npm - @classytic/arc - Versions diffs - 2.15.3 → 2.16.0 - Mend

@classytic/arc 2.15.3 → 2.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (159) hide show

package/README.md +1 -0
package/bin/arc.js +12 -0
package/dist/{BaseController-dx3m2J8V.mjs → BaseController-DlCCTIxJ.mjs} +61 -19
package/dist/{HookSystem-Iiebom92.mjs → HookSystem-Cmf7-Etp.mjs} +8 -4
package/dist/{QueryCache-D41bfdBB.d.mts → QueryCache-SvmT_9ti.d.mts} +1 -1
package/dist/{ResourceRegistry-CTERg_2x.mjs → ResourceRegistry-f48hFk3m.mjs} +52 -9
package/dist/audit/index.d.mts +1 -1
package/dist/audit/index.mjs +4 -2
package/dist/auth/index.d.mts +4 -4
package/dist/auth/index.mjs +4 -4
package/dist/auth/redis-session.d.mts +1 -1
package/dist/{betterAuthOpenApi--M_i87dQ.mjs → betterAuthOpenApi-ClWxaceA.mjs} +10 -6
package/dist/buildHandler-BZX6zzDM.mjs +300 -0
package/dist/cache/index.d.mts +3 -3
package/dist/cache/index.mjs +3 -3
package/dist/{caching-SM8gghN6.mjs → caching-TeHE8G-v.mjs} +1 -1
package/dist/cli/commands/describe.d.mts +35 -1
package/dist/cli/commands/describe.mjs +52 -12
package/dist/cli/commands/docs.d.mts +1 -4
package/dist/cli/commands/docs.mjs +4 -16
package/dist/cli/commands/generate.d.mts +2 -20
package/dist/cli/commands/generate.mjs +1 -546
package/dist/cli/commands/init.d.mts +2 -40
package/dist/cli/commands/init.mjs +1 -3036
package/dist/cli/commands/introspect.mjs +53 -64
package/dist/cli/index.d.mts +2 -2
package/dist/cli/index.mjs +2 -2
package/dist/{constants-Cxde4rpC.mjs → constants-TrJVIJl0.mjs} +7 -0
package/dist/core/index.d.mts +3 -3
package/dist/core/index.mjs +5 -5
package/dist/{core-CvmOqEms.mjs → core-DBJ_j6rX.mjs} +222 -44
package/dist/createActionRouter-DUpN3Dd1.mjs +288 -0
package/dist/{createAggregationRouter-B0bPDf5b.mjs → createAggregationRouter-Dq-TUCuY.mjs} +3 -2
package/dist/{createApp-PFegs47-.mjs → createApp-DNccuhyI.mjs} +16 -14
package/dist/{defineEvent-D5h7EvAx.mjs → defineEvent-DRwY0fYm.mjs} +1 -1
package/dist/docs/index.d.mts +2 -2
package/dist/docs/index.mjs +1 -1
package/dist/{errorHandler-Bk-AGhkU.mjs → errorHandler-DpoXQHZ9.mjs} +17 -14
package/dist/errors-C1lX_jlm.d.mts +91 -0
package/dist/{eventPlugin-CaKTYkYM.mjs → eventPlugin-C2cGqtRO.mjs} +1 -1
package/dist/{eventPlugin-qXpqTebY.d.mts → eventPlugin-CtHC_av1.d.mts} +1 -1
package/dist/events/index.d.mts +3 -3
package/dist/events/index.mjs +5 -5
package/dist/events/transports/redis-stream-entry.d.mts +1 -1
package/dist/events/transports/redis.d.mts +1 -1
package/dist/factory/index.d.mts +1 -1
package/dist/factory/index.mjs +2 -2
package/dist/{fields-COhcH3fk.d.mts → fields-Anj0xdih.d.mts} +1 -1
package/dist/generate-BWFwgcCM.d.mts +38 -0
package/dist/generate-CYac-OLv.mjs +654 -0
package/dist/hooks/index.d.mts +1 -1
package/dist/hooks/index.mjs +1 -1
package/dist/idempotency/index.d.mts +2 -2
package/dist/idempotency/index.mjs +1 -1
package/dist/idempotency/redis.d.mts +1 -1
package/dist/{index-BTqLEvhu.d.mts → index-3oIimXQn.d.mts} +12 -12
package/dist/{index-BstGxcc3.d.mts → index-B-ulKx5P.d.mts} +55 -4
package/dist/{index-BswOSJCE.d.mts → index-CkW0flkU.d.mts} +355 -16
package/dist/index.d.mts +6 -6
package/dist/index.mjs +7 -8
package/dist/init-Dv71MsJr.d.mts +71 -0
package/dist/init-HDvoO9L5.mjs +3098 -0
package/dist/integrations/event-gateway.d.mts +2 -2
package/dist/integrations/event-gateway.mjs +1 -1
package/dist/integrations/index.d.mts +2 -2
package/dist/integrations/jobs.mjs +3 -3
package/dist/integrations/mcp/index.d.mts +239 -7
package/dist/integrations/mcp/index.mjs +2 -528
package/dist/integrations/mcp/testing.d.mts +2 -2
package/dist/integrations/mcp/testing.mjs +6 -10
package/dist/integrations/streamline.d.mts +71 -2
package/dist/integrations/streamline.mjs +81 -8
package/dist/integrations/websocket-redis.d.mts +1 -1
package/dist/integrations/websocket.d.mts +1 -1
package/dist/integrations/websocket.mjs +1 -0
package/dist/loadResourcesFromEntry-BLMEI2Xa.mjs +51 -0
package/dist/{resourceToTools-tFYUNmM0.mjs → mcpPlugin-7vGV51ED.mjs} +1021 -318
package/dist/{memory-UBydS5ku.mjs → memory-QOLe11D5.mjs} +2 -0
package/dist/middleware/index.d.mts +1 -1
package/dist/middleware/index.mjs +1 -1
package/dist/{openapi-BHXhoX8O.mjs → openapi-34T9yNwd.mjs} +47 -36
package/dist/permissions/index.d.mts +2 -2
package/dist/permissions/index.mjs +1 -1
package/dist/{permissions-ohQyv50e.mjs → permissions-CTxMrreC.mjs} +2 -2
package/dist/{pipe-Zr0KXjQe.mjs → pipe-DiCyvyPN.mjs} +1 -0
package/dist/pipeline/index.d.mts +1 -1
package/dist/pipeline/index.mjs +1 -1
package/dist/plugins/index.d.mts +5 -5
package/dist/plugins/index.mjs +10 -10
package/dist/plugins/response-cache.mjs +5 -5
package/dist/plugins/tracing-entry.d.mts +1 -1
package/dist/plugins/tracing-entry.mjs +1 -1
package/dist/{pluralize-DQgqgifU.mjs → pluralize-B9M8xvy-.mjs} +2 -1
package/dist/presets/filesUpload.d.mts +4 -4
package/dist/presets/filesUpload.mjs +2 -2
package/dist/presets/index.d.mts +1 -1
package/dist/presets/index.mjs +1 -1
package/dist/presets/multiTenant.d.mts +1 -1
package/dist/presets/multiTenant.mjs +4 -3
package/dist/presets/search.d.mts +2 -2
package/dist/presets/search.mjs +1 -1
package/dist/{presets-BbkjdPeH.mjs → presets-C9BE6WaZ.mjs} +2 -2
package/dist/{queryCachePlugin-m1XsgAIJ.mjs → queryCachePlugin-B4XMSSe7.mjs} +2 -2
package/dist/{queryCachePlugin-CqMdLI2-.d.mts → queryCachePlugin-Biqzfbi5.d.mts} +2 -2
package/dist/{redis-DiMkdHEl.d.mts → redis-Cyzrz6SX.d.mts} +1 -1
package/dist/{redis-stream-D6HzR1Z_.d.mts → redis-stream-DT-YjzrB.d.mts} +1 -1
package/dist/registry/index.d.mts +319 -2
package/dist/registry/index.mjs +3 -3
package/dist/registry-BBE23CDj.mjs +576 -0
package/dist/{routerShared-DrOa-26E.mjs → routerShared-CZV5aabX.mjs} +3 -3
package/dist/scope/index.d.mts +3 -3
package/dist/scope/index.mjs +3 -3
package/dist/{sse-Bz-5ZeTt.mjs → sse-BY6sTy4P.mjs} +1 -1
package/dist/testing/index.d.mts +2 -2
package/dist/testing/index.mjs +16 -7
package/dist/testing/storageContract.d.mts +1 -1
package/dist/types/index.d.mts +5 -5
package/dist/types/storage.d.mts +1 -1
package/dist/{types-C_s5moIu.mjs → types-Bi0r0vjG.mjs} +53 -1
package/dist/{types-BQsjgQzS.d.mts → types-BsJMEQ4D.d.mts} +106 -12
package/dist/{types-DrBaUwyV.d.mts → types-D-fYtKjb.d.mts} +33 -10
package/dist/{types-CTYvcwHe.d.mts → types-DVfpSfx2.d.mts} +42 -1
package/dist/utils/index.d.mts +1286 -2
package/dist/utils/index.mjs +1 -1
package/dist/{utils-_h9B3c57.mjs → utils-DC5ycPfr.mjs} +89 -40
package/dist/{buildHandler-CcFOpJLh.mjs → validate-By96rH0r.mjs} +8 -299
package/dist/{versioning-hmkPcDlX.d.mts → versioning-ZwX9tmbS.d.mts} +1 -1
package/package.json +22 -29
package/skills/arc/SKILL.md +299 -689
package/skills/arc/references/auth.md +19 -7
package/skills/arc-code-review/SKILL.md +1 -1
package/skills/arc-code-review/references/arc-cheatsheet.md +100 -322
package/dist/createActionRouter-S3MLVYot.mjs +0 -220
package/dist/index-bRjYu21O.d.mts +0 -1320
package/dist/org/index.d.mts +0 -66
package/dist/org/index.mjs +0 -486
package/dist/org/types.d.mts +0 -82
package/dist/org/types.mjs +0 -1
package/dist/registry-I-ogLgL9.mjs +0 -46
/package/dist/{EventTransport-CT_52aWU.d.mts → EventTransport-C-2oAHtw.d.mts} +0 -0
/package/dist/{EventTransport-DLWoUMHy.mjs → EventTransport-Hxvv5QQz.mjs} +0 -0
/package/dist/{actionPermissions-CyUkQu6O.mjs → actionPermissions-Bjmvn7Eb.mjs} +0 -0
/package/dist/{elevation-BXOWoGCF.d.mts → elevation-0YBpa663.d.mts} +0 -0
/package/dist/{elevation-DgoeTyfX.mjs → elevation-Dci0AYLT.mjs} +0 -0
/package/dist/{errorHandler-DFr45ZG4.d.mts → errorHandler-mHuyWzZE.d.mts} +0 -0
/package/dist/{externalPaths-BD5nw6St.d.mts → externalPaths-DFg-2KTp.d.mts} +0 -0
/package/dist/{interface-beEtJyWM.d.mts → interface-CH0OQudo.d.mts} +0 -0
/package/dist/{interface-DfLGcus7.d.mts → interface-NwJ_qPlY.d.mts} +0 -0
/package/dist/{keys-CGcCbNyu.mjs → keys-DopsCuyQ.mjs} +0 -0
/package/dist/{loadResources-DBMQg_Aj.mjs → loadResources-ChQEj8ih.mjs} +0 -0
/package/dist/{metrics-Qnvwc-LQ.mjs → metrics-TuOmguhi.mjs} +0 -0
/package/dist/{replyHelpers-CK-FNO8E.mjs → replyHelpers-C-gD32oF.mjs} +0 -0
/package/dist/{schemaIR-lYhC2gE5.mjs → schemaIR-Ctc89DSn.mjs} +0 -0
/package/dist/{sessionManager-C4Le_UB3.d.mts → sessionManager-BqFegc0W.d.mts} +0 -0
/package/dist/{storage-Dfzt4VTl.d.mts → storage-D2KZJAmn.d.mts} +0 -0
/package/dist/{store-helpers-BkIN9-vu.mjs → store-helpers-B0sunfZZ.mjs} +0 -0
/package/dist/{tracing-QJVprktp.d.mts → tracing-Dm8n7Cnn.d.mts} +0 -0
/package/dist/{versioning-BUrT5aP4.mjs → versioning-B6mimogM.mjs} +0 -0
/package/dist/{websocket-ChC2rqe1.d.mts → websocket-BkjeGZRn.d.mts} +0 -0

package/dist/org/index.d.mts DELETED Viewed

@@ -1,66 +0,0 @@
-import { yt as RouteHandler } from "../index-BswOSJCE.mjs";
-import { d as UserBase } from "../fields-COhcH3fk.mjs";
-import { InvitationAdapter, InvitationDoc, MemberDoc, OrgAdapter, OrgDoc, OrgPermissionStatement, OrgRole, OrganizationPluginOptions } from "./types.mjs";
-import { FastifyPluginAsync, RouteHandlerMethod } from "fastify";
-//#region src/org/organizationPlugin.d.ts
-declare module "fastify" {
-  interface FastifyInstance {
-    /** Middleware: require the caller to hold one of the listed org roles */
-    requireOrgRole: (roles: string[]) => RouteHandlerMethod;
-  }
-}
-declare const organizationPlugin: FastifyPluginAsync<OrganizationPluginOptions>;
-declare const _default: FastifyPluginAsync<OrganizationPluginOptions>;
-//#endregion
-//#region src/org/orgGuard.d.ts
-interface OrgGuardOptions {
-  /** Require organization context (default: true) */
-  requireOrgContext?: boolean;
-  /** Required org-level roles */
-  roles?: string[];
-}
-/**
- * Create org guard middleware.
- * Reads `request.scope` for org context and roles.
- * Elevated scope always passes.
- */
-declare function orgGuard(options?: OrgGuardOptions): RouteHandler;
-/**
- * Shorthand for requiring org context
- */
-declare function requireOrg(): RouteHandler;
-/**
- * Require org context with specific roles
- */
-declare function requireOrgRole(...roles: string[]): RouteHandler;
-//#endregion
-//#region src/org/orgMembership.d.ts
-interface OrgMembershipOptions {
-  /** Path to user's organizations array */
-  userOrgsPath?: string;
-  /** Optional DB lookup function */
-  validateFromDb?: (userId: string, orgId: string) => Promise<boolean>;
-}
-interface OrgRolesOptions {
-  /** Path to user's organizations array */
-  userOrgsPath?: string;
-}
-/**
- * Check if user is member of organization.
- * This is a low-level utility for checking membership from user object data.
- * For request-level checks, use `request.scope` (isMember/isElevated guards).
- */
-declare function orgMembershipCheck(user: UserBase | undefined | null, orgId: string | undefined | null, options?: OrgMembershipOptions): Promise<boolean>;
-/**
- * Get user's role in organization from user object data.
- * For request-level role checks, use `request.scope.orgRoles` (when scope is 'member').
- */
-declare function getUserOrgRoles(user: UserBase | undefined | null, orgId: string | undefined | null, options?: OrgRolesOptions): string[];
-/**
- * Check if user has specific role in organization from user object data.
- * For request-level role checks, use `requireOrgRole()` permission or `request.scope`.
- */
-declare function hasOrgRole(user: UserBase | undefined | null, orgId: string | undefined | null, roles: string | string[], options?: OrgRolesOptions): boolean;
-//#endregion
-export { type InvitationAdapter, type InvitationDoc, type MemberDoc, type OrgAdapter, type OrgDoc, type OrgGuardOptions, type OrgMembershipOptions, type OrgPermissionStatement, type OrgRole, type OrgRolesOptions, type OrganizationPluginOptions, getUserOrgRoles, hasOrgRole, orgGuard, orgMembershipCheck, _default as organizationPlugin, organizationPlugin as organizationPluginFn, requireOrg, requireOrgRole };

package/dist/org/index.mjs DELETED Viewed

@@ -1,486 +0,0 @@
-import { _ as hasOrgAccess, b as isMember, l as getOrgRoles, n as PUBLIC_SCOPE, y as isElevated } from "../types-C_s5moIu.mjs";
-import fp from "fastify-plugin";
-//#region src/org/organizationPlugin.ts
-const DEFAULT_ROLES = [
-	{
-		name: "owner",
-		permissions: [{
-			resource: "*",
-			action: ["*"]
-		}]
-	},
-	{
-		name: "admin",
-		permissions: [{
-			resource: "org",
-			action: ["read", "update"]
-		}, {
-			resource: "members",
-			action: ["*"]
-		}]
-	},
-	{
-		name: "member",
-		permissions: [{
-			resource: "org",
-			action: ["read"]
-		}, {
-			resource: "members",
-			action: ["read"]
-		}]
-	}
-];
-/** Extract a UserBase from the request (set by auth plugin). */
-function getUser(request) {
-	return request.user;
-}
-/** Get user id (supports both `id` and `_id`). */
-function getUserId(user) {
-	const raw = user.id ?? user._id;
-	return raw ? String(raw) : void 0;
-}
-/** Standard JSON error reply. */
-function sendError(reply, statusCode, code, message) {
-	reply.code(statusCode).send({
-		success: false,
-		code,
-		error: message
-	});
-}
-const organizationPlugin = async (fastify, opts) => {
-	const { adapter, roles = DEFAULT_ROLES, basePath = "/api/organizations", enableInvitations = false } = opts;
-	const validRoleNames = new Set(roles.map((r) => r.name));
-	/**
-	* Create a preHandler that:
-	* 1. Ensures the request is authenticated
-	* 2. Looks up the caller's membership in the org identified by `:orgId`
-	* 3. Verifies the caller holds one of the required roles
-	*/
-	fastify.decorate("requireOrgRole", function requireOrgRole(requiredRoles) {
-		return async function requireOrgRoleHandler(request, reply) {
-			const user = getUser(request);
-			if (!user) {
-				sendError(reply, 401, "UNAUTHORIZED", "Authentication required");
-				return;
-			}
-			const userId = getUserId(user);
-			if (!userId) {
-				sendError(reply, 401, "UNAUTHORIZED", "Unable to determine user identity");
-				return;
-			}
-			const { orgId } = request.params;
-			if (!orgId) {
-				sendError(reply, 400, "MISSING_ORG_ID", "Organization ID is required");
-				return;
-			}
-			const member = await adapter.getMember(orgId, userId);
-			if (!member) {
-				sendError(reply, 403, "NOT_A_MEMBER", "You are not a member of this organization");
-				return;
-			}
-			if (!requiredRoles.includes(member.role)) {
-				sendError(reply, 403, "INSUFFICIENT_ROLE", `This action requires one of these roles: ${requiredRoles.join(", ")}`);
-				return;
-			}
-		};
-	});
-	/** Wrap preHandlers so that authenticate is called first (if available). */
-	function withAuth(...extra) {
-		const handlers = [];
-		const inst = fastify;
-		if (typeof inst.authenticate === "function") handlers.push(inst.authenticate);
-		handlers.push(...extra);
-		return handlers;
-	}
-	function generateSlug(name) {
-		return name.toLowerCase().trim().replace(/[^\w\s-]/g, "").replace(/[\s_]+/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "");
-	}
-	/**
-	* POST / -- Create organization
-	*
-	* Body: { name: string; slug?: string; [key: string]: unknown }
-	* The authenticated user becomes the owner.
-	*/
-	fastify.post(basePath, { preHandler: withAuth() }, async (request, reply) => {
-		const user = getUser(request);
-		if (!user) {
-			sendError(reply, 401, "UNAUTHORIZED", "Authentication required");
-			return;
-		}
-		const userId = getUserId(user);
-		if (!userId) {
-			sendError(reply, 401, "UNAUTHORIZED", "Unable to determine user identity");
-			return;
-		}
-		const body = request.body;
-		if (!body?.name) {
-			sendError(reply, 400, "VALIDATION_ERROR", "Organization name is required");
-			return;
-		}
-		const slug = body.slug ?? generateSlug(body.name);
-		if (await adapter.getOrgBySlug(slug)) {
-			sendError(reply, 409, "SLUG_TAKEN", `An organization with slug '${slug}' already exists`);
-			return;
-		}
-		const org = await adapter.createOrg({
-			...body,
-			name: body.name,
-			slug,
-			ownerId: userId
-		});
-		await adapter.addMember(org.id, userId, "owner");
-		reply.code(201).send({
-			success: true,
-			data: org
-		});
-	});
-	/**
-	* GET / -- List the authenticated user's organizations
-	*/
-	fastify.get(basePath, { preHandler: withAuth() }, async (request, reply) => {
-		const user = getUser(request);
-		if (!user) {
-			sendError(reply, 401, "UNAUTHORIZED", "Authentication required");
-			return;
-		}
-		const userId = getUserId(user);
-		if (!userId) {
-			sendError(reply, 401, "UNAUTHORIZED", "Unable to determine user identity");
-			return;
-		}
-		const orgs = await adapter.listUserOrgs(userId);
-		reply.send({
-			success: true,
-			data: orgs
-		});
-	});
-	/**
-	* GET /:orgId -- Get a single organization
-	*/
-	fastify.get(`${basePath}/:orgId`, { preHandler: withAuth(fastify.requireOrgRole([
-		"owner",
-		"admin",
-		"member"
-	])) }, async (request, reply) => {
-		const { orgId } = request.params;
-		const org = await adapter.getOrg(orgId);
-		if (!org) {
-			sendError(reply, 404, "NOT_FOUND", "Organization not found");
-			return;
-		}
-		reply.send({
-			success: true,
-			data: org
-		});
-	});
-	/**
-	* PATCH /:orgId -- Update organization
-	*/
-	fastify.patch(`${basePath}/:orgId`, { preHandler: withAuth(fastify.requireOrgRole(["owner", "admin"])) }, async (request, reply) => {
-		const { orgId } = request.params;
-		const body = request.body;
-		if (!body || Object.keys(body).length === 0) {
-			sendError(reply, 400, "VALIDATION_ERROR", "Request body must not be empty");
-			return;
-		}
-		const { ownerId: _ownerId, id: _id, ...updates } = body;
-		const org = await adapter.updateOrg(orgId, updates);
-		if (!org) {
-			sendError(reply, 404, "NOT_FOUND", "Organization not found");
-			return;
-		}
-		reply.send({
-			success: true,
-			data: org
-		});
-	});
-	/**
-	* DELETE /:orgId -- Delete organization (owner only)
-	*/
-	fastify.delete(`${basePath}/:orgId`, { preHandler: withAuth(fastify.requireOrgRole(["owner"])) }, async (request, reply) => {
-		const { orgId } = request.params;
-		if (!await adapter.getOrg(orgId)) {
-			sendError(reply, 404, "NOT_FOUND", "Organization not found");
-			return;
-		}
-		await adapter.deleteOrg(orgId);
-		reply.send({
-			success: true,
-			message: "Organization deleted"
-		});
-	});
-	/**
-	* GET /:orgId/members -- List members
-	*/
-	fastify.get(`${basePath}/:orgId/members`, { preHandler: withAuth(fastify.requireOrgRole([
-		"owner",
-		"admin",
-		"member"
-	])) }, async (request, reply) => {
-		const { orgId } = request.params;
-		const members = await adapter.listMembers(orgId);
-		reply.send({
-			success: true,
-			data: members
-		});
-	});
-	/**
-	* POST /:orgId/members -- Add a member
-	*
-	* Body: { userId: string; role: string }
-	*/
-	fastify.post(`${basePath}/:orgId/members`, { preHandler: withAuth(fastify.requireOrgRole(["owner", "admin"])) }, async (request, reply) => {
-		const { orgId } = request.params;
-		const body = request.body;
-		if (!body?.userId || !body.role) {
-			sendError(reply, 400, "VALIDATION_ERROR", "userId and role are required");
-			return;
-		}
-		if (!validRoleNames.has(body.role)) {
-			sendError(reply, 400, "INVALID_ROLE", `Invalid role '${body.role}'. Valid roles: ${[...validRoleNames].join(", ")}`);
-			return;
-		}
-		if (await adapter.getMember(orgId, body.userId)) {
-			sendError(reply, 409, "ALREADY_MEMBER", "User is already a member of this organization");
-			return;
-		}
-		const member = await adapter.addMember(orgId, body.userId, body.role);
-		reply.code(201).send({
-			success: true,
-			data: member
-		});
-	});
-	/**
-	* PATCH /:orgId/members/:userId -- Update a member's role
-	*
-	* Body: { role: string }
-	*/
-	fastify.patch(`${basePath}/:orgId/members/:userId`, { preHandler: withAuth(fastify.requireOrgRole(["owner", "admin"])) }, async (request, reply) => {
-		const { orgId, userId } = request.params;
-		const body = request.body;
-		if (!body?.role) {
-			sendError(reply, 400, "VALIDATION_ERROR", "role is required");
-			return;
-		}
-		if (!validRoleNames.has(body.role)) {
-			sendError(reply, 400, "INVALID_ROLE", `Invalid role '${body.role}'. Valid roles: ${[...validRoleNames].join(", ")}`);
-			return;
-		}
-		const currentMember = await adapter.getMember(orgId, userId);
-		if (!currentMember) {
-			sendError(reply, 404, "NOT_FOUND", "Member not found");
-			return;
-		}
-		if (currentMember.role === "owner" && body.role !== "owner") {
-			if ((await adapter.listMembers(orgId)).filter((m) => m.role === "owner").length <= 1) {
-				sendError(reply, 400, "LAST_OWNER", "Cannot change the role of the last owner. Transfer ownership first.");
-				return;
-			}
-		}
-		const member = await adapter.updateMemberRole(orgId, userId, body.role);
-		if (!member) {
-			sendError(reply, 404, "NOT_FOUND", "Member not found");
-			return;
-		}
-		reply.send({
-			success: true,
-			data: member
-		});
-	});
-	/**
-	* DELETE /:orgId/members/:userId -- Remove a member
-	*/
-	fastify.delete(`${basePath}/:orgId/members/:userId`, { preHandler: withAuth(fastify.requireOrgRole(["owner", "admin"])) }, async (request, reply) => {
-		const { orgId, userId } = request.params;
-		const member = await adapter.getMember(orgId, userId);
-		if (!member) {
-			sendError(reply, 404, "NOT_FOUND", "Member not found");
-			return;
-		}
-		if (member.role === "owner") {
-			if ((await adapter.listMembers(orgId)).filter((m) => m.role === "owner").length <= 1) {
-				sendError(reply, 400, "LAST_OWNER", "Cannot remove the last owner. Transfer ownership or delete the organization.");
-				return;
-			}
-		}
-		await adapter.removeMember(orgId, userId);
-		reply.send({
-			success: true,
-			message: "Member removed"
-		});
-	});
-	if (enableInvitations && adapter.invitations) {
-		const inv = adapter.invitations;
-		/**
-		* POST /:orgId/invitations -- Create invitation
-		*
-		* Body: { email: string; role: string; expiresAt?: string }
-		*/
-		fastify.post(`${basePath}/:orgId/invitations`, { preHandler: withAuth(fastify.requireOrgRole(["owner", "admin"])) }, async (request, reply) => {
-			const user = getUser(request);
-			const userId = user ? getUserId(user) : void 0;
-			if (!userId) {
-				sendError(reply, 401, "UNAUTHORIZED", "Authentication required");
-				return;
-			}
-			const { orgId } = request.params;
-			const body = request.body;
-			if (!body?.email || !body.role) {
-				sendError(reply, 400, "VALIDATION_ERROR", "email and role are required");
-				return;
-			}
-			if (!validRoleNames.has(body.role)) {
-				sendError(reply, 400, "INVALID_ROLE", `Invalid role '${body.role}'. Valid roles: ${[...validRoleNames].join(", ")}`);
-				return;
-			}
-			const defaultExpiry = new Date(Date.now() + 10080 * 60 * 1e3);
-			const expiresAt = body.expiresAt ? new Date(body.expiresAt) : defaultExpiry;
-			const invitation = await inv.create({
-				orgId,
-				email: body.email,
-				role: body.role,
-				invitedBy: userId,
-				status: "pending",
-				expiresAt
-			});
-			reply.code(201).send({
-				success: true,
-				data: invitation
-			});
-		});
-		/**
-		* GET /:orgId/invitations -- List pending invitations
-		*/
-		fastify.get(`${basePath}/:orgId/invitations`, { preHandler: withAuth(fastify.requireOrgRole(["owner", "admin"])) }, async (request, reply) => {
-			const { orgId } = request.params;
-			const invitations = await inv.listPending(orgId);
-			reply.send({
-				success: true,
-				data: invitations
-			});
-		});
-		/**
-		* POST /invitations/:invitationId/accept -- Accept invitation
-		*/
-		fastify.post(`${basePath}/invitations/:invitationId/accept`, { preHandler: withAuth() }, async (request, reply) => {
-			const { invitationId } = request.params;
-			await inv.accept(invitationId);
-			reply.send({
-				success: true,
-				message: "Invitation accepted"
-			});
-		});
-		/**
-		* POST /invitations/:invitationId/reject -- Reject invitation
-		*/
-		fastify.post(`${basePath}/invitations/:invitationId/reject`, { preHandler: withAuth() }, async (request, reply) => {
-			const { invitationId } = request.params;
-			await inv.reject(invitationId);
-			reply.send({
-				success: true,
-				message: "Invitation rejected"
-			});
-		});
-	}
-	fastify.log?.debug?.({
-		basePath,
-		roles: [...validRoleNames],
-		invitations: enableInvitations
-	}, "Organization plugin registered");
-};
-var organizationPlugin_default = fp(organizationPlugin, {
-	name: "arc-organization",
-	fastify: "5.x"
-});
-//#endregion
-//#region src/org/orgGuard.ts
-/**
-* Create org guard middleware.
-* Reads `request.scope` for org context and roles.
-* Elevated scope always passes.
-*/
-function orgGuard(options = {}) {
-	const { requireOrgContext = true, roles = [] } = options;
-	return async function orgGuardMiddleware(request, reply) {
-		const scope = request.scope ?? PUBLIC_SCOPE;
-		if (isElevated(scope)) return;
-		if (requireOrgContext && !hasOrgAccess(scope)) {
-			reply.code(403).send({
-				success: false,
-				error: "Organization context required",
-				code: "ORG_CONTEXT_REQUIRED",
-				message: "This endpoint requires an organization context. Please specify organization via x-organization-id header."
-			});
-			return;
-		}
-		if (roles.length > 0 && isMember(scope)) {
-			const userOrgRoles = getOrgRoles(scope);
-			if (!roles.some((role) => userOrgRoles.includes(role))) {
-				reply.code(403).send({
-					success: false,
-					error: "Insufficient organization permissions",
-					code: "ORG_ROLE_REQUIRED",
-					message: `This action requires one of these organization roles: ${roles.join(", ")}`,
-					required: roles,
-					current: userOrgRoles
-				});
-				return;
-			}
-		}
-	};
-}
-/**
-* Shorthand for requiring org context
-*/
-function requireOrg() {
-	return orgGuard({ requireOrgContext: true });
-}
-/**
-* Require org context with specific roles
-*/
-function requireOrgRole(...roles) {
-	return orgGuard({
-		requireOrgContext: true,
-		roles
-	});
-}
-//#endregion
-//#region src/org/orgMembership.ts
-/**
-* Check if user is member of organization.
-* This is a low-level utility for checking membership from user object data.
-* For request-level checks, use `request.scope` (isMember/isElevated guards).
-*/
-async function orgMembershipCheck(user, orgId, options = {}) {
-	const { userOrgsPath = "organizations", validateFromDb } = options;
-	if (!user || !orgId) return false;
-	if ((user[userOrgsPath] ?? []).some((o) => {
-		return (o.organizationId?.toString() ?? String(o)) === orgId.toString();
-	})) return true;
-	if (validateFromDb) {
-		const userId = (user._id ?? user.id)?.toString();
-		if (userId) return validateFromDb(userId, orgId);
-	}
-	return false;
-}
-/**
-* Get user's role in organization from user object data.
-* For request-level role checks, use `request.scope.orgRoles` (when scope is 'member').
-*/
-function getUserOrgRoles(user, orgId, options = {}) {
-	const { userOrgsPath = "organizations" } = options;
-	if (!user || !orgId) return [];
-	return (user[userOrgsPath] ?? []).find((o) => {
-		return (o.organizationId?.toString() ?? String(o)) === orgId.toString();
-	})?.roles ?? [];
-}
-/**
-* Check if user has specific role in organization from user object data.
-* For request-level role checks, use `requireOrgRole()` permission or `request.scope`.
-*/
-function hasOrgRole(user, orgId, roles, options = {}) {
-	const userOrgRoles = getUserOrgRoles(user, orgId, options);
-	return (Array.isArray(roles) ? roles : [roles]).some((role) => userOrgRoles.includes(role));
-}
-//#endregion
-export { getUserOrgRoles, hasOrgRole, orgGuard, orgMembershipCheck, organizationPlugin_default as organizationPlugin, organizationPlugin as organizationPluginFn, requireOrg, requireOrgRole };

package/dist/org/types.d.mts DELETED Viewed

@@ -1,82 +0,0 @@
-//#region src/org/types.d.ts
-/**
- * Organization types -- adapter interfaces for multi-tenant applications.
- * Arc defines the contract, apps implement it.
- */
-interface OrgDoc {
-  id: string;
-  name: string;
-  slug: string;
-  ownerId: string;
-  metadata?: Record<string, unknown>;
-  createdAt?: Date;
-  updatedAt?: Date;
-  [key: string]: unknown;
-}
-interface MemberDoc {
-  id: string;
-  orgId: string;
-  userId: string;
-  role: string;
-  createdAt?: Date;
-  updatedAt?: Date;
-  [key: string]: unknown;
-}
-interface InvitationDoc {
-  id: string;
-  orgId: string;
-  email: string;
-  role: string;
-  invitedBy: string;
-  status: "pending" | "accepted" | "rejected" | "expired";
-  expiresAt: Date;
-  createdAt?: Date;
-}
-/** Core organization adapter -- apps implement this */
-interface OrgAdapter {
-  createOrg(data: {
-    name: string;
-    slug: string;
-    ownerId: string;
-    [key: string]: unknown;
-  }): Promise<OrgDoc>;
-  getOrg(id: string): Promise<OrgDoc | null>;
-  getOrgBySlug(slug: string): Promise<OrgDoc | null>;
-  updateOrg(id: string, data: Partial<OrgDoc>): Promise<OrgDoc | null>;
-  deleteOrg(id: string): Promise<void>;
-  listUserOrgs(userId: string): Promise<OrgDoc[]>;
-  addMember(orgId: string, userId: string, role: string): Promise<MemberDoc>;
-  removeMember(orgId: string, userId: string): Promise<void>;
-  getMember(orgId: string, userId: string): Promise<MemberDoc | null>;
-  listMembers(orgId: string): Promise<MemberDoc[]>;
-  updateMemberRole(orgId: string, userId: string, role: string): Promise<MemberDoc | null>;
-  invitations?: InvitationAdapter;
-}
-interface InvitationAdapter {
-  create(data: Omit<InvitationDoc, "id" | "createdAt">): Promise<InvitationDoc>;
-  getByToken(token: string): Promise<InvitationDoc | null>;
-  accept(id: string): Promise<void>;
-  reject(id: string): Promise<void>;
-  listPending(orgId: string): Promise<InvitationDoc[]>;
-}
-/** Statement-based permission check */
-interface OrgPermissionStatement {
-  resource: string;
-  action: string[];
-}
-/** Role definition with permissions */
-interface OrgRole {
-  name: string;
-  permissions: OrgPermissionStatement[];
-}
-interface OrganizationPluginOptions {
-  adapter: OrgAdapter;
-  /** Built-in roles (default: owner, admin, member) */
-  roles?: OrgRole[];
-  /** Base path for org API routes (default: '/api/organizations') */
-  basePath?: string;
-  /** Enable invitation system */
-  enableInvitations?: boolean;
-}
-//#endregion
-export { InvitationAdapter, InvitationDoc, MemberDoc, OrgAdapter, OrgDoc, OrgPermissionStatement, OrgRole, OrganizationPluginOptions };

package/dist/org/types.mjs DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/dist/registry-I-ogLgL9.mjs DELETED Viewed

@@ -1,46 +0,0 @@
-import fp from "fastify-plugin";
-//#region src/registry/introspectionPlugin.ts
-const introspectionPlugin = async (fastify, opts = {}) => {
-	const { prefix = "/_resources", authRoles = ["superadmin"], enabled = true } = opts;
-	if (!enabled) {
-		fastify.log?.debug?.("Introspection plugin disabled");
-		return;
-	}
-	const typedFastify = fastify;
-	const authMiddleware = authRoles.length > 0 && typedFastify.authenticate ? [typedFastify.authenticate, typedFastify.authorize?.(...authRoles)].filter(Boolean) : [];
-	const getRegistry = () => fastify.arc?.registry;
-	await fastify.register(async (instance) => {
-		instance.get("/", { preHandler: authMiddleware }, async (_req, _reply) => {
-			return getRegistry()?.getIntrospection() ?? {
-				resources: [],
-				stats: {},
-				generatedAt: (/* @__PURE__ */ new Date()).toISOString()
-			};
-		});
-		instance.get("/stats", { preHandler: authMiddleware }, async (_req, _reply) => {
-			return getRegistry()?.getStats() ?? {
-				totalResources: 0,
-				byModule: {},
-				presetUsage: {},
-				totalRoutes: 0,
-				totalEvents: 0
-			};
-		});
-		instance.get("/:name", {
-			schema: { params: {
-				type: "object",
-				properties: { name: { type: "string" } },
-				required: ["name"]
-			} },
-			preHandler: authMiddleware
-		}, async (req, reply) => {
-			const resource = getRegistry()?.get(req.params.name);
-			if (!resource) return reply.code(404).send({ error: `Resource '${req.params.name}' not found` });
-			return resource;
-		});
-	}, { prefix });
-	fastify.log?.debug?.(`Introspection API at ${prefix}`);
-};
-var introspectionPlugin_default = fp(introspectionPlugin, { name: "arc-introspection" });
-//#endregion
-export { introspectionPlugin_default as n, introspectionPlugin as t };