@classytic/arc 2.2.5 → 2.4.1

package/dist/{keys-DhqDRxv3.mjs → keys-qcD-TVJl.mjs}

@@ -29,14 +29,13 @@ function hashParams(params) {
 function stableStringify(value) {
 	if (value === null || value === void 0) return "";
 	if (typeof value !== "object") return String(value);
-	if (Array.isArray(value)) return "[" + value.map(stableStringify).join(",") + "]";
-	return "{" + Object.keys(value).sort().map((k) => k + ":" + stableStringify(value[k])).join(",") + "}";
+	if (Array.isArray(value)) return `[${value.map(stableStringify).join(",")}]`;
+	return "{" + Object.keys(value).sort().map((k) => `${k}:${stableStringify(value[k])}`).join(",") + "}";
 }
 function djb2(str) {
 	let hash = 5381;
 	for (let i = 0; i < str.length; i++) hash = (hash << 5) + hash + str.charCodeAt(i) >>> 0;
 	return hash;
 }
-
 //#endregion
-export { versionKey as i, hashParams as n, tagVersionKey as r, buildQueryKey as t };
+export { versionKey as i, hashParams as n, tagVersionKey as r, buildQueryKey as t };

package/dist/{logger-ByrvQWZO.mjs → logger-Dz3j1ItV.mjs}

@@ -1,5 +1,4 @@
-import { t as __exportAll } from "./chunk-C7Uep-_p.mjs";
-
+import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
 //#region src/logger/index.ts
 var logger_exports = /* @__PURE__ */ __exportAll({
 	arcLog: () => arcLog,
@@ -73,6 +72,5 @@ function isSuppressed() {
 	const env = typeof process !== "undefined" ? process.env?.ARC_SUPPRESS_WARNINGS : void 0;
 	return env === "1" || env === "true";
 }
-
 //#endregion
-export { configureArcLogger as n, logger_exports as r, arcLog as t };
+export { configureArcLogger as n, logger_exports as r, arcLog as t };

package/dist/{memory-B2v7KrCB.mjs → memory-Cb_7iy9e.mjs}

@@ -1,5 +1,4 @@
-import { t as __exportAll } from "./chunk-C7Uep-_p.mjs";
-
+import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
 //#region src/cache/memory.ts
 var memory_exports = /* @__PURE__ */ __exportAll({
 	MemoryCacheStore: () => MemoryCacheStore,
@@ -138,6 +137,5 @@ var MemoryCacheStore = class {
 function clamp(value, min, max) {
 	return Math.min(max, Math.max(min, value));
 }
-
 //#endregion
-export { memory_exports as n, MemoryCacheStore as t };
+export { memory_exports as n, MemoryCacheStore as t };

package/dist/metrics-Csh4nsvv.mjs

@@ -0,0 +1,224 @@
+import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
+import fp from "fastify-plugin";
+//#region src/plugins/metrics.ts
+var metrics_exports = /* @__PURE__ */ __exportAll({
+	default: () => metrics_default,
+	metricsPlugin: () => metricsPlugin
+});
+var Counter = class {
+	data = /* @__PURE__ */ new Map();
+	inc(labels, value = 1) {
+		const key = labelKey(labels);
+		const existing = this.data.get(key);
+		if (existing) existing.value += value;
+		else this.data.set(key, {
+			labels: { ...labels },
+			value
+		});
+	}
+	values() {
+		return [...this.data.values()];
+	}
+	reset() {
+		this.data.clear();
+	}
+};
+var Histogram = class {
+	data = /* @__PURE__ */ new Map();
+	observe(labels, value) {
+		const key = labelKey(labels);
+		const existing = this.data.get(key);
+		if (existing) {
+			existing.sum += value;
+			existing.count += 1;
+		} else this.data.set(key, {
+			labels: { ...labels },
+			sum: value,
+			count: 1
+		});
+	}
+	values() {
+		return [...this.data.values()].flatMap(({ labels, sum, count }) => [{
+			labels: {
+				...labels,
+				le: "sum"
+			},
+			value: sum
+		}, {
+			labels: {
+				...labels,
+				le: "count"
+			},
+			value: count
+		}]);
+	}
+	reset() {
+		this.data.clear();
+	}
+};
+var Gauge = class {
+	data = /* @__PURE__ */ new Map();
+	set(labels, value) {
+		const key = labelKey(labels);
+		this.data.set(key, {
+			labels: { ...labels },
+			value
+		});
+	}
+	values() {
+		return [...this.data.values()];
+	}
+	reset() {
+		this.data.clear();
+	}
+};
+function labelKey(labels) {
+	return Object.entries(labels).sort(([a], [b]) => a.localeCompare(b)).map(([k, v]) => `${k}=${v}`).join(",");
+}
+function toPrometheusText(metrics) {
+	const lines = [];
+	for (const m of metrics) {
+		lines.push(`# HELP ${m.name} ${m.help}`);
+		lines.push(`# TYPE ${m.name} ${m.type}`);
+		for (const v of m.values) {
+			const labelStr = Object.entries(v.labels).map(([k, val]) => `${k}="${val}"`).join(",");
+			lines.push(`${m.name}{${labelStr}} ${v.value}`);
+		}
+	}
+	return `${lines.join("\n")}\n`;
+}
+const metricsPlugin = async (fastify, opts = {}) => {
+	const path = opts.path ?? "/_metrics";
+	const prefix = opts.prefix ?? "arc";
+	const httpRequestsTotal = new Counter();
+	const crudOpsTotal = new Counter();
+	const cacheHitsTotal = new Counter();
+	const cacheMissesTotal = new Counter();
+	const eventsPublishedTotal = new Counter();
+	const eventsConsumedTotal = new Counter();
+	const httpDuration = new Histogram();
+	const crudDuration = new Histogram();
+	const circuitBreakerState = new Gauge();
+	const collector = {
+		collect() {
+			const metrics = [
+				{
+					name: `${prefix}_http_requests_total`,
+					type: "counter",
+					help: "Total HTTP requests",
+					values: httpRequestsTotal.values()
+				},
+				{
+					name: `${prefix}_http_request_duration_seconds`,
+					type: "histogram",
+					help: "HTTP request duration in seconds",
+					values: httpDuration.values()
+				},
+				{
+					name: `${prefix}_crud_operations_total`,
+					type: "counter",
+					help: "Total CRUD operations by resource",
+					values: crudOpsTotal.values()
+				},
+				{
+					name: `${prefix}_crud_operation_duration_seconds`,
+					type: "histogram",
+					help: "CRUD operation duration in seconds",
+					values: crudDuration.values()
+				},
+				{
+					name: `${prefix}_cache_hits_total`,
+					type: "counter",
+					help: "Total cache hits by resource",
+					values: cacheHitsTotal.values()
+				},
+				{
+					name: `${prefix}_cache_misses_total`,
+					type: "counter",
+					help: "Total cache misses by resource",
+					values: cacheMissesTotal.values()
+				},
+				{
+					name: `${prefix}_events_published_total`,
+					type: "counter",
+					help: "Total events published",
+					values: eventsPublishedTotal.values()
+				},
+				{
+					name: `${prefix}_events_consumed_total`,
+					type: "counter",
+					help: "Total events consumed",
+					values: eventsConsumedTotal.values()
+				},
+				{
+					name: `${prefix}_circuit_breaker_state`,
+					type: "gauge",
+					help: "Circuit breaker state (0=closed, 1=open, 2=half-open)",
+					values: circuitBreakerState.values()
+				}
+			];
+			opts.onCollect?.(metrics);
+			return metrics;
+		},
+		reset() {
+			httpRequestsTotal.reset();
+			httpDuration.reset();
+			crudOpsTotal.reset();
+			crudDuration.reset();
+			cacheHitsTotal.reset();
+			cacheMissesTotal.reset();
+			eventsPublishedTotal.reset();
+			eventsConsumedTotal.reset();
+			circuitBreakerState.reset();
+		},
+		recordOperation(resource, operation, status, durationMs) {
+			crudOpsTotal.inc({
+				resource,
+				operation,
+				status: String(status)
+			});
+			crudDuration.observe({
+				resource,
+				operation
+			}, durationMs / 1e3);
+		},
+		recordCacheHit(resource) {
+			cacheHitsTotal.inc({ resource });
+		},
+		recordCacheMiss(resource) {
+			cacheMissesTotal.inc({ resource });
+		},
+		recordEventPublish(eventType) {
+			eventsPublishedTotal.inc({ event_type: eventType });
+		},
+		recordEventConsume(eventType) {
+			eventsConsumedTotal.inc({ event_type: eventType });
+		},
+		recordCircuitBreakerState(service, state) {
+			const stateValue = state === "open" ? 1 : state === "half-open" ? 2 : 0;
+			circuitBreakerState.set({ service }, stateValue);
+		}
+	};
+	fastify.decorate("metrics", collector);
+	fastify.addHook("onResponse", async (request, reply) => {
+		if (request.url === path) return;
+		const duration = reply.elapsedTime / 1e3;
+		const labels = {
+			method: request.method,
+			route: request.routeOptions?.url ?? request.url,
+			status: String(reply.statusCode)
+		};
+		httpRequestsTotal.inc(labels);
+		httpDuration.observe(labels, duration);
+	});
+	fastify.get(path, async (_request, reply) => {
+		const text = toPrometheusText(collector.collect());
+		return reply.type("text/plain; charset=utf-8").send(text);
+	});
+};
+var metrics_default = fp(metricsPlugin, {
+	name: "arc-metrics",
+	fastify: "5.x"
+});
+//#endregion
+export { metrics_default as n, metrics_exports as r, metricsPlugin as t };

package/dist/migrations/index.mjs

@@ -1,5 +1,3 @@
-import mongoose from "mongoose";
-
 //#region src/migrations/index.ts
 /**
 * Define a migration
@@ -95,8 +93,7 @@ var MigrationRunner = class {
 	*/
 	async runMigration(migration, direction, isRollback = false) {
 		const start = Date.now();
-		const action = direction === "up" ? "Applying" : "Rolling back";
-		console.log(`${action} ${migration.resource} v${migration.version}${migration.description ? `: ${migration.description}` : ""}...`);
+		console.log(`${direction === "up" ? "Applying" : "Rolling back"} ${migration.resource} v${migration.version}${migration.description ? `: ${migration.description}` : ""}...`);
 		try {
 			if (direction === "up") {
 				await migration.up(this.db);
@@ -238,7 +235,7 @@ const migrationHelpers = {
 		up: async (db) => {
 			await db.collection(collection).updateMany({}, { $unset: { [fieldName]: "" } });
 		},
-		down: async (db) => {
+		down: async (_db) => {
 			console.warn(`Cannot restore ${fieldName} field - data was deleted`);
 		}
 	}),
@@ -255,6 +252,5 @@ const migrationHelpers = {
 		}
 	})
 };
-
 //#endregion
-export { MigrationRegistry, MigrationRunner, defineMigration, migrationHelpers, migrationRegistry, withSchemaVersion };
+export { MigrationRegistry, MigrationRunner, defineMigration, migrationHelpers, migrationRegistry, withSchemaVersion };

package/dist/{mongodb-DNKEExbf.mjs → mongodb-BuQ7fNTg.mjs}

@@ -4,9 +4,7 @@ var MongoAuditStore = class {
 	collection;
 	initialized = false;
 	ttlDays;
-	options;
 	constructor(options) {
-		this.options = options;
 		const collectionName = options.collection ?? "audit_logs";
 		this.collection = options.connection.collection(collectionName);
 		this.ttlDays = options.ttlDays ?? 90;
@@ -88,6 +86,5 @@ var MongoAuditStore = class {
 		}));
 	}
 };
-
 //#endregion
-export { MongoAuditStore as t };
+export { MongoAuditStore as t };

package/dist/{mongodb-ClykrfGo.d.mts → mongodb-CUpYfxfD.d.mts}

@@ -1,7 +1,7 @@
-import { i as UserBase } from "./types-RLkFVgaw.mjs";
+import { i as UserBase } from "./types-BNUccdcf.mjs";
 
 //#region src/audit/stores/interface.d.ts
-type AuditAction = 'create' | 'update' | 'delete' | 'restore' | 'custom';
+type AuditAction = "create" | "update" | "delete" | "restore" | "custom";
 interface AuditEntry {
   /** Unique audit log ID */
   id: string;
@@ -108,7 +108,6 @@ declare class MongoAuditStore implements AuditStore {
   private collection;
   private initialized;
   private ttlDays;
-  private options;
   constructor(options: MongoAuditStoreOptions);
   private ensureIndexes;
   log(entry: AuditEntry): Promise<void>;

package/dist/{mongodb-Dg8O_gvd.d.mts → mongodb-bga9AbkD.d.mts}

@@ -1,4 +1,4 @@
-import { n as IdempotencyResult, r as IdempotencyStore } from "./interface-CSNjltAc.mjs";
+import { n as IdempotencyResult, r as IdempotencyStore } from "./interface-B4awm1RJ.mjs";
 
 //#region src/idempotency/stores/mongodb.d.ts
 interface MongoConnection {
@@ -58,7 +58,7 @@ declare class MongoIdempotencyStore implements IdempotencyStore {
   private get collection();
   private ensureIndex;
   get(key: string): Promise<IdempotencyResult | undefined>;
-  set(key: string, result: Omit<IdempotencyResult, 'key'>): Promise<void>;
+  set(key: string, result: Omit<IdempotencyResult, "key">): Promise<void>;
   tryLock(key: string, requestId: string, ttlMs: number): Promise<boolean>;
   unlock(key: string, requestId: string): Promise<void>;
   isLocked(key: string): Promise<boolean>;

package/dist/{openapi-9nB_kiuR.mjs → openapi-CBmZ6EQN.mjs}

@@ -1,23 +1,7 @@
-import { t as getUserRoles } from "./types-DelU6kln.mjs";
-import { n as convertRouteSchema } from "./schemaConverter-Dtg0Kt9T.mjs";
+import { t as getUserRoles } from "./types-ZUu_h0jp.mjs";
+import { n as convertRouteSchema } from "./schemaConverter-DjzHpFam.mjs";
 import fp from "fastify-plugin";
-
 //#region src/docs/openapi.ts
-/**
-* OpenAPI Spec Generator
-*
-* Auto-generates OpenAPI 3.0 specification from Arc resource registry.
-*
-* @example
-* import { openApiPlugin } from '@classytic/arc/docs';
-*
-* await fastify.register(openApiPlugin, {
-*   title: 'My API',
-*   version: '1.0.0',
-* });
-*
-* // Spec available at /_docs/openapi.json
-*/
 const openApiPlugin = async (fastify, opts = {}) => {
 	const { title = "Arc API", version = "1.0.0", description, serverUrl, prefix = "/_docs", apiPrefix = "", authRoles = [] } = opts;
 	const buildSpec = () => {
@@ -481,7 +465,7 @@ function generateSchemas(resources) {
 		if (fieldPerms && schemas[resource.name]?.properties) {
 			const props = schemas[resource.name].properties;
 			for (const [field, perm] of Object.entries(fieldPerms)) if (props[field]) {
-				const desc = props[field].description ?? "";
+				const desc = props[field]?.description ?? "";
 				const permDesc = formatFieldPermDescription(perm);
 				props[field].description = desc ? `${desc} (${permDesc})` : permDesc;
 			} else if (perm.type === "hidden") {}
@@ -520,6 +504,5 @@ var openapi_default = fp(openApiPlugin, {
 	name: "arc-openapi",
 	fastify: "5.x"
 });
-
 //#endregion
-export { openApiPlugin as n, openapi_default as r, buildOpenApiSpec as t };
+export { openApiPlugin as n, openapi_default as r, buildOpenApiSpec as t };

package/dist/org/index.d.mts

@@ -1,10 +1,18 @@
-import "../elevation-DGo5shaX.mjs";
-import { S as RouteHandler } from "../interface-DZYNK9bb.mjs";
-import { i as UserBase } from "../types-RLkFVgaw.mjs";
-import "../types/index.mjs";
+import { Pt as RouteHandler } from "../interface-DGmPxakH.mjs";
+import { i as UserBase } from "../types-BNUccdcf.mjs";
 import { InvitationAdapter, InvitationDoc, MemberDoc, OrgAdapter, OrgDoc, OrgPermissionStatement, OrgRole, OrganizationPluginOptions } from "./types.mjs";
 import { FastifyPluginAsync, RouteHandlerMethod } from "fastify";
 
+//#region src/org/organizationPlugin.d.ts
+declare module "fastify" {
+  interface FastifyInstance {
+    /** Middleware: require the caller to hold one of the listed org roles */
+    requireOrgRole: (roles: string[]) => RouteHandlerMethod;
+  }
+}
+declare const organizationPlugin: FastifyPluginAsync<OrganizationPluginOptions>;
+declare const _default: FastifyPluginAsync<OrganizationPluginOptions>;
+//#endregion
 //#region src/org/orgGuard.d.ts
 interface OrgGuardOptions {
   /** Require organization context (default: true) */
@@ -55,14 +63,4 @@ declare function getUserOrgRoles(user: UserBase | undefined | null, orgId: strin
  */
 declare function hasOrgRole(user: UserBase | undefined | null, orgId: string | undefined | null, roles: string | string[], options?: OrgRolesOptions): boolean;
 //#endregion
-//#region src/org/organizationPlugin.d.ts
-declare module 'fastify' {
-  interface FastifyInstance {
-    /** Middleware: require the caller to hold one of the listed org roles */
-    requireOrgRole: (roles: string[]) => RouteHandlerMethod;
-  }
-}
-declare const organizationPlugin: FastifyPluginAsync<OrganizationPluginOptions>;
-declare const _default: FastifyPluginAsync<OrganizationPluginOptions>;
-//#endregion
 export { type InvitationAdapter, type InvitationDoc, type MemberDoc, type OrgAdapter, type OrgDoc, type OrgGuardOptions, type OrgMembershipOptions, type OrgPermissionStatement, type OrgRole, type OrgRolesOptions, type OrganizationPluginOptions, getUserOrgRoles, hasOrgRole, orgGuard, orgMembershipCheck, _default as organizationPlugin, organizationPlugin as organizationPluginFn, requireOrg, requireOrgRole };

package/dist/org/index.mjs

@@ -1,122 +1,6 @@
-import { c as isElevated, i as getOrgRoles, l as isMember, n as PUBLIC_SCOPE, o as hasOrgAccess } from "../types-Beqn1Un7.mjs";
+import { c as hasOrgAccess, d as isMember, i as getOrgRoles, n as PUBLIC_SCOPE, u as isElevated } from "../types-C6TQjtdi.mjs";
 import fp from "fastify-plugin";
-
-//#region src/org/orgGuard.ts
-/**
-* Create org guard middleware.
-* Reads `request.scope` for org context and roles.
-* Elevated scope always passes.
-*/
-function orgGuard(options = {}) {
-	const { requireOrgContext = true, roles = [] } = options;
-	return async function orgGuardMiddleware(request, reply) {
-		const scope = request.scope ?? PUBLIC_SCOPE;
-		if (isElevated(scope)) return;
-		if (requireOrgContext && !hasOrgAccess(scope)) {
-			reply.code(403).send({
-				success: false,
-				error: "Organization context required",
-				code: "ORG_CONTEXT_REQUIRED",
-				message: "This endpoint requires an organization context. Please specify organization via x-organization-id header."
-			});
-			return;
-		}
-		if (roles.length > 0 && isMember(scope)) {
-			const userOrgRoles = getOrgRoles(scope);
-			if (!roles.some((role) => userOrgRoles.includes(role))) {
-				reply.code(403).send({
-					success: false,
-					error: "Insufficient organization permissions",
-					code: "ORG_ROLE_REQUIRED",
-					message: `This action requires one of these organization roles: ${roles.join(", ")}`,
-					required: roles,
-					current: userOrgRoles
-				});
-				return;
-			}
-		}
-	};
-}
-/**
-* Shorthand for requiring org context
-*/
-function requireOrg() {
-	return orgGuard({ requireOrgContext: true });
-}
-/**
-* Require org context with specific roles
-*/
-function requireOrgRole(...roles) {
-	return orgGuard({
-		requireOrgContext: true,
-		roles
-	});
-}
-
-//#endregion
-//#region src/org/orgMembership.ts
-/**
-* Check if user is member of organization.
-* This is a low-level utility for checking membership from user object data.
-* For request-level checks, use `request.scope` (isMember/isElevated guards).
-*/
-async function orgMembershipCheck(user, orgId, options = {}) {
-	const { userOrgsPath = "organizations", validateFromDb } = options;
-	if (!user || !orgId) return false;
-	if ((user[userOrgsPath] ?? []).some((o) => {
-		return (o.organizationId?.toString() ?? String(o)) === orgId.toString();
-	})) return true;
-	if (validateFromDb) {
-		const userId = (user._id ?? user.id)?.toString();
-		if (userId) return validateFromDb(userId, orgId);
-	}
-	return false;
-}
-/**
-* Get user's role in organization from user object data.
-* For request-level role checks, use `request.scope.orgRoles` (when scope is 'member').
-*/
-function getUserOrgRoles(user, orgId, options = {}) {
-	const { userOrgsPath = "organizations" } = options;
-	if (!user || !orgId) return [];
-	return (user[userOrgsPath] ?? []).find((o) => {
-		return (o.organizationId?.toString() ?? String(o)) === orgId.toString();
-	})?.roles ?? [];
-}
-/**
-* Check if user has specific role in organization from user object data.
-* For request-level role checks, use `requireOrgRole()` permission or `request.scope`.
-*/
-function hasOrgRole(user, orgId, roles, options = {}) {
-	const userOrgRoles = getUserOrgRoles(user, orgId, options);
-	return (Array.isArray(roles) ? roles : [roles]).some((role) => userOrgRoles.includes(role));
-}
-
-//#endregion
 //#region src/org/organizationPlugin.ts
-/**
-* Organization Plugin -- Full org management with REST endpoints
-*
-* Creates these routes:
-* - POST   /api/organizations                          -- Create org
-* - GET    /api/organizations                          -- List user's orgs
-* - GET    /api/organizations/:orgId                   -- Get org
-* - PATCH  /api/organizations/:orgId                   -- Update org
-* - DELETE /api/organizations/:orgId                   -- Delete org
-* - GET    /api/organizations/:orgId/members           -- List members
-* - POST   /api/organizations/:orgId/members           -- Add member
-* - PATCH  /api/organizations/:orgId/members/:userId   -- Update role
-* - DELETE /api/organizations/:orgId/members/:userId   -- Remove member
-*
-* @example
-* import { organizationPlugin } from '@classytic/arc/org';
-*
-* await fastify.register(organizationPlugin, {
-*   adapter: myMongooseOrgAdapter,
-*   basePath: '/api/organizations',
-*   enableInvitations: false,
-* });
-*/
 const DEFAULT_ROLES = [
 	{
 		name: "owner",
@@ -508,6 +392,95 @@ var organizationPlugin_default = fp(organizationPlugin, {
 	name: "arc-organization",
 	fastify: "5.x"
 });
-
 //#endregion
-export { getUserOrgRoles, hasOrgRole, orgGuard, orgMembershipCheck, organizationPlugin_default as organizationPlugin, organizationPlugin as organizationPluginFn, requireOrg, requireOrgRole };
+//#region src/org/orgGuard.ts
+/**
+* Create org guard middleware.
+* Reads `request.scope` for org context and roles.
+* Elevated scope always passes.
+*/
+function orgGuard(options = {}) {
+	const { requireOrgContext = true, roles = [] } = options;
+	return async function orgGuardMiddleware(request, reply) {
+		const scope = request.scope ?? PUBLIC_SCOPE;
+		if (isElevated(scope)) return;
+		if (requireOrgContext && !hasOrgAccess(scope)) {
+			reply.code(403).send({
+				success: false,
+				error: "Organization context required",
+				code: "ORG_CONTEXT_REQUIRED",
+				message: "This endpoint requires an organization context. Please specify organization via x-organization-id header."
+			});
+			return;
+		}
+		if (roles.length > 0 && isMember(scope)) {
+			const userOrgRoles = getOrgRoles(scope);
+			if (!roles.some((role) => userOrgRoles.includes(role))) {
+				reply.code(403).send({
+					success: false,
+					error: "Insufficient organization permissions",
+					code: "ORG_ROLE_REQUIRED",
+					message: `This action requires one of these organization roles: ${roles.join(", ")}`,
+					required: roles,
+					current: userOrgRoles
+				});
+				return;
+			}
+		}
+	};
+}
+/**
+* Shorthand for requiring org context
+*/
+function requireOrg() {
+	return orgGuard({ requireOrgContext: true });
+}
+/**
+* Require org context with specific roles
+*/
+function requireOrgRole(...roles) {
+	return orgGuard({
+		requireOrgContext: true,
+		roles
+	});
+}
+//#endregion
+//#region src/org/orgMembership.ts
+/**
+* Check if user is member of organization.
+* This is a low-level utility for checking membership from user object data.
+* For request-level checks, use `request.scope` (isMember/isElevated guards).
+*/
+async function orgMembershipCheck(user, orgId, options = {}) {
+	const { userOrgsPath = "organizations", validateFromDb } = options;
+	if (!user || !orgId) return false;
+	if ((user[userOrgsPath] ?? []).some((o) => {
+		return (o.organizationId?.toString() ?? String(o)) === orgId.toString();
+	})) return true;
+	if (validateFromDb) {
+		const userId = (user._id ?? user.id)?.toString();
+		if (userId) return validateFromDb(userId, orgId);
+	}
+	return false;
+}
+/**
+* Get user's role in organization from user object data.
+* For request-level role checks, use `request.scope.orgRoles` (when scope is 'member').
+*/
+function getUserOrgRoles(user, orgId, options = {}) {
+	const { userOrgsPath = "organizations" } = options;
+	if (!user || !orgId) return [];
+	return (user[userOrgsPath] ?? []).find((o) => {
+		return (o.organizationId?.toString() ?? String(o)) === orgId.toString();
+	})?.roles ?? [];
+}
+/**
+* Check if user has specific role in organization from user object data.
+* For request-level role checks, use `requireOrgRole()` permission or `request.scope`.
+*/
+function hasOrgRole(user, orgId, roles, options = {}) {
+	const userOrgRoles = getUserOrgRoles(user, orgId, options);
+	return (Array.isArray(roles) ? roles : [roles]).some((role) => userOrgRoles.includes(role));
+}
+//#endregion
+export { getUserOrgRoles, hasOrgRole, orgGuard, orgMembershipCheck, organizationPlugin_default as organizationPlugin, organizationPlugin as organizationPluginFn, requireOrg, requireOrgRole };

package/dist/org/types.d.mts

@@ -28,7 +28,7 @@ interface InvitationDoc {
   email: string;
   role: string;
   invitedBy: string;
-  status: 'pending' | 'accepted' | 'rejected' | 'expired';
+  status: "pending" | "accepted" | "rejected" | "expired";
   expiresAt: Date;
   createdAt?: Date;
 }
@@ -53,7 +53,7 @@ interface OrgAdapter {
   invitations?: InvitationAdapter;
 }
 interface InvitationAdapter {
-  create(data: Omit<InvitationDoc, 'id' | 'createdAt'>): Promise<InvitationDoc>;
+  create(data: Omit<InvitationDoc, "id" | "createdAt">): Promise<InvitationDoc>;
   getByToken(token: string): Promise<InvitationDoc | null>;
   accept(id: string): Promise<void>;
   reject(id: string): Promise<void>;

package/dist/org/types.mjs

@@ -1 +1 @@
-export {  };
+export {};