@classytic/arc 2.4.2 → 2.5.0

package/dist/index.mjs

@@ -1,11 +1,12 @@
 import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "./constants-Cxde4rpC.mjs";
 import { a as createMongooseAdapter, i as MongooseAdapter, r as createPrismaAdapter, t as PrismaAdapter } from "./adapters-DTC4Ug66.mjs";
-import { t as BaseController } from "./BaseController-CkM5dUh_.mjs";
+import { t as BaseController } from "./BaseController-CNwMYpDW.mjs";
+import { envelope } from "./types/index.mjs";
 import { n as applyFieldWritePermissions, r as fields, t as applyFieldReadPermissions } from "./fields-ipsbIRPK.mjs";
 import { t as requestContext } from "./requestContext-DYtmNpm5.mjs";
-import { i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-rxhfP7Hf.mjs";
-import { a as validateResourceConfig, f as getControllerScope, i as formatValidationErrors, m as pipe, n as defineResource, r as assertValidConfig, t as ResourceDefinition } from "./defineResource-D9aY5Cy6.mjs";
-import { _ as ownerWithAdminBypass, a as createOrgPermissions, b as publicReadAdminWrite, c as requireOrgMembership, d as requireRoles, f as requireTeamMembership, g as fullPublic, h as authenticated, i as createDynamicPermissionMatrix, l as requireOrgRole, m as adminOnly, n as allowPublic, o as denyAll, p as when, r as anyOf, s as requireAuth, t as allOf, u as requireOwnership, v as presets_exports, x as readOnly, y as publicRead } from "./permissions-CA5zg0yK.mjs";
+import { d as createDomainError, i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-NoQKsbAT.mjs";
+import { a as validateResourceConfig, f as getControllerScope, i as formatValidationErrors, m as pipe, n as defineResource, r as assertValidConfig, t as ResourceDefinition } from "./defineResource-BYm3CIoe.mjs";
+import { _ as ownerWithAdminBypass, a as createOrgPermissions, b as publicReadAdminWrite, c as requireOrgMembership, d as requireRoles, f as requireTeamMembership, g as fullPublic, h as authenticated, i as createDynamicPermissionMatrix, l as requireOrgRole, m as adminOnly, n as allowPublic, o as denyAll, p as when, r as anyOf, s as requireAuth, t as allOf, u as requireOwnership, v as presets_exports, x as readOnly, y as publicRead } from "./permissions-D9_AAtvz.mjs";
 import { n as configureArcLogger, t as arcLog } from "./logger-Dz3j1ItV.mjs";
 //#region src/middleware/middleware.ts
 /**
@@ -126,6 +127,6 @@ function transform(name, handlerOrOptions) {
 }
 //#endregion
 //#region src/index.ts
-const version = "2.4.2";
+const version = "2.5.0";
 //#endregion
-export { ArcError, BaseController, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, ForbiddenError, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MongooseAdapter, NotFoundError, PrismaAdapter, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, UnauthorizedError, ValidationError, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, denyAll, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };
+export { ArcError, BaseController, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, ForbiddenError, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MongooseAdapter, NotFoundError, PrismaAdapter, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, UnauthorizedError, ValidationError, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, denyAll, envelope, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };

package/dist/integrations/event-gateway.d.mts

@@ -43,4 +43,4 @@ interface EventGatewayOptions {
 }
 declare const eventGatewayPlugin: FastifyPluginAsync<EventGatewayOptions>;
 //#endregion
-export { EventGatewayOptions, eventGatewayPlugin as default, eventGatewayPlugin };
+export { EventGatewayOptions, eventGatewayPlugin };

package/dist/integrations/event-gateway.mjs

@@ -4,7 +4,7 @@ const eventGatewayPluginImpl = async (fastify, opts = {}) => {
 	const { auth = true, orgScoped = false, roomPolicy, maxMessageBytes, maxSubscriptionsPerClient, authenticate } = opts;
 	if (auth && !authenticate && !fastify.hasDecorator("authenticate")) throw new Error("[arc-event-gateway] auth is true but fastify.authenticate is not registered. Register an auth plugin first, provide a custom authenticate function, or set auth: false.");
 	if (opts.sse !== false) {
-		const { default: ssePlugin } = await import("../sse-BkViJPlT.mjs").then((n) => n.r);
+		const { default: ssePlugin } = await import("../sse-BF7GR7IB.mjs").then((n) => n.r);
 		await fastify.register(ssePlugin, {
 			path: opts.sse?.path ?? "/events/stream",
 			requireAuth: auth,
@@ -44,4 +44,4 @@ const eventGatewayPlugin = fp(eventGatewayPluginImpl, {
 	fastify: "5.x"
 });
 //#endregion
-export { eventGatewayPlugin as default, eventGatewayPlugin };
+export { eventGatewayPlugin };

package/dist/integrations/index.d.mts

@@ -1,7 +1,7 @@
 import { WebSocketClient, WebSocketMessage, WebSocketPluginOptions } from "./websocket.mjs";
 import { EventGatewayOptions } from "./event-gateway.mjs";
 import { JobDefinition, JobDispatchOptions, JobDispatcher, JobMeta, JobsPluginOptions, QueueStats } from "./jobs.mjs";
-import { c as McpResourceConfig, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler } from "../types-BJmgxNbF.mjs";
+import { c as McpResourceConfig, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler } from "../types-ByCPlfZ1.mjs";
 import { StreamlinePluginOptions, WorkflowLike, WorkflowRunLike } from "./streamline.mjs";
 import { WebhookDeliveryRecord, WebhookManager, WebhookPluginOptions, WebhookStore, WebhookSubscription } from "./webhooks.mjs";
 export { type BetterAuthHandler, type CallToolResult, type CreateMcpServerConfig, type CrudOperation, type EventGatewayOptions, type JobDefinition, type JobDispatchOptions, type JobDispatcher, type JobMeta, type JobsPluginOptions, type McpAuthResult, type McpPluginOptions, type McpResourceConfig, type PromptDefinition, type QueueStats, type StreamlinePluginOptions, type ToolAnnotations, type ToolContext, type ToolDefinition, type WebSocketClient, type WebSocketMessage, type WebSocketPluginOptions, type WebhookDeliveryRecord, type WebhookManager, type WebhookPluginOptions, type WebhookStore, type WebhookSubscription, type WorkflowLike, type WorkflowRunLike };

package/dist/integrations/jobs.d.mts

@@ -100,4 +100,4 @@ declare function defineJob<TData = unknown, TResult = unknown>(definition: JobDe
 /** Pluggable BullMQ job queue integration for Arc */
 declare const jobsPlugin: FastifyPluginAsync<JobsPluginOptions>;
 //#endregion
-export { JobDefinition, JobDispatchOptions, JobDispatcher, JobMeta, JobsPluginOptions, QueueStats, jobsPlugin as default, jobsPlugin, defineJob };
+export { JobDefinition, JobDispatchOptions, JobDispatcher, JobMeta, JobsPluginOptions, QueueStats, defineJob, jobsPlugin };

package/dist/integrations/jobs.mjs

@@ -169,4 +169,4 @@ const jobsPluginImpl = async (fastify, options) => {
 /** Pluggable BullMQ job queue integration for Arc */
 const jobsPlugin = jobsPluginImpl;
 //#endregion
-export { jobsPlugin as default, jobsPlugin, defineJob };
+export { defineJob, jobsPlugin };

package/dist/integrations/mcp/index.d.mts

@@ -1,5 +1,5 @@
-import { Lt as ResourceDefinition } from "../../interface-DGmPxakH.mjs";
-import { a as McpAuthResolver, c as McpResourceConfig, d as SessionEntry, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler, u as PromptResult } from "../../types-BJmgxNbF.mjs";
+import { Bt as ResourceDefinition } from "../../interface-BnNjdl33.mjs";
+import { a as McpAuthResolver, c as McpResourceConfig, d as SessionEntry, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler, u as PromptResult } from "../../types-ByCPlfZ1.mjs";
 import { FastifyPluginAsync } from "fastify";
 import { z } from "zod";
 

package/dist/integrations/mcp/index.mjs

@@ -1,4 +1,4 @@
-import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools-PMFE8HIv.mjs";
+import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools-CN0lwJrL.mjs";
 import { createHash } from "node:crypto";
 import fp from "fastify-plugin";
 //#region src/integrations/mcp/definePrompt.ts

package/dist/integrations/mcp/testing.d.mts

@@ -1,4 +1,4 @@
-import { o as McpAuthResult, s as McpPluginOptions } from "../../types-BJmgxNbF.mjs";
+import { o as McpAuthResult, s as McpPluginOptions } from "../../types-ByCPlfZ1.mjs";
 
 //#region src/integrations/mcp/testing.d.ts
 interface TestMcpClientOptions {

package/dist/integrations/mcp/testing.mjs

@@ -1,4 +1,4 @@
-import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools-PMFE8HIv.mjs";
+import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools-CN0lwJrL.mjs";
 //#region src/integrations/mcp/testing.ts
 /**
 * @classytic/arc/mcp/testing — MCP Test Utilities

package/dist/integrations/streamline.d.mts

@@ -57,4 +57,4 @@ interface StreamlinePluginOptions {
 /** Pluggable streamline integration for Arc */
 declare const streamlinePlugin: FastifyPluginAsync<StreamlinePluginOptions>;
 //#endregion
-export { StreamlinePluginOptions, WorkflowLike, WorkflowRunLike, streamlinePlugin as default, streamlinePlugin };
+export { StreamlinePluginOptions, WorkflowLike, WorkflowRunLike, streamlinePlugin };

package/dist/integrations/streamline.mjs

@@ -142,4 +142,4 @@ const streamlinePluginImpl = async (fastify, options) => {
 /** Pluggable streamline integration for Arc */
 const streamlinePlugin = streamlinePluginImpl;
 //#endregion
-export { streamlinePlugin as default, streamlinePlugin };
+export { streamlinePlugin };

package/dist/integrations/websocket-redis.d.mts

@@ -43,4 +43,4 @@ declare class RedisWebSocketAdapter implements WebSocketAdapter {
   close(): Promise<void>;
 }
 //#endregion
-export { RedisLike, RedisWebSocketAdapter, RedisWebSocketAdapter as default, RedisWebSocketAdapterOptions };
+export { RedisLike, RedisWebSocketAdapter, RedisWebSocketAdapterOptions };

package/dist/integrations/websocket-redis.mjs

@@ -47,4 +47,4 @@ var RedisWebSocketAdapter = class {
 	}
 };
 //#endregion
-export { RedisWebSocketAdapter, RedisWebSocketAdapter as default };
+export { RedisWebSocketAdapter };

package/dist/integrations/websocket.d.mts

@@ -145,4 +145,4 @@ declare class RoomManager {
 /** Pluggable WebSocket integration for Arc */
 declare const websocketPlugin: FastifyPluginAsync<WebSocketPluginOptions>;
 //#endregion
-export { LocalWebSocketAdapter, RoomManager, WebSocketAdapter, WebSocketClient, WebSocketMessage, WebSocketPluginOptions, websocketPlugin as default, websocketPlugin };
+export { LocalWebSocketAdapter, RoomManager, WebSocketAdapter, WebSocketClient, WebSocketMessage, WebSocketPluginOptions, websocketPlugin };

package/dist/integrations/websocket.mjs

@@ -368,4 +368,4 @@ const websocketPlugin = fp(websocketPluginImpl, {
 	fastify: "5.x"
 });
 //#endregion
-export { LocalWebSocketAdapter, RoomManager, websocketPlugin as default, websocketPlugin };
+export { LocalWebSocketAdapter, RoomManager, websocketPlugin };

package/dist/{interface-DGmPxakH.d.mts → interface-BnNjdl33.d.mts}

@@ -1,4 +1,4 @@
-import { s as RequestScope } from "./elevation-Ca_yveIO.mjs";
+import { s as RequestScope } from "./elevation-C_taLQrM.mjs";
 import { n as FieldPermissionMap } from "./fields-DFwdaWCq.mjs";
 import { i as UserBase, t as PermissionCheck } from "./types-BNUccdcf.mjs";
 import { FastifyInstance, FastifyPluginAsync, FastifyReply, FastifyRequest, RouteHandlerMethod, RouteHandlerMethod as RouteHandlerMethod$1 } from "fastify";
@@ -1073,6 +1073,46 @@ declare module 'fastify' {
     _ownershipCheck?: Record<string, unknown>;
   }
 }
+/**
+ * Typed Fastify request with Arc decorations.
+ *
+ * Use this in `wrapHandler: false` handlers instead of `(req as any).user`.
+ *
+ * @example
+ * ```typescript
+ * import type { ArcRequest } from '@classytic/arc';
+ *
+ * handler: async (req: ArcRequest, reply: FastifyReply) => {
+ *   req.user?.id;                    // typed
+ *   req.scope.organizationId;        // typed (when member)
+ *   req.signal;                      // AbortSignal (Fastify 5)
+ * }
+ * ```
+ */
+type ArcRequest = FastifyRequest & {
+  scope: RequestScope;
+  user: Record<string, unknown> | undefined;
+  signal: AbortSignal;
+};
+/**
+ * Response envelope helper — wraps data in Arc's standard `{ success, data }` format.
+ *
+ * @example
+ * ```typescript
+ * import { envelope } from '@classytic/arc';
+ *
+ * handler: async (req, reply) => {
+ *   const data = await getResults();
+ *   return envelope(data);
+ *   // → { success: true, data }
+ * }
+ * ```
+ */
+declare function envelope<T>(data: T, meta?: Record<string, unknown>): {
+  success: true;
+  data: T;
+  [key: string]: unknown;
+};
 type AnyRecord = Record<string, unknown>;
 /** MongoDB ObjectId — accepts string or any object with a `toString()` (e.g. mongoose ObjectId). */
 type ObjectId = string | {
@@ -1475,6 +1515,22 @@ interface ResourceConfig<TDoc = AnyRecord> {
   skipValidation?: boolean;
   skipRegistry?: boolean;
   _appliedPresets?: string[];
+  /**
+   * Called during plugin registration with the scoped Fastify instance.
+   * Use for wiring singletons, reading decorators, or setting up resource-specific
+   * services that need access to the Fastify instance.
+   *
+   * @example
+   * ```typescript
+   * defineResource({
+   *   name: 'notification',
+   *   onRegister: (fastify) => {
+   *     setSseManager(fastify.sseManager);
+   *   },
+   * })
+   * ```
+   */
+  onRegister?: (fastify: FastifyInstance) => void | Promise<void>;
   /** HTTP method for update routes. Default: 'PATCH' */
   updateMethod?: 'PUT' | 'PATCH' | 'both';
   /**
@@ -1501,13 +1557,53 @@ interface ResourcePermissions {
   update?: PermissionCheck;
   delete?: PermissionCheck;
 }
+/**
+ * Hook context passed to resource-level hook handlers.
+ * Mirrors HookSystem's HookContext but with a simpler API for inline use.
+ */
+interface ResourceHookContext {
+  /** The document data (create/update body, or existing doc for delete) */
+  data: AnyRecord;
+  /** Authenticated user or null */
+  user?: UserBase;
+  /** Additional metadata (e.g. `{ id, existing }` for update/delete) */
+  meta?: AnyRecord;
+}
+/**
+ * Inline lifecycle hooks on a resource definition.
+ * These are wired into the HookSystem automatically — same pipeline as presets and app-level hooks.
+ *
+ * @example
+ * ```typescript
+ * defineResource({
+ *   name: 'chat',
+ *   hooks: {
+ *     afterCreate: async (ctx) => {
+ *       analytics.track('chat.created', { chatId: ctx.data._id, userId: ctx.user?.id });
+ *     },
+ *     beforeDelete: async (ctx) => {
+ *       if (ctx.data.isProtected) throw new Error('Cannot delete protected chat');
+ *     },
+ *     afterDelete: async (ctx) => {
+ *       await notificationService.send('chat.deleted', { id: ctx.meta?.id });
+ *     },
+ *   },
+ * });
+ * ```
+ */
 interface ResourceHooks {
-  beforeCreate?: (data: AnyRecord) => Promise<AnyRecord> | AnyRecord;
-  afterCreate?: (doc: AnyRecord) => Promise<void> | void;
-  beforeUpdate?: (id: string, data: AnyRecord) => Promise<AnyRecord> | AnyRecord;
-  afterUpdate?: (doc: AnyRecord) => Promise<void> | void;
-  beforeDelete?: (id: string) => Promise<void> | void;
-  afterDelete?: (id: string) => Promise<void> | void;
+  /** Runs before create — can modify data by returning a new object */
+  beforeCreate?: (ctx: ResourceHookContext) => Promise<AnyRecord | void> | AnyRecord | void;
+  /** Runs after create — receives the created document */
+  afterCreate?: (ctx: ResourceHookContext) => Promise<void> | void;
+  /** Runs before update — ctx.meta.id has the resource ID, ctx.meta.existing has the current doc */
+  beforeUpdate?: (ctx: ResourceHookContext) => Promise<AnyRecord | void> | AnyRecord | void;
+  /** Runs after update — receives the updated document */
+  afterUpdate?: (ctx: ResourceHookContext) => Promise<void> | void;
+  /** Runs before delete — ctx.data is the existing doc, ctx.meta.id has the resource ID */
+  beforeDelete?: (ctx: ResourceHookContext) => Promise<void> | void;
+  /** Runs after delete — ctx.data is the deleted doc, ctx.meta.id has the resource ID */
+  afterDelete?: (ctx: ResourceHookContext) => Promise<void> | void;
 }
 /**
  * Additional route definition for custom endpoints
@@ -1556,6 +1652,41 @@ interface AdditionalRoute {
    * preHandler: (fastify) => [fastify.customerContext({ required: true })]
    */
   preHandler?: RouteHandlerMethod[] | ((fastify: FastifyInstance) => RouteHandlerMethod[]);
+  /**
+   * Pre-auth handlers — run BEFORE authentication middleware.
+   * Use for promoting query params to headers (e.g., EventSource ?token= → Authorization).
+   *
+   * @example
+   * ```typescript
+   * preAuth: [(req) => {
+   *   const token = (req.query as Record<string, string>)?.token;
+   *   if (token) req.headers.authorization = `Bearer ${token}`;
+   * }]
+   * ```
+   */
+  preAuth?: RouteHandlerMethod[];
+  /**
+   * Streaming response mode — designed for SSE and AI streaming routes.
+   * When `true`:
+   * - Forces `wrapHandler: false` (no `{ success, data }` wrapper)
+   * - Sets SSE headers: `Content-Type: text/event-stream`, `Cache-Control: no-cache`, `Connection: keep-alive`
+   * - `request.signal` (Fastify 5 built-in) is available for abort-on-disconnect
+   *
+   * @example
+   * ```typescript
+   * {
+   *   method: 'POST',
+   *   path: '/stream',
+   *   streamResponse: true,
+   *   permissions: requireAuth(),
+   *   handler: async (request, reply) => {
+   *     const { stream } = await generateStream({ abortSignal: request.signal });
+   *     return reply.send(stream);
+   *   },
+   * }
+   * ```
+   */
+  streamResponse?: boolean;
   /** Fastify route schema */
   schema?: Record<string, unknown>;
   /**
@@ -2126,12 +2257,43 @@ type TypedRepository<TDoc> = CrudRepository<TDoc>;
  *
  * CrudRepository<TDoc> and MongoKit Repository both satisfy this interface.
  */
+/**
+ * Minimal repository interface for flexible adapter compatibility.
+ * Any repository with these method signatures is accepted.
+ *
+ * **Required** — core CRUD (every resource needs these):
+ *   getAll, getById, create, update, delete
+ *
+ * **Recommended** — used by AccessControl for compound queries:
+ *   getOne
+ *
+ * **Optional** — enabled by presets, checked at runtime:
+ *   getBySlug     — slugLookup preset
+ *   getDeleted    — softDelete preset (list soft-deleted)
+ *   restore       — softDelete preset (restore soft-deleted)
+ *   getTree       — tree preset (hierarchical queries)
+ *   getChildren   — tree preset (child nodes)
+ *   createMany    — bulk preset (batch create)
+ *   updateMany    — bulk preset (batch update by filter)
+ *   deleteMany    — bulk preset (batch delete by filter)
+ */
 interface RepositoryLike {
   getAll(params?: unknown): Promise<unknown>;
   getById(id: string, options?: unknown): Promise<unknown>;
   create(data: unknown, options?: unknown): Promise<unknown>;
   update(id: string, data: unknown, options?: unknown): Promise<unknown>;
   delete(id: string, options?: unknown): Promise<unknown>;
+  /** Find single doc by compound filter — used by AccessControl for idField + org/policy scoping.
+   * Without this, Arc falls back to getById + post-fetch security checks. */
+  getOne?(filter: Record<string, unknown>, options?: unknown): Promise<unknown>;
+  getBySlug?(slug: string, options?: unknown): Promise<unknown>;
+  getDeleted?(options?: unknown): Promise<unknown>;
+  restore?(id: string): Promise<unknown>;
+  getTree?(options?: unknown): Promise<unknown>;
+  getChildren?(parentId: string, options?: unknown): Promise<unknown>;
+  createMany?(items: unknown[], options?: unknown): Promise<unknown>;
+  updateMany?(filter: Record<string, unknown>, data: unknown): Promise<unknown>;
+  deleteMany?(filter: Record<string, unknown>): Promise<unknown>;
   [key: string]: unknown;
 }
 interface DataAdapter<TDoc = unknown> {
@@ -2210,4 +2372,4 @@ interface ValidationResult {
 }
 type AdapterFactory<TDoc> = (config: unknown) => DataAdapter<TDoc>;
 //#endregion
-export { RegistryStats as $, HookContext as $t, HealthCheck as A, FastifyHandler as At, MiddlewareConfig as B, InferDoc as Bt, EventDefinition as C, QueryResolverConfig as Ct, FastifyWithDecorators as D, AccessControlConfig as Dt, FastifyWithAuth as E, AccessControl as Et, IntrospectionData as F, RegisterOptions as Ft, ParsedQuery as G, Interceptor as Gt, ObjectId as H, PaginationParams as Ht, IntrospectionPluginOptions as I, ResourceRegistry as It, PresetHook as J, PipelineConfig as Jt, PopulateOption as K, NextFunction as Kt, JWTPayload as L, ResourceDefinition as Lt, InferAdapterDoc as M, IControllerResponse as Mt, InferDocType as N, IRequestContext as Nt, FieldRule as O, ControllerHandler as Ot, InferResourceDoc as P, RouteHandler as Pt, RegistryEntry as Q, DefineHookOptions as Qt, JwtContext as R, defineResource as Rt, CrudSchemas as S, QueryResolver as St, FastifyRequestExtras as T, BodySanitizerConfig as Tt, OpenApiSchemas as U, QueryOptions as Ut, MiddlewareHandler as V, PaginatedResult as Vt, OwnershipCheck as W, Guard as Wt, QueryParserInterface as X, PipelineStep as Xt, PresetResult as Y, PipelineContext as Yt, RateLimitConfig as Z, Transform as Zt, ConfigError as _, ValidateOptions as _t, RepositoryLike as a, HookSystemOptions as an, ResourceHooks as at, CrudRouteKey as b, BaseController as bt, AdditionalRoute as c, afterUpdate as cn, RouteHandlerMethod$1 as ct, ArcDecorator as d, beforeUpdate as dn, TokenPair as dt, HookHandler as en, RequestContext as et, ArcInternalMetadata as f, createHookSystem as fn, TypedController as ft, AuthenticatorContext as g, UserOrganization as gt, Authenticator as h, UserLike as ht, RelationMetadata as i, HookSystem as in, ResourceConfig as it, HealthOptions as j, IController as jt, GracefulShutdownOptions as k, ControllerLike as kt, AnyRecord as l, beforeCreate as ln, RouteSchemaOptions as lt, AuthPluginOptions as m, TypedResourceConfig as mt, DataAdapter as n, HookPhase as nn, RequestWithExtras as nt, SchemaMetadata as o, afterCreate as on, ResourceMetadata as ot, AuthHelpers as p, defineHook as pn, TypedRepository as pt, PresetFunction as q, OperationFilter as qt, FieldMetadata as r, HookRegistration as rn, ResourceCacheConfig as rt, ValidationResult as s, afterDelete as sn, ResourcePermissions as st, AdapterFactory as t, HookOperation as tn, RequestIdOptions as tt, ApiResponse as u, beforeDelete as un, ServiceContext as ut, ControllerQueryOptions as v, ValidationResult$1 as vt, EventsDecorator as w, BodySanitizer as wt, CrudRouterOptions as x, BaseControllerOptions as xt, CrudController as y, getUserId as yt, LookupOption as z, CrudRepository as zt };
+export { RegistryEntry as $, PipelineStep as $t, GracefulShutdownOptions as A, AccessControlConfig as At, LookupOption as B, ResourceDefinition as Bt, CrudSchemas as C, BaseController as Ct, FastifyWithAuth as D, BodySanitizer as Dt, FastifyRequestExtras as E, QueryResolverConfig as Et, InferResourceDoc as F, IControllerResponse as Ft, OwnershipCheck as G, PaginationParams as Gt, MiddlewareHandler as H, CrudRepository as Ht, IntrospectionData as I, IRequestContext as It, PresetFunction as J, Interceptor as Jt, ParsedQuery as K, QueryOptions as Kt, IntrospectionPluginOptions as L, RouteHandler as Lt, HealthOptions as M, ControllerLike as Mt, InferAdapterDoc as N, FastifyHandler as Nt, FastifyWithDecorators as O, BodySanitizerConfig as Ot, InferDocType as P, IController as Pt, RateLimitConfig as Q, PipelineContext as Qt, JWTPayload as R, RegisterOptions as Rt, CrudRouterOptions as S, getUserId as St, EventsDecorator as T, QueryResolver as Tt, ObjectId as U, InferDoc as Ut, MiddlewareConfig as V, defineResource as Vt, OpenApiSchemas as W, PaginatedResult as Wt, PresetResult as X, OperationFilter as Xt, PresetHook as Y, NextFunction as Yt, QueryParserInterface as Z, PipelineConfig as Zt, AuthenticatorContext as _, UserLike as _t, RepositoryLike as a, HookPhase as an, ResourceConfig as at, CrudController as b, ValidationResult$1 as bt, AdditionalRoute as c, HookSystemOptions as cn, ResourceMetadata as ct, ArcDecorator as d, afterUpdate as dn, RouteSchemaOptions as dt, Transform as en, RegistryStats as et, ArcInternalMetadata as f, beforeCreate as fn, ServiceContext as ft, Authenticator as g, defineHook as gn, TypedResourceConfig as gt, AuthPluginOptions as h, createHookSystem as hn, TypedRepository as ht, RelationMetadata as i, HookOperation as in, ResourceCacheConfig as it, HealthCheck as j, ControllerHandler as jt, FieldRule as k, AccessControl as kt, AnyRecord as l, afterCreate as ln, ResourcePermissions as lt, AuthHelpers as m, beforeUpdate as mn, TypedController as mt, DataAdapter as n, HookContext as nn, RequestIdOptions as nt, SchemaMetadata as o, HookRegistration as on, ResourceHookContext as ot, ArcRequest as p, beforeDelete as pn, TokenPair as pt, PopulateOption as q, Guard as qt, FieldMetadata as r, HookHandler as rn, RequestWithExtras as rt, ValidationResult as s, HookSystem as sn, ResourceHooks as st, AdapterFactory as t, DefineHookOptions as tn, RequestContext as tt, ApiResponse as u, afterDelete as un, RouteHandlerMethod$1 as ut, ConfigError as v, UserOrganization as vt, EventDefinition as w, BaseControllerOptions as wt, CrudRouteKey as x, envelope as xt, ControllerQueryOptions as y, ValidateOptions as yt, JwtContext as z, ResourceRegistry as zt };

package/dist/{memory-Cb_7iy9e.mjs → memory-BFAYkf8H.mjs}

@@ -1,9 +1,6 @@
 import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
 //#region src/cache/memory.ts
-var memory_exports = /* @__PURE__ */ __exportAll({
-	MemoryCacheStore: () => MemoryCacheStore,
-	default: () => MemoryCacheStore
-});
+var memory_exports = /* @__PURE__ */ __exportAll({ MemoryCacheStore: () => MemoryCacheStore });
 /**
 * In-memory LRU+TTL cache store with hard entry cap and memory budget.
 * - LRU eviction when `maxEntries` or `maxMemoryBytes` is reached

package/dist/org/index.d.mts

@@ -1,4 +1,4 @@
-import { Pt as RouteHandler } from "../interface-DGmPxakH.mjs";
+import { Lt as RouteHandler } from "../interface-BnNjdl33.mjs";
 import { i as UserBase } from "../types-BNUccdcf.mjs";
 import { InvitationAdapter, InvitationDoc, MemberDoc, OrgAdapter, OrgDoc, OrgPermissionStatement, OrgRole, OrganizationPluginOptions } from "./types.mjs";
 import { FastifyPluginAsync, RouteHandlerMethod } from "fastify";

package/dist/org/index.mjs

@@ -1,4 +1,4 @@
-import { c as hasOrgAccess, d as isMember, i as getOrgRoles, n as PUBLIC_SCOPE, u as isElevated } from "../types-C6TQjtdi.mjs";
+import { a as getOrgRoles, d as isElevated, f as isMember, l as hasOrgAccess, n as PUBLIC_SCOPE } from "../types-BhtYdxZU.mjs";
 import fp from "fastify-plugin";
 //#region src/org/organizationPlugin.ts
 const DEFAULT_ROLES = [

package/dist/permissions/index.mjs

@@ -1,4 +1,4 @@
 import { i as resolveEffectiveRoles, n as applyFieldWritePermissions, r as fields, t as applyFieldReadPermissions } from "../fields-ipsbIRPK.mjs";
 import { n as normalizeRoles, t as getUserRoles } from "../types-ZUu_h0jp.mjs";
-import { S as createRoleHierarchy, _ as ownerWithAdminBypass, a as createOrgPermissions, b as publicReadAdminWrite, c as requireOrgMembership, d as requireRoles, f as requireTeamMembership, g as fullPublic, h as authenticated, i as createDynamicPermissionMatrix, l as requireOrgRole, m as adminOnly, n as allowPublic, o as denyAll, p as when, r as anyOf, s as requireAuth, t as allOf, u as requireOwnership, v as presets_exports, x as readOnly, y as publicRead } from "../permissions-CA5zg0yK.mjs";
+import { S as createRoleHierarchy, _ as ownerWithAdminBypass, a as createOrgPermissions, b as publicReadAdminWrite, c as requireOrgMembership, d as requireRoles, f as requireTeamMembership, g as fullPublic, h as authenticated, i as createDynamicPermissionMatrix, l as requireOrgRole, m as adminOnly, n as allowPublic, o as denyAll, p as when, r as anyOf, s as requireAuth, t as allOf, u as requireOwnership, v as presets_exports, x as readOnly, y as publicRead } from "../permissions-D9_AAtvz.mjs";
 export { adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, authenticated, createDynamicPermissionMatrix, createOrgPermissions, createRoleHierarchy, denyAll, fields, fullPublic, getUserRoles, normalizeRoles, ownerWithAdminBypass, presets_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireTeamMembership, resolveEffectiveRoles, when };

package/dist/{permissions-CA5zg0yK.mjs → permissions-D9_AAtvz.mjs}

@@ -1,7 +1,7 @@
 import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
-import { a as getTeamId, d as isMember, n as PUBLIC_SCOPE, o as getUserId, u as isElevated } from "./types-C6TQjtdi.mjs";
+import { d as isElevated, f as isMember, n as PUBLIC_SCOPE, o as getTeamId, s as getUserId } from "./types-BhtYdxZU.mjs";
 import { t as getUserRoles } from "./types-ZUu_h0jp.mjs";
-import { t as MemoryCacheStore } from "./memory-Cb_7iy9e.mjs";
+import { t as MemoryCacheStore } from "./memory-BFAYkf8H.mjs";
 import { randomUUID } from "node:crypto";
 //#region src/permissions/roleHierarchy.ts
 /**

package/dist/plugins/index.d.mts

@@ -1,4 +1,4 @@
-import { B as MiddlewareConfig, It as ResourceRegistry, J as PresetHook, c as AdditionalRoute, in as HookSystem, l as AnyRecord, lt as RouteSchemaOptions } from "../interface-DGmPxakH.mjs";
+import { V as MiddlewareConfig, Y as PresetHook, c as AdditionalRoute, dt as RouteSchemaOptions, l as AnyRecord, sn as HookSystem, zt as ResourceRegistry } from "../interface-BnNjdl33.mjs";
 import { t as ExternalOpenApiPaths } from "../externalPaths-DpO-s7r8.mjs";
 import { _ as cachingPlugin, a as versioningPlugin, c as MetricsOptions, d as SSEOptions, f as _default$6, g as _default$1, h as CachingRule, i as _default$7, l as _default$4, m as CachingOptions, n as errorHandlerPlugin, o as MetricEntry, p as ssePlugin, r as VersioningOptions, s as MetricsCollector, t as ErrorHandlerOptions, u as metricsPlugin } from "../errorHandler-Do4vVQ1f.mjs";
 import { t as TracingOptions } from "../tracing-bz_U4EM1.mjs";

package/dist/plugins/index.mjs

@@ -1,13 +1,13 @@
 import { p as MUTATION_OPERATIONS } from "../constants-Cxde4rpC.mjs";
-import { r as getOrgId } from "../types-C6TQjtdi.mjs";
+import { i as getOrgId } from "../types-BhtYdxZU.mjs";
 import { t as requestContext } from "../requestContext-DYtmNpm5.mjs";
 import { t as hasEvents } from "../typeGuards-Cj5Rgvlg.mjs";
 import { t as HookSystem } from "../HookSystem-COkyWztM.mjs";
 import { t as ResourceRegistry } from "../ResourceRegistry-DeCIFlix.mjs";
 import { n as caching_default, t as cachingPlugin } from "../caching-BSXB-Xr7.mjs";
-import { t as errorHandlerPlugin } from "../errorHandler--zp54tGc.mjs";
+import { t as errorHandlerPlugin } from "../errorHandler-r2595m8T.mjs";
 import { n as metrics_default, t as metricsPlugin } from "../metrics-Csh4nsvv.mjs";
-import { n as sse_default, t as ssePlugin } from "../sse-BkViJPlT.mjs";
+import { n as sse_default, t as ssePlugin } from "../sse-BF7GR7IB.mjs";
 import { n as versioning_default, t as versioningPlugin } from "../versioning-BzfeHmhj.mjs";
 import { randomUUID } from "node:crypto";
 import fp from "fastify-plugin";

package/dist/plugins/response-cache.d.mts

@@ -84,4 +84,4 @@ declare module "fastify" {
 }
 declare const responseCachePlugin: FastifyPluginAsync<ResponseCacheOptions>;
 //#endregion
-export { ResponseCacheOptions, ResponseCacheRule, ResponseCacheStats, responseCachePlugin as default, responseCachePlugin };
+export { ResponseCacheOptions, ResponseCacheRule, ResponseCacheStats, responseCachePlugin };

package/dist/plugins/response-cache.mjs

@@ -215,4 +215,4 @@ const responseCachePlugin = fp(responseCachePluginImpl, {
 	fastify: "5.x"
 });
 //#endregion
-export { responseCachePlugin as default, responseCachePlugin };
+export { responseCachePlugin };

package/dist/plugins/tracing-entry.mjs

@@ -44,7 +44,7 @@ try {
 function createTracerProvider(options) {
 	if (!isAvailable) return null;
 	const { serviceName = "@classytic/arc", serviceVersion, exporterUrl = "http://localhost:4318/v1/traces" } = options;
-	const resolvedVersion = serviceVersion ?? "2.4.2";
+	const resolvedVersion = serviceVersion ?? "2.5.0";
 	const exporter = new OTLPTraceExporter({ url: exporterUrl });
 	const provider = new NodeTracerProvider({ resource: { attributes: {
 		"service.name": serviceName,

package/dist/presets/index.d.mts

@@ -1,5 +1,5 @@
-import { Mt as IControllerResponse, Nt as IRequestContext, Vt as PaginatedResult, Y as PresetResult, it as ResourceConfig, l as AnyRecord } from "../interface-DGmPxakH.mjs";
-import multiTenantPreset, { MultiTenantOptions } from "./multiTenant.mjs";
+import { Ft as IControllerResponse, It as IRequestContext, Wt as PaginatedResult, X as PresetResult, at as ResourceConfig, l as AnyRecord } from "../interface-BnNjdl33.mjs";
+import { MultiTenantOptions, multiTenantPreset } from "./multiTenant.mjs";
 
 //#region src/presets/ownedByUser.d.ts
 interface OwnedByUserOptions {

package/dist/presets/index.mjs

@@ -1,3 +1,3 @@
-import multiTenantPreset from "./multiTenant.mjs";
-import { a as registerPreset, c as auditedPreset, d as ownedByUserPreset, i as getPreset, l as softDeletePreset, n as flexibleMultiTenantPreset, o as treePreset, r as getAvailablePresets, s as bulkPreset, t as applyPresets, u as slugLookupPreset } from "../presets-C9QXJV1u.mjs";
+import { multiTenantPreset } from "./multiTenant.mjs";
+import { a as registerPreset, c as auditedPreset, d as ownedByUserPreset, i as getPreset, l as softDeletePreset, n as flexibleMultiTenantPreset, o as treePreset, r as getAvailablePresets, s as bulkPreset, t as applyPresets, u as slugLookupPreset } from "../presets-CD3e6M7c.mjs";
 export { applyPresets, auditedPreset, bulkPreset, flexibleMultiTenantPreset, getAvailablePresets, getPreset, multiTenantPreset, ownedByUserPreset, registerPreset, slugLookupPreset, softDeletePreset, treePreset };

package/dist/presets/multiTenant.d.mts

@@ -1,4 +1,4 @@
-import { Y as PresetResult, b as CrudRouteKey } from "../interface-DGmPxakH.mjs";
+import { X as PresetResult, x as CrudRouteKey } from "../interface-BnNjdl33.mjs";
 
 //#region src/presets/multiTenant.d.ts
 interface MultiTenantOptions {
@@ -18,4 +18,4 @@ interface MultiTenantOptions {
 }
 declare function multiTenantPreset(options?: MultiTenantOptions): PresetResult;
 //#endregion
-export { MultiTenantOptions, multiTenantPreset as default, multiTenantPreset };
+export { MultiTenantOptions, multiTenantPreset };

package/dist/presets/multiTenant.mjs

@@ -1,5 +1,5 @@
 import { o as DEFAULT_TENANT_FIELD } from "../constants-Cxde4rpC.mjs";
-import { d as isMember, n as PUBLIC_SCOPE, r as getOrgId, u as isElevated } from "../types-C6TQjtdi.mjs";
+import { d as isElevated, f as isMember, i as getOrgId, n as PUBLIC_SCOPE } from "../types-BhtYdxZU.mjs";
 //#region src/presets/multiTenant.ts
 /** Read request.scope safely */
 function getScope(request) {
@@ -108,4 +108,4 @@ function multiTenantPreset(options = {}) {
 	};
 }
 //#endregion
-export { multiTenantPreset as default, multiTenantPreset };
+export { multiTenantPreset };

package/dist/{presets-C9QXJV1u.mjs → presets-CD3e6M7c.mjs}

@@ -1,6 +1,6 @@
-import { n as PUBLIC_SCOPE, u as isElevated } from "./types-C6TQjtdi.mjs";
-import multiTenantPreset from "./presets/multiTenant.mjs";
-import { d as requireRoles, n as allowPublic, s as requireAuth } from "./permissions-CA5zg0yK.mjs";
+import { d as isElevated, n as PUBLIC_SCOPE } from "./types-BhtYdxZU.mjs";
+import { multiTenantPreset } from "./presets/multiTenant.mjs";
+import { d as requireRoles, n as allowPublic, s as requireAuth } from "./permissions-D9_AAtvz.mjs";
 //#region src/presets/ownedByUser.ts
 /**
 * Create ownership check middleware.

package/dist/{queryCachePlugin-ClosZdNS.mjs → queryCachePlugin-XtFplYO9.mjs}

@@ -1,7 +1,7 @@
 import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
 import { i as versionKey, r as tagVersionKey } from "./keys-qcD-TVJl.mjs";
 import { t as hasEvents } from "./typeGuards-Cj5Rgvlg.mjs";
-import { t as MemoryCacheStore } from "./memory-Cb_7iy9e.mjs";
+import { t as MemoryCacheStore } from "./memory-BFAYkf8H.mjs";
 import fp from "fastify-plugin";
 //#region src/cache/QueryCache.ts
 var QueryCache = class {

package/dist/registry/index.d.mts

@@ -1,4 +1,4 @@
-import { Ft as RegisterOptions, I as IntrospectionPluginOptions, It as ResourceRegistry } from "../interface-DGmPxakH.mjs";
+import { L as IntrospectionPluginOptions, Rt as RegisterOptions, zt as ResourceRegistry } from "../interface-BnNjdl33.mjs";
 import { FastifyPluginAsync } from "fastify";
 
 //#region src/registry/introspectionPlugin.d.ts

package/dist/{resourceToTools-PMFE8HIv.mjs → resourceToTools-CN0lwJrL.mjs}

@@ -1,4 +1,4 @@
-import { t as BaseController } from "./BaseController-CkM5dUh_.mjs";
+import { t as BaseController } from "./BaseController-CNwMYpDW.mjs";
 import { t as pluralize } from "./pluralize-CcT6qF0a.mjs";
 import { z } from "zod";
 //#region src/integrations/mcp/createMcpServer.ts

package/dist/scope/index.d.mts

@@ -1,4 +1,4 @@
-import { a as AUTHENTICATED_SCOPE, c as getOrgId, d as getUserId, f as getUserRoles, g as isMember, h as isElevated, i as elevationPlugin, l as getOrgRoles, m as isAuthenticated, n as ElevationOptions, o as PUBLIC_SCOPE, p as hasOrgAccess, r as _default, s as RequestScope, t as ElevationEvent, u as getTeamId } from "../elevation-Ca_yveIO.mjs";
+import { _ as isMember, a as AUTHENTICATED_SCOPE, c as getOrgContext, d as getTeamId, f as getUserId, g as isElevated, h as isAuthenticated, i as elevationPlugin, l as getOrgId, m as hasOrgAccess, n as ElevationOptions, o as PUBLIC_SCOPE, p as getUserRoles, r as _default, s as RequestScope, t as ElevationEvent, u as getOrgRoles } from "../elevation-C_taLQrM.mjs";
 import { FastifyReply, FastifyRequest } from "fastify";
 
 //#region src/scope/rateLimitKey.d.ts
@@ -29,4 +29,4 @@ interface ResolveOrgFromHeaderOptions {
  */
 declare function resolveOrgFromHeader(options: ResolveOrgFromHeaderOptions): (request: FastifyRequest, reply: FastifyReply) => Promise<void>;
 //#endregion
-export { AUTHENTICATED_SCOPE, type ElevationEvent, type ElevationOptions, PUBLIC_SCOPE, type RateLimitKeyContext, type RequestScope, type ResolveOrgFromHeaderOptions, type TenantKeyGeneratorOptions, createTenantKeyGenerator, _default as elevationPlugin, elevationPlugin as elevationPluginFn, getOrgId, getOrgRoles, getTeamId, getUserId, getUserRoles, hasOrgAccess, isAuthenticated, isElevated, isMember, resolveOrgFromHeader };
+export { AUTHENTICATED_SCOPE, type ElevationEvent, type ElevationOptions, PUBLIC_SCOPE, type RateLimitKeyContext, type RequestScope, type ResolveOrgFromHeaderOptions, type TenantKeyGeneratorOptions, createTenantKeyGenerator, _default as elevationPlugin, elevationPlugin as elevationPluginFn, getOrgContext, getOrgId, getOrgRoles, getTeamId, getUserId, getUserRoles, hasOrgAccess, isAuthenticated, isElevated, isMember, resolveOrgFromHeader };

package/dist/scope/index.mjs

@@ -1,4 +1,4 @@
-import { a as getTeamId, c as hasOrgAccess, d as isMember, i as getOrgRoles, l as isAuthenticated, n as PUBLIC_SCOPE, o as getUserId, r as getOrgId, s as getUserRoles, t as AUTHENTICATED_SCOPE, u as isElevated } from "../types-C6TQjtdi.mjs";
+import { a as getOrgRoles, c as getUserRoles, d as isElevated, f as isMember, i as getOrgId, l as hasOrgAccess, n as PUBLIC_SCOPE, o as getTeamId, r as getOrgContext, s as getUserId, t as AUTHENTICATED_SCOPE, u as isAuthenticated } from "../types-BhtYdxZU.mjs";
 import { n as normalizeRoles } from "../types-ZUu_h0jp.mjs";
 import { n as elevation_default, t as elevationPlugin } from "../elevation-BEdACOLB.mjs";
 //#region src/scope/rateLimitKey.ts
@@ -75,4 +75,4 @@ function resolveOrgFromHeader(options) {
 	};
 }
 //#endregion
-export { AUTHENTICATED_SCOPE, PUBLIC_SCOPE, createTenantKeyGenerator, elevation_default as elevationPlugin, elevationPlugin as elevationPluginFn, getOrgId, getOrgRoles, getTeamId, getUserId, getUserRoles, hasOrgAccess, isAuthenticated, isElevated, isMember, resolveOrgFromHeader };
+export { AUTHENTICATED_SCOPE, PUBLIC_SCOPE, createTenantKeyGenerator, elevation_default as elevationPlugin, elevationPlugin as elevationPluginFn, getOrgContext, getOrgId, getOrgRoles, getTeamId, getUserId, getUserRoles, hasOrgAccess, isAuthenticated, isElevated, isMember, resolveOrgFromHeader };

package/dist/{sse-BkViJPlT.mjs → sse-BF7GR7IB.mjs}

@@ -1,5 +1,5 @@
 import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
-import { n as PUBLIC_SCOPE, r as getOrgId } from "./types-C6TQjtdi.mjs";
+import { i as getOrgId, n as PUBLIC_SCOPE } from "./types-BhtYdxZU.mjs";
 import { t as arcLog } from "./logger-Dz3j1ItV.mjs";
 import fp from "fastify-plugin";
 //#region src/plugins/sse.ts