@classytic/arc 2.11.4 → 2.14.0

package/dist/errors-j4aJm1Wg.mjs

@@ -0,0 +1,184 @@
+//#region src/utils/errors.ts
+/**
+* Base Arc Error. Implements the canonical `HttpError` contract — `status`
+* mirrors `statusCode` and `meta` mirrors `details`, so consumers reading
+* either name see the same value without adapter glue.
+*/
+var ArcError = class extends Error {
+	name = "ArcError";
+	code;
+	statusCode;
+	details;
+	cause;
+	constructor(message, options = {}) {
+		super(message, options.cause ? { cause: options.cause } : void 0);
+		this.code = options.code ?? "arc.error";
+		this.statusCode = options.statusCode ?? 500;
+		this.details = options.details;
+		this.cause = options.cause;
+		if (Error.captureStackTrace) Error.captureStackTrace(this, this.constructor);
+	}
+	/** `HttpError.status` mirror — repo-core's `toErrorContract` reads this. */
+	get status() {
+		return this.statusCode;
+	}
+	/** `HttpError.meta` mirror — `details` under the canonical name. */
+	get meta() {
+		return this.details;
+	}
+};
+var NotFoundError = class extends ArcError {
+	constructor(resource, identifier) {
+		const message = identifier ? `${resource} with identifier '${identifier}' not found` : `${resource} not found`;
+		super(message, {
+			code: "arc.not_found",
+			statusCode: 404,
+			details: {
+				resource,
+				...identifier ? { identifier } : {}
+			}
+		});
+		this.name = "NotFoundError";
+	}
+};
+var ValidationError = class extends ArcError {
+	errors;
+	constructor(message, errors = []) {
+		super(message, {
+			code: "arc.validation_error",
+			statusCode: 400,
+			details: { errors }
+		});
+		this.name = "ValidationError";
+		this.errors = errors;
+	}
+};
+var UnauthorizedError = class extends ArcError {
+	constructor(message = "Authentication required") {
+		super(message, {
+			code: "arc.unauthorized",
+			statusCode: 401
+		});
+		this.name = "UnauthorizedError";
+	}
+};
+var ForbiddenError = class extends ArcError {
+	constructor(message = "Access denied") {
+		super(message, {
+			code: "arc.forbidden",
+			statusCode: 403
+		});
+		this.name = "ForbiddenError";
+	}
+};
+var ConflictError = class extends ArcError {
+	constructor(message, field) {
+		super(message, {
+			code: "arc.conflict",
+			statusCode: 409,
+			...field ? { details: { field } } : {}
+		});
+		this.name = "ConflictError";
+	}
+};
+var OrgRequiredError = class extends ArcError {
+	organizations;
+	constructor(message, organizations) {
+		super(message, {
+			code: "arc.org.selection_required",
+			statusCode: 403,
+			...organizations ? { details: { organizations } } : {}
+		});
+		this.name = "OrgRequiredError";
+		this.organizations = organizations;
+	}
+};
+var OrgAccessDeniedError = class extends ArcError {
+	constructor(orgId) {
+		super("Organization access denied", {
+			code: "arc.org.access_denied",
+			statusCode: 403,
+			...orgId ? { details: { organizationId: orgId } } : {}
+		});
+		this.name = "OrgAccessDeniedError";
+	}
+};
+var RateLimitError = class extends ArcError {
+	retryAfter;
+	constructor(message = "Too many requests", retryAfter) {
+		super(message, {
+			code: "arc.rate_limited",
+			statusCode: 429,
+			...retryAfter ? { details: { retryAfter } } : {}
+		});
+		this.name = "RateLimitError";
+		this.retryAfter = retryAfter;
+	}
+};
+var ServiceUnavailableError = class extends ArcError {
+	constructor(message = "Service temporarily unavailable") {
+		super(message, {
+			code: "arc.service_unavailable",
+			statusCode: 503
+		});
+		this.name = "ServiceUnavailableError";
+	}
+};
+/**
+* Status-code → canonical `arc.*` code mapping. Used by {@link createError}
+* and the global error handler when no explicit code is supplied.
+*/
+const STATUS_CODE_MAP = {
+	400: "arc.bad_request",
+	401: "arc.unauthorized",
+	403: "arc.forbidden",
+	404: "arc.not_found",
+	409: "arc.conflict",
+	422: "arc.unprocessable_entity",
+	429: "arc.rate_limited",
+	500: "arc.internal_error",
+	502: "arc.bad_gateway",
+	503: "arc.service_unavailable",
+	504: "arc.gateway_timeout"
+};
+/** Status → canonical arc code, falling back to `arc.error`. */
+function statusToArcCode(status) {
+	return STATUS_CODE_MAP[status] ?? "arc.error";
+}
+/**
+* Quick `ArcError` constructor when the bundled subclasses don't fit.
+*
+* If `details.code` is a string, it's lifted to the top-level `error.code`
+* (the canonical wire slot for business signals — `'ORG_CONTEXT_REQUIRED'`,
+* `'ALL_FIELDS_STRIPPED'`, etc). The same code stays in `details` so
+* in-process consumers reading `error.details.code` still work. Without
+* this lift, business codes get buried in `details` and the wire envelope
+* carries only the status-derived `arc.forbidden` / `arc.bad_request`
+* fallback — `repo-core`'s `toErrorContract` doesn't surface free-form
+* `details` objects (its `details[]` array is reserved for validation /
+* duplicate-key items).
+*/
+function createError(statusCode, message, details) {
+	return new ArcError(message, {
+		code: (typeof details?.code === "string" ? details.code : void 0) ?? statusToArcCode(statusCode),
+		statusCode,
+		...details ? { details } : {}
+	});
+}
+/**
+* Domain-error escape hatch. Use a hierarchical code that scopes the error
+* to your package (`'commerce.cart.locked'`, `'payment.gateway.timeout'`).
+*/
+function createDomainError(code, message, statusCode = 400, details) {
+	return new ArcError(message, {
+		code,
+		statusCode,
+		...details ? { details } : {}
+	});
+}
+/** Type guard. */
+function isArcError(error) {
+	return error instanceof ArcError;
+}
+//#endregion
+export { OrgAccessDeniedError as a, ServiceUnavailableError as c, createDomainError as d, createError as f, NotFoundError as i, UnauthorizedError as l, statusToArcCode as m, ConflictError as n, OrgRequiredError as o, isArcError as p, ForbiddenError as r, RateLimitError as s, ArcError as t, ValidationError as u };

package/dist/{eventPlugin-Cts2-Tfj.mjs → eventPlugin-CaKTYkYM.mjs}

@@ -1,6 +1,8 @@
 import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
-import { t as requestContext } from "./requestContext-C5XeK3VA.mjs";
-import { r as createEvent, t as MemoryEventTransport } from "./EventTransport-BFQjw9pB.mjs";
+import { arcLog } from "./logger/index.mjs";
+import { d as createDomainError } from "./errors-j4aJm1Wg.mjs";
+import { t as requestContext } from "./requestContext-SSaaTgW8.mjs";
+import { n as createEvent, t as MemoryEventTransport } from "./EventTransport-DLWoUMHy.mjs";
 import fp from "fastify-plugin";
 //#region src/events/retry.ts
 /**
@@ -109,8 +111,18 @@ var eventPlugin_exports = /* @__PURE__ */ __exportAll({
 	eventPlugin: () => eventPlugin
 });
 const eventPlugin = async (fastify, opts = {}) => {
-	const { transport = new MemoryEventTransport(), logEvents = false, failOpen = true, retry: retryOpts, deadLetterQueue: dlqOpts, wal, onPublish, onPublishError, registry, validateMode: rawValidateMode } = opts;
+	const { transport = new MemoryEventTransport(), logEvents = false, failOpen = true, retry: retryOpts, deadLetterQueue: dlqOpts, wal, onPublish, onPublishError, registry, validateMode: rawValidateMode, warnOnDuplicate: rawWarnOnDuplicate } = opts;
 	const validateMode = rawValidateMode ?? (registry ? "warn" : "off");
+	const warnOnDuplicate = rawWarnOnDuplicate ?? process.env.NODE_ENV !== "production";
+	const DUP_WINDOW_MS = 5e3;
+	const recentPublishes = warnOnDuplicate ? /* @__PURE__ */ new Map() : /* @__PURE__ */ new Map();
+	const evictExpiredPublishes = (now) => {
+		if (recentPublishes.size === 0) return;
+		for (const [key, timestamp] of recentPublishes) {
+			if (now - timestamp <= DUP_WINDOW_MS) break;
+			recentPublishes.delete(key);
+		}
+	};
 	fastify.decorate("events", {
 		publish: async (type, payload, meta) => {
 			if (!type || typeof type !== "string") throw new Error("[Arc Events] Event type must be a non-empty string");
@@ -121,6 +133,15 @@ const eventPlugin = async (fastify, opts = {}) => {
 				...store?.requestId && !meta?.correlationId ? { correlationId: store.requestId } : {},
 				...meta
 			});
+			if (warnOnDuplicate && event.meta.correlationId) {
+				const now = Date.now();
+				evictExpiredPublishes(now);
+				const dupKey = `${type}::${event.meta.correlationId}`;
+				const previous = recentPublishes.get(dupKey);
+				if (previous !== void 0 && now - previous <= DUP_WINDOW_MS) arcLog("events").warn(`Duplicate publish detected: event type "${type}" published twice within ${DUP_WINDOW_MS}ms with correlationId "${event.meta.correlationId}". Subscribers will fire twice for the same logical event. Common cause: a domain service holds both a publisher and a notification helper that also publishes to the same bus — pick one. Set \`arcPlugins: { events: { warnOnDuplicate: false } }\` to silence.`);
+				recentPublishes.delete(dupKey);
+				recentPublishes.set(dupKey, now);
+			}
 			if (logEvents) fastify.log?.info?.({
 				eventType: type,
 				eventId: event.meta.id,
@@ -130,7 +151,10 @@ const eventPlugin = async (fastify, opts = {}) => {
 				const result = registry.validate(type, payload, event.meta.schemaVersion);
 				if (!result.valid) {
 					const msg = `[Arc Events] Event '${type}' payload validation failed: ${result.errors?.join("; ")}`;
-					if (validateMode === "reject") throw new Error(msg);
+					if (validateMode === "reject") throw createDomainError("arc.event.validation_error", msg, 400, {
+						event: type,
+						errors: result.errors
+					});
 					fastify.log?.warn?.(msg);
 				}
 			}

package/dist/{eventPlugin-DDJoNEPL.d.mts → eventPlugin-qXpqTebY.d.mts}

@@ -1,4 +1,4 @@
-import { i as EventLogger, n as DomainEvent, o as EventTransport, r as EventHandler } from "./EventTransport-CYNUXdCJ.mjs";
+import { a as EventTransport, i as EventLogger, n as DomainEvent, r as EventHandler } from "./EventTransport-CT_52aWU.mjs";
 import { FastifyPluginAsync } from "fastify";
 
 //#region src/events/defineEvent.d.ts
@@ -275,6 +275,29 @@ interface EventPluginOptions {
    * - `'off'`: skip validation entirely (registry is only for introspection)
    */
   validateMode?: "warn" | "reject" | "off";
+  /**
+   * Dev-mode duplicate-publish detector (v2.12).
+   *
+   * When enabled, arc keeps a 5-second LRU on `(eventType, correlationId)`
+   * and emits an `arcLog("events").warn(...)` the second time a request
+   * publishes the same event with the same correlation id within the
+   * window. Catches the dual-publish trap where a domain service holds
+   * BOTH a publisher AND a notification helper that internally publishes
+   * to the same bus — every subscriber fires twice for one logical event.
+   *
+   * Defaults:
+   *   - `undefined` → enabled when `process.env.NODE_ENV !== 'production'`.
+   *   - `true` → always enabled (catches duplicates in prod too — overhead
+   *     is one Map lookup per publish).
+   *   - `false` → always disabled.
+   *
+   * When a duplicate is detected, arc logs once and **still publishes** —
+   * the detector is observability, not enforcement. Pair with the outbox
+   * for at-most-once delivery.
+   *
+   * Documented in `wiki/gotchas.md` (#20).
+   */
+  warnOnDuplicate?: boolean;
 }
 declare module "fastify" {
   interface FastifyInstance {

package/dist/events/index.d.mts

@@ -1,8 +1,8 @@
-import { Mn as RepositoryLike } from "../index-CXXRbnf8.mjs";
-import { a as EventMeta, c as MemoryEventTransportOptions, d as createEvent, i as EventLogger, l as PublishManyResult, n as DomainEvent, o as EventTransport, r as EventHandler, s as MemoryEventTransport, t as DeadLetteredEvent, u as createChildEvent } from "../EventTransport-CYNUXdCJ.mjs";
-import { a as withRetry, c as EventDefinitionOutput, d as EventSchema, f as ValidationResult, i as createDeadLetterPublisher, l as EventRegistry, m as defineEvent, n as eventPlugin, o as CustomValidator, p as createEventRegistry, r as RetryOptions, s as EventDefinitionInput, t as EventPluginOptions, u as EventRegistryOptions } from "../eventPlugin-DDJoNEPL.mjs";
+import { a as EventTransport, i as EventLogger, n as DomainEvent, o as MemoryEventTransport, r as EventHandler, s as MemoryEventTransportOptions, t as DeadLetteredEvent } from "../EventTransport-CT_52aWU.mjs";
+import { a as withRetry, c as EventDefinitionOutput, d as EventSchema, f as ValidationResult, i as createDeadLetterPublisher, l as EventRegistry, m as defineEvent, n as eventPlugin, o as CustomValidator, p as createEventRegistry, r as RetryOptions, s as EventDefinitionInput, t as EventPluginOptions, u as EventRegistryOptions } from "../eventPlugin-qXpqTebY.mjs";
 import { RedisEventTransportOptions, RedisLike } from "./transports/redis.mjs";
-import { r as RedisStreamTransportOptions, t as RedisStreamLike } from "../redis-stream-xTGxB2bm.mjs";
+import { r as RedisStreamTransportOptions, t as RedisStreamLike } from "../redis-stream-D6HzR1Z_.mjs";
+import { RepositoryLike } from "@classytic/repo-core/adapter";
 
 //#region src/events/eventTypes.d.ts
 /**
@@ -620,7 +620,7 @@ declare function repositoryAsOutboxStore(repository: RepositoryLike): OutboxStor
  * ```
  */
 type PayloadOf<D> = D extends EventDefinitionOutput<infer T> ? T : never;
-interface WrapWithSchemaOptions<T> {
+interface WrapWithSchemaOptions<_T> {
   /**
    * Custom validator. Overrides the built-in lookup. Use this to plug AJV /
    * Zod / TypeBox in. Same shape as `EventRegistryOptions.validate`.
@@ -759,4 +759,4 @@ interface FastifyEventBus {
   };
 }
 //#endregion
-export { ARC_LIFECYCLE_EVENTS, type ArcLifecycleEvent, CACHE_EVENTS, CRUD_EVENT_SUFFIXES, type CacheEvent, type CrudEventSuffix, type CustomValidator, type DeadLetteredEvent, type DomainEvent, type EventDefinitionInput, type EventDefinitionOutput, type EventHandler, type EventLogger, type EventMeta, EventOutbox, type EventOutboxOptions, type EventPluginOptions, type EventRegistry, type EventRegistryOptions, type EventSchema, type EventTransport, type ExponentialBackoffOptions, InvalidOutboxEventError, MemoryEventTransport, type MemoryEventTransportOptions, MemoryOutboxStore, type OutboxAcknowledgeOptions, type OutboxClaimOptions, type OutboxErrorInfo, type OutboxFailOptions, type OutboxFailureContext, type OutboxFailureDecision, type OutboxFailurePolicy, OutboxOwnershipError, type OutboxRelayErrorHandler, type OutboxRelayErrorKind, type OutboxStore, type OutboxWriteOptions, type PayloadOf, type PublishManyResult, type RedisEventTransportOptions, type RedisLike, type RedisStreamLike, type RedisStreamTransportOptions, type RelayResult, type RetryOptions, type ValidationResult, type WrapWithBoundaryOptions, type WrapWithSchemaOptions, createChildEvent, createDeadLetterPublisher, createEvent, createEventRegistry, crudEventType, defineEvent, eventPlugin, exponentialBackoff, repositoryAsOutboxStore, subscribeWithBoundary, subscribeWithSchema, withRetry, wrapWithBoundary, wrapWithSchema };
+export { ARC_LIFECYCLE_EVENTS, type ArcLifecycleEvent, CACHE_EVENTS, CRUD_EVENT_SUFFIXES, type CacheEvent, type CrudEventSuffix, type CustomValidator, type EventDefinitionInput, type EventDefinitionOutput, EventOutbox, type EventOutboxOptions, type EventPluginOptions, type EventRegistry, type EventRegistryOptions, type EventSchema, type ExponentialBackoffOptions, InvalidOutboxEventError, MemoryEventTransport, type MemoryEventTransportOptions, MemoryOutboxStore, type OutboxAcknowledgeOptions, type OutboxClaimOptions, type OutboxErrorInfo, type OutboxFailOptions, type OutboxFailureContext, type OutboxFailureDecision, type OutboxFailurePolicy, OutboxOwnershipError, type OutboxRelayErrorHandler, type OutboxRelayErrorKind, type OutboxStore, type OutboxWriteOptions, type PayloadOf, type RedisEventTransportOptions, type RedisLike, type RedisStreamLike, type RedisStreamTransportOptions, type RelayResult, type RetryOptions, type ValidationResult, type WrapWithBoundaryOptions, type WrapWithSchemaOptions, createDeadLetterPublisher, createEventRegistry, crudEventType, defineEvent, eventPlugin, exponentialBackoff, repositoryAsOutboxStore, subscribeWithBoundary, subscribeWithSchema, withRetry, wrapWithBoundary, wrapWithSchema };

package/dist/events/index.mjs

@@ -1,7 +1,7 @@
-import { n as createChildEvent, r as createEvent, t as MemoryEventTransport } from "../EventTransport-BFQjw9pB.mjs";
-import { n as defineEvent, t as createEventRegistry } from "../defineEvent-D1Ky9M1D.mjs";
-import { i as withRetry, r as createDeadLetterPublisher, t as eventPlugin } from "../eventPlugin-Cts2-Tfj.mjs";
-import { n as createSafeGetOne, t as createIsDuplicateKeyError } from "../store-helpers-Cp4uKC1U.mjs";
+import { t as MemoryEventTransport } from "../EventTransport-DLWoUMHy.mjs";
+import { n as defineEvent, t as createEventRegistry } from "../defineEvent-D5h7EvAx.mjs";
+import { i as withRetry, r as createDeadLetterPublisher, t as eventPlugin } from "../eventPlugin-CaKTYkYM.mjs";
+import { n as createSafeGetOne, t as createIsDuplicateKeyError } from "../store-helpers-BkIN9-vu.mjs";
 import { and, anyOf, eq, lte, ne, or } from "@classytic/repo-core/filter";
 import { update } from "@classytic/repo-core/update";
 //#region src/events/eventTypes.ts
@@ -170,30 +170,6 @@ var MemoryOutboxStore = class {
 };
 //#endregion
 //#region src/events/repository-outbox-adapter.ts
-/**
-* RepositoryLike → OutboxStore adapter.
-*
-* Maps the `OutboxStore` vocabulary (save / claimPending / acknowledge /
-* fail / getDeadLettered / purge) onto arc's own `RepositoryLike` primitives
-* (create / getOne / findAll / deleteMany / findOneAndUpdate). `EventOutbox`
-* wraps a passed repository with this helper when you use the
-* `{ repository }` option; the function is also re-exported from
-* `@classytic/arc/events` so consumers can build and decorate the store
-* manually (metrics, tracing, multi-transport fan-out).
-*
-* Portability: filters compose via `@classytic/repo-core/filter` and
-* updates via `@classytic/repo-core/update`. The primary-key column name
-* is read from `repository.idField` — mongokit defaults to `_id`,
-* sqlitekit / pgkit / prismakit to the schema's declared PK. The adapter
-* therefore runs on any kit that implements `StandardRepo.findOneAndUpdate`
-* + `getOne` + `getAll` + `deleteMany` + `create`.
-*
-* `fail()` uses a lease-gated read-then-write pair to preserve
-* `firstFailedAt` across retries without relying on Mongo's aggregation-
-* pipeline `$ifNull`. Leases guarantee single-writer during the failure
-* window (`claimPending` filters out non-owned rows), so the two calls are
-* safe under concurrent relayers.
-*/
 const DEFAULT_LEASE_MS$1 = 3e4;
 const DEFAULT_CLAIM_LIMIT = 100;
 const DEFAULT_PURGE_BATCH = 500;
@@ -208,12 +184,12 @@ function repositoryAsOutboxStore(repository) {
 	const r = repository;
 	const idField = repository.idField ?? "_id";
 	/**
-	* Unwrap mongokit's pagination envelope ({ docs, total, ... }) — some
+	* Unwrap mongokit's pagination envelope ({ data, total, ... }) — some
 	* kits may return a bare array when pagination is disabled. Handle both.
 	*/
 	const unwrapDocs = (result) => {
 		if (Array.isArray(result)) return result;
-		return result?.docs ?? [];
+		return result?.data ?? [];
 	};
 	const isDuplicateKeyError = createIsDuplicateKeyError(repository);
 	const safeGetOne = createSafeGetOne(repository);
@@ -532,7 +508,7 @@ var EventOutbox = class {
 		const valid = [];
 		let malformed = 0;
 		for (const event of pending) {
-			if (!event || !event.type || !event.meta?.id) {
+			if (!event?.type || !event.meta?.id) {
 				this._reportError("malformed_event", new InvalidOutboxEventError("store returned event missing type or meta.id — batch aborted"), event);
 				malformed++;
 				break;
@@ -551,7 +527,7 @@ var EventOutbox = class {
 		const canFail = typeof this._store.fail === "function";
 		let publishOutcomes;
 		if (canPublishMany && valid.length > 0) try {
-			const result = await this._transport.publishMany(valid);
+			const result = await this._transport.publishMany?.(valid);
 			publishOutcomes = new Map(result);
 		} catch (batchErr) {
 			publishOutcomes = /* @__PURE__ */ new Map();
@@ -596,7 +572,7 @@ var EventOutbox = class {
 					this._reportError("fail_failed", policyErr, event);
 				}
 				try {
-					await this._store.fail(event.meta.id, normalizeError(publishErr), failOpts);
+					await this._store.fail?.(event.meta.id, normalizeError(publishErr), failOpts);
 					if (failOpts.deadLetter) {
 						counts.deadLettered++;
 						this._attempts.delete(event.meta.id);
@@ -740,7 +716,7 @@ function wrapWithSchema(definition, handler, options = {}) {
 		if (validate && definition.schema) result = validate(definition.schema, event.payload);
 		else if (registry) result = registry.validate(definition.name, event.payload, eventVersion);
 		else if (definition.schema) {
-			const { createEventRegistry } = await import("../defineEvent-D1Ky9M1D.mjs").then((n) => n.r);
+			const { createEventRegistry } = await import("../defineEvent-D5h7EvAx.mjs").then((n) => n.r);
 			const adhoc = createEventRegistry();
 			adhoc.register(definition);
 			result = adhoc.validate(definition.name, event.payload);
@@ -834,4 +810,4 @@ async function subscribeWithBoundary(fastify, pattern, handler, options) {
 	return fastify.events.subscribe(pattern, wrapWithBoundary(handler, options));
 }
 //#endregion
-export { ARC_LIFECYCLE_EVENTS, CACHE_EVENTS, CRUD_EVENT_SUFFIXES, EventOutbox, InvalidOutboxEventError, MemoryEventTransport, MemoryOutboxStore, OutboxOwnershipError, createChildEvent, createDeadLetterPublisher, createEvent, createEventRegistry, crudEventType, defineEvent, eventPlugin, exponentialBackoff, repositoryAsOutboxStore, subscribeWithBoundary, subscribeWithSchema, withRetry, wrapWithBoundary, wrapWithSchema };
+export { ARC_LIFECYCLE_EVENTS, CACHE_EVENTS, CRUD_EVENT_SUFFIXES, EventOutbox, InvalidOutboxEventError, MemoryEventTransport, MemoryOutboxStore, OutboxOwnershipError, createDeadLetterPublisher, createEventRegistry, crudEventType, defineEvent, eventPlugin, exponentialBackoff, repositoryAsOutboxStore, subscribeWithBoundary, subscribeWithSchema, withRetry, wrapWithBoundary, wrapWithSchema };

package/dist/events/transports/redis-stream-entry.d.mts

@@ -1,2 +1,2 @@
-import { n as RedisStreamTransport, r as RedisStreamTransportOptions, t as RedisStreamLike } from "../../redis-stream-xTGxB2bm.mjs";
+import { n as RedisStreamTransport, r as RedisStreamTransportOptions, t as RedisStreamLike } from "../../redis-stream-D6HzR1Z_.mjs";
 export { type RedisStreamLike, RedisStreamTransport, type RedisStreamTransportOptions };

package/dist/events/transports/redis.d.mts

@@ -1,4 +1,4 @@
-import { i as EventLogger, n as DomainEvent, o as EventTransport, r as EventHandler } from "../../EventTransport-CYNUXdCJ.mjs";
+import { a as EventTransport, i as EventLogger, n as DomainEvent, r as EventHandler } from "../../EventTransport-CT_52aWU.mjs";
 
 //#region src/events/transports/redis.d.ts
 interface RedisLike {

package/dist/factory/index.d.mts

@@ -1,4 +1,4 @@
-import { a as CustomPluginAuthOption, c as RawBodyOptions, d as ResourceLike, f as ResourceModule, i as CustomAuthenticatorOption, l as UnderPressureOptions, n as BetterAuthOption, o as JwtAuthOption, p as loadResources, r as CreateAppOptions, s as MultipartOptions, t as AuthOption, u as LoadResourcesOptions } from "../types-D7KpfiL1.mjs";
+import { a as CustomPluginAuthOption, c as RawBodyOptions, d as ResourceLike, f as ResourceModule, i as CustomAuthenticatorOption, l as UnderPressureOptions, n as BetterAuthOption, o as JwtAuthOption, p as loadResources, r as CreateAppOptions, s as MultipartOptions, t as AuthOption, u as LoadResourcesOptions } from "../types-BvqwCCSx.mjs";
 import { FastifyInstance } from "fastify";
 
 //#region src/factory/createApp.d.ts
@@ -14,7 +14,7 @@ import { FastifyInstance } from "fastify";
  * 4. Arc core (fastify.arc, events)
  * 5. Arc plugins (requestId, health, caching, SSE, metrics, versioning)
  * 6. Auth (scope decoration, auth strategy, elevation, error handler)
- * 7. plugins()        — user infra (DB, docs, webhooks)
+ * 7. plugins()        — user infra (DB, data, webhooks)
  * 8. bootstrap[]      — domain init (singletons, event handlers)
  * 9. resources[]      — auto-discovered routes (prefix + skipGlobalPrefix)
  * 10. afterResources() — post-registration wiring

package/dist/factory/index.mjs

@@ -1,5 +1,5 @@
-import { a as edgePreset, c as testingPreset, i as developmentPreset, n as createApp, o as getPreset, s as productionPreset, t as ArcFactory } from "../createApp-C9bRrqlX.mjs";
-import { t as loadResources } from "../loadResources-CPpkyKfM.mjs";
+import { a as edgePreset, c as testingPreset, i as developmentPreset, n as createApp, o as getPreset, s as productionPreset, t as ArcFactory } from "../createApp-XX2-N0Yd.mjs";
+import { t as loadResources } from "../loadResources-DBMQg_Aj.mjs";
 //#region src/factory/edge.ts
 /**
 * Convert a Fastify app into a Web Standards fetch handler.

package/dist/{fields-BRjxOAFp.d.mts → fields-COhcH3fk.d.mts}

@@ -1,4 +1,4 @@
-import { r as RequestScope } from "./types-DDyTPc6y.mjs";
+import { i as RequestScope } from "./types-CTYvcwHe.mjs";
 import { FastifyRequest } from "fastify";
 
 //#region src/permissions/types.d.ts
@@ -134,7 +134,7 @@ interface PermissionResult {
 type PermissionCheck<TDoc = Record<string, unknown>> = ((context: PermissionContext<TDoc>) => boolean | PermissionResult | Promise<boolean | PermissionResult>) & PermissionCheckMeta;
 /**
  * Optional metadata attached to permission check functions.
- * Used for OpenAPI docs, introspection, and route-level auth decisions.
+ * Used for OpenAPI data, introspection, and route-level auth decisions.
  *
  * Each helper from `permissions/index.ts` writes its own discriminating tag
  * so downstream tooling (OpenAPI generator, MCP resource builder, route
@@ -173,6 +173,27 @@ interface PermissionCheckMeta {
    * (e.g. from route params).
    */
   _orgInScopeTarget?: string | ((ctx: PermissionContext) => string | undefined);
+  /**
+   * Set by requireDPoP() — the inbound credential must be sender-constrained
+   * via DPoP (RFC 9449), with `scope.dpopJkt` set by the authenticate
+   * function after a successful proof verification.
+   */
+  _dpopRequired?: boolean;
+  /**
+   * Set by requireMandate() — the capability string the mandate on
+   * `scope.mandate` must authorize (e.g. `payment.charge`, `data.export`).
+   */
+  _mandateCapability?: string;
+  /**
+   * Set by requireAgentScope() — composite descriptor for AI-agent flows.
+   * Tools (audit, OpenAPI, MCP) can render the full agent-auth requirement
+   * in one read instead of unpacking three separate metadata fields.
+   */
+  _agentScope?: {
+    capability: string;
+    scopes?: readonly string[];
+    dpop: boolean;
+  };
 }
 //#endregion
 //#region src/permissions/fields.d.ts

package/dist/hooks/index.d.mts

@@ -1,2 +1,2 @@
-import { Cn as beforeUpdate, Sn as beforeDelete, Tn as defineHook, _n as HookSystemOptions, bn as afterUpdate, dn as HookContext, fn as HookHandler, gn as HookSystem, hn as HookRegistration, mn as HookPhase, pn as HookOperation, un as DefineHookOptions, vn as afterCreate, wn as createHookSystem, xn as beforeCreate, yn as afterDelete } from "../index-CXXRbnf8.mjs";
+import { An as afterUpdate, Cn as HookOperation, Dn as HookSystemOptions, En as HookSystem, Fn as defineHook, Mn as beforeDelete, Nn as beforeUpdate, On as afterCreate, Pn as createHookSystem, Sn as HookHandler, Tn as HookRegistration, bn as DefineHookOptions, jn as beforeCreate, kn as afterDelete, wn as HookPhase, xn as HookContext } from "../index-BtW7qYwa.mjs";
 export { type DefineHookOptions, type HookContext, type HookHandler, type HookOperation, type HookPhase, type HookRegistration, HookSystem, type HookSystemOptions, afterCreate, afterDelete, afterUpdate, beforeCreate, beforeDelete, beforeUpdate, createHookSystem, defineHook };

package/dist/hooks/index.mjs

@@ -1,2 +1,2 @@
-import { a as beforeCreate, c as createHookSystem, i as afterUpdate, l as defineHook, n as afterCreate, o as beforeDelete, r as afterDelete, s as beforeUpdate, t as HookSystem } from "../HookSystem-CGsMd6oK.mjs";
+import { a as beforeCreate, c as createHookSystem, i as afterUpdate, l as defineHook, n as afterCreate, o as beforeDelete, r as afterDelete, s as beforeUpdate, t as HookSystem } from "../HookSystem-Iiebom92.mjs";
 export { HookSystem, afterCreate, afterDelete, afterUpdate, beforeCreate, beforeDelete, beforeUpdate, createHookSystem, defineHook };

package/dist/idempotency/index.d.mts

@@ -1,7 +1,7 @@
-import { Mn as RepositoryLike } from "../index-CXXRbnf8.mjs";
 import { i as createIdempotencyResult, n as IdempotencyResult, r as IdempotencyStore, t as IdempotencyLock } from "../interface-DfLGcus7.mjs";
 import { i as RedisIdempotencyStoreOptions, n as RedisClient } from "../redis-DiMkdHEl.mjs";
 import { FastifyPluginAsync } from "fastify";
+import { RepositoryLike } from "@classytic/repo-core/adapter";
 
 //#region src/idempotency/idempotencyPlugin.d.ts
 interface IdempotencyPluginOptions {

package/dist/idempotency/index.mjs

@@ -1,28 +1,9 @@
-import { n as createSafeGetOne, t as createIsDuplicateKeyError } from "../store-helpers-Cp4uKC1U.mjs";
+import { n as createSafeGetOne, t as createIsDuplicateKeyError } from "../store-helpers-BkIN9-vu.mjs";
 import { createHash } from "node:crypto";
 import fp from "fastify-plugin";
 import { and, eq, exists, gt, lt, or, startsWith } from "@classytic/repo-core/filter";
 import { update } from "@classytic/repo-core/update";
 //#region src/idempotency/repository-idempotency-adapter.ts
-/**
-* RepositoryLike → IdempotencyStore adapter.
-*
-* Maps the idempotency store's verbs (get / set / tryLock / unlock / delete /
-* deleteByPrefix / findByPrefix) onto arc's canonical repository primitives
-* (`getOne` / `deleteMany` / `findOneAndUpdate`). `idempotencyPlugin` wraps
-* a passed repository with this helper when you use the `{ repository }`
-* option; the function is also re-exported from `@classytic/arc/idempotency`
-* so consumers can build and decorate the store (metrics, tracing, key
-* namespacing) before passing it via `store:`.
-*
-* Portability: filters compose via `@classytic/repo-core/filter` builders
-* (`and` / `or` / `eq` / `gt` / `lt` / `exists` / `startsWith`) and updates
-* via `@classytic/repo-core/update` (`update({ set, unset, setOnInsert })`).
-* Both IRs compile to Mongo operators on mongokit, SQL predicates on
-* sqlitekit / pgkit, and `WhereInput` / `update` on prismakit. The store
-* therefore runs identically on every backend that implements the
-* `StandardRepo.findOneAndUpdate` + `getOne` + `deleteMany` surface.
-*/
 function repositoryAsIdempotencyStore(repository, defaultTtlMs) {
 	const missing = [];
 	if (typeof repository.getOne !== "function") missing.push("getOne");

package/dist/idempotency/redis.mjs

@@ -218,7 +218,7 @@ function upstashAsIdempotencyClient(client) {
 			const keyCount = _numKeys;
 			const keys = args.slice(0, keyCount).map(String);
 			const rest = args.slice(keyCount);
-			return client.eval(script, keys, rest);
+			return client.eval?.(script, keys, rest);
 		} : void 0,
 		async quit() {
 			return "OK";