch (error) {
+				if (onError) {
+					const { statusCode, error: errorMsg, code } = onError(error, action, id);
+					return sendControllerResponse(reply, {
+						success: false,
+						status: statusCode,
+						error: errorMsg,
+						...code ? { meta: { code } } : {}
+					}, req);
+				}
+				const err = error;
+				const statusCode = err.statusCode || err.status || 500;
+				const errorCode = err.code || "ACTION_FAILED";
+				if (statusCode >= 500) req.log.error({
+					err: error,
+					action,
+					id
+				}, "Action handler error");
+				return sendControllerResponse(reply, {
+					success: false,
+					status: statusCode,
+					error: err.message || `Failed to execute '${action}' action`,
+					meta: { code: errorCode }
+				}, req);
+			}
+		}
+	});
+	fastify.log.debug({
+		actions: actionEnum,
+		tag,
+		resourceName
+	}, "[createActionRouter] Registered action endpoint: POST /:id/action");
+}
+/**
+* Build a discriminated body schema for the unified action endpoint.
+*
+* Produces a schema of the form:
+* ```json
+* {
+*   "type": "object",
+*   "required": ["action"],
+*   "oneOf": [
+*     { "properties": { "action": { "const": "dispatch" }, "carrier": {...} }, "required": ["action", "carrier"] },
+*     { "properties": { "action": { "const": "approve"  } }, "required": ["action"] }
+*   ]
+* }
+* ```
+*
+* AJV validates this natively, so an action call missing required fields is
+* rejected with HTTP 400 before the handler ever runs.
+*
+* Exported so OpenAPI generation and MCP tool generation can reuse the same
+* schema shape (single source of truth).
+*/
+function buildActionBodySchema(actionEnum, actionSchemas = {}) {
+	const branches = [];
+	for (const actionName of actionEnum) {
+		const ir = normalizeSchemaIR(actionSchemas[actionName]);
+		branches.push(schemaIRToJsonSchemaBranch(ir, {
+			properties: { action: {
+				type: "string",
+				const: actionName
+			} },
+			required: ["action"]
+		}));
+	}
+	return {
+		type: "object",
+		required: ["action"],
+		oneOf: branches
+	};
+}
+/**
+* Build OpenAPI description with action list + role hints.
+* Reads `_roles` metadata from permission checks for docs.
+*/
+function buildActionDescription(actions, actionPermissions) {
+	const lines = ["Unified action endpoint for state transitions.\n\n**Available actions:**"];
+	Object.keys(actions).forEach((action) => {
+		const roles = actionPermissions[action]?._roles;
+		const roleStr = roles?.length ? ` (requires: ${roles.join(" or ")})` : "";
+		lines.push(`- \`${action}\`${roleStr}`);
+	});
+	return lines.join("\n");
+}
+//#endregion
+export { createActionRouter_exports as n, buildActionBodySchema as t };

package/dist/{createApp-BuvPma24.mjs → createApp-DvNYEhpb.mjs}

@@ -116,10 +116,7 @@ const developmentPreset = {
 			"x-request-id"
 		]
 	},
-	rateLimit: {
-		max: 1e3,
-		timeWindow: "1 minute"
-	},
+	rateLimit: false,
 	underPressure: {
 		exposeStatusRoute: true,
 		maxEventLoopDelay: 5e3
@@ -207,7 +204,7 @@ async function registerArcCore(fastify, config, trackPlugin) {
 	await fastify.register(arcCorePlugin, { emitEvents: config.arcPlugins?.emitEvents !== false });
 	trackPlugin("arc-core");
 	if (config.arcPlugins?.events !== false) {
-		const { default: eventPlugin } = await import("./eventPlugin-DCUjuiQT.mjs").then((n) => n.n);
+		const { default: eventPlugin } = await import("./eventPlugin--5HIkdPU.mjs").then((n) => n.n);
 		const eventOpts = typeof config.arcPlugins?.events === "object" ? config.arcPlugins.events : {};
 		await fastify.register(eventPlugin, {
 			...eventOpts,
@@ -243,15 +240,15 @@ async function registerArcPlugins(fastify, config, trackPlugin, modules) {
 		trackPlugin("arc-graceful-shutdown");
 	}
 	if (config.arcPlugins?.caching) {
-		const { default: cachingPlugin } = await import("./caching-CBpK_SCM.mjs").then((n) => n.r);
+		const { default: cachingPlugin } = await import("./caching-CheW3m-S.mjs").then((n) => n.r);
 		const opts = config.arcPlugins.caching === true ? {} : config.arcPlugins.caching;
 		await fastify.register(cachingPlugin, opts);
 		trackPlugin("arc-caching", opts);
 	}
 	if (config.arcPlugins?.queryCache) {
-		const { queryCachePlugin } = await import("./queryCachePlugin-DQCEfJis.mjs").then((n) => n.n);
+		const { queryCachePlugin } = await import("./queryCachePlugin-Bq6bO6vc.mjs").then((n) => n.n);
 		const opts = config.arcPlugins.queryCache === true ? {} : config.arcPlugins.queryCache;
-		const store = config.stores?.queryCache ?? new (await (import("./memory-B5Amv9A1.mjs").then((n) => n.n))).MemoryCacheStore();
+		const store = config.stores?.queryCache ?? new (await (import("./memory-DikHSvWa.mjs").then((n) => n.n))).MemoryCacheStore();
 		await fastify.register(queryCachePlugin, {
 			store,
 			...opts
@@ -260,19 +257,19 @@ async function registerArcPlugins(fastify, config, trackPlugin, modules) {
 	}
 	if (config.arcPlugins?.sse) if (config.arcPlugins?.events === false) fastify.log.warn("SSE plugin requires events plugin (arcPlugins.events). SSE disabled.");
 	else {
-		const { default: ssePlugin } = await import("./sse-yBCgOLGu.mjs").then((n) => n.r);
+		const { default: ssePlugin } = await import("./sse-V7aXc3bW.mjs").then((n) => n.r);
 		const opts = config.arcPlugins.sse === true ? {} : config.arcPlugins.sse;
 		await fastify.register(ssePlugin, opts);
 		trackPlugin("arc-sse", opts);
 	}
 	if (config.arcPlugins?.metrics) {
-		const { default: metricsPlugin } = await import("./metrics-DuhiSEZI.mjs").then((n) => n.r);
+		const { default: metricsPlugin } = await import("./metrics-Csh4nsvv.mjs").then((n) => n.r);
 		const opts = config.arcPlugins.metrics === true ? {} : config.arcPlugins.metrics;
 		await fastify.register(metricsPlugin, opts);
 		trackPlugin("arc-metrics", opts);
 	}
 	if (config.arcPlugins?.versioning) {
-		const { default: versioningPlugin } = await import("./versioning-C2U_bLY0.mjs").then((n) => n.r);
+		const { default: versioningPlugin } = await import("./versioning-CGPjkqAg.mjs").then((n) => n.r);
 		await fastify.register(versioningPlugin, config.arcPlugins.versioning);
 		trackPlugin("arc-versioning", config.arcPlugins.versioning);
 	}
@@ -303,7 +300,8 @@ async function registerAuth(fastify, config, trackPlugin) {
 			const { plugin, openapi } = authConfig.betterAuth;
 			await fastify.register(plugin);
 			trackPlugin("auth-better-auth");
-			if (openapi && !fastify.arc.externalOpenApiPaths.includes(openapi)) fastify.arc.externalOpenApiPaths.push(openapi);
+			const arc = fastify.arc;
+			if (arc && openapi && !arc.externalOpenApiPaths.includes(openapi)) arc.externalOpenApiPaths.push(openapi);
 			fastify.log.debug("Better Auth authentication enabled");
 			break;
 		}
@@ -340,7 +338,7 @@ async function registerAuth(fastify, config, trackPlugin) {
 */
 async function registerElevation(fastify, config, trackPlugin) {
 	if (!config.elevation) return;
-	const { elevationPlugin } = await import("./elevation-C7hgL_aI.mjs").then((n) => n.r);
+	const { elevationPlugin } = await import("./elevation-DOFoxoDs.mjs").then((n) => n.r);
 	await fastify.register(elevationPlugin, config.elevation);
 	trackPlugin("arc-elevation", config.elevation);
 	fastify.log.debug("Elevation plugin enabled");
@@ -350,7 +348,7 @@ async function registerElevation(fastify, config, trackPlugin) {
 */
 async function registerErrorHandler(fastify, config, trackPlugin) {
 	if (config.errorHandler === false) return;
-	const { errorHandlerPlugin } = await import("./errorHandler-Bb49BvPD.mjs").then((n) => n.r);
+	const { errorHandlerPlugin } = await import("./errorHandler-BQm8ZxTK.mjs").then((n) => n.r);
 	const errorOpts = typeof config.errorHandler === "object" ? config.errorHandler : { includeStack: config.preset !== "production" };
 	await fastify.register(errorHandlerPlugin, errorOpts);
 	trackPlugin("arc-error-handler", errorOpts);
@@ -388,6 +386,9 @@ function createOptionalAuthenticate(authenticate) {
 }
 //#endregion
 //#region src/factory/registerResources.ts
+function isResourcesFactory(value) {
+	return typeof value === "function";
+}
 /** Register a single resource with descriptive error on failure. */
 async function registerOne(parent, resource) {
 	const name = resource.name ?? "unknown";
@@ -396,18 +397,31 @@ async function registerOne(parent, resource) {
 	} catch (err) {
 		const msg = err instanceof Error ? err.message : String(err);
 		parent.log.error(`Failed to register resource "${name}": ${msg}`);
-		throw new Error(`Resource "${name}" failed to register: ${msg}. Check the resource definition, adapter, and permissions.`);
+		throw new Error(`Resource "${name}" failed to register: ${msg}. Check the resource definition, adapter, and permissions.`, { cause: err });
 	}
 }
 /**
 * Execute the full resource lifecycle:
-* 1. plugins()        — infra (DB, docs, webhooks)
-* 2. bootstrap[]      — domain init (singletons, event handlers)
-* 3. resources[]      — auto-discovered routes (split by prefix)
-* 4. afterResources() — post-registration wiring
-* 5. onReady/onClose  — lifecycle hooks
+* 1. plugins()                   — infra (DB, docs, webhooks)
+* 2. bootstrap[]                 — domain init (singletons, event handlers)
+* 3. resources factory (if any)  — resolved AFTER bootstrap, so engine-backed
+*                                  adapters can `await ensureEngine()` and pass
+*                                  live models/repos into `defineResource(...)`
+* 4. resources[]                 — register each (split by prefix)
+* 5. afterResources()            — post-registration wiring
+* 6. onReady/onClose             — lifecycle hooks
 */
 async function registerResources(fastify, config) {
+	if (config.preset === "production") {
+		if (config.strictResources === void 0) config = {
+			...config,
+			strictResources: true
+		};
+		if (config.strictResourceDir === void 0) config = {
+			...config,
+			strictResourceDir: true
+		};
+	}
 	if (config.plugins) {
 		await config.plugins(fastify);
 		fastify.log.debug("Custom plugins registered");
@@ -416,33 +430,65 @@ async function registerResources(fastify, config) {
 		for (const init of config.bootstrap) await init(fastify);
 		fastify.log.debug(`${config.bootstrap.length} bootstrap function(s) executed`);
 	}
-	if (!config.resources?.length && config.resourceDir) {
-		const { loadResources } = await import("./loadResources-BAzJItAJ.mjs").then((n) => n.n);
-		const { resolve } = await import("node:path");
-		const dir = resolve(config.resourceDir);
+	let resolvedResources;
+	if (isResourcesFactory(config.resources)) {
+		try {
+			resolvedResources = await config.resources(fastify);
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			fastify.log.error(`Resources factory threw during boot: ${msg}`);
+			throw new Error(`[arc] resources factory threw: ${msg}. Check engine bootstrap order (did you forget a bootstrap step?) and that \`defineResource(...)\` calls inside the factory receive fully-booted adapters / repositories.`, { cause: err });
+		}
 		config = {
 			...config,
-			resources: await loadResources(dir, { logger: fastify.log })
+			resources: resolvedResources
 		};
+	} else resolvedResources = config.resources;
+	let discoveryRawDir;
+	let discoveryPath;
+	let discoveryYieldedZero = false;
+	if (resolvedResources === void 0 && config.resourceDir) {
+		const { loadResources } = await import("./loadResources-YNwKHvRA.mjs").then((n) => n.n);
+		const { resolve, dirname } = await import("node:path");
+		const { fileURLToPath } = await import("node:url");
+		const rawDir = config.resourceDir;
+		const dir = rawDir.startsWith("file://") ? dirname(fileURLToPath(rawDir)) : resolve(rawDir);
+		discoveryRawDir = rawDir;
+		discoveryPath = dir;
+		const discovered = await loadResources(dir, { logger: fastify.log });
+		if (discovered.length === 0) {
+			if (config.strictResourceDir) throw new Error(`[arc] loadResources: resourceDir "${rawDir}" resolved to "${dir}" but yielded 0 resources. Check the path, file naming (*.resource.{ts,js,mts,mjs}), and runtime layout (src/ vs dist/). Use \`strictResourceDir: true\` to fail boot.`);
+			discoveryYieldedZero = true;
+		}
+		resolvedResources = discovered;
 	}
-	if (config.resources?.length) {
+	if (resolvedResources && resolvedResources.length > 0) {
 		const seen = /* @__PURE__ */ new Set();
-		for (const resource of config.resources) if (resource.name) {
-			if (seen.has(resource.name)) fastify.log.warn(`Duplicate resource name "${resource.name}" detected. This will cause route conflicts. Check your resources array and loadResources() output.`);
+		for (const resource of resolvedResources) if (resource.name) {
+			if (seen.has(resource.name)) {
+				const msg = `Duplicate resource name "${resource.name}" detected. This will cause route conflicts. Check your resources array and loadResources() output. Common cause: stale compiled files in dist/ alongside src/. Use \`strictResources: true\` to fail boot.`;
+				if (config.strictResources) throw new Error(msg);
+				fastify.log.warn(msg);
+			}
 			seen.add(resource.name);
 		}
 		const prefixed = [];
 		const root = [];
-		for (const resource of config.resources) if (resource.skipGlobalPrefix) root.push(resource);
+		for (const resource of resolvedResources) if (resource.skipGlobalPrefix) root.push(resource);
 		else prefixed.push(resource);
 		for (const resource of root) await registerOne(fastify, resource);
 		if (prefixed.length) if (config.resourcePrefix) await fastify.register(async (scoped) => {
 			for (const resource of prefixed) await registerOne(scoped, resource);
 		}, { prefix: config.resourcePrefix });
 		else for (const resource of prefixed) await registerOne(fastify, resource);
-		const names = config.resources.map((r) => r.name ?? "?").join(", ");
+		const names = resolvedResources.map((r) => r.name ?? "?").join(", ");
+		const prefix = config.resourcePrefix ? ` (prefix: ${config.resourcePrefix})` : "";
+		fastify.log.info(`${resolvedResources.length} resource(s) registered${prefix}: ${names}`);
+	} else {
 		const prefix = config.resourcePrefix ? ` (prefix: ${config.resourcePrefix})` : "";
-		fastify.log.info(`${config.resources.length} resource(s) registered${prefix}: ${names}`);
+		const scanned = discoveryPath ? ` — resourceDir "${discoveryRawDir}" resolved to "${discoveryPath}"` : "";
+		const hints = discoveryYieldedZero ? ` but yielded 0 resources. Check the path, file naming (*.resource.{ts,js,mts,mjs}), and runtime layout (src/ vs dist/). Use \`strictResourceDir: true\` to fail boot.` : "";
+		fastify.log.warn(`0 resources registered${prefix}${scanned}${hints}`);
 	}
 	if (config.afterResources) {
 		await config.afterResources(fastify);
@@ -463,6 +509,40 @@ async function registerResources(fastify, config) {
 }
 //#endregion
 //#region src/factory/registerSecurity.ts
+/**
+* Translate `skipPaths` sugar into a `@fastify/rate-limit` `allowList`
+* function. A user-supplied `allowList` (array of IPs or function) is
+* preserved and OR-ed with the path match.
+*/
+function buildRateLimitOpts(input) {
+	const { skipPaths, allowList, ...rest } = input;
+	if (!skipPaths || skipPaths.length === 0) return allowList === void 0 ? rest : {
+		...rest,
+		allowList
+	};
+	const matchesPath = compilePathMatcher(skipPaths);
+	const combined = async (req, key) => {
+		if (matchesPath((req.url ?? "").split("?", 1)[0] ?? "")) return true;
+		if (typeof allowList === "function") return await allowList(req, key);
+		if (Array.isArray(allowList)) return allowList.includes(key);
+		return false;
+	};
+	return {
+		...rest,
+		allowList: combined
+	};
+}
+function compilePathMatcher(patterns) {
+	const prefixes = [];
+	const exact = /* @__PURE__ */ new Set();
+	for (const p of patterns) if (p.endsWith("*")) prefixes.push(p.slice(0, -1));
+	else exact.add(p);
+	return (path) => {
+		if (exact.has(path)) return true;
+		for (const pre of prefixes) if (path.startsWith(pre)) return true;
+		return false;
+	};
+}
 const PLUGIN_REGISTRY = {
 	cors: {
 		package: "@fastify/cors",
@@ -532,10 +612,10 @@ async function registerSecurityPlugins(fastify, config) {
 	} else fastify.log.warn("CORS disabled");
 	if (config.rateLimit !== false) {
 		const rateLimit = await loadPlugin("rateLimit");
-		const rateLimitOpts = config.rateLimit ?? {
+		const rateLimitOpts = buildRateLimitOpts(config.rateLimit ?? {
 			max: 100,
 			timeWindow: "1 minute"
-		};
+		});
 		await fastify.register(rateLimit, rateLimitOpts);
 		if (!(typeof rateLimitOpts === "object" && "store" in rateLimitOpts)) {
 			if (config.runtime === "distributed") throw new Error("[Arc] runtime: 'distributed' with rate limiting requires a shared store.\nProvide rateLimit: { store: new RedisStore({ ... }) } or disable rate limiting: rateLimit: false");
@@ -676,7 +756,7 @@ function validateDistributedRuntime(options) {
 */
 async function createApp(options) {
 	if (options.debug !== void 0 && options.debug !== false) {
-		const { configureArcLogger } = await import("./logger-DLg8-Ueg.mjs").then((n) => n.r);
+		const { configureArcLogger } = await import("./logger/index.mjs");
 		configureArcLogger({ debug: options.debug });
 	}
 	validateAuthOptions(options);
@@ -717,7 +797,9 @@ async function createApp(options) {
 	await registerSecurityPlugins(fastify, config);
 	await registerUtilityPlugins(fastify, config);
 	const trackPlugin = (name, opts) => {
-		fastify.arc.plugins.set(name, {
+		const arc = fastify.arc;
+		if (!arc) return;
+		arc.plugins.set(name, {
 			name,
 			options: opts,
 			registeredAt: (/* @__PURE__ */ new Date()).toISOString()
@@ -730,7 +812,7 @@ async function createApp(options) {
 	await registerErrorHandler(fastify, config, trackPlugin);
 	await registerResources(fastify, config);
 	if (config.replyHelpers) {
-		const { replyHelpersPlugin } = await import("./replyHelpers-CXtJDAZ0.mjs").then((n) => n.n);
+		const { replyHelpersPlugin } = await import("./replyHelpers-ByllIXXV.mjs").then((n) => n.n);
 		await fastify.register(replyHelpersPlugin);
 	}
 	if (config.serializeBigInt) fastify.addHook("preSerialization", async (_request, _reply, payload) => {

package/dist/docs/index.d.mts

@@ -1,5 +1,5 @@
-import { x as RegistryEntry } from "../index-Cl0uoKd5.mjs";
-import { t as ExternalOpenApiPaths } from "../externalPaths-BQ8QijNH.mjs";
+import { p as RegistryEntry } from "../index-Cm0vUrr_.mjs";
+import { t as ExternalOpenApiPaths } from "../externalPaths-Bapitwvd.mjs";
 import { FastifyPluginAsync } from "fastify";
 
 //#region src/docs/openapi.d.ts

package/dist/docs/index.mjs

@@ -1,5 +1,5 @@
 import { t as getUserRoles } from "../types-DV9WDfeg.mjs";
-import { n as openApiPlugin, r as openapi_default, t as buildOpenApiSpec } from "../openapi-B5F8AddX.mjs";
+import { n as openApiPlugin, r as openapi_default, t as buildOpenApiSpec } from "../openapi-C0L9ar7m.mjs";
 import fp from "fastify-plugin";
 //#region src/docs/scalar.ts
 const scalarPlugin = async (fastify, opts = {}) => {

package/dist/{elevation-C7hgL_aI.mjs → elevation-DOFoxoDs.mjs}

@@ -1,6 +1,6 @@
 import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
+import { arcLog } from "./logger/index.mjs";
 import { t as getUserRoles } from "./types-DV9WDfeg.mjs";
-import { t as arcLog } from "./logger-DLg8-Ueg.mjs";
 import fp from "fastify-plugin";
 //#region src/scope/elevation.ts
 var elevation_exports = /* @__PURE__ */ __exportAll({

package/dist/errorHandler-Co3lnVmJ.d.mts

@@ -0,0 +1,114 @@
+import { FastifyInstance, FastifyRequest } from "fastify";
+
+//#region src/plugins/errorHandler.d.ts
+/** Class-based error mapper — maps thrown error instances to HTTP responses */
+interface ErrorMapper<T extends Error = Error> {
+  /**
+   * Error class to match. Checked at runtime via `instanceof` — the constructor
+   * arity/signature is not called by the plugin, so the signature is typed
+   * permissively to accept real-world error classes:
+   *
+   * - **Abstract classes** (e.g. base domain errors) — `abstract new` is accepted.
+   * - **Specific constructor signatures** (e.g. `new InvalidTransitionError(from, to, id?)`)
+   *   — `any[]` avoids forcing consumers to widen to `unknown[]` or cast.
+   *
+   * What matters for dispatch is the `instanceof` check, not the ctor shape.
+   */
+  type: abstract new (...args: any[]) => T;
+  /** Convert the error to an HTTP response shape */
+  toResponse: (error: T) => {
+    status: number;
+    code?: string;
+    message?: string;
+    details?: Record<string, unknown>;
+  };
+}
+interface ErrorHandlerOptions {
+  /**
+   * Include stack trace in error responses (default: false in production)
+   */
+  includeStack?: boolean;
+  /**
+   * Custom error callback for logging to external services
+   */
+  onError?: (error: Error, request: FastifyRequest) => void | Promise<void>;
+  /**
+   * Map specific error types to custom responses (by error.name string)
+   */
+  errorMap?: Record<string, {
+    statusCode: number;
+    code: string;
+    message?: string;
+  }>;
+  /**
+   * Class-based error mappers — checked via `instanceof`, highest priority.
+   *
+   * Register your domain error classes once; Arc auto-catches and maps them
+   * in every handler. Handlers just `throw` — no try/catch needed.
+   *
+   * @example
+   * ```typescript
+   * class AccountingError extends Error {
+   *   constructor(message: string, public status: number, public code: string) {
+   *     super(message);
+   *   }
+   * }
+   *
+   * const app = await createApp({
+   *   errorHandler: {
+   *     errorMappers: [
+   *       {
+   *         type: AccountingError,
+   *         toResponse: (err) => ({ status: err.status, code: err.code, message: err.message }),
+   *       },
+   *     ],
+   *   },
+   * });
+   *
+   * // Now handlers just throw:
+   * handler: async (req) => {
+   *   await ledger.post(id); // throws AccountingError → Arc maps to proper HTTP response
+   * }
+   * ```
+   */
+  errorMappers?: ErrorMapper[];
+  /**
+   * Classify an error as a duplicate-key / unique-constraint violation →
+   * mapped to `409 Conflict` with `code: "DUPLICATE_KEY"`.
+   *
+   * Mirrors `RepositoryLike.isDuplicateKeyError` for the Fastify layer: errors
+   * that escape a controller (custom routes, user hooks, raw driver calls)
+   * still land here, so the classifier is duplicated at the edge. Defaults
+   * cover MongoDB (`code 11000` / `codeName "DuplicateKey"`), Prisma
+   * (`code "P2002"`), and Postgres (`code "23505"`). Override to add other
+   * backends (DynamoDB `ConditionalCheckFailedException`, etc.) or to disable
+   * the built-in detection.
+   */
+  isDuplicateKeyError?: (err: unknown) => boolean;
+}
+/**
+ * Default duplicate-key detector covering the mainstream drivers arc sees
+ * most. Detection is strictly by known driver codes — never by message
+ * string matching — because false positives on dup-key silently mask real
+ * errors (WriteConflict, NotWritablePrimary, etc.) as 409s. For long-tail
+ * drivers (Neo4j, MSSQL, DynamoDB, custom kits), compose rather than
+ * replace:
+ *
+ * ```ts
+ * import { defaultIsDuplicateKeyError } from '@classytic/arc/plugins';
+ *
+ * errorHandler: {
+ *   isDuplicateKeyError: (err) =>
+ *     defaultIsDuplicateKeyError(err) || isNeo4jDupKey(err),
+ * }
+ * ```
+ *
+ * Drizzle apps get coverage transitively (Drizzle doesn't wrap driver
+ * errors — pg/mysql2/better-sqlite3 codes propagate as-is). Neon is
+ * Postgres-wire-compatible → `23505` covers `@neondatabase/serverless`.
+ */
+declare function defaultIsDuplicateKeyError(err: unknown): boolean;
+declare function errorHandlerPluginFn(fastify: FastifyInstance, options?: ErrorHandlerOptions): Promise<void>;
+declare const errorHandlerPlugin: typeof errorHandlerPluginFn;
+//#endregion
+export { errorHandlerPlugin as i, ErrorMapper as n, defaultIsDuplicateKeyError as r, ErrorHandlerOptions as t };

package/dist/{eventPlugin-DCUjuiQT.mjs → eventPlugin--5HIkdPU.mjs}

@@ -1,5 +1,5 @@
 import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
-import { t as requestContext } from "./requestContext-xHIKedG6.mjs";
+import { t as requestContext } from "./requestContext-CfRkaxwf.mjs";
 import fp from "fastify-plugin";
 //#region src/events/EventTransport.ts
 /**

package/dist/{eventPlugin-CxWgpd6K.d.mts → eventPlugin-CUNjYYRY.d.mts}

@@ -1,4 +1,4 @@
-import { i as EventLogger, n as DomainEvent, o as EventTransport, r as EventHandler } from "./EventTransport-CUw5NNWe.mjs";
+import { i as EventLogger, n as DomainEvent, o as EventTransport, r as EventHandler } from "./EventTransport-CfVEGaEl.mjs";
 import { FastifyPluginAsync } from "fastify";
 
 //#region src/events/defineEvent.d.ts

package/dist/events/index.d.mts

@@ -1,8 +1,8 @@
-import { kt as RepositoryLike } from "../index-Cl0uoKd5.mjs";
-import { a as EventMeta, c as MemoryEventTransportOptions, d as createEvent, i as EventLogger, l as PublishManyResult, n as DomainEvent, o as EventTransport, r as EventHandler, s as MemoryEventTransport, t as DeadLetteredEvent, u as createChildEvent } from "../EventTransport-CUw5NNWe.mjs";
-import { a as withRetry, c as EventDefinitionOutput, d as EventSchema, f as ValidationResult, i as createDeadLetterPublisher, l as EventRegistry, m as defineEvent, n as eventPlugin, o as CustomValidator, p as createEventRegistry, r as RetryOptions, s as EventDefinitionInput, t as EventPluginOptions, u as EventRegistryOptions } from "../eventPlugin-CxWgpd6K.mjs";
+import { jn as RepositoryLike } from "../index-Cm0vUrr_.mjs";
+import { a as EventMeta, c as MemoryEventTransportOptions, d as createEvent, i as EventLogger, l as PublishManyResult, n as DomainEvent, o as EventTransport, r as EventHandler, s as MemoryEventTransport, t as DeadLetteredEvent, u as createChildEvent } from "../EventTransport-CfVEGaEl.mjs";
+import { a as withRetry, c as EventDefinitionOutput, d as EventSchema, f as ValidationResult, i as createDeadLetterPublisher, l as EventRegistry, m as defineEvent, n as eventPlugin, o as CustomValidator, p as createEventRegistry, r as RetryOptions, s as EventDefinitionInput, t as EventPluginOptions, u as EventRegistryOptions } from "../eventPlugin-CUNjYYRY.mjs";
 import { RedisEventTransportOptions, RedisLike } from "./transports/redis.mjs";
-import { r as RedisStreamTransportOptions, t as RedisStreamLike } from "../redis-stream-CakIQmwR.mjs";
+import { r as RedisStreamTransportOptions, t as RedisStreamLike } from "../redis-stream-CM8TXTix.mjs";
 
 //#region src/events/eventTypes.d.ts
 /**