npm - @classytic/arc - Versions diffs - 2.11.2 → 2.11.3 - Mend

@classytic/arc 2.11.2 → 2.11.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/LICENSE +21 -21
package/README.md +8 -14
package/bin/arc.js +2 -2
package/dist/{BaseController-JNV08qOT.mjs → BaseController-swXruJ2_.mjs} +2 -2
package/dist/{actionPermissions-C8YYU92K.mjs → actionPermissions-sUUKDhtP.mjs} +4 -2
package/dist/auth/index.mjs +1 -1
package/dist/cli/commands/docs.mjs +1 -1
package/dist/cli/commands/generate.d.mts +0 -2
package/dist/cli/commands/generate.mjs +15 -15
package/dist/cli/commands/init.mjs +24 -22
package/dist/context/index.mjs +1 -1
package/dist/core/index.mjs +3 -3
package/dist/{core-DXdSSFW-.mjs → core-DnUsRpuX.mjs} +20 -8
package/dist/{createActionRouter-BwaSM0No.mjs → createActionRouter-u3ql2EDo.mjs} +73 -13
package/dist/{createApp-P1d6rjPy.mjs → createApp-BFxtdKy6.mjs} +1 -1
package/dist/docs/index.mjs +1 -1
package/dist/{eventPlugin--5HIkdPU.mjs → eventPlugin-KrFIQ097.mjs} +1 -1
package/dist/events/index.mjs +11 -3
package/dist/factory/index.mjs +1 -1
package/dist/index.mjs +6 -6
package/dist/integrations/mcp/index.mjs +1 -1
package/dist/integrations/mcp/testing.mjs +1 -1
package/dist/{openapi-C0L9ar7m.mjs → openapi-BGUn7Ki1.mjs} +2 -2
package/dist/permissions/index.mjs +1 -1
package/dist/{permissions-B4vU9L0Q.mjs → permissions-gd_aUWrR.mjs} +42 -0
package/dist/plugins/index.mjs +1 -1
package/dist/plugins/tracing-entry.mjs +1 -1
package/dist/presets/filesUpload.mjs +1 -1
package/dist/presets/index.mjs +1 -1
package/dist/presets/search.mjs +1 -1
package/dist/{presets-k604Lj99.mjs → presets-Z7P5w4gF.mjs} +1 -1
package/dist/{requestContext-CfRkaxwf.mjs → requestContext-C5XeK3VA.mjs} +15 -0
package/dist/{resourceToTools--okX6QBr.mjs → resourceToTools-ByZpgjeH.mjs} +5 -4
package/dist/{routerShared-DeESFp4a.mjs → routerShared-BqLRb5l7.mjs} +60 -3
package/dist/testing/index.mjs +1 -1
package/dist/utils/index.mjs +1 -1
package/dist/{utils-D3Yxnrwr.mjs → utils-CcYTj09l.mjs} +1 -1
package/package.json +3 -1
package/skills/arc/references/events.md +489 -489

package/dist/index.mjs CHANGED Viewed

@@ -1,12 +1,12 @@
 import { a as createMongooseAdapter, i as MongooseAdapter, r as createPrismaAdapter, t as PrismaAdapter } from "./adapters-D0tT2Tyo.mjs";
 import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "./constants-BhY1OHoH.mjs";
-import { j as getUserId, r as envelope } from "./utils-D3Yxnrwr.mjs";
-import { a as BulkMixin, i as SlugMixin, n as TreeMixin, o as BaseCrudController, r as SoftDeleteMixin, t as BaseController } from "./BaseController-JNV08qOT.mjs";
-import { C as requireAuth, D as when, M as applyFieldWritePermissions, N as fields, T as requireRoles, _ as requireTeamMembership, a as presets_exports, b as anyOf, c as readOnly, d as createOrgPermissions, f as requireOrgInScope, g as requireServiceScope, h as requireScopeContext, i as ownerWithAdminBypass, j as applyFieldReadPermissions, m as requireOrgRole, n as authenticated, o as publicRead, p as requireOrgMembership, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as createDynamicPermissionMatrix, v as allOf, w as requireOwnership, x as denyAll, y as allowPublic } from "./permissions-B4vU9L0Q.mjs";
+import { j as getUserId, r as envelope } from "./utils-CcYTj09l.mjs";
+import { a as BulkMixin, i as SlugMixin, n as TreeMixin, o as BaseCrudController, r as SoftDeleteMixin, t as BaseController } from "./BaseController-swXruJ2_.mjs";
+import { C as requireAuth, D as when, M as applyFieldWritePermissions, N as fields, T as requireRoles, _ as requireTeamMembership, a as presets_exports, b as anyOf, c as readOnly, d as createOrgPermissions, f as requireOrgInScope, g as requireServiceScope, h as requireScopeContext, i as ownerWithAdminBypass, j as applyFieldReadPermissions, m as requireOrgRole, n as authenticated, o as publicRead, p as requireOrgMembership, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as createDynamicPermissionMatrix, v as allOf, w as requireOwnership, x as denyAll, y as allowPublic } from "./permissions-gd_aUWrR.mjs";
 import { d as createDomainError, i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-D5c-5BJL.mjs";
-import { _ as getControllerScope } from "./routerShared-DeESFp4a.mjs";
-import { n as ResourceDefinition, r as defineResource, t as defineResourceVariants } from "./core-DXdSSFW-.mjs";
+import { v as getControllerScope } from "./routerShared-BqLRb5l7.mjs";
+import { n as ResourceDefinition, r as defineResource, t as defineResourceVariants } from "./core-DnUsRpuX.mjs";
 //#region src/index.ts
-const version = "2.11.2";
+const version = "2.11.3";
 //#endregion
 export { ArcError, BaseController, BaseCrudController, BulkMixin, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, ForbiddenError, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MongooseAdapter, NotFoundError, PrismaAdapter, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, SlugMixin, SoftDeleteMixin, TreeMixin, UnauthorizedError, ValidationError, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, authenticated, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, defineResourceVariants, denyAll, envelope, fields, fullPublic, getControllerScope, getUserId, ownerWithAdminBypass, presets_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, version, when };

package/dist/integrations/mcp/index.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools--okX6QBr.mjs";
+import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools-ByZpgjeH.mjs";
 import { createHash, randomUUID } from "node:crypto";
 import fp from "fastify-plugin";
 //#region src/integrations/mcp/defineTool.ts

package/dist/integrations/mcp/testing.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools--okX6QBr.mjs";
+import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools-ByZpgjeH.mjs";
 //#region src/integrations/mcp/testing.ts
 /**
 * @classytic/arc/mcp/testing — MCP Test Utilities

package/dist/{openapi-C0L9ar7m.mjs → openapi-BGUn7Ki1.mjs} RENAMED Viewed

@@ -1,7 +1,7 @@
 import { t as getUserRoles } from "./types-DV9WDfeg.mjs";
 import { n as convertRouteSchema } from "./schemaConverter-B0oKLuqI.mjs";
-import { t as resolveActionPermission } from "./actionPermissions-C8YYU92K.mjs";
-import { t as buildActionBodySchema } from "./createActionRouter-BwaSM0No.mjs";
+import { t as resolveActionPermission } from "./actionPermissions-sUUKDhtP.mjs";
+import { t as buildActionBodySchema } from "./createActionRouter-u3ql2EDo.mjs";
 import fp from "fastify-plugin";
 //#region src/docs/openapi.ts
 const openApiPlugin = async (fastify, opts = {}) => {

package/dist/permissions/index.mjs CHANGED Viewed

@@ -1,3 +1,3 @@
-import { A as normalizePermissionResult, C as requireAuth, D as when, E as roles, M as applyFieldWritePermissions, N as fields, O as applyPermissionResult, P as resolveEffectiveRoles, S as not, T as requireRoles, _ as requireTeamMembership, a as presets_exports, b as anyOf, c as readOnly, d as createOrgPermissions, f as requireOrgInScope, g as requireServiceScope, h as requireScopeContext, i as ownerWithAdminBypass, j as applyFieldReadPermissions, l as createRoleHierarchy, m as requireOrgRole, n as authenticated, o as publicRead, p as requireOrgMembership, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as createDynamicPermissionMatrix, v as allOf, w as requireOwnership, x as denyAll, y as allowPublic } from "../permissions-B4vU9L0Q.mjs";
+import { A as normalizePermissionResult, C as requireAuth, D as when, E as roles, M as applyFieldWritePermissions, N as fields, O as applyPermissionResult, P as resolveEffectiveRoles, S as not, T as requireRoles, _ as requireTeamMembership, a as presets_exports, b as anyOf, c as readOnly, d as createOrgPermissions, f as requireOrgInScope, g as requireServiceScope, h as requireScopeContext, i as ownerWithAdminBypass, j as applyFieldReadPermissions, l as createRoleHierarchy, m as requireOrgRole, n as authenticated, o as publicRead, p as requireOrgMembership, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as createDynamicPermissionMatrix, v as allOf, w as requireOwnership, x as denyAll, y as allowPublic } from "../permissions-gd_aUWrR.mjs";
 import { n as normalizeRoles, t as getUserRoles } from "../types-DV9WDfeg.mjs";
 export { adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, applyPermissionResult, authenticated, createDynamicPermissionMatrix, createOrgPermissions, createRoleHierarchy, denyAll, fields, fullPublic, getUserRoles, normalizePermissionResult, normalizeRoles, not, ownerWithAdminBypass, presets_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, resolveEffectiveRoles, roles, when };

package/dist/{permissions-B4vU9L0Q.mjs → permissions-gd_aUWrR.mjs} RENAMED Viewed

@@ -31,21 +31,63 @@ function isMongooseDoc(obj) {
 	return !!obj && typeof obj === "object" && "toObject" in obj && typeof obj.toObject === "function";
 }
 const fields = {
+	/**
+	* Field is never included in responses. Not writable via API.
+	*
+	* @example
+	* ```typescript
+	* fields: { password: fields.hidden() }
+	* ```
+	*/
 	hidden() {
 		return { _type: "hidden" };
 	},
+	/**
+	* Field is only visible to users with specified roles.
+	* Other users don't see the field at all.
+	*
+	* @example
+	* ```typescript
+	* fields: { salary: fields.visibleTo(['admin', 'hr']) }
+	* ```
+	*/
 	visibleTo(roles) {
 		return {
 			_type: "visibleTo",
 			roles
 		};
 	},
+	/**
+	* Field is only writable by users with specified roles.
+	* All users can still read the field. Users without the role
+	* have the field silently stripped from write operations.
+	*
+	* @example
+	* ```typescript
+	* fields: { role: fields.writableBy(['admin']) }
+	* ```
+	*/
 	writableBy(roles) {
 		return {
 			_type: "writableBy",
 			roles
 		};
 	},
+	/**
+	* Field is redacted (replaced with a placeholder) for specified roles.
+	* Other users see the real value.
+	*
+	* @param roles - Roles that see the redacted value
+	* @param redactValue - Replacement value (default: '***')
+	*
+	* @example
+	* ```typescript
+	* fields: {
+	*   email: fields.redactFor(['viewer']),
+	*   ssn: fields.redactFor(['basic'], '***-**-****'),
+	* }
+	* ```
+	*/
 	redactFor(roles, redactValue = "***") {
 		return {
 			_type: "redactFor",

package/dist/plugins/index.mjs CHANGED Viewed

@@ -1,6 +1,6 @@
 import { p as MUTATION_OPERATIONS } from "../constants-BhY1OHoH.mjs";
 import { o as getOrgId } from "../types-AOD8fxIw.mjs";
-import { t as requestContext } from "../requestContext-CfRkaxwf.mjs";
+import { t as requestContext } from "../requestContext-C5XeK3VA.mjs";
 import { t as hasEvents } from "../typeGuards-CcFZXgU7.mjs";
 import { t as HookSystem } from "../HookSystem-CGsMd6oK.mjs";
 import { t as ResourceRegistry } from "../ResourceRegistry-DkAeAuTX.mjs";

package/dist/plugins/tracing-entry.mjs CHANGED Viewed

@@ -58,7 +58,7 @@ try {
 function createTracerProvider(options) {
 	if (!isAvailable || !NodeTracerProvider || !BatchSpanProcessor || !OTLPTraceExporter) return null;
 	const { serviceName = "@classytic/arc", serviceVersion, exporterUrl = "http://localhost:4318/v1/traces" } = options;
-	const resolvedVersion = serviceVersion ?? "2.11.2";
+	const resolvedVersion = serviceVersion ?? "2.11.3";
 	const exporter = new OTLPTraceExporter({ url: exporterUrl });
 	const provider = new NodeTracerProvider({ resource: { attributes: {
 		"service.name": serviceName,

package/dist/presets/filesUpload.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
 import { o as getOrgId, p as getUserId } from "../types-AOD8fxIw.mjs";
-import { C as requireAuth, y as allowPublic } from "../permissions-B4vU9L0Q.mjs";
+import { C as requireAuth, y as allowPublic } from "../permissions-gd_aUWrR.mjs";
 import { i as NotFoundError, u as ValidationError } from "../errors-D5c-5BJL.mjs";
 import { t as multipartBody } from "../multipartBody-CvTR1Un6.mjs";
 //#region src/presets/filesUpload.ts

package/dist/presets/index.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
 import { multiTenantPreset } from "./multiTenant.mjs";
-import { a as registerPreset, c as auditedPreset, d as ownedByUserPreset, i as getPreset, l as softDeletePreset, n as flexibleMultiTenantPreset, o as treePreset, r as getAvailablePresets, s as bulkPreset, t as applyPresets, u as slugLookupPreset } from "../presets-k604Lj99.mjs";
+import { a as registerPreset, c as auditedPreset, d as ownedByUserPreset, i as getPreset, l as softDeletePreset, n as flexibleMultiTenantPreset, o as treePreset, r as getAvailablePresets, s as bulkPreset, t as applyPresets, u as slugLookupPreset } from "../presets-Z7P5w4gF.mjs";
 import { filesUploadPreset } from "./filesUpload.mjs";
 import { searchPreset } from "./search.mjs";
 export { applyPresets, auditedPreset, bulkPreset, filesUploadPreset, flexibleMultiTenantPreset, getAvailablePresets, getPreset, multiTenantPreset, ownedByUserPreset, registerPreset, searchPreset, slugLookupPreset, softDeletePreset, treePreset };

package/dist/presets/search.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { C as requireAuth, y as allowPublic } from "../permissions-B4vU9L0Q.mjs";
+import { C as requireAuth, y as allowPublic } from "../permissions-gd_aUWrR.mjs";
 //#region src/presets/search.ts
 const BUILTINS = [
 	{

package/dist/{presets-k604Lj99.mjs → presets-Z7P5w4gF.mjs} RENAMED Viewed

@@ -1,5 +1,5 @@
 import { _ as isElevated, n as PUBLIC_SCOPE } from "./types-AOD8fxIw.mjs";
-import { C as requireAuth, T as requireRoles, y as allowPublic } from "./permissions-B4vU9L0Q.mjs";
+import { C as requireAuth, T as requireRoles, y as allowPublic } from "./permissions-gd_aUWrR.mjs";
 import { multiTenantPreset } from "./presets/multiTenant.mjs";
 //#region src/presets/ownedByUser.ts
 /**

package/dist/{requestContext-CfRkaxwf.mjs → requestContext-C5XeK3VA.mjs} RENAMED Viewed

@@ -38,15 +38,30 @@ const storage = new AsyncLocalStorage();
 * - `getStore()` — alias for get() (matches Node.js API naming)
 */
 const requestContext = {
+	/**
+	* Get the current request context.
+	* Returns undefined if called outside a request lifecycle.
+	*/
 	get() {
 		return storage.getStore();
 	},
+	/**
+	* Alias for get() — matches Node.js AsyncLocalStorage API naming.
+	*/
 	getStore() {
 		return storage.getStore();
 	},
+	/**
+	* Run a function within a specific request context.
+	* Used internally by Arc's onRequest hook.
+	*/
 	run(store, fn) {
 		return storage.run(store, fn);
 	},
+	/**
+	* The underlying AsyncLocalStorage instance.
+	* Exposed for advanced use cases (testing, custom integrations).
+	*/
 	storage
 };
 //#endregion

package/dist/{resourceToTools--okX6QBr.mjs → resourceToTools-ByZpgjeH.mjs} RENAMED Viewed

@@ -1,8 +1,8 @@
-import { t as BaseController } from "./BaseController-JNV08qOT.mjs";
-import { A as normalizePermissionResult } from "./permissions-B4vU9L0Q.mjs";
-import { u as resolvePipelineSteps } from "./routerShared-DeESFp4a.mjs";
+import { t as BaseController } from "./BaseController-swXruJ2_.mjs";
+import { A as normalizePermissionResult } from "./permissions-gd_aUWrR.mjs";
+import { u as resolvePipelineSteps } from "./routerShared-BqLRb5l7.mjs";
 import { t as executePipeline } from "./pipe-DVoIheVC.mjs";
-import { t as resolveActionPermission } from "./actionPermissions-C8YYU92K.mjs";
+import { t as resolveActionPermission } from "./actionPermissions-sUUKDhtP.mjs";
 import { i as shouldRejectAdditionalProperties, r as schemaIRToZodShape, t as normalizeSchemaIR } from "./schemaIR-BlG9bY7v.mjs";
 import { t as pluralize } from "./pluralize-BneOJkpi.mjs";
 import { z } from "zod";
@@ -1145,6 +1145,7 @@ function resourceToTools(resource, config = {}) {
 			resourcePermissions: resource.permissions,
 			resourceActionPermissions: resource.actionPermissions
 		});
+		if (!actionPerms) throw new Error(`[Arc/MCP] Resource '${resource.name}': action '${actionName}' has no permission gate and the resource defines no \`permissions.update\` fallback. Declare one of:\n  - \`actions.${actionName}.permissions: <PermissionCheck>\` (per-action)\n  - \`actionPermissions: <PermissionCheck>\` (resource-wide)\n  - \`permissions.update: <PermissionCheck>\` (inherited by actions)\nUse \`allowPublic()\` if you genuinely want the action unauthenticated.`);
 		tools.push({
 			name: toolName,
 			description: String(description),

package/dist/{routerShared-DeESFp4a.mjs → routerShared-BqLRb5l7.mjs} RENAMED Viewed

@@ -1,7 +1,7 @@
 import { _ as isElevated, n as PUBLIC_SCOPE, o as getOrgId, p as getUserId, v as isMember } from "./types-AOD8fxIw.mjs";
-import { P as resolveEffectiveRoles, j as applyFieldReadPermissions, k as evaluateAndApplyPermission } from "./permissions-B4vU9L0Q.mjs";
+import { P as resolveEffectiveRoles, j as applyFieldReadPermissions, k as evaluateAndApplyPermission } from "./permissions-gd_aUWrR.mjs";
 import { t as getUserRoles } from "./types-DV9WDfeg.mjs";
-import { t as requestContext } from "./requestContext-CfRkaxwf.mjs";
+import { t as requestContext } from "./requestContext-C5XeK3VA.mjs";
 import { t as executePipeline } from "./pipe-DVoIheVC.mjs";
 //#region src/scope/projection.ts
 /**
@@ -511,5 +511,62 @@ function buildPreHandlerChain(parts) {
 		...parts.customMws ?? []
 	].filter(Boolean);
 }
+/**
+* `RouteDefinition.preHandler` accepts two shapes:
+*
+*   1. **Array form** — `RouteHandlerMethod[]`. Used directly.
+*   2. **Factory form** — `(fastify) => RouteHandlerMethod[]`. Called once at
+*      route-registration time with the Fastify instance, so handlers can
+*      capture decorators (`fastify.authenticate`, `fastify.events`, etc.)
+*      that aren't on the request.
+*
+* The two forms are equally idiomatic, but the discrimination is by
+* `typeof preHandler === "function"`. Single-function shapes such as
+* `multipartBody({...})` (a `RouteHandlerMethod`) **structurally satisfy
+* the factory branch** at the call site, then fail with a cryptic
+* `Cannot read properties of undefined (reading 'content-type')` once the
+* handler runs with `fastify` in the request slot.
+*
+* This resolver:
+*   1. Distinguishes the two valid shapes.
+*   2. Validates the factory's RETURN — must be an array of functions.
+*   3. Throws an actionable error pointing at the route + the fix when
+*      a single `RouteHandlerMethod` was passed instead of an array, OR
+*      when a factory returned the wrong shape.
+*
+* The error message names the route (`{method} {path}`) and the
+* canonical fix (`preHandler: [yourHandler]`) so the failure mode is
+* obvious instead of debug-archaeology.
+*
+* @param preHandler  The `route.preHandler` value (any of the valid shapes
+*                    plus the common bare-handler mistake).
+* @param fastify     Passed to factory-form preHandlers.
+* @param routeId     `"GET /todos/:id/attach"` (or similar) — used in the
+*                    error message so a multi-route file points at the
+*                    actual offender.
+*/
+function resolveRoutePreHandlers(preHandler, fastify, routeId) {
+	if (preHandler === void 0 || preHandler === null) return [];
+	if (Array.isArray(preHandler)) return preHandler.filter((h) => typeof h === "function");
+	if (typeof preHandler === "function") {
+		let result;
+		try {
+			result = preHandler(fastify);
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			throw new TypeError(`Route ${routeId}: preHandler factory threw during route registration: ${msg}.\nIf you intended to pass a single handler (e.g. \`multipartBody({...})\`), wrap it in an array: \`preHandler: [yourHandler]\`. The factory form is \`(fastify) => RouteHandlerMethod[]\` — it must return an array.`, { cause: err instanceof Error ? err : void 0 });
+		}
+		if (!Array.isArray(result)) throw new TypeError(`Route ${routeId}: preHandler factory must return an array of handlers, got ${describeValue(result)}.\nCommon cause: passing a single \`RouteHandlerMethod\` (e.g. \`multipartBody({...})\`) where an array was expected. Wrap it: \`preHandler: [yourHandler]\`. The factory form \`(fastify) => RouteHandlerMethod[]\` is for cases that need the Fastify instance — e.g. \`(fastify) => [fastify.authenticate, myHandler]\`.`);
+		return result.filter((h) => typeof h === "function");
+	}
+	throw new TypeError(`Route ${routeId}: preHandler must be an array of handlers OR a factory \`(fastify) => RouteHandlerMethod[]\`. Got ${describeValue(preHandler)}.`);
+}
+function describeValue(v) {
+	if (v === null) return "null";
+	if (v === void 0) return "undefined";
+	if (typeof v === "function") return "a function (single handler — wrap in array)";
+	if (Array.isArray(v)) return `an array of length ${v.length}`;
+	return `${typeof v} (${JSON.stringify(v).slice(0, 80)})`;
+}
 //#endregion
-export { getControllerScope as _, buildAuthMiddlewareForPermissions as a, buildPreHandlerChain as c, resolveRouterPluginMw as d, selectPluginMw as f, getControllerContext as g, createRequestContext as h, buildAuthMiddleware as i, buildRateLimitConfig as l, createFastifyHandler as m, buildActionPipelineHandler as n, buildCrudPermissionMw as o, createCrudHandlers as p, buildArcDecorator as r, buildPipelineHandler as s, buildActionPermissionMw as t, resolvePipelineSteps as u, sendControllerResponse as v, buildRequestScopeProjection as y };
+export { getControllerContext as _, buildAuthMiddlewareForPermissions as a, buildRequestScopeProjection as b, buildPreHandlerChain as c, resolveRoutePreHandlers as d, resolveRouterPluginMw as f, createRequestContext as g, createFastifyHandler as h, buildAuthMiddleware as i, buildRateLimitConfig as l, createCrudHandlers as m, buildActionPipelineHandler as n, buildCrudPermissionMw as o, selectPluginMw as p, buildArcDecorator as r, buildPipelineHandler as s, buildActionPermissionMw as t, resolvePipelineSteps as u, getControllerScope as v, sendControllerResponse as y };

package/dist/testing/index.mjs CHANGED Viewed

@@ -1081,7 +1081,7 @@ function pickDefaultAuth(authMode, callerAuth) {
 	};
 }
 async function createTestApp(options = {}) {
-	const { createApp } = await import("../createApp-P1d6rjPy.mjs").then((n) => n.r);
+	const { createApp } = await import("../createApp-BFxtdKy6.mjs").then((n) => n.r);
 	const { resources = [], db = "in-memory", connectMongoose = false, authMode = "jwt", defaultOrgId, plugins, auth: callerAuth, ...appOptions } = options;
 	let dbHandle;
 	let dbUri;

package/dist/utils/index.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { A as createQueryParser, C as mutationResponse, D as successResponseSchema, E as responses, M as simpleEqualityMatcher, O as wrapResponse, S as listResponse, T as queryParams, _ as deleteResponse, a as defineErrorMapper, b as getListQueryParams, c as CircuitBreaker, d as CircuitState, f as createCircuitBreaker, g as validateResourceConfig, h as formatValidationErrors, i as defineGuard, j as getUserId, k as ArcQueryParser, l as CircuitBreakerError, m as assertValidConfig, n as handleRaw, o as defineCompensation, p as createCircuitBreakerRegistry, r as envelope, s as withCompensation, t as createStateMachine, u as CircuitBreakerRegistry, v as errorResponseSchema, w as paginationSchema, x as itemResponse, y as getDefaultCrudSchemas } from "../utils-D3Yxnrwr.mjs";
+import { A as createQueryParser, C as mutationResponse, D as successResponseSchema, E as responses, M as simpleEqualityMatcher, O as wrapResponse, S as listResponse, T as queryParams, _ as deleteResponse, a as defineErrorMapper, b as getListQueryParams, c as CircuitBreaker, d as CircuitState, f as createCircuitBreaker, g as validateResourceConfig, h as formatValidationErrors, i as defineGuard, j as getUserId, k as ArcQueryParser, l as CircuitBreakerError, m as assertValidConfig, n as handleRaw, o as defineCompensation, p as createCircuitBreakerRegistry, r as envelope, s as withCompensation, t as createStateMachine, u as CircuitBreakerRegistry, v as errorResponseSchema, w as paginationSchema, x as itemResponse, y as getDefaultCrudSchemas } from "../utils-CcYTj09l.mjs";
 import { a as OrgAccessDeniedError, c as ServiceUnavailableError, d as createDomainError, f as createError, i as NotFoundError, l as UnauthorizedError, n as ConflictError, o as OrgRequiredError, p as isArcError, r as ForbiddenError, s as RateLimitError, t as ArcError, u as ValidationError } from "../errors-D5c-5BJL.mjs";
 import { a as toJsonSchema, i as isZodSchema, n as convertRouteSchema, r as isJsonSchema, t as convertOpenApiSchemas } from "../schemaConverter-B0oKLuqI.mjs";
 import { t as hasEvents } from "../typeGuards-CcFZXgU7.mjs";

package/dist/{utils-D3Yxnrwr.mjs → utils-CcYTj09l.mjs} RENAMED Viewed

@@ -1,7 +1,7 @@
 import { m as RESERVED_QUERY_PARAMS, t as CRUD_OPERATIONS } from "./constants-BhY1OHoH.mjs";
 import { arcLog } from "./logger/index.mjs";
 import { t as ArcError } from "./errors-D5c-5BJL.mjs";
-import { r as getAvailablePresets } from "./presets-k604Lj99.mjs";
+import { r as getAvailablePresets } from "./presets-Z7P5w4gF.mjs";
 //#region src/utils/simpleEqualityMatcher.ts
 /**
 * `simpleEqualityMatcher` — a minimal, dialect-agnostic flat-key equality

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@classytic/arc",
-  "version": "2.11.2",
+  "version": "2.11.3",
   "description": "Resource-oriented backend framework for Fastify — clean, minimal, powerful, tree-shakable",
   "type": "module",
   "exports": {
@@ -255,6 +255,7 @@
     "@fastify/under-pressure": ">=9.0.0",
     "@fastify/websocket": ">=11.0.0",
     "@modelcontextprotocol/sdk": ">=1.28.0",
+    "@opentelemetry/api": ">=1.9.0",
     "@opentelemetry/auto-instrumentations-node": ">=0.40.0",
     "@opentelemetry/exporter-trace-otlp-http": ">=0.50.0",
     "@opentelemetry/instrumentation-http": ">=0.50.0",
@@ -381,6 +382,7 @@
     "@fastify/under-pressure": "^9.0.3",
     "@fastify/websocket": "^11.0.0",
     "@modelcontextprotocol/sdk": "^1.29.0",
+    "@opentelemetry/api": "^1.9.1",
     "@sinclair/typebox": "^0.34.0",
     "@types/node": "^22.10.0",
     "@types/qs": "^6.14.0",