@classytic/arc 2.4.3 → 2.6.2

package/README.md

@@ -15,26 +15,77 @@ npm install @classytic/mongokit mongoose   # MongoDB adapter
 
 ```typescript
 import mongoose from 'mongoose';
-import { createApp } from '@classytic/arc/factory';
+import { createApp, loadResources } from '@classytic/arc/factory';
 
 await mongoose.connect(process.env.DB_URI);
 
 const app = await createApp({
   preset: 'production',
+  resourcePrefix: '/api/v1',
+  resources: await loadResources(import.meta.url),  // auto-discovers *.resource.ts
   auth: { type: 'jwt', jwt: { secret: process.env.JWT_SECRET } },
   cors: { origin: process.env.ALLOWED_ORIGINS?.split(',') },
 });
 
-await app.register(productResource.toPlugin());
 await app.listen({ port: 8040, host: '0.0.0.0' });
 ```
 
+Three ways to register resources:
+
+```typescript
+// Auto-discover from directory (recommended)
+resources: await loadResources(import.meta.url),  // dev/prod parity
+
+// Explicit array
+resources: [productResource, orderResource],
+
+// Via plugins callback (full Fastify control)
+plugins: async (f) => { await f.register(productResource.toPlugin()); },
+```
+
+`loadResources()` discovers `default` exports, `export const resource`, OR any named export with `toPlugin()` (e.g. `export const userResource`). Per-resource opt-out of `resourcePrefix` via `skipGlobalPrefix: true` for webhooks/admin routes.
+
+> **Import compatibility:** Works with relative imports and Node.js `#` subpath imports. Does **not** support tsconfig path aliases (`@/*`, `~/`) — use explicit `resources: [...]` instead.
+
+## Boot Sequence
+
+```typescript
+const app = await createApp({
+  resourcePrefix: '/api/v1',
+  plugins: async (f) => { await connectDB(); },          // 1. infra (DB, docs)
+  bootstrap: [inventoryInit, accountingInit],             // 2. domain init
+  resources: await loadResources(import.meta.url),        // 3. routes
+  afterResources: async (f) => { subscribeEvents(f); },   // 4. post-wiring
+  onReady: async (f) => { logger.info('ready'); },
+});
+```
+
+## Audit (per-resource opt-in)
+
+Clean DX without growing exclude lists:
+
+```typescript
+// app.ts — register once with perResource mode
+await fastify.register(auditPlugin, { autoAudit: { perResource: true } });
+
+// order.resource.ts — opt in
+defineResource({ name: 'order', audit: true });
+
+// payment.resource.ts — only audit deletes
+defineResource({ name: 'payment', audit: { operations: ['delete'] } });
+
+// Manual logging from MCP tools or custom routes
+app.post('/orders/:id/refund', async (req) => {
+  await app.audit.custom('order', req.params.id, 'refund', { reason }, { user });
+});
+```
+
 ## defineResource
 
 Single API for a full REST resource with routes, permissions, and behaviors:
 
 ```typescript
-import { defineResource, createMongooseAdapter, allowPublic, requireRoles } from '@classytic/arc';
+import { defineResource, createMongooseAdapter, allowPublic, roles } from '@classytic/arc';
 
 const productResource = defineResource({
   name: 'product',
@@ -43,9 +94,9 @@ const productResource = defineResource({
   permissions: {
     list: allowPublic(),
     get: allowPublic(),
-    create: requireRoles(['admin']),
-    update: requireRoles(['admin']),
-    delete: requireRoles(['admin']),
+    create: roles('admin', 'editor'),  // checks platform + org roles
+    update: roles('admin', 'editor'),
+    delete: roles('admin'),
   },
   cache: { staleTime: 30, gcTime: 300, tags: ['catalog'] }, // QueryCache (opt-in)
   additionalRoutes: [

package/dist/{BaseController-CkM5dUh_.mjs → BaseController-AbbRx3e0.mjs}

@@ -1,5 +1,5 @@
 import { h as SYSTEM_FIELDS, o as DEFAULT_TENANT_FIELD } from "./constants-Cxde4rpC.mjs";
-import { d as isMember, n as PUBLIC_SCOPE, r as getOrgId, u as isElevated } from "./types-C6TQjtdi.mjs";
+import { d as isElevated, f as isMember, i as getOrgId, n as PUBLIC_SCOPE } from "./types-BhtYdxZU.mjs";
 import { t as buildQueryKey } from "./keys-qcD-TVJl.mjs";
 import { getUserId } from "./types/index.mjs";
 import { i as resolveEffectiveRoles, n as applyFieldWritePermissions } from "./fields-ipsbIRPK.mjs";
@@ -247,7 +247,10 @@ var BodySanitizer = class {
 		let sanitized = { ...body };
 		for (const field of SYSTEM_FIELDS) delete sanitized[field];
 		const fieldRules = this.schemaOptions.fieldRules ?? {};
-		for (const [field, rules] of Object.entries(fieldRules)) if (rules.systemManaged || rules.readonly) delete sanitized[field];
+		for (const [field, rules] of Object.entries(fieldRules)) {
+			if (rules.systemManaged || rules.readonly) delete sanitized[field];
+			if (_operation === "update" && (rules.immutable || rules.immutableAfterCreate)) delete sanitized[field];
+		}
 		if (req) {
 			const arcContext = meta ?? req.metadata;
 			const scope = arcContext?._scope ?? PUBLIC_SCOPE;

package/dist/{ResourceRegistry-DeCIFlix.mjs → ResourceRegistry-C6ngvOnn.mjs}

@@ -51,6 +51,7 @@ var ResourceRegistry = class {
 			fieldPermissions: extractFieldPermissions(resource.fields),
 			pipelineSteps: extractPipelineSteps(resource.pipe),
 			rateLimit: resource.rateLimit,
+			audit: resource.audit,
 			plugin: resource.toPlugin()
 		};
 		this._resources.set(resource.name, entry);

package/dist/adapters/index.d.mts

@@ -1,3 +1,3 @@
-import { a as RepositoryLike, i as RelationMetadata, n as DataAdapter, o as SchemaMetadata, r as FieldMetadata, s as ValidationResult, t as AdapterFactory } from "../interface-DGmPxakH.mjs";
-import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter } from "../index-yhxyjqNb.mjs";
+import { a as RepositoryLike, i as RelationMetadata, n as DataAdapter, o as SchemaMetadata, r as FieldMetadata, s as ValidationResult, t as AdapterFactory } from "../interface-CrN45qz1.mjs";
+import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter } from "../index-DrCqa3Jq.mjs";
 export { AdapterFactory, DataAdapter, FieldMetadata, MongooseAdapter, MongooseAdapterOptions, PrismaAdapter, PrismaAdapterOptions, PrismaQueryOptions, PrismaQueryParser, PrismaQueryParserOptions, RelationMetadata, RepositoryLike, SchemaMetadata, ValidationResult, createMongooseAdapter, createPrismaAdapter };

package/dist/adapters/index.mjs

@@ -1,2 +1,2 @@
-import { a as createMongooseAdapter, i as MongooseAdapter, n as PrismaQueryParser, r as createPrismaAdapter, t as PrismaAdapter } from "../adapters-DTC4Ug66.mjs";
+import { a as createMongooseAdapter, i as MongooseAdapter, n as PrismaQueryParser, r as createPrismaAdapter, t as PrismaAdapter } from "../adapters-CTn28N4y.mjs";
 export { MongooseAdapter, PrismaAdapter, PrismaQueryParser, createMongooseAdapter, createPrismaAdapter };

package/dist/{adapters-DTC4Ug66.mjs → adapters-CTn28N4y.mjs}

@@ -78,17 +78,28 @@ var MongooseAdapter = class {
 			const properties = {};
 			const required = [];
 			const fieldRules = schemaOptions?.fieldRules || {};
-			const blockedFields = new Set(Object.entries(fieldRules).filter(([, rules]) => rules.systemManaged || rules.hidden).map(([field]) => field));
+			const blockedFields = new Set([
+				...Object.entries(fieldRules).filter(([, rules]) => rules.systemManaged || rules.hidden).map(([field]) => field),
+				...schemaOptions?.excludeFields ?? [],
+				...schemaOptions?.hiddenFields ?? []
+			]);
+			const readonlySet = new Set(schemaOptions?.readonlyFields ?? []);
+			const optionalSet = new Set(schemaOptions?.optionalFields ?? []);
 			for (const [fieldName, schemaType] of Object.entries(paths)) {
 				if (fieldName.startsWith("__")) continue;
 				if (blockedFields.has(fieldName)) continue;
 				const typeInfo = schemaType;
 				properties[fieldName] = this.mongooseTypeToOpenApi(typeInfo);
-				if (typeInfo.isRequired) required.push(fieldName);
+				if (typeInfo.isRequired && !optionalSet.has(fieldName) && !fieldRules[fieldName]?.optional) required.push(fieldName);
 			}
-			const systemFieldSet = new Set(SYSTEM_FIELDS);
-			const inputProperties = Object.fromEntries(Object.entries(properties).filter(([field]) => !systemFieldSet.has(field)));
-			const inputRequired = required.filter((field) => !systemFieldSet.has(field));
+			const readonlyForInput = new Set([...readonlySet]);
+			for (const [field, rules] of Object.entries(fieldRules)) if (rules.immutable || rules.immutableAfterCreate) readonlyForInput.add(field);
+			const inputBlockedSet = new Set([...SYSTEM_FIELDS, ...readonlyForInput]);
+			const inputProperties = Object.fromEntries(Object.entries(properties).filter(([field]) => !inputBlockedSet.has(field)));
+			const inputRequired = required.filter((field) => !inputBlockedSet.has(field) && !blockedFields.has(field));
+			const immutableSet = /* @__PURE__ */ new Set();
+			for (const [field, rules] of Object.entries(fieldRules)) if (rules.immutable || rules.immutableAfterCreate) immutableSet.add(field);
+			const updateProperties = Object.fromEntries(Object.entries(inputProperties).filter(([field]) => !immutableSet.has(field)));
 			return {
 				createBody: {
 					type: "object",
@@ -97,11 +108,12 @@ var MongooseAdapter = class {
 				},
 				updateBody: {
 					type: "object",
-					properties: inputProperties
+					properties: updateProperties
 				},
 				response: {
 					type: "object",
-					properties
+					properties,
+					additionalProperties: true
 				}
 			};
 		} catch {
@@ -147,18 +159,67 @@ var MongooseAdapter = class {
 				break;
 			case "Date":
 				baseType.type = "string";
-				baseType.format = "date-time";
 				break;
 			case "ObjectID":
 			case "ObjectId":
 				baseType.type = "string";
 				baseType.pattern = "^[a-f\\d]{24}$";
 				break;
-			case "Array":
+			case "Array": {
 				baseType.type = "array";
-				baseType.items = { type: "string" };
+				const ti = typeInfo;
+				if (ti.$isMongooseDocumentArray && ti.schema) {
+					const subSchema = ti.schema;
+					const subProps = {};
+					const subRequired = [];
+					for (const [subField, subType] of Object.entries(subSchema.paths)) {
+						if (subField.startsWith("_")) continue;
+						subProps[subField] = this.mongooseTypeToOpenApi(subType);
+						if (subType.isRequired) subRequired.push(subField);
+					}
+					baseType.items = {
+						type: "object",
+						properties: subProps,
+						...subRequired.length > 0 ? { required: subRequired } : {},
+						additionalProperties: true
+					};
+				} else if (ti.embeddedSchemaType?.instance) baseType.items = this.mongooseTypeToOpenApi(ti.embeddedSchemaType);
+				else baseType.items = {};
+				break;
+			}
+			case "Mixed":
+				baseType.type = [
+					"string",
+					"number",
+					"boolean",
+					"object",
+					"array"
+				];
+				break;
+			case "Map":
+				baseType.type = "object";
+				baseType.additionalProperties = true;
+				break;
+			case "Embedded":
+			case "SubDocument":
+				baseType.type = "object";
+				baseType.additionalProperties = true;
+				break;
+			case "Buffer":
+				baseType.type = "string";
+				baseType.format = "binary";
+				break;
+			case "Decimal128":
+				baseType.type = "string";
+				baseType.description = "Decimal128 (high-precision number as string)";
+				break;
+			case "UUID":
+				baseType.type = "string";
+				baseType.format = "uuid";
 				break;
-			default: baseType.type = "object";
+			default:
+				baseType.type = "object";
+				baseType.additionalProperties = true;
 		}
 		return baseType;
 	}

package/dist/audit/index.d.mts

@@ -1,4 +1,4 @@
-import { a as AuditContext, c as AuditStore, i as AuditAction, l as AuditStoreOptions, n as MongoAuditStoreOptions, o as AuditEntry, r as MongoConnection, s as AuditQueryOptions, u as createAuditEntry } from "../mongodb-CUpYfxfD.mjs";
+import { a as AuditContext, c as AuditStore, i as AuditAction, l as AuditStoreOptions, n as MongoAuditStoreOptions, o as AuditEntry, r as MongoConnection, s as AuditQueryOptions, u as createAuditEntry } from "../mongodb-kltrBPa1.mjs";
 import { FastifyPluginAsync } from "fastify";
 
 //#region src/audit/auditPlugin.d.ts
@@ -19,14 +19,40 @@ interface AuditPluginOptions {
    * Automatically audit CRUD operations via the hook system (default: true when enabled).
    * When enabled, create/update/delete operations are auto-logged without manual calls.
    *
-   * - `true`: Auto-audit all CRUD operations on all resources
-   * - `{ operations: ['create', 'delete'] }`: Only auto-audit specific operations
-   * - `{ exclude: ['health', 'metrics'] }`: Skip specific resources
-   * - `false`: Disable auto-audit (manual calls only)
+   * **Three opt-in patterns** — pick the one that matches your app:
+   *
+   * 1. **Per-resource opt-in (recommended for most apps)** — set `audit: true` on each
+   *    resource. Audit only fires for those resources. No global `include`/`exclude` needed.
+   *    ```ts
+   *    defineResource({ name: 'order', audit: true });
+   *    // auditPlugin auto-detects which resources opted in
+   *    ```
+   *
+   * 2. **Allowlist mode** — set `include: ['order', 'invoice']` for centralized config.
+   *    Only listed resources are audited.
+   *
+   * 3. **Denylist mode** — set `exclude: ['health', 'metrics']` to audit everything except
+   *    listed resources. Use sparingly — leads to growing exclude lists.
+   *
+   * Default behavior (`autoAudit: true`): denylist mode with no exclusions (audit everything).
+   * For most apps, switching to per-resource opt-in is cleaner.
+   *
+   * - `true`: Audit all CRUD operations on all resources (legacy default)
+   * - `{ operations: ['create', 'delete'] }`: Only specific operations
+   * - `{ include: ['order'] }`: Allowlist — only listed resources
+   * - `{ exclude: ['health'] }`: Denylist — all except listed
+   * - `{ perResource: true }`: Only resources with `audit: true` in their definition
+   * - `false`: Disable auto-audit (manual `fastify.audit.*()` calls only)
    */
   autoAudit?: boolean | {
-    operations?: ("create" | "update" | "delete")[];
+    operations?: ("create" | "update" | "delete")[]; /** Allowlist — only listed resources are audited (mutually exclusive with exclude) */
+    include?: string[]; /** Denylist — audit everything except listed resources */
     exclude?: string[];
+    /**
+     * Per-resource opt-in mode: only audit resources with `audit: true` in their
+     * `defineResource()` config. The cleanest pattern for most apps.
+     */
+    perResource?: boolean;
   };
 }
 declare module "fastify" {

package/dist/audit/index.mjs

@@ -11,7 +11,7 @@ function createAuditEntry(resource, documentId, action, context, data) {
 		resource,
 		documentId,
 		action,
-		userId: context.user?._id?.toString() ?? context.user?.id,
+		userId: extractUserId(context.user),
 		organizationId: context.organizationId,
 		before: data?.before,
 		after: data?.after,
@@ -24,6 +24,16 @@ function createAuditEntry(resource, documentId, action, context, data) {
 	};
 }
 /**
+* Extract userId from a user object — DB-agnostic.
+* Handles Mongoose ObjectId, string, number, or any type with toString().
+*/
+function extractUserId(user) {
+	if (!user) return void 0;
+	const raw = user._id ?? user.id;
+	if (raw == null) return void 0;
+	return typeof raw === "string" ? raw : String(raw);
+}
+/**
 * Detect changed fields between two objects
 */
 function detectChanges(before, after) {
@@ -170,16 +180,34 @@ const auditPlugin = async (fastify, opts = {}) => {
 			"update",
 			"delete"
 		];
-		const ops = typeof autoAuditConfig === "object" ? autoAuditConfig.operations ?? defaultOps : defaultOps;
-		const excludeResources = new Set(typeof autoAuditConfig === "object" ? autoAuditConfig.exclude ?? [] : []);
+		const isObj = typeof autoAuditConfig === "object";
+		const ops = isObj ? autoAuditConfig.operations ?? defaultOps : defaultOps;
+		const includeResources = isObj && autoAuditConfig.include ? new Set(autoAuditConfig.include) : null;
+		const excludeResources = new Set(isObj ? autoAuditConfig.exclude ?? [] : []);
+		const perResourceMode = isObj ? autoAuditConfig.perResource === true : false;
+		if (includeResources && excludeResources.size > 0) fastify.log?.warn?.("Audit autoAudit: both 'include' and 'exclude' specified. Using 'include' (allowlist wins).");
 		fastify.addHook("onReady", async () => {
 			const arc = "arc" in fastify ? fastify.arc : void 0;
 			if (!arc?.hooks) {
 				fastify.log?.debug?.("Auto-audit skipped: arc-core plugin not registered");
 				return;
 			}
+			const optedInResources = /* @__PURE__ */ new Set();
+			const operationsByResource = /* @__PURE__ */ new Map();
+			if (perResourceMode && arc.registry) for (const entry of arc.registry.getAll()) {
+				const auditFlag = entry.audit;
+				if (!auditFlag) continue;
+				optedInResources.add(entry.name);
+				if (typeof auditFlag === "object" && auditFlag.operations) operationsByResource.set(entry.name, auditFlag.operations);
+			}
 			for (const op of ops) arc.hooks.after("*", op, async (ctx) => {
-				if (excludeResources.has(ctx.resource)) return;
+				if (perResourceMode) {
+					if (!optedInResources.has(ctx.resource)) return;
+					const allowedOps = operationsByResource.get(ctx.resource);
+					if (allowedOps && !allowedOps.includes(op)) return;
+				} else if (includeResources) {
+					if (!includeResources.has(ctx.resource)) return;
+				} else if (excludeResources.has(ctx.resource)) return;
 				const docId = autoAuditExtractId(ctx.result);
 				const scope = ctx.context?._scope;
 				const auditCtx = {

package/dist/audit/mongodb.d.mts

@@ -1,2 +1,2 @@
-import { n as MongoAuditStoreOptions, t as MongoAuditStore } from "../mongodb-CUpYfxfD.mjs";
+import { n as MongoAuditStoreOptions, t as MongoAuditStore } from "../mongodb-kltrBPa1.mjs";
 export { MongoAuditStore, type MongoAuditStoreOptions };

package/dist/auth/index.d.mts

@@ -1,4 +1,4 @@
-import { m as AuthPluginOptions, p as AuthHelpers } from "../interface-DGmPxakH.mjs";
+import { h as AuthPluginOptions, m as AuthHelpers } from "../interface-CrN45qz1.mjs";
 import { t as PermissionCheck } from "../types-BNUccdcf.mjs";
 import { t as ExternalOpenApiPaths } from "../externalPaths-DpO-s7r8.mjs";
 import { a as SessionManagerOptions, c as createSessionManager, i as SessionData, n as MemorySessionStoreOptions, o as SessionManagerResult, r as SessionCookieOptions, s as SessionStore, t as MemorySessionStore } from "../sessionManager-wbkYj2HL.mjs";

package/dist/auth/index.mjs

@@ -1,6 +1,6 @@
 import { n as normalizeRoles, t as getUserRoles } from "../types-ZUu_h0jp.mjs";
-import { t as ArcError } from "../errors-rxhfP7Hf.mjs";
-import { c as requireOrgMembership, f as requireTeamMembership, l as requireOrgRole } from "../permissions-Jk5x3sxz.mjs";
+import { t as ArcError } from "../errors-NoQKsbAT.mjs";
+import { c as requireOrgMembership, f as requireTeamMembership, l as requireOrgRole } from "../permissions-C8ImI8gC.mjs";
 import { n as extractBetterAuthOpenApi } from "../betterAuthOpenApi-lz0IRbXJ.mjs";
 import { createHmac, randomUUID, timingSafeEqual } from "node:crypto";
 import fp from "fastify-plugin";

package/dist/cli/commands/docs.mjs

@@ -1,4 +1,4 @@
-import { t as ResourceRegistry } from "../../ResourceRegistry-DeCIFlix.mjs";
+import { t as ResourceRegistry } from "../../ResourceRegistry-C6ngvOnn.mjs";
 import { t as buildOpenApiSpec } from "../../openapi-CBmZ6EQN.mjs";
 import { dirname, resolve } from "node:path";
 import { pathToFileURL } from "node:url";

package/dist/cli/commands/init.mjs

@@ -1,7 +1,7 @@
+import * as fs from "node:fs/promises";
 import * as path from "node:path";
 import { accessSync } from "node:fs";
 import { execSync, spawn } from "node:child_process";
-import * as fs from "node:fs/promises";
 import * as readline from "node:readline";
 //#region src/cli/commands/init.ts
 /**
@@ -694,13 +694,13 @@ import { getAuth } from './auth.js';
  */
 
 ${typeImport}import config from '#config/index.js';
-import { createApp } from '@classytic/arc/factory';
+import { createApp, loadResources } from '@classytic/arc/factory';
 ${betterAuthImport}
 // App-specific plugins
 import { registerPlugins } from '#plugins/index.js';
 
 // Resource registry
-import { registerResources } from '#resources/index.js';
+import { resources, registerResources } from '#resources/index.js';
 
 /**
  * Create a fully configured app instance
@@ -708,9 +708,10 @@ import { registerResources } from '#resources/index.js';
  * @returns Configured Fastify instance ready to use
  */
 export async function createAppInstance()${ts ? ": Promise<FastifyInstance>" : ""} {
-  // Create Arc app with base configuration
+  // Create Arc app with resources and base configuration
   const app = await createApp({
     preset: config.env === 'production' ? (${config.edge ? "'edge'" : "'production'"}) : 'development',
+    resources,
     ${authConfig}
     cors: {
       origin: config.cors.origins,
@@ -727,9 +728,6 @@ export async function createAppInstance()${ts ? ": Promise<FastifyInstance>" : "
   // Register app-specific plugins (explicit dependency injection)
   await registerPlugins(app, { config });
 
-  // Register all resources
-  await registerResources(app);
-
   return app;
 }
 
@@ -1275,6 +1273,7 @@ import {
   requireRoles,
   requireOwnership,
   allowPublic,
+  roles,
   anyOf,
   allOf,
   denyAll,
@@ -1287,6 +1286,7 @@ export {
   requireAuth,
   requireRoles,
   requireOwnership,
+  roles,
   allOf,
   anyOf,
   denyAll,
@@ -1323,11 +1323,14 @@ export const requireSuperadmin = ()${returnType} =>
 /**
  * Organization-level guards (per-org member.role):
  *
- * - requireOrgRole(['admin','owner'])  — checks member.role in active org
+ * - roles('admin')                     — checks BOTH user.role AND org member.role (recommended)
+ * - requireOrgRole(['admin','owner'])  — checks member.role in active org ONLY
  * - requireOrgMembership()             — just checks if user is in the org (any role)
  * - requireTeamMembership()            — checks if user is in the active team
  *
- * These are DIFFERENT from platform-level helpers above (requireRoles checks user.role).
+ * RECOMMENDED: Use roles() for most cases — it checks platform + org roles automatically.
+ * Use requireOrgRole() when you ONLY want org-level checks (exclude platform admins).
+ *
  * Platform superadmin automatically bypasses all org role checks.
  *
  * IMPORTANT: When using Better Auth's Access Control (ac) with custom roles,

package/dist/cli/commands/introspect.mjs

@@ -1,4 +1,4 @@
-import { t as ResourceRegistry } from "../../ResourceRegistry-DeCIFlix.mjs";
+import { t as ResourceRegistry } from "../../ResourceRegistry-C6ngvOnn.mjs";
 import { resolve } from "node:path";
 import { pathToFileURL } from "node:url";
 //#region src/cli/commands/introspect.ts

package/dist/core/index.d.mts

@@ -1,3 +1,3 @@
-import { Ct as QueryResolverConfig, Dt as AccessControlConfig, Et as AccessControl, Lt as ResourceDefinition, Rt as defineResource, St as QueryResolver, Tt as BodySanitizerConfig, bt as BaseController, wt as BodySanitizer, xt as BaseControllerOptions } from "../interface-DGmPxakH.mjs";
-import { A as RESERVED_QUERY_PARAMS, C as HookOperation, D as MAX_SEARCH_LENGTH, E as MAX_REGEX_LENGTH, O as MUTATION_OPERATIONS, S as HOOK_PHASES, T as MAX_FILTER_DEPTH, _ as DEFAULT_MAX_LIMIT, a as getControllerScope, b as DEFAULT_UPDATE_METHOD, c as createPermissionMiddleware, d as IdempotencyService, f as createActionRouter, g as DEFAULT_LIMIT, h as DEFAULT_ID_FIELD, i as getControllerContext, j as SYSTEM_FIELDS, k as MutationOperation, l as ActionHandler, m as CrudOperation, n as createFastifyHandler, o as sendControllerResponse, p as CRUD_OPERATIONS, r as createRequestContext, s as createCrudRouter, t as createCrudHandlers, u as ActionRouterConfig, v as DEFAULT_SORT, w as HookPhase, x as HOOK_OPERATIONS, y as DEFAULT_TENANT_FIELD } from "../index-BL8CaQih.mjs";
+import { At as AccessControlConfig, Bt as ResourceDefinition, Ct as BaseController, Dt as BodySanitizer, Et as QueryResolverConfig, Ot as BodySanitizerConfig, Tt as QueryResolver, Vt as defineResource, kt as AccessControl, wt as BaseControllerOptions } from "../interface-CrN45qz1.mjs";
+import { A as RESERVED_QUERY_PARAMS, C as HookOperation, D as MAX_SEARCH_LENGTH, E as MAX_REGEX_LENGTH, O as MUTATION_OPERATIONS, S as HOOK_PHASES, T as MAX_FILTER_DEPTH, _ as DEFAULT_MAX_LIMIT, a as getControllerScope, b as DEFAULT_UPDATE_METHOD, c as createPermissionMiddleware, d as IdempotencyService, f as createActionRouter, g as DEFAULT_LIMIT, h as DEFAULT_ID_FIELD, i as getControllerContext, j as SYSTEM_FIELDS, k as MutationOperation, l as ActionHandler, m as CrudOperation, n as createFastifyHandler, o as sendControllerResponse, p as CRUD_OPERATIONS, r as createRequestContext, s as createCrudRouter, t as createCrudHandlers, u as ActionRouterConfig, v as DEFAULT_SORT, w as HookPhase, x as HOOK_OPERATIONS, y as DEFAULT_TENANT_FIELD } from "../index-B4uZm82R.mjs";
 export { AccessControl, AccessControlConfig, ActionHandler, ActionRouterConfig, BaseController, BaseControllerOptions, BodySanitizer, BodySanitizerConfig, CRUD_OPERATIONS, CrudOperation, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, HookOperation, HookPhase, IdempotencyService, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MutationOperation, QueryResolver, QueryResolverConfig, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, getControllerContext, getControllerScope, sendControllerResponse };

package/dist/core/index.mjs

@@ -1,5 +1,5 @@
 import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "../constants-Cxde4rpC.mjs";
-import { i as AccessControl, n as QueryResolver, r as BodySanitizer, t as BaseController } from "../BaseController-CkM5dUh_.mjs";
+import { i as AccessControl, n as QueryResolver, r as BodySanitizer, t as BaseController } from "../BaseController-AbbRx3e0.mjs";
 import { t as createActionRouter } from "../core-C1XCMtqM.mjs";
-import { c as createCrudHandlers, d as getControllerContext, f as getControllerScope, l as createFastifyHandler, n as defineResource, o as createCrudRouter, p as sendControllerResponse, s as createPermissionMiddleware, t as ResourceDefinition, u as createRequestContext } from "../defineResource-B22gcNvn.mjs";
+import { c as createCrudHandlers, d as getControllerContext, f as getControllerScope, l as createFastifyHandler, n as defineResource, o as createCrudRouter, p as sendControllerResponse, s as createPermissionMiddleware, t as ResourceDefinition, u as createRequestContext } from "../defineResource-Ckxg6HrZ.mjs";
 export { AccessControl, BaseController, BodySanitizer, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, QueryResolver, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, getControllerContext, getControllerScope, sendControllerResponse };