@classytic/arc 2.15.3 → 2.16.0

package/dist/{core-CvmOqEms.mjs → core-DBJ_j6rX.mjs}

@@ -1,12 +1,13 @@
-import { s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS } from "./constants-Cxde4rpC.mjs";
+import { s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS } from "./constants-TrJVIJl0.mjs";
 import { arcLog } from "./logger/index.mjs";
-import { A as assertValidConfig, l as getDefaultCrudSchemas } from "./utils-_h9B3c57.mjs";
-import { t as BaseController } from "./BaseController-dx3m2J8V.mjs";
-import { t as applyPresets } from "./presets-BbkjdPeH.mjs";
+import { A as assertValidConfig, l as getDefaultCrudSchemas } from "./utils-DC5ycPfr.mjs";
+import { t as BaseController } from "./BaseController-DlCCTIxJ.mjs";
+import { t as applyPresets } from "./presets-C9BE6WaZ.mjs";
 import { n as convertRouteSchema, t as convertOpenApiSchemas } from "./schemaConverter-De34B1ZG.mjs";
 import { t as hasEvents } from "./typeGuards-BzkXkvVv.mjs";
-import { b as buildRequestScopeProjection, c as buildPreHandlerChain, d as resolveRoutePreHandlers, f as resolveRouterPluginMw, g as createRequestContext, h as createFastifyHandler, i as buildAuthMiddleware, l as buildRateLimitConfig, m as createCrudHandlers, o as buildCrudPermissionMw, p as selectPluginMw, r as buildArcDecorator, s as buildPipelineHandler, u as resolvePipelineSteps } from "./routerShared-DrOa-26E.mjs";
-import { t as resolveActionPermission } from "./actionPermissions-CyUkQu6O.mjs";
+import { b as buildRequestScopeProjection, c as buildPreHandlerChain, d as resolveRoutePreHandlers, f as resolveRouterPluginMw, g as createRequestContext, h as createFastifyHandler, i as buildAuthMiddleware, l as buildRateLimitConfig, m as createCrudHandlers, o as buildCrudPermissionMw, p as selectPluginMw, r as buildArcDecorator, s as buildPipelineHandler, u as resolvePipelineSteps } from "./routerShared-CZV5aabX.mjs";
+import { t as pluralize } from "./pluralize-B9M8xvy-.mjs";
+import { t as resolveActionPermission } from "./actionPermissions-Bjmvn7Eb.mjs";
 //#region src/core/aggregation/defineAggregation.ts
 /**
 * Declare a single resource aggregation. Exported configs flow into
@@ -59,15 +60,27 @@ function defineAggregation(config) {
 * `wrapHandler` is derived inline from `!route.raw`.
 */
 function createCustomRoutes(fastify, routes, controller, options) {
-	const { tag, resourceName, arcDecorator, rateLimitConfig, pluginMw, pipeline, routeGuards } = options;
+	const { tag, resourceName, arcDecorator, rateLimitConfig, pluginMw, pipeline, routeGuards, tenantScopeMw } = options;
 	for (const route of routes) {
-		const opName = route.operation ?? (typeof route.handler === "string" ? route.handler : `${route.method.toLowerCase()}${route.path.replace(/[/:]/g, "_")}`);
+		const routeWithRefs = route;
+		const hasHandler = route.handler !== void 0;
+		const hasControllerMethod = typeof routeWithRefs.controllerMethod === "function";
+		if (hasHandler && hasControllerMethod) throw new Error(`Route ${route.method} ${route.path}: pass either \`handler\` or \`controllerMethod\`, not both. Prefer \`controllerMethod: (c: MyController) => c.method\` for typed handler refs (TS catches typos).`);
+		if (!hasHandler && !hasControllerMethod) throw new Error(`Route ${route.method} ${route.path}: must declare either \`handler\` (string / function) or \`controllerMethod: (c) => c.method\` (typed function-ref form).`);
+		let resolvedHandler;
+		if (hasControllerMethod) {
+			if (!controller) throw new Error(`Route ${route.method} ${route.path}: \`controllerMethod\` requires a controller. Provide one via \`defineResource({ controller, … })\`, or use \`defineResource\` with an \`adapter\` so arc auto-creates a BaseController.`);
+			const referenced = routeWithRefs.controllerMethod?.(controller);
+			if (typeof referenced !== "function") throw new Error(`Route ${route.method} ${route.path}: \`controllerMethod\` did not return a function. Return the method itself: \`controllerMethod: (c) => c.myMethod\`.`);
+			resolvedHandler = referenced.bind(controller);
+		} else resolvedHandler = route.handler;
+		const opName = route.operation ?? (typeof resolvedHandler === "string" ? resolvedHandler : `${route.method.toLowerCase()}${route.path.replace(/[/:]/g, "_")}`);
 		const wrapHandler = !route.raw;
 		let handler;
-		if (typeof route.handler === "string") {
-			if (!controller) throw new Error(`Route ${route.method} ${route.path}: string handler '${route.handler}' requires a controller. Either provide a controller or use a function handler instead.`);
-			const method = controller[route.handler];
-			if (typeof method !== "function") throw new Error(`Handler '${route.handler}' not found on controller`);
+		if (typeof resolvedHandler === "string") {
+			if (!controller) throw new Error(`Route ${route.method} ${route.path}: string handler '${resolvedHandler}' requires a controller. Either provide a controller or use a function handler instead.`);
+			const method = controller[resolvedHandler];
+			if (typeof method !== "function") throw new Error(`Handler '${resolvedHandler}' not found on controller`);
 			const boundMethod = method.bind(controller);
 			if (wrapHandler) {
 				const steps = resolvePipelineSteps(pipeline, opName);
@@ -75,8 +88,8 @@ function createCustomRoutes(fastify, routes, controller, options) {
 			} else handler = boundMethod;
 		} else if (wrapHandler) {
 			const steps = resolvePipelineSteps(pipeline, opName);
-			handler = steps.length > 0 ? buildPipelineHandler(route.handler, steps, opName, resourceName) : createFastifyHandler(route.handler);
-		} else handler = route.handler;
+			handler = steps.length > 0 ? buildPipelineHandler(resolvedHandler, steps, opName, resourceName) : createFastifyHandler(resolvedHandler);
+		} else handler = resolvedHandler;
 		const routeTags = route.tags ?? (tag ? [tag] : void 0);
 		const convertedSchema = route.schema ? convertRouteSchema(route.schema) : void 0;
 		const schema = {
@@ -86,6 +99,10 @@ function createCustomRoutes(fastify, routes, controller, options) {
 			...convertedSchema ?? {}
 		};
 		const customPreHandlers = resolveRoutePreHandlers(route.preHandler, fastify, `${route.method} ${route.path}`);
+		if (route.tenantScope === true) {
+			if (!tenantScopeMw || tenantScopeMw.length === 0) throw new Error(`Route ${route.method} ${route.path}: \`tenantScope: true\` requires a multi-tenant preset. Add \`multiTenantPreset()\` (or \`flexibleMultiTenantPreset()\`) to the resource's \`presets\`, or remove the \`tenantScope\` flag from this route.`);
+			customPreHandlers.unshift(...tenantScopeMw);
+		}
 		const preHandler = buildPreHandlerChain({
 			preAuth: route.preAuth ?? [],
 			arcDecorator,
@@ -141,6 +158,7 @@ function createCrudRouter(fastify, controller, options = {}) {
 		update: middlewares.update ?? [],
 		delete: middlewares.delete ?? []
 	};
+	const tenantScopeMw = middlewares.tenantScope;
 	const idParamsSchema = {
 		type: "object",
 		properties: { id: { type: "string" } },
@@ -233,7 +251,8 @@ function createCrudRouter(fastify, controller, options = {}) {
 		rateLimitConfig,
 		pluginMw,
 		pipeline,
-		routeGuards
+		routeGuards,
+		tenantScopeMw
 	});
 }
 function buildCrudHandlers(ctrl, pipeline, resourceName) {
@@ -256,6 +275,28 @@ function createPermissionMiddleware(permission, resourceName, action) {
 	return buildCrudPermissionMw(permission, resourceName, action);
 }
 //#endregion
+//#region src/core/defineAction.ts
+/**
+* Build an `ActionDefinition` with a typed handler. The literal schema
+* type captured here flows into `data`, so `defineAction({ schema:
+* z.object({...}), handler })` produces fully-typed code with no
+* `as MyShape` cast.
+*
+* Behaviorally identical to a bare `ActionDefinition` object — same
+* validation path (AJV), same permission resolution, same MCP wiring.
+* The runtime shape is unchanged; only the type-level inference is new.
+*/
+function defineAction(config) {
+	return {
+		handler: config.handler,
+		permissions: config.permissions,
+		schema: config.schema,
+		description: config.description,
+		id: config.id,
+		mcp: config.mcp
+	};
+}
+//#endregion
 //#region src/core/defineResource/controller.ts
 /**
 * Phase 4 — pick (or auto-create) the resource's controller.
@@ -739,6 +780,39 @@ function computeHasCrudRoutes(config) {
 	return !config.disableDefaultRoutes && CRUD_OPERATIONS.some((op) => !disabled.has(op));
 }
 //#endregion
+//#region src/registry/resolveTenantPurge.ts
+const DEFAULT_PRIORITY = 100;
+function resolveTenantPurge(input) {
+	const { resourceName, tenantField, onTenantDelete } = input;
+	if (onTenantDelete) {
+		assertTenantFieldUsable(resourceName, tenantField, onTenantDelete.strategy.type);
+		return {
+			strategy: onTenantDelete.strategy,
+			priority: onTenantDelete.priority ?? DEFAULT_PRIORITY,
+			batchSize: onTenantDelete.batchSize,
+			source: "declared"
+		};
+	}
+	return {
+		strategy: {
+			type: "skip",
+			reason: "no `onTenantDelete` declared"
+		},
+		priority: DEFAULT_PRIORITY,
+		source: "disabled"
+	};
+}
+/**
+* Boot-time invariant: any non-skip strategy requires a real
+* `tenantField`. Company-wide tables (`tenantField: false`) can't be
+* cascaded by org. Throw rather than silently skip so the misconfig
+* surfaces in CI / the auth-event path instead of leaking org data
+* on the next delete.
+*/
+function assertTenantFieldUsable(resourceName, tenantField, strategyType) {
+	if (tenantField === false) throw new Error(`[Arc/Cascade] Resource '${resourceName}' declares onTenantDelete (strategy: ${strategyType}) but \`tenantField: false\`. Company-wide resources can't be cascaded by org — set a real \`tenantField\` or remove the \`onTenantDelete\` declaration.`);
+}
+//#endregion
 //#region src/core/defineResource/plugin.ts
 /**
 * Build the CRUD schema map from the adapter's `OpenApiSchemas` plus
@@ -896,6 +970,7 @@ function normalizeActionsToRouterConfig(actions, resourceActionPermissions, tag,
 	const handlers = {};
 	const permissions = {};
 	const schemas = {};
+	const idLessActionNames = [];
 	for (const [name, entry] of Object.entries(actions)) {
 		const explicit = typeof entry !== "function" && entry.permissions ? entry.permissions : void 0;
 		if (typeof entry === "function") handlers[name] = entry;
@@ -903,6 +978,7 @@ function normalizeActionsToRouterConfig(actions, resourceActionPermissions, tag,
 			const def = entry;
 			handlers[name] = def.handler;
 			if (def.schema) schemas[name] = def.schema;
+			if (def.id === false) idLessActionNames.push(name);
 		}
 		const effective = resolveActionPermission({
 			action: entry,
@@ -922,7 +998,8 @@ function normalizeActionsToRouterConfig(actions, resourceActionPermissions, tag,
 		tag,
 		actions: handlers,
 		actionPermissions: permissions,
-		actionSchemas: schemas
+		actionSchemas: schemas,
+		idLessActionNames
 	};
 }
 /**
@@ -936,9 +1013,13 @@ function normalizeActionsToRouterConfig(actions, resourceActionPermissions, tag,
 */
 function buildResourcePlugin(resource) {
 	return async function resourcePlugin(fastify, _opts) {
-		const sharedRoot = fastify.server ?? fastify;
+		const sharedRoot = fastify.server;
 		const isFirstMount = !resource._sharedStateRegisteredOn.has(sharedRoot);
 		if (isFirstMount) resource._sharedStateRegisteredOn.add(sharedRoot);
+		if (isFirstMount && resource._diagnostics?.length) for (const diagnostic of resource._diagnostics) {
+			const level = diagnostic.severity === "info" ? "info" : "warn";
+			fastify.log?.[level]?.(diagnostic.message);
+		}
 		const arc = fastify.arc;
 		if (isFirstMount && arc?.registry && resource._registryMeta) try {
 			arc.registry.register(resource, resource._registryMeta);
@@ -952,8 +1033,7 @@ function buildResourcePlugin(resource) {
 			handler: hook.handler,
 			priority: hook.priority
 		});
-		const registerRule = fastify.registerCacheInvalidationRule;
-		if (isFirstMount && resource.cache?.invalidateOn && typeof registerRule === "function") for (const [pattern, tags] of Object.entries(resource.cache.invalidateOn)) registerRule({
+		if (isFirstMount && resource.cache?.invalidateOn && fastify.registerCacheInvalidationRule) for (const [pattern, tags] of Object.entries(resource.cache.invalidateOn)) fastify.registerCacheInvalidationRule({
 			pattern,
 			tags
 		});
@@ -984,7 +1064,7 @@ function buildResourcePlugin(resource) {
 				idField: resource.idField
 			});
 			if (resource.actions && Object.keys(resource.actions).length > 0) {
-				const { createActionRouter } = await import("./createActionRouter-S3MLVYot.mjs").then((n) => n.n);
+				const { createActionRouter } = await import("./createActionRouter-DUpN3Dd1.mjs").then((n) => n.n);
 				createActionRouter(typedInstance, {
 					...normalizeActionsToRouterConfig(resource.actions, resource.actionPermissions, resource.tag, resource.permissions, resource.name, typedInstance.log),
 					resourceName: resource.name,
@@ -998,8 +1078,12 @@ function buildResourcePlugin(resource) {
 				});
 			}
 			if (resource.aggregations && Object.keys(resource.aggregations).length > 0) {
-				const { createAggregationRouter } = await import("./createAggregationRouter-B0bPDf5b.mjs");
-				const repoForAgg = resource.controller?.repository;
+				const [{ createAggregationRouter }, { adapterSupportsAggregate, ArcAggregationConfigError }] = await Promise.all([import("./createAggregationRouter-Dq-TUCuY.mjs"), import("./validate-By96rH0r.mjs").then((n) => n.i)]);
+				const repoForAgg = resource.controller?.repository ?? resource.repository;
+				if (!adapterSupportsAggregate(repoForAgg)) {
+					const undispatchable = Object.entries(resource.aggregations).filter(([, cfg]) => !cfg.materialized).map(([name]) => name);
+					if (undispatchable.length > 0) throw new ArcAggregationConfigError(`Resource '${resource.name}' declares aggregations [${undispatchable.join(", ")}] but no repository implementing 'aggregate(req, options?)' is wired. Either (a) attach an adapter whose repo ships StandardRepo.aggregate (mongokit >= 3.13 / sqlitekit >= 0.3), (b) pass a custom controller exposing such a repository, or (c) declare 'materialized' on each aggregation so it dispatches through your own hook.`);
+				}
 				const buildOptions = (req) => {
 					const ctrl = resource.controller;
 					if (!ctrl?.tenantRepoOptions) return {};
@@ -1059,13 +1143,40 @@ var ResourceDefinition = class {
 	pipe;
 	fields;
 	cache;
+	/**
+	* Per-resource MCP opt-out. `false` keeps the resource out of every
+	* `mcpPlugin` registration regardless of the plugin's `expose` /
+	* `include` allowlist — local opt-out is authoritative. See
+	* `ResourceConfig.mcp` for the host-facing surface.
+	*/
+	mcp;
 	tenantField;
+	/** Tenant-cleanup strategy on org delete — see `OnTenantDeleteConfig`. */
+	onTenantDelete;
+	/**
+	* Resolved tenant-purge strategy — what `cascadeDeleteForOrganization`
+	* actually runs. Computed once at boot from `onTenantDelete`. Audit /
+	* introspection tooling reads this instead of re-running the rule at
+	* the call site.
+	*/
+	resolvedTenantPurge;
 	idField;
 	queryParser;
 	_appliedPresets;
 	_pendingHooks;
 	_registryMeta;
 	/**
+	* Boot-time validation diagnostics (non-fatal — hard errors throw
+	* synchronously in `validateDefineResourceConfig`). Populated when
+	* the host's config contains redundant / ambiguous flags that
+	* shouldn't crash the boot but the host should clean up. Flushed
+	* through `fastify.log.warn` on first mount inside
+	* `buildResourcePlugin` so the host's configured logger owns the
+	* output — the framework never speaks to `console.*` from `src/`
+	* outside of the CLI.
+	*/
+	_diagnostics;
+	/**
 	* Per-host idempotency guard used by `buildResourcePlugin` to
 	* skip duplicate shared-state writes when the same resource is
 	* mounted at multiple prefixes (`/v1`, `/v2`). See the plugin
@@ -1075,8 +1186,8 @@ var ResourceDefinition = class {
 	_sharedStateRegisteredOn = /* @__PURE__ */ new WeakSet();
 	constructor(config) {
 		this.name = config.name;
-		this.displayName = config.displayName ?? `${capitalize(config.name)}s`;
-		this.tag = config.tag ?? this.displayName;
+		this.displayName = config.displayName ?? capitalize(config.name);
+		this.tag = config.tag ?? pluralize(this.displayName);
 		this.prefix = config.prefix ?? `/${config.name}s`;
 		this.skipGlobalPrefix = config.skipGlobalPrefix ?? false;
 		this.adapter = config.adapter;
@@ -1099,7 +1210,14 @@ var ResourceDefinition = class {
 		this.pipe = config.pipe;
 		this.fields = config.fields;
 		this.cache = config.cache;
+		this.mcp = config.mcp !== false;
 		this.tenantField = config.tenantField;
+		this.onTenantDelete = config.onTenantDelete;
+		this.resolvedTenantPurge = resolveTenantPurge({
+			resourceName: this.name,
+			tenantField: this.tenantField,
+			onTenantDelete: this.onTenantDelete
+		});
 		this.idField = config.idField;
 		this.queryParser = config.queryParser;
 		this._appliedPresets = config._appliedPresets ?? [];
@@ -1343,17 +1461,19 @@ const CRUD_OP_NAMES = new Set([
 	"get"
 ]);
 /**
-* Run the structural validation pipeline. Throws an `Error` with a
-* resource-named message on the first failure — `defineResource()`
-* surfaces it verbatim so hosts get a clear "fix this resource"
-* pointer.
+* Run the structural validation pipeline.
+*
+* Throws synchronously on hard errors. Returns the (possibly empty)
+* list of non-fatal diagnostics — defineResource attaches them to the
+* resulting `ResourceDefinition` for the plugin layer to flush through
+* `fastify.log.warn` on first mount.
 */
 function validateDefineResourceConfig(config) {
 	assertValidConfig(config, { skipControllerCheck: true });
 	validatePermissionsShape(config);
 	validateCustomRoutePermissions(config);
 	validateActionsShape(config);
-	warnRedundantFieldRules(config);
+	return collectRedundantFieldRuleDiagnostics(config);
 }
 /** Permissions must be `PermissionCheck` functions, not arbitrary values. */
 function validatePermissionsShape(config) {
@@ -1369,8 +1489,7 @@ function validateCustomRoutePermissions(config) {
 	for (const route of config.routes ?? []) if (typeof route.permissions !== "function") throw new Error(`[Arc] Resource '${config.name}' route ${route.method} ${route.path}: permissions is required and must be a PermissionCheck function.`);
 }
 /**
-* Surface common field-rule misconfigurations at boot — non-fatal,
-* just a `console.warn` so hosts notice and clean up.
+* Surface common field-rule misconfigurations as boot-time diagnostics.
 *
 * Catches:
 *   1. `immutable: true` + `immutableAfterCreate: true` — `immutable`
@@ -1381,19 +1500,34 @@ function validateCustomRoutePermissions(config) {
 *   3. `hidden: true` + `aggregable: false` — `hidden` already blocks
 *      aggregation; `aggregable: false` is redundant.
 *
-* NOT a hard error — write-rule overlap is harmless at runtime, just
-* noisy in code review.
+* NOT hard errors — write-rule overlap is harmless at runtime, just
+* noisy in code review. Returned as `ResourceDiagnostic[]` so the
+* caller can route them through the host logger; never logged here.
 */
-function warnRedundantFieldRules(config) {
+function collectRedundantFieldRuleDiagnostics(config) {
 	const fieldRules = config.schemaOptions?.fieldRules;
-	if (!fieldRules) return;
+	if (!fieldRules) return [];
+	const diagnostics = [];
 	for (const [field, rule] of Object.entries(fieldRules)) {
 		if (!rule) continue;
 		const r = rule;
-		if (r.immutable === true && r.immutableAfterCreate === true) console.warn(`[Arc] Resource '${config.name}' fieldRules.${field}: \`immutable: true\` already implies \`immutableAfterCreate: true\` — drop the second flag.`);
-		if (r.systemManaged === true && r.readonly === true) console.warn(`[Arc] Resource '${config.name}' fieldRules.${field}: \`systemManaged\` and \`readonly\` both strip writes — pick one (\`systemManaged\` is the canonical name).`);
-		if (r.hidden === true && r.aggregable === false) console.warn(`[Arc] Resource '${config.name}' fieldRules.${field}: \`hidden: true\` already blocks aggregation — \`aggregable: false\` is redundant.`);
+		if (r.immutable === true && r.immutableAfterCreate === true) diagnostics.push({
+			severity: "warn",
+			code: "field-rule-redundant-immutable",
+			message: `[Arc] Resource '${config.name}' fieldRules.${field}: \`immutable: true\` already implies \`immutableAfterCreate: true\` — drop the second flag.`
+		});
+		if (r.systemManaged === true && r.readonly === true) diagnostics.push({
+			severity: "warn",
+			code: "field-rule-redundant-system-managed",
+			message: `[Arc] Resource '${config.name}' fieldRules.${field}: \`systemManaged\` and \`readonly\` both strip writes — pick one (\`systemManaged\` is the canonical name).`
+		});
+		if (r.hidden === true && r.aggregable === false) diagnostics.push({
+			severity: "warn",
+			code: "field-rule-redundant-hidden",
+			message: `[Arc] Resource '${config.name}' fieldRules.${field}: \`hidden: true\` already blocks aggregation — \`aggregable: false\` is redundant.`
+		});
 	}
+	return diagnostics;
 }
 /**
 * Actions (v2.8) — name must not collide with CRUD ops; handler +
@@ -1430,9 +1564,11 @@ function validateActionsShape(config) {
 * One internal boundary cast replaces N host-side casts.
 */
 function defineResource(config) {
-	if (!config.skipValidation) validateDefineResourceConfig(config);
-	const repository = config.adapter?.repository;
-	const configWithId = resolveIdField(config, repository);
+	const normalisedConfig = resolveCrudAllowList(config);
+	let diagnostics = [];
+	if (!normalisedConfig.skipValidation) diagnostics = validateDefineResourceConfig(normalisedConfig);
+	const repository = normalisedConfig.adapter?.repository;
+	const configWithId = resolveIdField(normalisedConfig, repository);
 	const resolvedConfig = applyPresetsAndAutoInject(configWithId);
 	const hasCrudRoutes = computeHasCrudRoutes(resolvedConfig);
 	const narrowedConfig = resolvedConfig;
@@ -1443,14 +1579,56 @@ function defineResource(config) {
 		adapter: configWithId.adapter,
 		controller
 	});
-	if (!config.skipValidation && controller) resource._validateControllerMethods();
+	if (!normalisedConfig.skipValidation && controller) resource._validateControllerMethods();
 	wireHooks(resource, narrowedConfig, configWithId.hooks);
-	if (!config.skipRegistry) {
+	if (!normalisedConfig.skipRegistry) {
 		const registryMeta = resolveOpenApiSchemas(narrowedConfig);
 		if (registryMeta) resource._registryMeta = registryMeta;
 	}
+	if (diagnostics.length > 0) resource._diagnostics = diagnostics;
 	return resource;
 }
+/**
+* Normalise the 2.16 `crud:` positive-form allow-list into the canonical
+* `{ disabledRoutes, disableDefaultRoutes }` pair the rest of arc reads.
+*
+* Three input forms collapse to one output:
+*   - `crud: false`           → `disableDefaultRoutes: true`
+*   - `crud: { list: true }`  → `disabledRoutes: [get,create,update,delete]`
+*   - legacy `disabledRoutes` → passed through unchanged
+*
+* Mutually exclusive: `crud` + `disabledRoutes` together is a config bug
+* (the host meant ONE of two intents) — throw rather than pick.
+*
+* Lifted out of the `ResourceDefinition` constructor in 2.16 so the
+* validator (Phase 1) observes the post-resolve shape — `crud: false`
+* now looks like `disableDefaultRoutes: true` to the validator, so it
+* doesn't false-positive "Data adapter required when CRUD routes are
+* enabled" on a host that explicitly opted CRUD out.
+*/
+function resolveCrudAllowList(config) {
+	const { crud, disabledRoutes: legacyDisabled, disableDefaultRoutes: legacyDisableAll } = config;
+	if (crud === void 0) return config;
+	if (legacyDisabled !== void 0) throw new Error(`[Arc] Resource '${config.name}': pass either \`crud\` (positive allow-list) or \`disabledRoutes\` (negative opt-out), not both. The positive form is the documented default going forward; drop \`disabledRoutes\` when both are set.`);
+	if (crud === false) return {
+		...config,
+		crud: void 0,
+		disableDefaultRoutes: true
+	};
+	const disabled = [
+		"list",
+		"get",
+		"create",
+		"update",
+		"delete"
+	].filter((op) => crud[op] !== true);
+	return {
+		...config,
+		crud: void 0,
+		disabledRoutes: disabled,
+		disableDefaultRoutes: legacyDisableAll ?? false
+	};
+}
 //#endregion
 //#region src/core/defineResourceVariants.ts
 /**
@@ -1550,4 +1728,4 @@ function getEntityQuery(req) {
 	return { [getEntityIdField(req)]: id };
 }
 //#endregion
-export { defineResource as a, createPermissionMiddleware as c, defineResourceVariants as i, defineAggregation as l, getEntityIdField as n, ResourceDefinition as o, getEntityQuery as r, createCrudRouter as s, getEntityId as t };
+export { defineResource as a, createCrudRouter as c, defineResourceVariants as i, createPermissionMiddleware as l, getEntityIdField as n, ResourceDefinition as o, getEntityQuery as r, defineAction as s, getEntityId as t, defineAggregation as u };