@classytic/arc 2.11.4 → 2.13.1

package/dist/index.d.mts

@@ -1,11 +1,10 @@
-import { $t as ArcListResult, A as RequestIdOptions, An as FieldMetadata, B as ResourceDefinition, Bt as UserOrganization, C as RequestContext, D as HealthCheck, Dn as AdapterRepositoryInput, E as GracefulShutdownOptions, F as FastifyWithDecorators, Ft as ApiResponse, Gt as TreeMixin, Ht as SoftDeleteExt, It as ArcRequest, J as CrudRouteKey, Jt as BulkExt, Kt as SlugExt, L as RequestWithExtras, Lt as JWTPayload, Mn as RepositoryLike, N as FastifyRequestExtras, Nn as SchemaMetadata, O as HealthOptions, P as FastifyWithAuth, Pn as ValidationResult, Pt as AnyRecord, Q as MiddlewareConfig, Qt as ArcGetResult, S as QueryParserInterface, T as CrudRouterOptions, Ut as SoftDeleteMixin, V as defineResource, Vt as BaseController, Wt as TreeExt, X as EventDefinition, Xt as ArcCreateResult, Y as CrudSchemas, Yt as BulkMixin, Z as FieldRule, Zt as ArcDeleteResult, _t as IControllerResponse, a as InferAdapterDoc, at as ResourceConfig, c as TypedController, d as PaginationResult, en as ArcUpdateResult, et as PresetFunction, f as IntrospectionData, ft as RouteSchemaOptions, g as ArcInternalMetadata, gt as IController, h as ResourceMetadata, i as ValidationResult$1, jn as RelationMetadata, k as IntrospectionPluginOptions, kn as DataAdapter, kt as AuthPluginOptions, l as TypedRepository, m as RegistryStats, mt as ControllerLike, n as ConfigError, nn as BaseCrudController, nt as PresetResult, o as InferDocType, p as RegistryEntry, q as CrudController, qt as SlugMixin, r as ValidateOptions, rn as ListResult, rt as RateLimitConfig, s as InferResourceDoc, t as RouteHandlerMethod, tn as BaseControllerOptions, u as TypedResourceConfig, vt as IRequestContext, w as ServiceContext, y as OwnershipCheck, yt as RouteHandler } from "./index-CXXRbnf8.mjs";
-import { a as applyFieldWritePermissions, c as PermissionCheck, d as UserBase, i as applyFieldReadPermissions, l as PermissionContext, n as FieldPermissionMap, o as fields, t as FieldPermission, u as PermissionResult } from "./fields-BRjxOAFp.mjs";
-import { l as createMongooseAdapter, o as createPrismaAdapter, s as MongooseAdapter, t as PrismaAdapter } from "./index-Rg8axYPz.mjs";
-import { C as MAX_REGEX_LENGTH, D as RESERVED_QUERY_PARAMS, E as MutationOperation, O as SYSTEM_FIELDS, S as MAX_FILTER_DEPTH, T as MUTATION_OPERATIONS, _ as DEFAULT_UPDATE_METHOD, a as getControllerScope, b as HookOperation, d as CrudOperation, f as DEFAULT_ID_FIELD, g as DEFAULT_TENANT_FIELD, h as DEFAULT_SORT, m as DEFAULT_MAX_LIMIT, p as DEFAULT_LIMIT, s as defineResourceVariants, u as CRUD_OPERATIONS, v as HOOK_OPERATIONS, w as MAX_SEARCH_LENGTH, x as HookPhase, y as HOOK_PHASES } from "./index-m8mOOlFW.mjs";
-import { A as requireRoles, C as allOf, E as denyAll, M as when, O as requireAuth, S as createOrgPermissions, T as anyOf, a as presets_d_exports, c as readOnly, d as requireOrgRole, f as requireScopeContext, i as ownerWithAdminBypass, k as requireOwnership, l as requireOrgInScope, m as requireTeamMembership, n as authenticated, o as publicRead, p as requireServiceScope, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as requireOrgMembership, v as DynamicPermissionMatrix, w as allowPublic, x as createDynamicPermissionMatrix, y as DynamicPermissionMatrixConfig } from "./index-rHjXmJar.mjs";
-import { ft as UnauthorizedError, j as envelope, mt as createDomainError, ot as ForbiddenError, pt as ValidationError, rt as ArcError, st as NotFoundError, t as getUserId } from "./index-D9t1KNaB.mjs";
+import { $t as SoftDeleteMixin, A as RequestIdOptions, B as defineResource, C as RequestContext, Ct as AggregationConfig, D as HealthCheck, Dt as AggregationMaterializedResult, E as GracefulShutdownOptions, Et as AggregationMaterializedContext, F as FastifyWithDecorators, Gt as ApiResponse, J as CrudRouteKey, Kt as ArcRequest, L as RequestWithExtras, N as FastifyRequestExtras, O as HealthOptions, Ot as AggregationRateLimit, P as FastifyWithAuth, Q as MiddlewareConfig, Qt as SoftDeleteExt, S as QueryParserInterface, St as AggregationCacheConfig, T as CrudRouterOptions, Tt as AggregationIndexHint, V as ResourceDefinition, Wt as AnyRecord, X as EventDefinition, Xt as UserOrganization, Y as CrudSchemas, Z as FieldRule, Zt as BaseController, _t as IControllerResponse, a as InferAdapterDoc, an as BulkMixin, at as ResourceConfig, bt as AggMeasureInput, c as TypedController, d as PaginationResult, dn as ArcDeleteResult, en as TreeExt, et as PresetFunction, f as IntrospectionData, fn as ArcGetResult, ft as RouteSchemaOptions, g as ArcInternalMetadata, gt as IController, h as ResourceMetadata, hn as ListResult, i as ValidationResult, in as BulkExt, k as IntrospectionPluginOptions, kt as AggregationsMap, l as TypedRepository, m as RegistryStats, mn as ArcUpdateResult, mt as ControllerLike, n as ConfigError, nn as SlugExt, nt as PresetResult, o as InferDocType, on as BaseControllerOptions, p as RegistryEntry, pn as ArcListResult, q as CrudController, qt as JWTPayload, r as ValidateOptions, rn as SlugMixin, rt as RateLimitConfig, s as InferResourceDoc, sn as BaseCrudController, t as RouteHandlerMethod, tn as TreeMixin, u as TypedResourceConfig, un as ArcCreateResult, vt as IRequestContext, w as ServiceContext, wt as AggregationDateRangeRequirement, xt as AggMeasureShorthand, y as OwnershipCheck, yt as RouteHandler, zt as AuthPluginOptions } from "./index-BtW7qYwa.mjs";
+import { a as applyFieldWritePermissions, c as PermissionCheck, d as UserBase, i as applyFieldReadPermissions, l as PermissionContext, n as FieldPermissionMap, o as fields, t as FieldPermission, u as PermissionResult } from "./fields-COhcH3fk.mjs";
+import { C as MAX_FILTER_DEPTH, D as MutationOperation, E as MUTATION_OPERATIONS, O as RESERVED_QUERY_PARAMS, S as HookPhase, T as MAX_SEARCH_LENGTH, _ as DEFAULT_TENANT_FIELD, a as getControllerScope, b as HOOK_PHASES, d as CRUD_OPERATIONS, f as CrudOperation, g as DEFAULT_SORT, h as DEFAULT_MAX_LIMIT, k as SYSTEM_FIELDS, m as DEFAULT_LIMIT, p as DEFAULT_ID_FIELD, s as defineResourceVariants, u as defineAggregation, v as DEFAULT_UPDATE_METHOD, w as MAX_REGEX_LENGTH, x as HookOperation, y as HOOK_OPERATIONS } from "./index-Ds61mrJE.mjs";
+import { A as requireRoles, C as allOf, E as denyAll, M as when, O as requireAuth, S as createOrgPermissions, T as anyOf, a as presets_d_exports, c as readOnly, d as requireOrgRole, f as requireScopeContext, i as ownerWithAdminBypass, k as requireOwnership, l as requireOrgInScope, m as requireTeamMembership, n as authenticated, o as publicRead, p as requireServiceScope, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as requireOrgMembership, v as DynamicPermissionMatrix, w as allowPublic, x as createDynamicPermissionMatrix, y as DynamicPermissionMatrixConfig } from "./index-BTqLEvhu.mjs";
+import { ct as NotFoundError, ht as createDomainError, it as ArcError, mt as ValidationError, pt as UnauthorizedError, st as ForbiddenError, t as getUserId } from "./index-Dz5IKsrE.mjs";
 
 //#region src/index.d.ts
 declare const version: string;
 //#endregion
-export { type AdapterRepositoryInput, type ValidationResult as AdapterValidationResult, type AnyRecord, type ApiResponse, type ArcCreateResult, type ArcDeleteResult, ArcError, type ArcGetResult, type ArcInternalMetadata, type ArcListResult, type ArcRequest, type ArcUpdateResult, type AuthPluginOptions, BaseController, type BaseControllerOptions, BaseCrudController, type BulkExt, BulkMixin, CRUD_OPERATIONS, type ConfigError, type ControllerLike, type CrudController, type CrudOperation, type CrudRouteKey, type CrudRouterOptions, type CrudSchemas, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, type DataAdapter, type DynamicPermissionMatrix, type DynamicPermissionMatrixConfig, type EventDefinition, type FastifyRequestExtras, type FastifyWithAuth, type FastifyWithDecorators, type FieldMetadata, type FieldPermission, type FieldPermissionMap, type FieldRule, ForbiddenError, type GracefulShutdownOptions, HOOK_OPERATIONS, HOOK_PHASES, type HealthCheck, type HealthOptions, type HookOperation, type HookPhase, type IController, type IControllerResponse, type IRequestContext, type InferAdapterDoc, type InferDocType, type InferResourceDoc, type IntrospectionData, type IntrospectionPluginOptions, type JWTPayload, type ListResult, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, type MiddlewareConfig, MongooseAdapter, type MutationOperation, NotFoundError, type OwnershipCheck, type PaginationResult, type PermissionCheck, type PermissionContext, type PermissionResult, type PresetFunction, type PresetResult, PrismaAdapter, type QueryParserInterface, RESERVED_QUERY_PARAMS, type RateLimitConfig, type RegistryEntry, type RegistryStats, type RelationMetadata, type RepositoryLike, type RequestContext, type RequestIdOptions, type RequestWithExtras, type ResourceConfig, ResourceDefinition, type ResourceMetadata, type RouteHandler, type RouteHandlerMethod, type RouteSchemaOptions, SYSTEM_FIELDS, type SchemaMetadata, type ServiceContext, type SlugExt, SlugMixin, type SoftDeleteExt, SoftDeleteMixin, type TreeExt, TreeMixin, type TypedController, type TypedRepository, type TypedResourceConfig, UnauthorizedError, type UserBase, type UserOrganization, type ValidateOptions, ValidationError, type ValidationResult$1 as ValidationResult, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, authenticated, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, defineResourceVariants, denyAll, envelope, fields, fullPublic, getControllerScope, getUserId, ownerWithAdminBypass, presets_d_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, version, when };
+export { type AggMeasureInput, type AggMeasureShorthand, type AggregationCacheConfig, type AggregationConfig, type AggregationDateRangeRequirement, type AggregationIndexHint, type AggregationMaterializedContext, type AggregationMaterializedResult, type AggregationRateLimit, type AggregationsMap, type AnyRecord, type ApiResponse, type ArcCreateResult, type ArcDeleteResult, ArcError, type ArcGetResult, type ArcInternalMetadata, type ArcListResult, type ArcRequest, type ArcUpdateResult, type AuthPluginOptions, BaseController, type BaseControllerOptions, BaseCrudController, type BulkExt, BulkMixin, CRUD_OPERATIONS, type ConfigError, type ControllerLike, type CrudController, type CrudOperation, type CrudRouteKey, type CrudRouterOptions, type CrudSchemas, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, type DynamicPermissionMatrix, type DynamicPermissionMatrixConfig, type EventDefinition, type FastifyRequestExtras, type FastifyWithAuth, type FastifyWithDecorators, type FieldPermission, type FieldPermissionMap, type FieldRule, ForbiddenError, type GracefulShutdownOptions, HOOK_OPERATIONS, HOOK_PHASES, type HealthCheck, type HealthOptions, type HookOperation, type HookPhase, type IController, type IControllerResponse, type IRequestContext, type InferAdapterDoc, type InferDocType, type InferResourceDoc, type IntrospectionData, type IntrospectionPluginOptions, type JWTPayload, type ListResult, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, type MiddlewareConfig, type MutationOperation, NotFoundError, type OwnershipCheck, type PaginationResult, type PermissionCheck, type PermissionContext, type PermissionResult, type PresetFunction, type PresetResult, type QueryParserInterface, RESERVED_QUERY_PARAMS, type RateLimitConfig, type RegistryEntry, type RegistryStats, type RequestContext, type RequestIdOptions, type RequestWithExtras, type ResourceConfig, ResourceDefinition, type ResourceMetadata, type RouteHandler, type RouteHandlerMethod, type RouteSchemaOptions, SYSTEM_FIELDS, type ServiceContext, type SlugExt, SlugMixin, type SoftDeleteExt, SoftDeleteMixin, type TreeExt, TreeMixin, type TypedController, type TypedRepository, type TypedResourceConfig, UnauthorizedError, type UserBase, type UserOrganization, type ValidateOptions, ValidationError, type ValidationResult, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, authenticated, createDomainError, createDynamicPermissionMatrix, createOrgPermissions, defineAggregation, defineResource, defineResourceVariants, denyAll, fields, fullPublic, getControllerScope, getUserId, ownerWithAdminBypass, presets_d_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, version, when };

package/dist/index.mjs

@@ -1,12 +1,11 @@
-import { a as createMongooseAdapter, i as MongooseAdapter, r as createPrismaAdapter, t as PrismaAdapter } from "./adapters-DUUiiimH.mjs";
-import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "./constants-BhY1OHoH.mjs";
-import { j as getUserId, r as envelope } from "./utils-CcYTj09l.mjs";
-import { a as BulkMixin, i as SlugMixin, n as TreeMixin, o as BaseCrudController, r as SoftDeleteMixin, t as BaseController } from "./BaseController-swXruJ2_.mjs";
-import { C as requireAuth, D as when, M as applyFieldWritePermissions, N as fields, T as requireRoles, _ as requireTeamMembership, a as presets_exports, b as anyOf, c as readOnly, d as createOrgPermissions, f as requireOrgInScope, g as requireServiceScope, h as requireScopeContext, i as ownerWithAdminBypass, j as applyFieldReadPermissions, m as requireOrgRole, n as authenticated, o as publicRead, p as requireOrgMembership, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as createDynamicPermissionMatrix, v as allOf, w as requireOwnership, x as denyAll, y as allowPublic } from "./permissions-gd_aUWrR.mjs";
-import { d as createDomainError, i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-D5c-5BJL.mjs";
-import { v as getControllerScope } from "./routerShared-BqLRb5l7.mjs";
-import { n as ResourceDefinition, r as defineResource, t as defineResourceVariants } from "./core-CbcQRIch.mjs";
+import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "./constants-Cxde4rpC.mjs";
+import { d as createDomainError, i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-j4aJm1Wg.mjs";
+import { t as getUserId } from "./utils-_h9B3c57.mjs";
+import { a as BulkMixin, i as SlugMixin, n as TreeMixin, o as BaseCrudController, r as SoftDeleteMixin, t as BaseController } from "./BaseController-DX_T-bDB.mjs";
+import { C as allowPublic, D as requireAuth, O as requireOwnership, S as allOf, T as denyAll, _ as requireOrgMembership, a as presets_exports, b as requireServiceScope, c as readOnly, d as applyFieldWritePermissions, f as fields, g as requireOrgInScope, h as createOrgPermissions, i as ownerWithAdminBypass, j as when, k as requireRoles, m as createDynamicPermissionMatrix, n as authenticated, o as publicRead, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as applyFieldReadPermissions, v as requireOrgRole, w as anyOf, x as requireTeamMembership, y as requireScopeContext } from "./permissions-ohQyv50e.mjs";
+import { v as getControllerScope } from "./routerShared-D6_fEGHh.mjs";
+import { n as defineResource, o as defineAggregation, r as ResourceDefinition, t as defineResourceVariants } from "./core-D72ia0EH.mjs";
 //#region src/index.ts
-const version = "2.11.4";
+const version = "2.13.1";
 //#endregion
-export { ArcError, BaseController, BaseCrudController, BulkMixin, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, ForbiddenError, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MongooseAdapter, NotFoundError, PrismaAdapter, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, SlugMixin, SoftDeleteMixin, TreeMixin, UnauthorizedError, ValidationError, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, authenticated, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, defineResourceVariants, denyAll, envelope, fields, fullPublic, getControllerScope, getUserId, ownerWithAdminBypass, presets_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, version, when };
+export { ArcError, BaseController, BaseCrudController, BulkMixin, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, ForbiddenError, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, NotFoundError, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, SlugMixin, SoftDeleteMixin, TreeMixin, UnauthorizedError, ValidationError, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, authenticated, createDomainError, createDynamicPermissionMatrix, createOrgPermissions, defineAggregation, defineResource, defineResourceVariants, denyAll, fields, fullPublic, getControllerScope, getUserId, ownerWithAdminBypass, presets_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, version, when };

package/dist/integrations/event-gateway.d.mts

@@ -1,4 +1,4 @@
-import { n as DomainEvent } from "../EventTransport-CYNUXdCJ.mjs";
+import { n as DomainEvent } from "../EventTransport-CT_52aWU.mjs";
 import { a as WebSocketMessage, i as WebSocketClient } from "../websocket-ChC2rqe1.mjs";
 import { FastifyPluginAsync, FastifyRequest } from "fastify";
 

package/dist/integrations/event-gateway.mjs

@@ -4,7 +4,7 @@ const eventGatewayPluginImpl = async (fastify, opts = {}) => {
 	const { auth = true, orgScoped = false, roomPolicy, maxMessageBytes, maxSubscriptionsPerClient, authenticate } = opts;
 	if (auth && !authenticate && !fastify.hasDecorator("authenticate")) throw new Error("[arc-event-gateway] auth is true but fastify.authenticate is not registered. Register an auth plugin first, provide a custom authenticate function, or set auth: false.");
 	if (opts.sse !== false) {
-		const { default: ssePlugin } = await import("../sse-V7aXc3bW.mjs").then((n) => n.r);
+		const { default: ssePlugin } = await import("../sse-Bz-5ZeTt.mjs").then((n) => n.r);
 		await fastify.register(ssePlugin, {
 			path: opts.sse?.path ?? "/events/stream",
 			requireAuth: auth,

package/dist/integrations/index.d.mts

@@ -1,7 +1,7 @@
 import { a as WebSocketMessage, i as WebSocketClient, o as WebSocketPluginOptions } from "../websocket-ChC2rqe1.mjs";
 import { EventGatewayOptions } from "./event-gateway.mjs";
 import { JobDefinition, JobDispatchOptions, JobDispatcher, JobMeta, JobsPluginOptions, QueueStats } from "./jobs.mjs";
-import { c as McpResourceConfig, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler } from "../types-BQ9TJQNy.mjs";
+import { c as McpResourceConfig, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler } from "../types-DQHFc8PM.mjs";
 import { StreamlinePluginOptions, WorkflowLike, WorkflowRunLike } from "./streamline.mjs";
 import { WebhookDeliveryRecord, WebhookManager, WebhookPluginOptions, WebhookStore, WebhookSubscription } from "./webhooks.mjs";
 export { type BetterAuthHandler, type CallToolResult, type CreateMcpServerConfig, type CrudOperation, type EventGatewayOptions, type JobDefinition, type JobDispatchOptions, type JobDispatcher, type JobMeta, type JobsPluginOptions, type McpAuthResult, type McpPluginOptions, type McpResourceConfig, type PromptDefinition, type QueueStats, type StreamlinePluginOptions, type ToolAnnotations, type ToolContext, type ToolDefinition, type WebSocketClient, type WebSocketMessage, type WebSocketPluginOptions, type WebhookDeliveryRecord, type WebhookManager, type WebhookPluginOptions, type WebhookStore, type WebhookSubscription, type WorkflowLike, type WorkflowRunLike };

package/dist/integrations/mcp/index.d.mts

@@ -1,5 +1,5 @@
-import { B as ResourceDefinition } from "../../index-CXXRbnf8.mjs";
-import { a as McpAuthResolver, c as McpResourceConfig, d as SessionEntry, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler, u as PromptResult } from "../../types-BQ9TJQNy.mjs";
+import { V as ResourceDefinition } from "../../index-BtW7qYwa.mjs";
+import { a as McpAuthResolver, c as McpResourceConfig, d as SessionEntry, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler, u as PromptResult } from "../../types-DQHFc8PM.mjs";
 import { FastifyPluginAsync } from "fastify";
 import { z } from "zod";
 

package/dist/integrations/mcp/index.mjs

@@ -1,4 +1,4 @@
-import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools-CxNmI6xF.mjs";
+import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools-C5coh64w.mjs";
 import { createHash, randomUUID } from "node:crypto";
 import fp from "fastify-plugin";
 //#region src/integrations/mcp/defineTool.ts

package/dist/integrations/mcp/testing.d.mts

@@ -1,4 +1,4 @@
-import { o as McpAuthResult, s as McpPluginOptions } from "../../types-BQ9TJQNy.mjs";
+import { o as McpAuthResult, s as McpPluginOptions } from "../../types-DQHFc8PM.mjs";
 
 //#region src/integrations/mcp/testing.d.ts
 interface TestMcpClientOptions {

package/dist/integrations/mcp/testing.mjs

@@ -1,4 +1,4 @@
-import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools-CxNmI6xF.mjs";
+import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools-C5coh64w.mjs";
 //#region src/integrations/mcp/testing.ts
 /**
 * @classytic/arc/mcp/testing — MCP Test Utilities

package/dist/integrations/streamline.d.mts

@@ -1,11 +1,21 @@
-import { FastifyPluginAsync } from "fastify";
+import { FastifyPluginAsync, FastifyRequest } from "fastify";
 
 //#region src/integrations/streamline.d.ts
-/** Start options — matches @classytic/streamline v2.1+ StartOptions */
+/**
+ * Start options — matches @classytic/streamline v2.3+ `StartOptions`.
+ *
+ * v2.3 additions:
+ *   - `tenantId` — required when streamline's `multiTenant.strict: true`.
+ *     Hosts should NOT accept this from the request body in untrusted
+ *     contexts; use `tenantResolver` to extract from auth context instead.
+ *   - `bypassTenant` — admin/cross-tenant operations. Same caveat.
+ */
 interface WorkflowStartOptions {
   meta?: Record<string, unknown>;
   idempotencyKey?: string;
   priority?: number;
+  tenantId?: string;
+  bypassTenant?: boolean;
 }
 /** Minimal workflow interface — matches @classytic/streamline's createWorkflow() return */
 interface WorkflowLike {
@@ -32,11 +42,14 @@ interface WorkflowLike {
   cancel(runId: string): Promise<WorkflowRunLike>;
   get(runId: string): Promise<WorkflowRunLike | null>;
   shutdown?(): void;
-  /** Streamline container for event bridging (streamline >=2.1) */
+  /** Streamline container for event bridging + repository access (streamline >=2.1) */
   container?: {
     eventBus: {
       on(event: string, listener: (...args: unknown[]) => void): void;
       off(event: string, listener: (...args: unknown[]) => void): void;
+    }; /** Repository — used by the list-runs endpoint to query workflow_runs. */
+    repository?: {
+      getAll(params: Record<string, unknown>, options?: Record<string, unknown>): Promise<unknown>;
     };
   };
 }
@@ -69,7 +82,7 @@ interface StreamlinePluginOptions {
    * engine telemetry) to Arc's event bus, topic-scoped as
    * `workflow.${workflowId}.${eventName}`.
    *
-   * Covers the full streamline 2.2 event surface:
+   * Covers the full streamline 2.3 event surface:
    *   - Step events: started, completed, failed, waiting, skipped,
    *     retry-scheduled, compensated
    *   - Workflow lifecycle: started, completed, failed, waiting, resumed,
@@ -86,12 +99,6 @@ interface StreamlinePluginOptions {
    * @default false
    */
   bridgeBusEvents?: boolean;
-  /**
-   * @deprecated v2.11.0 — renamed to `bridgeBusEvents` which now covers
-   * step + workflow + engine events (not just step-level). Still accepted
-   * as an alias; will be removed in v3. Prefer `bridgeBusEvents`.
-   */
-  bridgeStepEvents?: boolean;
   /**
    * Enable SSE streaming endpoint: GET /:workflowId/runs/:runId/stream
    * Streams step-level + lifecycle events as Server-Sent Events for live
@@ -100,6 +107,48 @@ interface StreamlinePluginOptions {
    * @default false
    */
   enableStreaming?: boolean;
+  /**
+   * Enable webhook resume endpoint: POST /hooks/:token
+   *
+   * Routes incoming webhook calls through streamline's `resumeHook(token,
+   * body)` — which validates the token against the stored `hookToken` on
+   * the waiting step (fail-closed since streamline 2.3). Hosts use this
+   * for "wait for external approval / SaaS callback" patterns.
+   *
+   * Workflows MUST pass `{ hookToken: hook.token }` to `ctx.wait(...)` —
+   * streamline 2.3 rejects resume otherwise (security). The endpoint is
+   * registered at the plugin's `prefix` root, NOT scoped per workflow,
+   * because the token encodes the runId.
+   *
+   * Auth is OPTIONAL on this route by design — the token IS the
+   * authentication. If you also want to gate by user (e.g. only the
+   * inviting user can approve), set `auth: true` and a permission check.
+   *
+   * @default false
+   */
+  enableHookEndpoint?: boolean;
+  /**
+   * Resolve the tenant id for a request — extract from auth context
+   * (JWT claim, session, header), NOT from the request body. Returning
+   * `undefined` skips tenant injection (use for non-multi-tenant routes
+   * or admin paths that pass `bypassTenant` explicitly).
+   *
+   * When set, the resolved tenantId is forwarded to every streamline
+   * call (`start`, `resume`, `cancel`, `get`, `list`, etc.) so
+   * streamline's `multiTenant.strict` mode never throws "missing
+   * tenantId" inside arc's request lifecycle.
+   *
+   * @example
+   * tenantResolver: (req) => req.user?.organizationId
+   */
+  tenantResolver?: (request: FastifyRequest) => string | undefined;
+  /**
+   * Per-call bypass-tenant resolver. Returns `true` for requests that
+   * should skip tenant scoping entirely (cross-tenant admin operations).
+   * Honored only when streamline's tenant-filter plugin allows bypass
+   * (`allowBypass: true`, the default).
+   */
+  bypassTenantResolver?: (request: FastifyRequest) => boolean;
   /** Custom permission check for workflow operations */
   permissions?: {
     start?: (request: unknown) => boolean | Promise<boolean>;
@@ -111,7 +160,7 @@ interface StreamlinePluginOptions {
 }
 /**
  * Full event list published on a streamline workflow's internal `eventBus`
- * (tracks streamline 2.2's `EventPayloadMap` in
+ * (tracks streamline 2.3's `EventPayloadMap` in
  * `@classytic/streamline/src/core/events.ts`).
  *
  * Hardcoded here by design — arc subscribes via structural

package/dist/integrations/streamline.mjs

@@ -1,7 +1,8 @@
+import { f as createError, i as NotFoundError, r as ForbiddenError } from "../errors-j4aJm1Wg.mjs";
 //#region src/integrations/streamline.ts
 /**
 * Full event list published on a streamline workflow's internal `eventBus`
-* (tracks streamline 2.2's `EventPayloadMap` in
+* (tracks streamline 2.3's `EventPayloadMap` in
 * `@classytic/streamline/src/core/events.ts`).
 *
 * Hardcoded here by design — arc subscribes via structural
@@ -42,8 +43,8 @@ const STREAMLINE_TERMINAL_EVENTS = [
 	"workflow:cancelled"
 ];
 const streamlinePluginImpl = async (fastify, options) => {
-	const { workflows, prefix = "/workflows", auth = true, bridgeEvents = true, enableStreaming = false, permissions: perms } = options;
-	const bridgeBus = options.bridgeBusEvents ?? options.bridgeStepEvents ?? false;
+	const { workflows, prefix = "/workflows", auth = true, bridgeEvents = true, enableStreaming = false, enableHookEndpoint = false, tenantResolver, bypassTenantResolver, permissions: perms } = options;
+	const bridgeBus = options.bridgeBusEvents ?? false;
 	const registry = /* @__PURE__ */ new Map();
 	for (const wf of workflows) {
 		const id = wf.definition.id;
@@ -53,6 +54,16 @@ const streamlinePluginImpl = async (fastify, options) => {
 	if (!fastify.hasDecorator("workflows")) fastify.decorate("workflows", registry);
 	if (!fastify.hasDecorator("getWorkflow")) fastify.decorate("getWorkflow", (id) => registry.get(id) ?? null);
 	const authPreHandler = auth && typeof fastify.authenticate === "function" ? [fastify.authenticate] : [];
+	const resolveTenantOpts = (request) => {
+		const opts = {};
+		if (bypassTenantResolver?.(request)) {
+			opts.bypassTenant = true;
+			return opts;
+		}
+		const tenantId = tenantResolver?.(request);
+		if (tenantId !== void 0) opts.tenantId = tenantId;
+		return opts;
+	};
 	const checkPerm = async (op, request) => {
 		const check = perms?.[op];
 		if (!check) return true;
@@ -61,15 +72,14 @@ const streamlinePluginImpl = async (fastify, options) => {
 	for (const [id, wf] of registry) {
 		const routePrefix = `${prefix}/${id}`;
 		fastify.post(`${routePrefix}/start`, { preHandler: authPreHandler }, async (request, reply) => {
-			if (!await checkPerm("start", request)) return reply.status(403).send({
-				success: false,
-				error: "Forbidden"
-			});
+			if (!await checkPerm("start", request)) throw new ForbiddenError();
 			const { input, meta, idempotencyKey, priority } = request.body ?? {};
+			const tenantOpts = resolveTenantOpts(request);
 			const run = await wf.start(input, {
 				meta,
 				idempotencyKey,
-				priority
+				priority,
+				...tenantOpts
 			});
 			if (bridgeEvents && fastify.events?.publish) try {
 				await fastify.events.publish(`workflow.${id}.started`, {
@@ -83,32 +93,36 @@ const streamlinePluginImpl = async (fastify, options) => {
 					workflowId: id
 				}, "Failed to publish workflow.started event");
 			}
-			return reply.status(201).send({
-				success: true,
-				data: run
-			});
+			return reply.status(201).send(run);
 		});
-		fastify.get(`${routePrefix}/runs/:runId`, { preHandler: authPreHandler }, async (request, reply) => {
-			if (!await checkPerm("get", request)) return reply.status(403).send({
-				success: false,
-				error: "Forbidden"
+		const listRepo = wf.container?.repository;
+		if (listRepo?.getAll) fastify.get(`${routePrefix}/runs`, { preHandler: authPreHandler }, async (request, _reply) => {
+			if (!await checkPerm("list", request)) throw new ForbiddenError();
+			const tenantOpts = resolveTenantOpts(request);
+			const { page = "1", limit = "20", cursor, status } = request.query ?? {};
+			const filters = { workflowId: id };
+			if (status) filters.status = status;
+			return await listRepo.getAll({
+				filters,
+				sort: { createdAt: -1 },
+				page: Number.parseInt(page, 10) || 1,
+				limit: Math.min(Number.parseInt(limit, 10) || 20, 100),
+				...cursor ? { cursor } : {},
+				...tenantOpts.tenantId !== void 0 ? { tenantId: tenantOpts.tenantId } : {}
+			}, {
+				lean: true,
+				...tenantOpts.bypassTenant ? { bypassTenant: true } : {}
 			});
+		});
+		fastify.get(`${routePrefix}/runs/:runId`, { preHandler: authPreHandler }, async (request, _reply) => {
+			if (!await checkPerm("get", request)) throw new ForbiddenError();
 			const { runId } = request.params;
 			const run = await wf.get(runId);
-			if (!run) return reply.status(404).send({
-				success: false,
-				error: "Workflow run not found"
-			});
-			return {
-				success: true,
-				data: run
-			};
+			if (!run) throw new NotFoundError("Workflow run", runId);
+			return run;
 		});
-		fastify.post(`${routePrefix}/runs/:runId/resume`, { preHandler: authPreHandler }, async (request, reply) => {
-			if (!await checkPerm("resume", request)) return reply.status(403).send({
-				success: false,
-				error: "Forbidden"
-			});
+		fastify.post(`${routePrefix}/runs/:runId/resume`, { preHandler: authPreHandler }, async (request, _reply) => {
+			if (!await checkPerm("resume", request)) throw new ForbiddenError();
 			const { runId } = request.params;
 			const { payload } = request.body ?? {};
 			const run = await wf.resume(runId, payload);
@@ -124,16 +138,10 @@ const streamlinePluginImpl = async (fastify, options) => {
 					workflowId: id
 				}, "Failed to publish workflow.resumed event");
 			}
-			return {
-				success: true,
-				data: run
-			};
+			return run;
 		});
-		fastify.post(`${routePrefix}/runs/:runId/cancel`, { preHandler: authPreHandler }, async (request, reply) => {
-			if (!await checkPerm("cancel", request)) return reply.status(403).send({
-				success: false,
-				error: "Forbidden"
-			});
+		fastify.post(`${routePrefix}/runs/:runId/cancel`, { preHandler: authPreHandler }, async (request, _reply) => {
+			if (!await checkPerm("cancel", request)) throw new ForbiddenError();
 			const { runId } = request.params;
 			const run = await wf.cancel(runId);
 			if (bridgeEvents && fastify.events?.publish) try {
@@ -147,49 +155,28 @@ const streamlinePluginImpl = async (fastify, options) => {
 					workflowId: id
 				}, "Failed to publish workflow.cancelled event");
 			}
-			return {
-				success: true,
-				data: run
-			};
+			return run;
 		});
 		fastify.post(`${routePrefix}/runs/:runId/execute`, { preHandler: authPreHandler }, async (request, _reply) => {
 			const { runId } = request.params;
-			return {
-				success: true,
-				data: await wf.engine.execute(runId)
-			};
+			return await wf.engine.execute(runId);
 		});
-		if (wf.engine.waitFor) fastify.get(`${routePrefix}/runs/:runId/wait`, { preHandler: authPreHandler }, async (request, reply) => {
-			if (!await checkPerm("get", request)) return reply.status(403).send({
-				success: false,
-				error: "Forbidden"
-			});
+		if (wf.engine.waitFor) fastify.get(`${routePrefix}/runs/:runId/wait`, { preHandler: authPreHandler }, async (request, _reply) => {
+			if (!await checkPerm("get", request)) throw new ForbiddenError();
 			const { runId } = request.params;
 			const { timeout } = request.query ?? {};
 			const timeoutMs = timeout ? Number.parseInt(timeout, 10) : 3e4;
-			return {
-				success: true,
-				data: await wf.engine.waitFor(runId, { timeout: Math.min(timeoutMs, 12e4) })
-			};
+			return await wf.engine.waitFor?.(runId, { timeout: Math.min(timeoutMs, 12e4) });
 		});
 		if (wf.engine.pause) fastify.post(`${routePrefix}/runs/:runId/pause`, { preHandler: authPreHandler }, async (request, _reply) => {
 			const { runId } = request.params;
-			return {
-				success: true,
-				data: await wf.engine.pause?.(runId)
-			};
+			return await wf.engine.pause?.(runId);
 		});
-		if (wf.engine.rewindTo) fastify.post(`${routePrefix}/runs/:runId/rewind`, { preHandler: authPreHandler }, async (request, reply) => {
+		if (wf.engine.rewindTo) fastify.post(`${routePrefix}/runs/:runId/rewind`, { preHandler: authPreHandler }, async (request, _reply) => {
 			const { runId } = request.params;
 			const { stepId } = request.body ?? {};
-			if (!stepId) return reply.status(400).send({
-				success: false,
-				error: "stepId is required"
-			});
-			return {
-				success: true,
-				data: await wf.engine.rewindTo?.(runId, stepId)
-			};
+			if (!stepId) throw createError(400, "stepId is required");
+			return await wf.engine.rewindTo?.(runId, stepId);
 		});
 		if (bridgeBus && wf.container?.eventBus && fastify.events?.publish) for (const eventName of STREAMLINE_BUS_EVENTS) wf.container.eventBus.on(eventName, (payload) => {
 			const p = payload;
@@ -206,15 +193,9 @@ const streamlinePluginImpl = async (fastify, options) => {
 			});
 		});
 		if (enableStreaming && wf.container?.eventBus) fastify.get(`${routePrefix}/runs/:runId/stream`, { preHandler: authPreHandler }, async (request, reply) => {
-			if (!await checkPerm("get", request)) return reply.status(403).send({
-				success: false,
-				error: "Forbidden"
-			});
+			if (!await checkPerm("get", request)) throw new ForbiddenError();
 			const { runId } = request.params;
-			if (!await wf.get(runId)) return reply.status(404).send({
-				success: false,
-				error: "Workflow run not found"
-			});
+			if (!await wf.get(runId)) throw new NotFoundError("Workflow run", runId);
 			reply.raw.writeHead(200, {
 				"Content-Type": "text/event-stream",
 				"Cache-Control": "no-cache",
@@ -247,7 +228,7 @@ const streamlinePluginImpl = async (fastify, options) => {
 					send(eventName, p);
 					if (terminalEvents.has(eventName) && p?.runId === runId) cleanup();
 				};
-				wf.container.eventBus.on(eventName, fn);
+				wf.container?.eventBus.on(eventName, fn);
 				listeners.push({
 					event: eventName,
 					fn
@@ -256,15 +237,24 @@ const streamlinePluginImpl = async (fastify, options) => {
 			request.raw.on("close", cleanup);
 		});
 	}
+	if (enableHookEndpoint) {
+		let resumeHookFn;
+		fastify.post(`${prefix}/hooks/:token`, { preHandler: authPreHandler }, async (request, _reply) => {
+			if (!resumeHookFn) resumeHookFn = (await import("@classytic/streamline")).resumeHook;
+			const { token } = request.params;
+			const result = await resumeHookFn(token, request.body);
+			return {
+				runId: result.runId,
+				run: result.run
+			};
+		});
+	}
 	fastify.get(prefix, { preHandler: authPreHandler }, async () => {
-		return {
-			success: true,
-			data: Array.from(registry.entries()).map(([id, wf]) => ({
-				id,
-				name: wf.definition.name ?? id,
-				steps: Array.isArray(wf.definition.steps) ? wf.definition.steps.map((s) => s.id ?? String(s)) : Object.keys(wf.definition.steps)
-			}))
-		};
+		return Array.from(registry.entries()).map(([id, wf]) => ({
+			id,
+			name: wf.definition.name ?? id,
+			steps: Array.isArray(wf.definition.steps) ? wf.definition.steps.map((s) => s.id ?? String(s)) : Object.keys(wf.definition.steps)
+		}));
 	});
 	fastify.addHook("onClose", async () => {
 		for (const wf of registry.values()) wf.shutdown?.();

package/dist/integrations/websocket.mjs

@@ -259,18 +259,12 @@ async function wireResourceEvents(fastify, rooms, resources) {
 */
 function registerStatsRoute(fastify, rooms, path, expose) {
 	if (expose === true) {
-		fastify.get(`${path}/stats`, async () => ({
-			success: true,
-			data: rooms.getStats()
-		}));
+		fastify.get(`${path}/stats`, async () => rooms.getStats());
 		return;
 	}
 	if (expose === "authenticated") if (fastify.hasDecorator("authenticate")) {
 		const authenticate = fastify.authenticate;
-		fastify.get(`${path}/stats`, { preHandler: authenticate }, async () => ({
-			success: true,
-			data: rooms.getStats()
-		}));
+		fastify.get(`${path}/stats`, { preHandler: authenticate }, async () => rooms.getStats());
 	} else fastify.log.warn("arc-websocket: exposeStats is \"authenticated\" but fastify.authenticate is not registered — stats endpoint skipped");
 }
 //#endregion

package/dist/middleware/index.d.mts

@@ -1,4 +1,4 @@
-import { I as MiddlewareHandler, L as RequestWithExtras, Q as MiddlewareConfig } from "../index-CXXRbnf8.mjs";
+import { I as MiddlewareHandler, L as RequestWithExtras, Q as MiddlewareConfig } from "../index-BtW7qYwa.mjs";
 import { RouteHandlerMethod } from "fastify";
 
 //#region src/middleware/middleware.d.ts

package/dist/middleware/index.mjs

@@ -1,5 +1,5 @@
-import { t as CRUD_OPERATIONS } from "../constants-BhY1OHoH.mjs";
-import { t as multipartBody } from "../multipartBody-CvTR1Un6.mjs";
+import { t as CRUD_OPERATIONS } from "../constants-Cxde4rpC.mjs";
+import { t as multipartBody } from "../multipartBody-BOvVSVCD.mjs";
 //#region src/middleware/middleware.ts
 /**
 * Named Middleware — Priority-based, conditional middleware execution.

package/dist/migrations/index.d.mts

@@ -94,12 +94,32 @@ interface MigrationLogger {
  * The `db` parameter accepts any object with a `.collection()` method
  * (Mongoose db, native MongoDB Db, etc.)
  */
+/**
+ * Structural subset of a Mongo collection arc consumes. Held as a
+ * driver-free interface so this file never imports `mongodb` /
+ * `mongoose` — both Mongoose's `Connection.db.collection(...)` and the
+ * native `MongoClient.db().collection(...)` satisfy this shape.
+ *
+ * The fluent `find().sort().toArray()` chain is typed loosely with
+ * `unknown[]`; we cast to `MigrationRecord[]` once at the boundary
+ * inside `getApplied()`.
+ */
+interface MongoCollectionLike {
+  find(query: Record<string, unknown>): {
+    sort(spec: Record<string, 1 | -1>): {
+      toArray(): Promise<unknown[]>;
+    };
+  };
+  insertOne(doc: Record<string, unknown>): Promise<unknown>;
+  deleteOne(filter: Record<string, unknown>): Promise<unknown>;
+}
+interface MongoDbLike {
+  collection(name: string): MongoCollectionLike;
+}
 declare class MongoMigrationStore implements MigrationStore {
   private readonly collectionName;
   private readonly db;
-  constructor(db: {
-    collection(name: string): any;
-  }, opts?: {
+  constructor(db: MongoDbLike, opts?: {
     collectionName?: string;
   });
   getApplied(): Promise<MigrationRecord[]>;

package/dist/migrations/index.mjs

@@ -4,13 +4,6 @@ const defaultLogger = {
 	info: (msg) => process.stdout.write(`${msg}\n`),
 	error: (msg) => process.stderr.write(`${msg}\n`)
 };
-/**
-* MongoDB-backed migration store.
-*
-* Uses a `_migrations` collection in the same database.
-* The `db` parameter accepts any object with a `.collection()` method
-* (Mongoose db, native MongoDB Db, etc.)
-*/
 var MongoMigrationStore = class {
 	collectionName;
 	db;