@classytic/arc 2.15.3 → 2.16.0

package/dist/idempotency/redis.d.mts

@@ -1,2 +1,2 @@
-import { a as UpstashRedisLike, i as RedisIdempotencyStoreOptions, n as RedisClient, o as ioredisAsIdempotencyClient, r as RedisIdempotencyStore, s as upstashAsIdempotencyClient, t as IoredisLike } from "../redis-DiMkdHEl.mjs";
+import { a as UpstashRedisLike, i as RedisIdempotencyStoreOptions, n as RedisClient, o as ioredisAsIdempotencyClient, r as RedisIdempotencyStore, s as upstashAsIdempotencyClient, t as IoredisLike } from "../redis-Cyzrz6SX.mjs";
 export { type IoredisLike, type RedisClient, RedisIdempotencyStore, type RedisIdempotencyStoreOptions, type UpstashRedisLike, ioredisAsIdempotencyClient, upstashAsIdempotencyClient };

package/dist/{index-BTqLEvhu.d.mts → index-3oIimXQn.d.mts}

@@ -1,6 +1,6 @@
-import { r as CacheStore, t as CacheLogger } from "./interface-beEtJyWM.mjs";
-import { i as RequestScope, n as Mandate } from "./types-CTYvcwHe.mjs";
-import { c as PermissionCheck, l as PermissionContext, u as PermissionResult } from "./fields-COhcH3fk.mjs";
+import { r as CacheStore, t as CacheLogger } from "./interface-CH0OQudo.mjs";
+import { i as RequestScope, n as Mandate } from "./types-DVfpSfx2.mjs";
+import { c as PermissionCheck, l as PermissionContext, u as PermissionResult } from "./fields-Anj0xdih.mjs";
 import { FastifyReply, FastifyRequest } from "fastify";
 
 //#region src/permissions/agent.d.ts
@@ -625,33 +625,33 @@ declare namespace presets_d_exports {
 /**
  * ResourcePermissions shape — matches the type in types/index.ts
  */
-interface ResourcePermissions<TDoc = any> {
+interface ResourcePermissions<TDoc = Record<string, unknown>> {
   list?: PermissionCheck<TDoc>;
   get?: PermissionCheck<TDoc>;
   create?: PermissionCheck<TDoc>;
   update?: PermissionCheck<TDoc>;
   delete?: PermissionCheck<TDoc>;
 }
-type PermissionOverrides<TDoc = any> = Partial<ResourcePermissions<TDoc>>;
+type PermissionOverrides<TDoc = Record<string, unknown>> = Partial<ResourcePermissions<TDoc>>;
 /**
  * Public read, authenticated write.
  * list + get = allowPublic(), create + update + delete = requireAuth()
  */
-declare function publicRead<TDoc = any>(overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
+declare function publicRead<TDoc = Record<string, unknown>>(overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
 /**
  * Public read, admin write.
  * list + get = allowPublic(), create + update + delete = requireRoles(['admin'])
  */
-declare function publicReadAdminWrite<TDoc = any>(roles?: readonly string[], overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
+declare function publicReadAdminWrite<TDoc = Record<string, unknown>>(roles?: readonly string[], overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
 /**
  * All operations require authentication.
  */
-declare function authenticated<TDoc = any>(overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
+declare function authenticated<TDoc = Record<string, unknown>>(overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
 /**
  * All operations require specific roles.
  * @param roles - Required roles (user needs at least one). Default: ['admin']
  */
-declare function adminOnly<TDoc = any>(roles?: readonly string[], overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
+declare function adminOnly<TDoc = Record<string, unknown>>(roles?: readonly string[], overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
 /**
  * Owner-scoped with admin bypass.
  * list = auth (scoped to owner), get = auth, create = auth,
@@ -660,16 +660,16 @@ declare function adminOnly<TDoc = any>(roles?: readonly string[], overrides?: Pe
  * @param ownerField - Field containing owner ID (default: 'userId')
  * @param bypassRoles - Roles that bypass ownership check (default: ['admin'])
  */
-declare function ownerWithAdminBypass<TDoc = any>(ownerField?: Extract<keyof TDoc, string> | string, bypassRoles?: readonly string[], overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
+declare function ownerWithAdminBypass<TDoc = Record<string, unknown>>(ownerField?: Extract<keyof TDoc, string> | string, bypassRoles?: readonly string[], overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
 /**
  * Full public access — no auth required for any operation.
  * Use sparingly (dev/testing, truly public APIs).
  */
-declare function fullPublic<TDoc = any>(overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
+declare function fullPublic<TDoc = Record<string, unknown>>(overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
 /**
  * Read-only: list + get authenticated, write operations denied.
  * Useful for computed/derived resources.
  */
-declare function readOnly<TDoc = any>(overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
+declare function readOnly<TDoc = Record<string, unknown>>(overrides?: PermissionOverrides<TDoc>): ResourcePermissions<TDoc>;
 //#endregion
 export { requireRoles as A, allOf as C, not as D, denyAll as E, RequireAgentScopeOptions as F, RequireMandateOptions as I, requireAgentScope as L, when as M, applyPermissionResult as N, requireAuth as O, normalizePermissionResult as P, requireDPoP as R, createOrgPermissions as S, anyOf as T, ConnectEventsOptions as _, presets_d_exports as a, PermissionEventBus as b, readOnly as c, requireOrgRole as d, requireScopeContext as f, createRoleHierarchy as g, RoleHierarchy as h, ownerWithAdminBypass as i, roles as j, requireOwnership as k, requireOrgInScope as l, requireTeamMembership as m, authenticated as n, publicRead as o, requireServiceScope as p, fullPublic as r, publicReadAdminWrite as s, adminOnly as t, requireOrgMembership as u, DynamicPermissionMatrix as v, allowPublic as w, createDynamicPermissionMatrix as x, DynamicPermissionMatrixConfig as y, requireMandate as z };

package/dist/{index-BstGxcc3.d.mts → index-B-ulKx5P.d.mts}

@@ -1,7 +1,8 @@
-import { C as RequestContext, Ct as AggregationConfig, F as FastifyWithDecorators, K as ArcFieldRule, L as RequestWithExtras, T as CrudRouterOptions, V as ResourceDefinition, Wt as AnyRecord, _t as IControllerResponse, at as ResourceConfig, ft as RouteSchemaOptions, gt as IController, q as CrudController, vt as IRequestContext } from "./index-BswOSJCE.mjs";
-import { i as RequestScope } from "./types-CTYvcwHe.mjs";
-import { c as PermissionCheck } from "./fields-COhcH3fk.mjs";
+import { C as RequestContext, F as FastifyWithDecorators, H as ActionDefinition, K as ArcFieldRule, Kt as AnyRecord, L as RequestWithExtras, T as CrudRouterOptions, Tt as AggregationConfig, V as ResourceDefinition, bt as IRequestContext, ft as RouteMcpConfig, mt as RouteSchemaOptions, q as CrudController, st as ResourceConfig, vt as IController, yt as IControllerResponse } from "./index-CkW0flkU.mjs";
+import { i as RequestScope } from "./types-DVfpSfx2.mjs";
+import { c as PermissionCheck } from "./fields-Anj0xdih.mjs";
 import { FastifyReply, FastifyRequest, RouteHandlerMethod } from "fastify";
+import { z } from "zod";
 import { AggDateBucket, AggMeasure, AggTopN } from "@classytic/repo-core/repository";
 import { LookupSpec } from "@classytic/repo-core/lookup";
 
@@ -51,6 +52,12 @@ declare const MAX_FILTER_DEPTH: 10;
 /**
  * Query parameters consumed by the framework — never treated as filters.
  * Shared by all query parsers (Arc built-in, Prisma, custom).
+ *
+ * `filter` is reserved so the bracket-wrapped form
+ * (`?filter[foo.bar]=X` / `?filter[price][gte]=40`) lands as the parser's
+ * canonical filter envelope instead of being attempted as a flat field
+ * filter. See `ArcQueryParser.parseFilters()` for the unwrap step that
+ * merges `q.filter[*]` back into the top-level filter map.
  */
 declare const RESERVED_QUERY_PARAMS: Readonly<Set<string>>;
 //#endregion
@@ -116,6 +123,50 @@ declare function createCrudRouter<TDoc = unknown>(fastify: FastifyWithDecorators
  */
 declare function createPermissionMiddleware(permission: PermissionCheck, resourceName: string, action: string): RouteHandlerMethod | null;
 //#endregion
+//#region src/core/defineAction.d.ts
+/**
+ * Config for `defineAction()`. `TSchema` is the literal Zod schema type
+ * captured from the call site; `TData` is its `z.infer` projection.
+ * Plain JSON-Schema entries skip the inference path entirely (they go
+ * through the untyped `ActionDefinition` form).
+ */
+interface DefineActionConfig<TSchema extends z.ZodTypeAny | undefined = undefined, TData = (TSchema extends z.ZodTypeAny ? z.infer<TSchema> : Record<string, unknown>)> {
+  /** Per-action body schema (Zod v4). Drives both AJV validation and the typed `data` param. */
+  schema?: TSchema;
+  /** Per-action permission gate. Falls back to resource-level if omitted. */
+  permissions?: PermissionCheck;
+  /** OpenAPI / MCP description. */
+  description?: string;
+  /**
+   * Mount point — `true` (default) for `POST /<prefix>/:id/action`,
+   * `false` for `POST /<prefix>/action` (no `:id`, for propose/search/
+   * bulk-style actions).
+   */
+  id?: boolean;
+  /** MCP tool generation flag — `false` to skip, object for explicit overrides. */
+  mcp?: boolean | RouteMcpConfig;
+  /**
+   * Typed handler. `data` is inferred from `schema` — declare both and
+   * the compiler catches `data.stagId` typos at the use site.
+   *
+   * Handlers return arbitrary values; arc wraps them in
+   * `IControllerResponse` and ships them through `sendControllerResponse`
+   * just like the untyped `ActionDefinition.handler` does.
+   */
+  handler: (id: string, data: TData, req: RequestWithExtras) => Promise<unknown>;
+}
+/**
+ * Build an `ActionDefinition` with a typed handler. The literal schema
+ * type captured here flows into `data`, so `defineAction({ schema:
+ * z.object({...}), handler })` produces fully-typed code with no
+ * `as MyShape` cast.
+ *
+ * Behaviorally identical to a bare `ActionDefinition` object — same
+ * validation path (AJV), same permission resolution, same MCP wiring.
+ * The runtime shape is unchanged; only the type-level inference is new.
+ */
+declare function defineAction<TSchema extends z.ZodTypeAny | undefined = undefined>(config: DefineActionConfig<TSchema>): ActionDefinition;
+//#endregion
 //#region src/core/defineResourceVariants.d.ts
 /**
  * Required identity fields for each variant. The user MUST provide a unique
@@ -273,4 +324,4 @@ declare function isFieldReadable(rule: ArcFieldRule | undefined): boolean;
  */
 declare function collectReadBlockedFields(schemaOptions: RouteSchemaOptions | undefined): Set<string> | null;
 //#endregion
-export { MAX_SEARCH_LENGTH as A, DEFAULT_UPDATE_METHOD as C, HookPhase as D, HookOperation as E, MutationOperation as M, RESERVED_QUERY_PARAMS as N, MAX_FILTER_DEPTH as O, SYSTEM_FIELDS as P, DEFAULT_TENANT_FIELD as S, HOOK_PHASES as T, CrudOperation as _, createRequestContext as a, DEFAULT_MAX_LIMIT as b, sendControllerResponse as c, getEntityQuery as d, defineResourceVariants as f, CRUD_OPERATIONS as g, defineAggregation as h, createFastifyHandler as i, MUTATION_OPERATIONS as j, MAX_REGEX_LENGTH as k, getEntityId as l, createPermissionMiddleware as m, isFieldReadable as n, getControllerContext as o, createCrudRouter as p, createCrudHandlers as r, getControllerScope as s, collectReadBlockedFields as t, getEntityIdField as u, DEFAULT_ID_FIELD as v, HOOK_OPERATIONS as w, DEFAULT_SORT as x, DEFAULT_LIMIT as y };
+export { MAX_FILTER_DEPTH as A, DEFAULT_SORT as C, HOOK_PHASES as D, HOOK_OPERATIONS as E, RESERVED_QUERY_PARAMS as F, SYSTEM_FIELDS as I, MAX_SEARCH_LENGTH as M, MUTATION_OPERATIONS as N, HookOperation as O, MutationOperation as P, DEFAULT_MAX_LIMIT as S, DEFAULT_UPDATE_METHOD as T, defineAggregation as _, createRequestContext as a, DEFAULT_ID_FIELD as b, sendControllerResponse as c, getEntityQuery as d, defineResourceVariants as f, createPermissionMiddleware as g, createCrudRouter as h, createFastifyHandler as i, MAX_REGEX_LENGTH as j, HookPhase as k, getEntityId as l, defineAction as m, isFieldReadable as n, getControllerContext as o, DefineActionConfig as p, createCrudHandlers as r, getControllerScope as s, collectReadBlockedFields as t, getEntityIdField as u, CRUD_OPERATIONS as v, DEFAULT_TENANT_FIELD as w, DEFAULT_LIMIT as x, CrudOperation as y };